Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2025-AVI-0018
Vulnerability from certfr_avis - Published: 2025-01-09 - Updated: 2025-01-09
De multiples vulnérabilités ont été découvertes dans les produits Juniper Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS | Junos OS versions 22.4.x antérieures à 22.4R3-S5 | ||
| Juniper Networks | Junos Space | Junos Space versions antérieures à 24.1R2 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions antérieures à 21.2R3-S9-EVO | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 23.4.x-EVO antérieures à 23.4R2-S3-EVO | ||
| Juniper Networks | Junos OS | Junos OS versions 24.2.x antérieures à 24.2R1-S2 et 24.2R2 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 23.2.x-EVO antérieures à 23.2R2-S3-EVO | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 21.4.x-EVO antérieures à 21.4R3-S10-EVO | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 22.4.x-EVO antérieures à 22.4R3-S5-EVO | ||
| Juniper Networks | Junos OS | Junos OS versions 22.2.x antérieures à 22.2R3-S5 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 22.3.x-EVO antérieures à 22.3R3-S4-EVO | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 24.2.x-EVO antérieures à 24.2R1-S2-EVO et 24.2R2-EVO | ||
| Juniper Networks | Junos OS | Junos OS versions 22.3.x antérieures à 22.3R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS versions 23.4.x antérieures à 23.4R2-S3 | ||
| Juniper Networks | Junos OS | Junos OS versions 21.4.x antérieures à 21.4R3-S10 | ||
| Juniper Networks | Junos OS | Junos OS versions 23.2.x antérieures à 23.2R2-S3 | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 21.2R3-S9 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 22.2.x-EVO antérieures à 22.2R3-S5-EVO |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Junos OS versions 22.4.x ant\u00e9rieures \u00e0 22.4R3-S5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space versions ant\u00e9rieures \u00e0 24.1R2",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 21.2R3-S9-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 23.4.x-EVO ant\u00e9rieures \u00e0 23.4R2-S3-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 24.2.x ant\u00e9rieures \u00e0 24.2R1-S2 et 24.2R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 23.2.x-EVO ant\u00e9rieures \u00e0 23.2R2-S3-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 21.4.x-EVO ant\u00e9rieures \u00e0 21.4R3-S10-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.4.x-EVO ant\u00e9rieures \u00e0 22.4R3-S5-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.2.x ant\u00e9rieures \u00e0 22.2R3-S5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.3.x-EVO ant\u00e9rieures \u00e0 22.3R3-S4-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 24.2.x-EVO ant\u00e9rieures \u00e0 24.2R1-S2-EVO et 24.2R2-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.3.x ant\u00e9rieures \u00e0 22.3R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 23.4.x ant\u00e9rieures \u00e0 23.4R2-S3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 21.4.x ant\u00e9rieures \u00e0 21.4R3-S10",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 23.2.x ant\u00e9rieures \u00e0 23.2R2-S3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 21.2R3-S9",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.2.x-EVO ant\u00e9rieures \u00e0 22.2R3-S5-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-35875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35875"
},
{
"name": "CVE-2024-35797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35797"
},
{
"name": "CVE-2024-26886",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26886"
},
{
"name": "CVE-2023-52801",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52801"
},
{
"name": "CVE-2024-28834",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28834"
},
{
"name": "CVE-2024-26629",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26629"
},
{
"name": "CVE-2025-21592",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21592"
},
{
"name": "CVE-2022-24809",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24809"
},
{
"name": "CVE-2025-21599",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21599"
},
{
"name": "CVE-2024-35791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35791"
},
{
"name": "CVE-2023-3019",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3019"
},
{
"name": "CVE-2022-24805",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24805"
},
{
"name": "CVE-2023-50868",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50868"
},
{
"name": "CVE-2024-45492",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45492"
},
{
"name": "CVE-2024-36883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36883"
},
{
"name": "CVE-2023-3255",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3255"
},
{
"name": "CVE-2024-26946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26946"
},
{
"name": "CVE-2024-26720",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26720"
},
{
"name": "CVE-2023-4408",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4408"
},
{
"name": "CVE-2024-45490",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45490"
},
{
"name": "CVE-2024-45491",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45491"
},
{
"name": "CVE-2022-24807",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24807"
},
{
"name": "CVE-2024-39894",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39894"
},
{
"name": "CVE-2023-6240",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6240"
},
{
"name": "CVE-2023-6683",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6683"
},
{
"name": "CVE-2024-42131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42131"
},
{
"name": "CVE-2024-1488",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1488"
},
{
"name": "CVE-2022-24810",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24810"
},
{
"name": "CVE-2024-26630",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26630"
},
{
"name": "CVE-2023-5517",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5517"
},
{
"name": "CVE-2024-41073",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41073"
},
{
"name": "CVE-2025-21600",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21600"
},
{
"name": "CVE-2024-42082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42082"
},
{
"name": "CVE-2025-21596",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21596"
},
{
"name": "CVE-2024-32462",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32462"
},
{
"name": "CVE-2016-2183",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2183"
},
{
"name": "CVE-2025-21602",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21602"
},
{
"name": "CVE-2024-25742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25742"
},
{
"name": "CVE-2024-25743",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25743"
},
{
"name": "CVE-2024-42096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42096"
},
{
"name": "CVE-2024-38619",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38619"
},
{
"name": "CVE-2025-21593",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21593"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2024-36019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36019"
},
{
"name": "CVE-2024-41040",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41040"
},
{
"name": "CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"name": "CVE-2023-7008",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7008"
},
{
"name": "CVE-2024-40927",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40927"
},
{
"name": "CVE-2024-41055",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41055"
},
{
"name": "CVE-2023-50387",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50387"
},
{
"name": "CVE-2024-42102",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42102"
},
{
"name": "CVE-2025-21598",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21598"
},
{
"name": "CVE-2024-40936",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40936"
},
{
"name": "CVE-2006-5051",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-5051"
},
{
"name": "CVE-2024-41096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41096"
},
{
"name": "CVE-2023-6516",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6516"
},
{
"name": "CVE-2024-28835",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28835"
},
{
"name": "CVE-2024-41044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41044"
},
{
"name": "CVE-2024-38559",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38559"
},
{
"name": "CVE-2024-6387",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6387"
},
{
"name": "CVE-2022-24806",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24806"
},
{
"name": "CVE-2024-36979",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36979"
},
{
"name": "CVE-2023-52463",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52463"
},
{
"name": "CVE-2024-36000",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36000"
},
{
"name": "CVE-2023-5679",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5679"
},
{
"name": "CVE-2023-5088",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5088"
},
{
"name": "CVE-2023-42467",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42467"
},
{
"name": "CVE-2022-24808",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24808"
}
],
"initial_release_date": "2025-01-09T00:00:00",
"last_revision_date": "2025-01-09T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0018",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-01-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Juniper Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper Networks",
"vendor_advisories": [
{
"published_at": "2025-01-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-21593",
"url": "https://supportportal.juniper.net/s/article/2025-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-On-SRv6-enabled-devices-an-attacker-sending-a-malformed-BGP-update-can-cause-the-rpd-to-crash-CVE-2025-21593"
},
{
"published_at": "2025-01-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-21602",
"url": "https://supportportal.juniper.net/s/article/2025-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-specially-crafted-BGP-update-packet-causes-RPD-crash-CVE-2025-21602"
},
{
"published_at": "2025-01-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks 2025-01-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-24-1R2-release",
"url": "https://supportportal.juniper.net/s/article/2025-01-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-24-1R2-release"
},
{
"published_at": "2025-01-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks 2025-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Multiple-vulnerabilities-resolved-in-OpenSSH",
"url": "https://supportportal.juniper.net/s/article/2025-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Multiple-vulnerabilities-resolved-in-OpenSSH"
},
{
"published_at": "2025-01-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-21598",
"url": "https://supportportal.juniper.net/s/article/2025-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-When-BGP-traceoptions-are-configured-receipt-of-malformed-BGP-packets-causes-RPD-to-crash-CVE-2025-21598"
},
{
"published_at": "2025-01-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-21592",
"url": "https://supportportal.juniper.net/s/article/2025-01-Security-Bulletin-Junos-OS-SRX-Series-Low-privileged-user-able-to-access-highly-sensitive-information-on-file-system-CVE-2025-21592"
},
{
"published_at": "2025-01-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-21599",
"url": "https://supportportal.juniper.net/s/article/2025-01-Security-Bulletin-Junos-OS-Evolved-Receipt-of-specifically-malformed-IPv6-packets-causes-kernel-memory-exhaustion-leading-to-Denial-of-Service-CVE-2025-21599"
},
{
"published_at": "2025-01-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-21600",
"url": "https://supportportal.juniper.net/s/article/2025-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-With-certain-BGP-options-enabled-receipt-of-specifically-malformed-BGP-update-causes-RPD-crash-CVE-2025-21600"
},
{
"published_at": "2025-01-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-21596",
"url": "https://supportportal.juniper.net/s/article/2025-01-Security-Bulletin-Junos-OS-SRX1500-SRX4100-SRX4200-Execution-of-low-privileged-CLI-command-results-in-chassisd-crash-CVE-2025-21596"
}
]
}
CVE-2024-6387 (GCVE-0-2024-6387)
