CVE-2024-21590

MEDIUM

Juniper Junos OS Evolved DoS via Crafted MPLS IPv4 Packets

Title source: llm

Description

An Improper Input Validation vulnerability in Juniper Tunnel Driver (jtd) and ICMP module of Juniper Networks Junos OS Evolved allows an unauthenticated attacker within the MPLS administrative domain to send specifically crafted packets to the Routing Engine (RE) to cause a Denial of Service (DoS). When specifically crafted transit MPLS IPv4 packets are received by the Packet Forwarding Engine (PFE), these packets are internally forwarded to the RE. Continued receipt of these packets may create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS: * All versions before 21.2R3-S8-EVO; * from 21.4-EVO before 21.4R3-S6-EVO; * from 22.2-EVO before 22.2R3-S4-EVO; * from 22.3-EVO before 22.3R3-S3-EVO; * from 22.4-EVO before 22.4R3-EVO; * from 23.2-EVO before 23.2R2-EVO. * from 23.4-EVO before 23.4R1-S1-EVO.

References (2)

Core 2

Core References

Vendor Advisory vendor-advisory

https://supportportal.juniper.net/JSA75728

Issue Tracking technical-description

https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Scores

CVSS v3 5.3

EPSS 0.0004

EPSS Percentile 12.4%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-20

Status published

Products (5)

juniper/junos_os_evolved 21.2 r1 (14 CPE variants)

juniper/junos_os_evolved 21.4 (13 CPE variants)

juniper/junos_os_evolved 22.2 (11 CPE variants)

juniper/junos_os_evolved 22.3 (10 CPE variants)

juniper/junos_os_evolved 22.4 (2 CPE variants)

Published Apr 12, 2024

Tracked Since Feb 18, 2026