Vulnerability from cvelistv5 – Published: 2024-07-01 12:37 – Updated: 2026-05-12 11:39
VLAI
EPSS
Title
Openssh: regresshion - race condition in ssh allows rce/dos
Summary
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
Severity
8.1 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-364 - Signal Handler Race Condition
Assigner
References
81 references
Impacted products
22 products
| Vendor | Product | Version | |
|---|---|---|---|
|
Affected:
8.5p1 , ≤ 9.7p1
(custom)
|
|||
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:8.7p1-38.el9_4.1 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream cpe:/o:redhat:enterprise_linux:9::baseos |
|
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions |
Unaffected:
0:8.7p1-12.el9_0.1 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.0::appstream cpe:/o:redhat:rhel_e4s:9.0::baseos |
|
| Red Hat | Red Hat Enterprise Linux 9.2 Extended Update Support |
Unaffected:
0:8.7p1-30.el9_2.4 , < *
(rpm)
cpe:/o:redhat:rhel_eus:9.2::baseos cpe:/a:redhat:rhel_eus:9.2::appstream |
|
| Red Hat | Red Hat OpenShift Container Platform 4.13 |
Unaffected:
413.92.202407091321-0 , < *
(rpm)
cpe:/a:redhat:openshift:4.13::el9 cpe:/a:redhat:openshift:4.13::el8 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.14 |
Unaffected:
414.92.202407091253-0 , < *
(rpm)
cpe:/a:redhat:openshift:4.14::el8 cpe:/a:redhat:openshift:4.14::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.15 |
Unaffected:
415.92.202407091355-0 , < *
(rpm)
cpe:/a:redhat:openshift:4.15::el8 cpe:/a:redhat:openshift:4.15::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.16 |
Unaffected:
416.94.202407081958-0 , < *
(rpm)
cpe:/a:redhat:openshift:4.16::el9 |
|
| Red Hat | Red Hat Ceph Storage 5 |
cpe:/a:redhat:ceph_storage:5 |
|
| Red Hat | Red Hat Ceph Storage 6 |
cpe:/a:redhat:ceph_storage:6 |
|
| Red Hat | Red Hat Ceph Storage 7 |
cpe:/a:redhat:ceph_storage:7 |
|
| Red Hat | Red Hat Enterprise Linux 10 |
cpe:/o:redhat:enterprise_linux:10 |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Siemens | Industrial Edge Management OS (IEM-OS) |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
|
| Siemens | SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
|
| Siemens | SINAMICS IIoT module |
Affected:
0 , < V1.0 HF1
(custom)
|
|
| Siemens | SINEMA Remote Connect Server |
Affected:
0 , < V3.2 SP2
(custom)
|
|
| Siemens | SINUMERIK ONE |
Affected:
0 , < V6.24
(custom)
|
|
| Siemens | SIPLUS S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
Date Public
2024-07-01 08:00
Credits
Red Hat would like to thank Qualys Threat Research Unit (TRU) (Qualys) for reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6387",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-02T13:18:34.695298Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-02T13:18:46.662Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-04-24T18:35:27.934Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.vicarius.io/vsociety/posts/regresshion-an-openssh-regression-error-cve-2024-6387"
},
{
"url": "https://www.exploit-db.com/exploits/52269"
},
{
"url": "https://packetstorm.news/files/id/190587/"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/01/12"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/01/13"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/02/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/03/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/03/11"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/03/2"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/03/3"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/03/4"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/03/5"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/04/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/04/2"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/08/2"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/08/3"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/09/2"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/09/5"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/10/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/10/2"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/10/3"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/10/4"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/10/6"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/11/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/11/3"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/23/4"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/23/6"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/28/2"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/28/3"
},
{
"name": "RHSA-2024:4312",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:4312"
},
{
"name": "RHSA-2024:4340",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:4340"
},
{
"name": "RHSA-2024:4389",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:4389"
},
{
"name": "RHSA-2024:4469",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:4469"
},
{
"name": "RHSA-2024:4474",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:4474"
},
{
"name": "RHSA-2024:4479",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:4479"
},
{
"name": "RHSA-2024:4484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:4484"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-6387"
},
{
"tags": [
"x_transferred"
],
"url": "https://archlinux.org/news/the-sshd-service-needs-to-be-restarted-after-upgrading-to-openssh-98p1/"
},
{
"tags": [
"x_transferred"
],
"url": "https://arstechnica.com/security/2024/07/regresshion-vulnerability-in-openssh-gives-attackers-root-on-linux/"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server"
},
{
"name": "RHBZ#2294604",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294604"
},
{
"tags": [
"x_transferred"
],
"url": "https://explore.alas.aws.amazon.com/CVE-2024-6387.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://forum.vmssoftware.com/viewtopic.php?f=8\u0026t=9132"
},
{
"tags": [
"x_transferred"
],
"url": "https://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2024-002.txt.asc"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/AlmaLinux/updates/issues/629"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Azure/AKS/issues/4379"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/PowerShell/Win32-OpenSSH/discussions/2248"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/PowerShell/Win32-OpenSSH/issues/2249"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/microsoft/azurelinux/issues/9555"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openela-main/openssh/commit/e1f438970e5a337a17070a637c1b9e19697cad09"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/oracle/oracle-linux/issues/149"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/rapier1/hpn-ssh/issues/87"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zgzhang/cve-2024-6387-poc"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.almalinux.org/archives/list/announce@lists.almalinux.org/thread/23BF5BMGFVEVUI2WNVAGMLKT557EU7VY/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-July/000158.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.mindrot.org/pipermail/openssh-unix-dev/2024-July/041431.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=40843778"
},
{
"tags": [
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0010"
},
{
"tags": [
"x_transferred"
],
"url": "https://santandersecurityresearch.github.io/blog/sshing_the_masses.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2024-6387"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240701-0001/"
},
{
"tags": [
"x_transferred"
],
"url": "https://sig-security.rocky.page/issues/CVE-2024-6387/"
},
{
"tags": [
"x_transferred"
],
"url": "https://stackdiary.com/openssh-race-condition-in-sshd-allows-remote-code-execution/"
},
{
"tags": [
"x_transferred"
],
"url": "https://ubuntu.com/security/CVE-2024-6387"
},
{
"tags": [
"x_transferred"
],
"url": "https://ubuntu.com/security/notices/USN-6859-1"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.akamai.com/blog/security-research/2024-openssh-vulnerability-regression-what-to-know-and-do"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/19904-security-advisory-0100"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-24:04.openssh.asc"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openssh.com/txt/release-9.8"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.splunk.com/en_us/blog/security/cve-2024-6387-regresshion-vulnerability.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.suse.com/security/cve/CVE-2024-6387.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.theregister.com/2024/07/01/regresshion_openssh/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214119"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214118"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214120"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Jul/20"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Jul/18"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Jul/19"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "Industrial Edge Management OS (IEM-OS)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS IIoT module",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V1.0 HF1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINEMA Remote Connect Server",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.2 SP2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINUMERIK ONE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.24",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T11:39:26.672Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-446545.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.openssh.com/",
"defaultStatus": "unaffected",
"packageName": "OpenSSH",
"repo": "https://anongit.mindrot.org/openssh.git",
"versions": [
{
"lessThanOrEqual": "9.7p1",
"status": "affected",
"version": "8.5p1",
"versionType": "custom"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "openssh",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:8.7p1-38.el9_4.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "openssh",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:8.7p1-38.el9_4.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::appstream",
"cpe:/o:redhat:rhel_e4s:9.0::baseos"
],
"defaultStatus": "affected",
"packageName": "openssh",
"product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:8.7p1-12.el9_0.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:9.2::baseos",
"cpe:/a:redhat:rhel_eus:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "openssh",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:8.7p1-30.el9_2.4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4.13::el9",
"cpe:/a:redhat:openshift:4.13::el8"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4.13",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "413.92.202407091321-0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4.14::el8",
"cpe:/a:redhat:openshift:4.14::el9"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4.14",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "414.92.202407091253-0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4.15::el8",
"cpe:/a:redhat:openshift:4.15::el9"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4.15",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "415.92.202407091355-0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift:4.16::el9"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4.16",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "416.94.202407081958-0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ceph_storage:5"
],
"defaultStatus": "unaffected",
"packageName": "openssh",
"product": "Red Hat Ceph Storage 5",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ceph_storage:6"
],
"defaultStatus": "unaffected",
"packageName": "openssh",
"product": "Red Hat Ceph Storage 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ceph_storage:7"
],
"defaultStatus": "unaffected",
"packageName": "openssh",
"product": "Red Hat Ceph Storage 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "unaffected",
"packageName": "openssh",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "openssh",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "openssh",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "openssh",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Qualys Threat Research Unit (TRU) (Qualys) for reporting this issue."
}
],
"datePublic": "2024-07-01T08:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A security regression (CVE-2006-5051) was discovered in OpenSSH\u0027s server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-364",
"description": "Signal Handler Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T06:17:03.387Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:4312",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:4312"
},
{
"name": "RHSA-2024:4340",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:4340"
},
{
"name": "RHSA-2024:4389",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:4389"
},
{
"name": "RHSA-2024:4469",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:4469"
},
{
"name": "RHSA-2024:4474",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:4474"
},
{
"name": "RHSA-2024:4479",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:4479"
},
{
"name": "RHSA-2024:4484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:4484"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-6387"
},
{
"name": "RHBZ#2294604",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294604"
},
{
"url": "https://santandersecurityresearch.github.io/blog/sshing_the_masses.html"
},
{
"url": "https://www.openssh.com/txt/release-9.8"
},
{
"url": "https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-06-27T00:00:00.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-07-01T08:00:00.000Z",
"value": "Made public."
}
],
"title": "Openssh: regresshion - race condition in ssh allows rce/dos",
"workarounds": [
{
"lang": "en",
"value": "The below process can protect against a Remote Code Execution attack by disabling the LoginGraceTime parameter on Red Hat Enterprise Linux 9. However, the sshd server is still vulnerable to a Denial of Service if an attacker exhausts all the connections.\n\n1) As root user, open the /etc/ssh/sshd_config\n2) Add or edit the parameter configuration:\n~~~\nLoginGraceTime 0\n~~~\n3) Save and close the file\n4) Restart the sshd daemon:\n~~~\nsystemctl restart sshd.service\n~~~\n\nSetting LoginGraceTime to 0 disables the SSHD server\u0027s ability to drop connections if authentication is not completed within the specified timeout. If this mitigation is implemented, it is highly recommended to use a tool like \u0027fail2ban\u0027 alongside a firewall to monitor log files and manage connections appropriately.\n\nIf any of the mitigations mentioned above is used, please note that the removal of LoginGraceTime parameter from sshd_config is not automatic when the updated package is installed."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-364: Signal Handler Race Condition"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-6387",
"datePublished": "2024-07-01T12:37:25.431Z",
"dateReserved": "2024-06-27T13:41:03.421Z",
"dateUpdated": "2026-05-12T11:39:26.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-21592 (GCVE-0-2025-21592)
Vulnerability from cvelistv5 – Published: 2025-01-09 16:39 – Updated: 2025-01-09 19:22
VLAI
EPSS
Title
Junos OS: SRX Series: Low privileged user able to access highly sensitive information on file system
Summary
An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the command-line interface (CLI) of Juniper Networks Junos OS on SRX Series devices allows a local, low-privileged user with access to the Junos CLI to view the contents of sensitive files on the file system.
Through the execution of either 'show services advanced-anti-malware' or 'show services security-intelligence' command, a user with limited permissions (e.g., a low privilege login class user) can access protected files that should not be accessible to the user. These files may contain sensitive information that can be used to cause further impact to the system.
This issue affects Junos OS SRX Series:
* All versions before 21.4R3-S8,
* from 22.2 before 22.2R3-S5,
* from 22.3 before 22.3R3-S3,
* from 22.4 before 22.4R3-S2,
* from 23.2 before 23.2R2-S1,
* from 23.4 before 23.4R2.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://supportportal.juniper.net/JSA92860 | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
0 , < 21.4R3-S8
(semver)
Affected: 22.2 , < 22.2R3-S5 (semver) Affected: 22.3 , < 22.3R3-S3 (semver) Affected: 22.4 , < 22.4R3-S2 (semver) Affected: 23.2 , < 23.2R2-S1 (semver) Affected: 23.4 , < 23.4R2 (semver) |
Date Public
2025-01-08 17:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21592",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-09T19:09:58.072046Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T19:22:48.614Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"SRX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.4R3-S8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S5",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S3",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S2",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S1",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R2",
"status": "affected",
"version": "23.4",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-01-08T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn Exposure of Sensitive Information to an Unauthorized Actor\u0026nbsp;vulnerability in the command-line interface (CLI) of Juniper Networks Junos OS on SRX Series devices allows a local, low-privileged user with access to the Junos CLI to view the contents of sensitive files on the file system.\u003c/p\u003e\u003cp\u003eThrough the execution of either \u0027show services advanced-anti-malware\u0027 or \u0027show services security-intelligence\u0027 command, a user with limited permissions (e.g., a low privilege login class user) can access protected files that should not be accessible to the user. These files may contain sensitive information that can be used to cause further impact to the system.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Junos OS SRX Series:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.4R3-S8,\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S5,\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 22.3 before 22.3R3-S3,\u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3-S2,\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-S1,\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R2.\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "An Exposure of Sensitive Information to an Unauthorized Actor\u00a0vulnerability in the command-line interface (CLI) of Juniper Networks Junos OS on SRX Series devices allows a local, low-privileged user with access to the Junos CLI to view the contents of sensitive files on the file system.\n\nThrough the execution of either \u0027show services advanced-anti-malware\u0027 or \u0027show services security-intelligence\u0027 command, a user with limited permissions (e.g., a low privilege login class user) can access protected files that should not be accessible to the user. These files may contain sensitive information that can be used to cause further impact to the system.\n\n\nThis issue affects Junos OS SRX Series:\n\n\n\n * All versions before 21.4R3-S8,\n\n * from 22.2 before 22.2R3-S5,\n\n * from 22.3 before 22.3R3-S3,\n * from 22.4 before 22.4R3-S2,\n\n * from 23.2 before 23.2R2-S1,\n\n * from 23.4 before 23.4R2."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T16:39:56.442Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA92860"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: 21.4R3-S8, 22.2R3-S5, 22.3R3-S3,\u0026nbsp;22.4R3-S2, 23.2R2-S1, 23.4R2, 24.2R1, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue: 21.4R3-S8, 22.2R3-S5, 22.3R3-S3,\u00a022.4R3-S2, 23.2R2-S1, 23.4R2, 24.2R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA92860",
"defect": [
"1801893"
],
"discovery": "INTERNAL"
},
"title": "Junos OS: SRX Series: Low privileged user able to access highly sensitive information on file system",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.\u003cbr\u003e\u003cbr\u003eUse command authorisation to limit access to the \u0027show services advanced-anti-malware\u0027 and \u0027show services security-intelligence\u0027 commands.\u003cbr\u003e\u003cbr\u003eAlthough not a workaround, but if the Advanced Anti-Malware and Security Intelligence features are not used, they can be disabled using below commands to avoid the vulnerability.\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e[ system processes advanced-anti-malware disable ]\u003c/span\u003e\u003cbr\u003e[ system processes security-intelligence disable ]"
}
],
"value": "Use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.\n\nUse command authorisation to limit access to the \u0027show services advanced-anti-malware\u0027 and \u0027show services security-intelligence\u0027 commands.\n\nAlthough not a workaround, but if the Advanced Anti-Malware and Security Intelligence features are not used, they can be disabled using below commands to avoid the vulnerability.\n\n[ system processes advanced-anti-malware disable ]\n[ system processes security-intelligence disable ]"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2025-21592",
"datePublished": "2025-01-09T16:39:56.442Z",
"dateReserved": "2024-12-26T14:47:11.667Z",
"dateUpdated": "2025-01-09T19:22:48.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21593 (GCVE-0-2025-21593)
Vulnerability from cvelistv5 – Published: 2025-01-09 16:41 – Updated: 2025-01-09 19:22
VLAI
EPSS
Title
Junos OS and Junos OS Evolved: On SRv6 enabled devices, an attacker sending a malformed BGP update can cause the rpd to crash
Summary
An Improper Control of a Resource Through its Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to cause a Denial-of-Service (DoS).
On devices with SRv6 (Segment Routing over IPv6) enabled, an attacker can send a malformed BGP UPDATE packet which will cause the rpd to crash and restart. Continued receipt of these UPDATE packets will cause a sustained DoS condition.
This issue affects iBGP and eBGP, and both IPv4 and IPv6 are affected by this vulnerability.This issue affects Junos OS:
* All versions before 21.2R3-S9,
* from 21.4 before 21.4R3-S10,
* from 22.2 before 22.2R3-S5,
* from 22.3 before 22.3R3-S4,
* from 22.4 before 22.4R3-S3,
* from 23.2 before 23.2R2-S2,
* from 23.4 before 23.4R2;
and Junos OS Evolved:
* All versions before 21.2R3-S9-EVO,
* from 21.4-EVO before 21.4R3-S10-EVO,
* from 22.2-EVO before 22.2R3-S5-EVO,
* from 22.3-EVO before 22.3R3-S4-EVO,
* from 22.4-EVO before 22.4R3-S3-EVO,
* from 23.2-EVO before 23.2R2-S2-EVO,
* from 23.4-EVO before 23.4R2-EVO.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-664 - Improper Control of a Resource Through its Lifetime
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://supportportal.juniper.net/JSA92861 | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
0 , < 21.2R3-S9
(semver)
Affected: 21.4 , < 21.4R3-S10 (semver) Affected: 22.2 , < 22.2R3-S5 (semver) Affected: 22.3 , < 22.3R3-S4 (semver) Affected: 22.4 , < 22.4R3-S3 (semver) Affected: 23.2 , < 23.2R2-S2 (semver) Affected: 23.4 , < 23.4R2 (semver) |
|
| Juniper Networks | Junos OS Evolved |
Affected:
0 , < 21.2R3-S9-EVO
(semver)
Affected: 21.4-EVO , < 21.4R3-S10-EVO (semver) Affected: 22.2-EVO , < 22.2R3-S5-EVO (semver) Affected: 22.3-EVO , < 22.3R3-S4-EVO (semver) Affected: 22.4-EVO , < 22.4R3-S3-EVO (semver) Affected: 23.2-EVO , < 23.2R2-S2-EVO (semver) Affected: 23.4-EVO , < 23.4R2-EVO (semver) |
Date Public
2025-01-08 17:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21593",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-09T19:09:01.547955Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T19:22:40.654Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S9",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S10",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S5",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S4",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S2",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R2",
"status": "affected",
"version": "23.4",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S9-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S10-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S5-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S4-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S3-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S2-EVO",
"status": "affected",
"version": "23.2-EVO",
"versionType": "semver"
},
{
"lessThan": "23.4R2-EVO",
"status": "affected",
"version": "23.4-EVO",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe configuration required to hit the issue or be potentially exploited is as follows:\u003c/p\u003e\u003ccode\u003e[\u0026nbsp;\u003c/code\u003eprotocols bgp source-packet-routing srv6 locator ]\u003ccode\u003e\u003c/code\u003e\u003cbr\u003e"
}
],
"value": "The configuration required to hit the issue or be potentially exploited is as follows:\n\n[\u00a0protocols bgp source-packet-routing srv6 locator ]"
}
],
"datePublic": "2025-01-08T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Control of a Resource Through its Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to cause a Denial-of-Service (DoS).\u003cbr\u003e\u003cbr\u003eOn devices with SRv6 (Segment Routing over IPv6) enabled, an attacker can send a malformed BGP UPDATE packet which will cause the rpd to crash and restart. Continued receipt of these UPDATE packets will cause a sustained DoS condition.\u0026nbsp;\u003cbr\u003e\u003cbr\u003eThis issue affects iBGP and eBGP, and both IPv4 and IPv6 are affected by this vulnerability.\u003cp\u003eThis issue affects Junos OS:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.2R3-S9,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 21.4 before 21.4R3-S10,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S5,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.3 before 22.3R3-S4,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3-S3,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-S2,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R2;\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003eand Junos OS Evolved:\u0026nbsp;\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.2R3-S9-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 21.4-EVO before 21.4R3-S10-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.2-EVO before 22.2R3-S5-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.3-EVO before 22.3R3-S4-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.4-EVO before 22.4R3-S3-EVO,\u003c/li\u003e\u003cli\u003efrom 23.2-EVO before 23.2R2-S2-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.4-EVO before 23.4R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "An Improper Control of a Resource Through its Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to cause a Denial-of-Service (DoS).\n\nOn devices with SRv6 (Segment Routing over IPv6) enabled, an attacker can send a malformed BGP UPDATE packet which will cause the rpd to crash and restart. Continued receipt of these UPDATE packets will cause a sustained DoS condition.\u00a0\n\nThis issue affects iBGP and eBGP, and both IPv4 and IPv6 are affected by this vulnerability.This issue affects Junos OS:\u00a0\n\n\n\n * All versions before 21.2R3-S9,\u00a0\n * from 21.4 before 21.4R3-S10,\u00a0\n * from 22.2 before 22.2R3-S5,\u00a0\n * from 22.3 before 22.3R3-S4,\u00a0\n * from 22.4 before 22.4R3-S3,\u00a0\n * from 23.2 before 23.2R2-S2,\u00a0\n * from 23.4 before 23.4R2;\n\n\n\nand Junos OS Evolved:\u00a0\n\n\n\n * All versions before 21.2R3-S9-EVO,\u00a0\n * from 21.4-EVO before 21.4R3-S10-EVO,\u00a0\n * from 22.2-EVO before 22.2R3-S5-EVO,\u00a0\n * from 22.3-EVO before 22.3R3-S4-EVO,\u00a0\n * from 22.4-EVO before 22.4R3-S3-EVO,\n * from 23.2-EVO before 23.2R2-S2-EVO,\u00a0\n * from 23.4-EVO before 23.4R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/R:A",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-664",
"description": "CWE-664 Improper Control of a Resource Through its Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T16:41:09.326Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA92861"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue:\u003cbr\u003eJunos OS:\u0026nbsp;21.2R3-S9, 21.4R3-S10, 22.2R3-S5, 22.3R3-S4, 22.4R3-S3, 23.2R2-S2, 23.4R2, 24.2R1, and all subsequent releases.\u003cbr\u003eJunos OS Evolved: 21.2R3-S9-EVO, 21.4R3-S10-EVO, 22.2R3-S5-EVO, 22.3R3-S4-EVO, 22.4R3-S3-EVO, 23.2R2-S2-EVO, 23.4R2-EVO, 24.2R1-EVO, and all subsequent releases.\u003cbr\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue:\nJunos OS:\u00a021.2R3-S9, 21.4R3-S10, 22.2R3-S5, 22.3R3-S4, 22.4R3-S3, 23.2R2-S2, 23.4R2, 24.2R1, and all subsequent releases.\nJunos OS Evolved: 21.2R3-S9-EVO, 21.4R3-S10-EVO, 22.2R3-S5-EVO, 22.3R3-S4-EVO, 22.4R3-S3-EVO, 23.2R2-S2-EVO, 23.4R2-EVO, 24.2R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA92861",
"defect": [
"1806694"
],
"discovery": "INTERNAL"
},
"title": "Junos OS and Junos OS Evolved: On SRv6 enabled devices, an attacker sending a malformed BGP update can cause the rpd to crash",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2025-21593",
"datePublished": "2025-01-09T16:41:09.326Z",
"dateReserved": "2024-12-26T14:47:11.668Z",
"dateUpdated": "2025-01-09T19:22:40.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21596 (GCVE-0-2025-21596)
Vulnerability from cvelistv5 – Published: 2025-01-09 16:41 – Updated: 2025-01-09 19:22
VLAI
EPSS
Title
Junos OS: SRX1500,SRX4100,SRX4200: Execution of low-privileged CLI command results in chassisd crash
Summary
An Improper Handling of Exceptional Conditions vulnerability in the command-line processing of Juniper Networks Junos OS on SRX1500, SRX4100, and SRX4200 devices allows a local, low-privileged authenticated attacker executing the 'show chassis environment pem' command to cause the chassis daemon (chassisd) to crash and restart, resulting in a temporary Denial of Service (DoS). However, repeated execution of this command will eventually cause the chassisd process to fail to restart, impacting packet processing on the system.
This issue affects Junos OS on SRX1500, SRX4100, SRX4200:
* All versions before 21.4R3-S9,
* from 22.2 before 22.2R3-S5,
* from 22.3 before 22.3R3-S4,
* from 22.4 before 22.4R3-S4,
* from 23.2 before 23.2R2-S3,
* from 23.4 before 23.4R2-S1.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-755 - Improper Handling of Exceptional Conditions
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://supportportal.juniper.net/JSA92864 | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
0 , < 21.4R3-S9
(semver)
Affected: 22.2 , < 22.2R3-S5 (semver) Affected: 22.3 , < 22.3R3-S4 (semver) Affected: 22.4 , < 22.4R3-S4 (semver) Affected: 23.2 , < 23.2R2-S3 (semver) Affected: 23.4 , < 23.4R2-S1 (semver) |
Date Public
2025-01-08 17:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21596",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-09T19:10:04.826150Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T19:22:29.635Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"SRX1500",
"SRX4100",
"SRX4200"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.4R3-S9",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S5",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S4",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S4",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S3",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R2-S1",
"status": "affected",
"version": "23.4",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-01-08T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Handling of Exceptional Conditions vulnerability in the command-line processing of Juniper Networks Junos OS on SRX1500, SRX4100, and SRX4200 devices allows a local, low-privileged authenticated attacker executing the \u0027show chassis environment pem\u0027 command to cause the chassis daemon (chassisd) to crash and restart, resulting in a temporary Denial of Service (DoS). However, repeated execution of this command will eventually cause the chassisd process to fail to restart, impacting packet processing on the system.\u003cbr\u003e\u003cbr\u003e\u003cp\u003eThis issue affects Junos OS on SRX1500, SRX4100, SRX4200:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.4R3-S9,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S5,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.3 before 22.3R3-S4,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3-S4,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-S3,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R2-S1.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "An Improper Handling of Exceptional Conditions vulnerability in the command-line processing of Juniper Networks Junos OS on SRX1500, SRX4100, and SRX4200 devices allows a local, low-privileged authenticated attacker executing the \u0027show chassis environment pem\u0027 command to cause the chassis daemon (chassisd) to crash and restart, resulting in a temporary Denial of Service (DoS). However, repeated execution of this command will eventually cause the chassisd process to fail to restart, impacting packet processing on the system.\n\nThis issue affects Junos OS on SRX1500, SRX4100, SRX4200:\u00a0\n\n\n\n * All versions before 21.4R3-S9,\u00a0\n * from 22.2 before 22.2R3-S5,\u00a0\n * from 22.3 before 22.3R3-S4,\u00a0\n * from 22.4 before 22.4R3-S4,\u00a0\n * from 23.2 before 23.2R2-S3,\u00a0\n * from 23.4 before 23.4R2-S1."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/RE:M",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755 Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T16:41:51.107Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA92864"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: 21.4R3-S9, 22.2R3-S5, 22.3R3-S4, 22.4R3-S4, 23.2R2-S3, 23.4R2-S1, 24.2R1, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue: 21.4R3-S9, 22.2R3-S5, 22.3R3-S4, 22.4R3-S4, 23.2R2-S3, 23.4R2-S1, 24.2R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA92864",
"defect": [
"1814404"
],
"discovery": "USER"
},
"title": "Junos OS: SRX1500,SRX4100,SRX4200: Execution of low-privileged CLI command results in chassisd crash",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.\u003cbr\u003e\u003cbr\u003eUtilize CLI authorization to disallow execution of the \u0027show\u0026nbsp;chassis environment pem\u0027 command."
}
],
"value": "Use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.\n\nUtilize CLI authorization to disallow execution of the \u0027show\u00a0chassis environment pem\u0027 command."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2025-21596",
"datePublished": "2025-01-09T16:41:51.107Z",
"dateReserved": "2024-12-26T14:47:11.669Z",
"dateUpdated": "2025-01-09T19:22:29.635Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21598 (GCVE-0-2025-21598)
Vulnerability from cvelistv5 – Published: 2025-01-09 18:16 – Updated: 2025-01-09 20:15
VLAI
EPSS
Title
Junos OS and Junos OS Evolved: When BGP traceoptions are configured, receipt of malformed BGP packets causes RPD to crash
Summary
An Out-of-bounds Read vulnerability in Juniper Networks Junos OS and Junos OS Evolved's routing protocol daemon (rpd) allows an unauthenticated, network-based attacker to send malformed BGP packets to a device configured with packet receive trace options enabled to crash rpd.
This issue affects:
Junos OS:
* from 21.2R3-S8 before 21.2R3-S9,
* from 21.4R3-S7 before 21.4R3-S9,
* from 22.2R3-S4 before 22.2R3-S5,
* from 22.3R3-S2 before 22.3R3-S4,
* from 22.4R3 before 22.4R3-S5,
* from 23.2R2 before 23.2R2-S2,
* from 23.4R1 before 23.4R2-S1,
* from 24.2R1 before 24.2R1-S1, 24.2R2.
Junos OS Evolved:
* from 21.4R3-S7-EVO before 21.4R3-S9-EVO,
* from 22.2R3-S4-EVO before 22.2R3-S5-EVO,
* from 22.3R3-S2-EVO before 22.3R3-S4-EVO,
* from 22.4R3-EVO before 22.4R3-S5-EVO,
* from 23.2R2-EVO before 23.2R2-S2-EVO,
* from 23.4R1-EVO before 23.4R2-S1-EVO,
* from 24.2R1-EVO before 24.2R1-S2-EVO, 24.2R2-EVO.
This issue requires a BGP session to be established.
This issue can propagate and multiply through multiple ASes until reaching vulnerable devices.
This issue affects iBGP and eBGP.
This issue affects IPv4 and IPv6.
An indicator of compromise may be the presence of malformed update messages in a neighboring AS which is unaffected by this issue:
For example, by issuing the command on the neighboring device:
show log messages
Reviewing for similar messages from devices within proximity to each other may indicate this malformed packet is propagating:
rpd[<pid>]: Received malformed update from <IP address> (External AS <AS#>)
and
rpd[<pid>]: Malformed Attribute
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
- Denial of Service (DoS)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://supportportal.juniper.net/JSA92867 | vendor-advisory |
| https://www.juniper.net/documentation/us/en/softw… | related |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
21.2R3-S8 , < 21.2R3-S9
(semver)
Affected: 21.4R3-S7 , < 21.4R3-S9 (semver) Affected: 22.2R3-S4 , < 22.2R3-S5 (semver) Affected: 22.3R3-S2 , < 22.3R3-S4 (semver) Affected: 22.4R3 , < 22.4R3-S5 (semver) Affected: 23.2R2 , < 23.2R2-S2 (semver) Affected: 23.4R1 , < 23.4R2-S1 (semver) Affected: 24.2R1 , < 24.2R1-S1, 24.2R2 (semver) |
|
| Juniper Networks | Junos OS Evolved |
Affected:
21.4R3-S7-EVO , < 21.4R3-S9-EVO
(se)
Affected: 22.2R3-S4-EVO , < 22.2R3-S5-EVO (semver) Affected: 22.3R3-S2-EVO , < 22.3R3-S4-EVO (semver) Affected: 22.4R3-EVO , < 22.4R3-S5-EVO (semver) Affected: 23.2R2-EVO , < 23.2R2-S2-EVO (semver) Affected: 23.4R1-EVO , < 23.4R2-S1-EVO (semver) Affected: 24.2R1-EVO , < 24.2R1-S2-EVO, 24.2R2-EVO (semver) |
Date Public
2025-01-08 17:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21598",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-09T20:14:41.822272Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T20:15:00.238Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"BGP Traceoptions",
"BGP",
"RPD"
],
"packageName": "RPD",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S9",
"status": "affected",
"version": "21.2R3-S8",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S9",
"status": "affected",
"version": "21.4R3-S7",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S5",
"status": "affected",
"version": "22.2R3-S4",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S4",
"status": "affected",
"version": "22.3R3-S2",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S5",
"status": "affected",
"version": "22.4R3",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S2",
"status": "affected",
"version": "23.2R2",
"versionType": "semver"
},
{
"lessThan": "23.4R2-S1",
"status": "affected",
"version": "23.4R1",
"versionType": "semver"
},
{
"lessThan": "24.2R1-S1, 24.2R2",
"status": "affected",
"version": "24.2R1",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.4R3-S9-EVO",
"status": "affected",
"version": "21.4R3-S7-EVO",
"versionType": "se"
},
{
"lessThan": "22.2R3-S5-EVO",
"status": "affected",
"version": "22.2R3-S4-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S4-EVO",
"status": "affected",
"version": "22.3R3-S2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S5-EVO",
"status": "affected",
"version": "22.4R3-EVO",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S2-EVO",
"status": "affected",
"version": "23.2R2-EVO",
"versionType": "semver"
},
{
"lessThan": "23.4R2-S1-EVO",
"status": "affected",
"version": "23.4R1-EVO",
"versionType": "semver"
},
{
"lessThan": "24.2R1-S2-EVO, 24.2R2-EVO",
"status": "affected",
"version": "24.2R1-EVO",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue can occur when bgp trace options are enabled at global, group, or neighbor-level.\u003cbr\u003e\u003cbr\u003eThe following global example is provided:\u003cbr\u003e\u0026nbsp; [protocols bgp traceoptions flag update detail]\u003cbr\u003eor\u003cbr\u003e\u0026nbsp; [protocols bgp traceoptions flag receive detail]\u003cbr\u003eand\u003cbr\u003e\u0026nbsp; [protocols bgp traceoptions flag update detail]\u003cbr\u003e\u0026nbsp; [protocols bgp traceoptions flag receive detail]\u003cbr\u003e\u003cbr\u003eThe following neighbor-level example is provided:\u003cbr\u003e\u0026nbsp; [protocols bgp group test neighbor 192.168.1.1 traceoptions flag update detail]\u003cbr\u003e\u0026nbsp; [protocols bgp group test neighbor 192.168.1.1 traceoptions flag receive detail]\u003cbr\u003e\u003cbr\u003eRefer to your product documentation for other examples and configurations."
}
],
"value": "This issue can occur when bgp trace options are enabled at global, group, or neighbor-level.\n\nThe following global example is provided:\n\u00a0 [protocols bgp traceoptions flag update detail]\nor\n\u00a0 [protocols bgp traceoptions flag receive detail]\nand\n\u00a0 [protocols bgp traceoptions flag update detail]\n\u00a0 [protocols bgp traceoptions flag receive detail]\n\nThe following neighbor-level example is provided:\n\u00a0 [protocols bgp group test neighbor 192.168.1.1 traceoptions flag update detail]\n\u00a0 [protocols bgp group test neighbor 192.168.1.1 traceoptions flag receive detail]\n\nRefer to your product documentation for other examples and configurations."
}
],
"datePublic": "2025-01-08T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: var(--wht);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn\u0026nbsp;Out-of-bounds Read vulnerability in Juniper Networks Junos OS and Junos OS Evolved\u0027s routing protocol daemon (rpd) allows an unauthenticated, network-based attacker to send\u0026nbsp;malformed BGP packets to a device configured with packet receive trace options enabled to crash rpd.\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003c/span\u003e\u003c/span\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJunos OS:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003efrom 21.2R3-S8 before 21.2R3-S9,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 21.4R3-S7 before 21.4R3-S9,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.2R3-S4 before 22.2R3-S5,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.3R3-S2 before 22.3R3-S4,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.4R3 before 22.4R3-S5,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.2R2 before 23.2R2-S2,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.4R1 before 23.4R2-S1,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 24.2R1 before 24.2R1-S1, 24.2R2.\u003c/li\u003e\u003c/ul\u003eJunos OS Evolved:\u003cbr\u003e\u003cul\u003e\u003cli\u003efrom 21.4R3-S7-EVO before 21.4R3-S9-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.2R3-S4-EVO before 22.2R3-S5-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.3R3-S2-EVO before 22.3R3-S4-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.4R3-EVO before 22.4R3-S5-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.2R2-EVO before 23.2R2-S2-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.4R1-EVO before 23.4R2-S1-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 24.2R1-EVO before 24.2R1-S2-EVO, 24.2R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis issue requires a BGP session to be established.\u003cbr\u003e\u003cbr\u003eThis issue can propagate and multiply through multiple ASes until reaching vulnerable devices.\u003cbr\u003e\u003cbr\u003eThis issue affects iBGP and eBGP.\u003cbr\u003e\u003cbr\u003eThis issue affects IPv4 and IPv6.\u003cbr\u003e\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003eAn indicator of compromise may be the presence of malformed update messages in a neighboring AS which is unaffected by this issue:\u003cbr\u003e\u003cbr\u003eFor example, by issuing the command on the neighboring device:\u003cbr\u003e\u0026nbsp;show log messages\u003cbr\u003e\u003cbr\u003eReviewing for similar messages from devices within proximity to each other may indicate this malformed packet is propagating:\u003cbr\u003e\u0026nbsp; rpd[\u0026lt;pid\u0026gt;]: Received malformed update from \u0026lt;IP address\u0026gt; (External AS \u0026lt;AS#\u0026gt;)\u003cbr\u003eand\u003cbr\u003e\u0026nbsp; rpd[\u0026lt;pid\u0026gt;]: Malformed Attribute\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "An\u00a0Out-of-bounds Read vulnerability in Juniper Networks Junos OS and Junos OS Evolved\u0027s routing protocol daemon (rpd) allows an unauthenticated, network-based attacker to send\u00a0malformed BGP packets to a device configured with packet receive trace options enabled to crash rpd.\nThis issue affects:\n\nJunos OS:\u00a0\n\n\n\n * from 21.2R3-S8 before 21.2R3-S9,\u00a0\n * from 21.4R3-S7 before 21.4R3-S9,\u00a0\n * from 22.2R3-S4 before 22.2R3-S5,\u00a0\n * from 22.3R3-S2 before 22.3R3-S4,\u00a0\n * from 22.4R3 before 22.4R3-S5,\u00a0\n * from 23.2R2 before 23.2R2-S2,\u00a0\n * from 23.4R1 before 23.4R2-S1,\u00a0\n * from 24.2R1 before 24.2R1-S1, 24.2R2.\n\n\nJunos OS Evolved:\n * from 21.4R3-S7-EVO before 21.4R3-S9-EVO,\u00a0\n * from 22.2R3-S4-EVO before 22.2R3-S5-EVO,\u00a0\n * from 22.3R3-S2-EVO before 22.3R3-S4-EVO,\u00a0\n * from 22.4R3-EVO before 22.4R3-S5-EVO,\u00a0\n * from 23.2R2-EVO before 23.2R2-S2-EVO,\u00a0\n * from 23.4R1-EVO before 23.4R2-S1-EVO,\u00a0\n * from 24.2R1-EVO before 24.2R1-S2-EVO, 24.2R2-EVO.\n\n\nThis issue requires a BGP session to be established.\n\nThis issue can propagate and multiply through multiple ASes until reaching vulnerable devices.\n\nThis issue affects iBGP and eBGP.\n\nThis issue affects IPv4 and IPv6.\n\nAn indicator of compromise may be the presence of malformed update messages in a neighboring AS which is unaffected by this issue:\n\nFor example, by issuing the command on the neighboring device:\n\u00a0show log messages\n\nReviewing for similar messages from devices within proximity to each other may indicate this malformed packet is propagating:\n\u00a0 rpd[\u003cpid\u003e]: Received malformed update from \u003cIP address\u003e (External AS \u003cAS#\u003e)\nand\n\u00a0 rpd[\u003cpid\u003e]: Malformed Attribute"
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/V:C/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T18:16:32.549Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA92867"
},
{
"tags": [
"related"
],
"url": "https://www.juniper.net/documentation/us/en/software/junos/cli-reference/topics/ref/statement/traceoptions-edit-protocols-bgp.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue:\u003cbr\u003e\u003cbr\u003eJunos OS: 21.2R3-S9, 21.4R3-S9, 22.2R3-S5, 22.3R3-S4, 22.4R3-S5, 23.2R2-S2, 23.4R2-S1, 24.2R1-S1, 24.2R2, 24.4R1, and all subsequent releases.\u003cbr\u003e\u003cbr\u003eJunos OS Evolved: 21.4R3-S9-EVO, 22.2R3-S5-EVO, 22.3R3-S4-EVO, 22.4R3-S5-EVO, 23.2R2-S2-EVO, 23.4R2-S1-EVO, 24.2R1-S2-EVO, 24.2R2-EVO, 24.4R1-EVO, and all subsequent releases.\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 21.2R3-S9, 21.4R3-S9, 22.2R3-S5, 22.3R3-S4, 22.4R3-S5, 23.2R2-S2, 23.4R2-S1, 24.2R1-S1, 24.2R2, 24.4R1, and all subsequent releases.\n\nJunos OS Evolved: 21.4R3-S9-EVO, 22.2R3-S5-EVO, 22.3R3-S4-EVO, 22.4R3-S5-EVO, 23.2R2-S2-EVO, 23.4R2-S1-EVO, 24.2R1-S2-EVO, 24.2R2-EVO, 24.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA92867",
"defect": [
"1821241"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: When BGP traceoptions are configured, receipt of malformed BGP packets causes RPD to crash",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Disabling packet tracing options will work around this issue.\u003cbr\u003e\u003cbr\u003eThere are no other available workarounds for this issue.\u003cbr\u003e"
}
],
"value": "Disabling packet tracing options will work around this issue.\n\nThere are no other available workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2025-21598",
"datePublished": "2025-01-09T18:16:32.549Z",
"dateReserved": "2024-12-26T14:47:11.669Z",
"dateUpdated": "2025-01-09T20:15:00.238Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21599 (GCVE-0-2025-21599)
Vulnerability from cvelistv5 – Published: 2025-01-09 16:46 – Updated: 2025-01-09 19:22
VLAI
EPSS
Title
Junos OS Evolved: Receipt of specifically malformed IPv6 packets causes kernel memory exhaustion leading to Denial of Service
Summary
A Missing Release of Memory after Effective Lifetime vulnerability in the Juniper Tunnel Driver (jtd) of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to cause Denial of Service.
Receipt of specifically malformed IPv6 packets, destined to the device, causes kernel memory to not be freed, resulting in memory exhaustion leading to a system crash and Denial of Service (DoS). Continuous receipt and processing of these packets will continue to exhaust kernel memory, creating a sustained Denial of Service (DoS) condition.
This issue only affects systems configured with IPv6.
This issue affects Junos OS Evolved:
* from 22.4-EVO before 22.4R3-S5-EVO,
* from 23.2-EVO before 23.2R2-S2-EVO,
* from 23.4-EVO before 23.4R2-S2-EVO,
* from 24.2-EVO before 24.2R1-S2-EVO, 24.2R2-EVO.
This issue does not affect Juniper Networks Junos OS Evolved versions prior to 22.4R1-EVO.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-401 - Missing Release of Memory after Effective Lifetime
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://supportportal.juniper.net/JSA92869 | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Affected:
22.4-EVO , < 22.4R3-S5-EVO
(semver)
Affected: 23.2-EVO , < 23.2R2-S2-EVO (semver) Affected: 23.4-EVO , < 23.4R2-S2-EVO (semver) Affected: 24.2-EVO , < 24.2R1-S2-EVO, 24.2R2-EVO (semver) |
Date Public
2025-01-08 17:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21599",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-09T19:10:50.746646Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T19:22:22.119Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "22.4R3-S5-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S2-EVO",
"status": "affected",
"version": "23.2-EVO",
"versionType": "semver"
},
{
"lessThan": "23.4R2-S2-EVO",
"status": "affected",
"version": "23.4-EVO",
"versionType": "semver"
},
{
"lessThan": "24.2R1-S2-EVO, 24.2R2-EVO",
"status": "affected",
"version": "24.2-EVO",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "To be exposed to this vulnerability a device needs to be configured with a minimal IPv6 configuration like in the following example:\u003cbr\u003e\u003cbr\u003e\u0026nbsp; [ interfaces \u0026lt;interface\u0026gt; unit \u0026lt;unit number\u0026gt; family inet6 ]\u003cbr\u003e"
}
],
"value": "To be exposed to this vulnerability a device needs to be configured with a minimal IPv6 configuration like in the following example:\n\n\u00a0 [ interfaces \u003cinterface\u003e unit \u003cunit number\u003e family inet6 ]"
}
],
"datePublic": "2025-01-08T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMissing Release of Memory after Effective Lifetime vulnerability\u003c/span\u003e in the Juniper Tunnel Driver (jtd) of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to cause Denial of Service.\u0026nbsp;\u003cbr\u003e\u003cbr\u003eReceipt of specifically malformed IPv6 packets, destined to the device, causes kernel memory to not be freed, resulting in memory exhaustion leading to a system crash and Denial of Service (DoS).\u0026nbsp;Continuous receipt and processing of these packets will continue to exhaust kernel memory, creating a sustained Denial of Service (DoS) condition.\u003cbr\u003e\u003c/span\u003e\u003cp\u003eThis issue only affects systems configured with IPv6.\u003c/p\u003e\u003cp\u003eThis issue affects Junos OS Evolved:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003efrom 22.4-EVO before 22.4R3-S5-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.2-EVO before 23.2R2-S2-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.4-EVO before 23.4R2-S2-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 24.2-EVO before 24.2R1-S2-EVO, 24.2R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003eThis issue does not affect Juniper Networks Junos OS Evolved versions prior to 22.4R1-EVO.\u003cbr\u003e"
}
],
"value": "A\u00a0Missing Release of Memory after Effective Lifetime vulnerability in the Juniper Tunnel Driver (jtd) of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to cause Denial of Service.\u00a0\n\nReceipt of specifically malformed IPv6 packets, destined to the device, causes kernel memory to not be freed, resulting in memory exhaustion leading to a system crash and Denial of Service (DoS).\u00a0Continuous receipt and processing of these packets will continue to exhaust kernel memory, creating a sustained Denial of Service (DoS) condition.\nThis issue only affects systems configured with IPv6.\n\nThis issue affects Junos OS Evolved:\u00a0\n\n\n\n * from 22.4-EVO before 22.4R3-S5-EVO,\u00a0\n * from 23.2-EVO before 23.2R2-S2-EVO,\u00a0\n * from 23.4-EVO before 23.4R2-S2-EVO,\u00a0\n * from 24.2-EVO before 24.2R1-S2-EVO, 24.2R2-EVO.\n\n\n\n\nThis issue does not affect Juniper Networks Junos OS Evolved versions prior to 22.4R1-EVO."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T16:46:57.412Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA92869"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: \u003cbr\u003e\u003cbr\u003eJunos OS Evolved: 22.4R3-S5-EVO, 23.2R2-S2-EVO, 23.4R2-S2-EVO, 24.2R1-S2-EVO, 24.2R2-EVO*, 24.4R1-EVO, and all subsequent releases.\u003cbr\u003e\u003cbr\u003e* Future Release\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS Evolved: 22.4R3-S5-EVO, 23.2R2-S2-EVO, 23.4R2-S2-EVO, 24.2R1-S2-EVO, 24.2R2-EVO*, 24.4R1-EVO, and all subsequent releases.\n\n* Future Release"
}
],
"source": {
"advisory": "JSA92869",
"defect": [
"1821515"
],
"discovery": "INTERNAL"
},
"title": "Junos OS Evolved: Receipt of specifically malformed IPv6 packets causes kernel memory exhaustion leading to Denial of Service",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2025-21599",
"datePublished": "2025-01-09T16:46:57.412Z",
"dateReserved": "2024-12-26T14:47:11.669Z",
"dateUpdated": "2025-01-09T19:22:22.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21600 (GCVE-0-2025-21600)
Vulnerability from cvelistv5 – Published: 2025-01-09 16:49 – Updated: 2025-01-27 22:00
VLAI
EPSS
Title
Junos OS and Junos OS Evolved: With certain BGP options enabled, receipt of specifically malformed BGP update causes RPD crash
Summary
An Out-of-Bounds Read vulnerability in
the routing protocol daemon (rpd) of
Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, logically adjacent BGP peer sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.
This issue only affects systems configured in
either of two ways:
* systems with BGP traceoptions enabled
* systems with BGP family traffic-engineering (BGP-LS)
configured
and can be exploited from a directly connected and configured BGP peer.
This issue affects iBGP and eBGP
with
any address family
configured, and both IPv4 and IPv6 are affected by this vulnerability.
This issue affects:
Junos OS:
*
from 21.4 before 21.4R3-S9,
* from 22.2 before 22.2R3-S5,
* from 22.3 before 22.3R3-S4,
* from 22.4 before 22.4R3-S5,
* from 23.2 before 23.2R2-S3,
* from 23.4 before 23.4R2-S3,
* from 24.2 before 24.2R1-S2, 24.2R2;
Junos OS Evolved:
* from 21.4-EVO before 21.4R3-S9-EVO,
* from 22.2-EVO before 22.2R3-S5-EVO,
* from 22.3-EVO before 22.3R3-S4-EVO,
* from 22.4-EVO before 22.4R3-S5-EVO,
* from 23.2-EVO before 23.2R2-S3-EVO,
* from 23.4-EVO before 23.4R2-S2-EVO,
* from 24.2-EVO before 24.2R1-S2-EVO, 24.2R2-EVO.
This issue does not affect versions of Junos OS prior to 21.3R1.
This issue does not affect versions of Junos OS Evolved prior to 21.3R1-EVO.
This is a similar, but different vulnerability than the issue reported as CVE-2024-39516.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://supportportal.juniper.net/JSA92870 | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
21.4 , < 21.4R3-S9
(semver)
Affected: 22.2 , < 22.2R3-S5 (semver) Affected: 22.3 , < 22.3R3-S4 (semver) Affected: 22.4 , < 22.4R3-S5 (semver) Affected: 23.2 , < 23.2R2-S3 (semver) Affected: 23.4 , < 23.4R2-S3 (semver) Affected: 24.2 , < 24.2R1-S2, 24.2R2 (semver) Unaffected: 0 , < 21.3R1 (semver) |
|
| Juniper Networks | Junos OS Evolved |
Affected:
21.4-EVO , < 21.4R3-S9-EVO
(semver)
Affected: 22.2-EVO , < 22.2R3-S5-EVO (semver) Affected: 22.3-EVO , < 22.3R3-S4-EVO (semver) Affected: 22.4-EVO , < 22.4R3-S5-EVO (semver) Affected: 23.2-EVO , < 23.2R2-S3-EVO (semver) Affected: 23.4-EVO , < 23.4R2-S2-EVO (semver) Affected: 24.2-EVO , < 24.2R1-S2-EVO, 24.2R2-EVO (semver) Unaffected: 0 , < 21.3R1-EVO (semver) |
Date Public
2025-01-08 17:00
Credits
Juniper SIRT would like to acknowledge and thank Craig Dods from Meta’s Infrastructure Security Engineering team for responsibly reporting this vulnerability.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21600",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-09T19:17:42.343288Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T19:21:59.704Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.4R3-S9",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S5",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S4",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S5",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S3",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R2-S3",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "24.2R1-S2, 24.2R2",
"status": "affected",
"version": "24.2",
"versionType": "semver"
},
{
"lessThan": "21.3R1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.4R3-S9-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S5-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S4-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S5-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S3-EVO",
"status": "affected",
"version": "23.2-EVO",
"versionType": "semver"
},
{
"lessThan": "23.4R2-S2-EVO",
"status": "affected",
"version": "23.4-EVO",
"versionType": "semver"
},
{
"lessThan": "24.2R1-S2-EVO, 24.2R2-EVO",
"status": "affected",
"version": "24.2-EVO",
"versionType": "semver"
},
{
"lessThan": "21.3R1-EVO",
"status": "unaffected",
"version": "0",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "One of the following traceoptions configurations, either at the top level, under [logical-systems], or [routing-instances], is required to be potentially exposed to this issue:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[protocols bgp traceoptions packets detail]\u003cbr\u003e[protocols bgp traceoptions update detail]\u003cbr\u003e\u003c/tt\u003e\u003ctt\u003e[protocols bgp group \u0026lt;group-name\u0026gt; traceoptions packets detail]\u003cbr\u003e\u003c/tt\u003e\u003ctt\u003e[protocols bgp group \u0026lt;group-name\u0026gt; traceoptions update detail]\u003cbr\u003e\u003ctt\u003e[protocols bgp group \u0026lt;group-name\u0026gt; neighbor \u0026lt;address\u0026gt; traceoptions packets detail]\u003c/tt\u003e\u003cbr\u003e[protocols bgp group \u0026lt;group-name\u0026gt; neighbor \u0026lt;address\u0026gt; traceoptions update detail]\u003c/tt\u003e\u003cbr\u003e\u003cbr\u003e\n\nSystems configured with BGP traffic engineering are also vulnerable to this issue:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[protocols bgp group \u0026lt;name\u0026gt; family traffic-engineering unicast]\u003c/tt\u003e"
}
],
"value": "One of the following traceoptions configurations, either at the top level, under [logical-systems], or [routing-instances], is required to be potentially exposed to this issue:\n\n[protocols bgp traceoptions packets detail]\n[protocols bgp traceoptions update detail]\n[protocols bgp group \u003cgroup-name\u003e traceoptions packets detail]\n[protocols bgp group \u003cgroup-name\u003e traceoptions update detail]\n[protocols bgp group \u003cgroup-name\u003e neighbor \u003caddress\u003e traceoptions packets detail]\n[protocols bgp group \u003cgroup-name\u003e neighbor \u003caddress\u003e traceoptions update detail]\n\n\n\nSystems configured with BGP traffic engineering are also vulnerable to this issue:\n\n[protocols bgp group \u003cname\u003e family traffic-engineering unicast]"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Juniper SIRT would like to acknowledge and thank Craig Dods from Meta\u2019s Infrastructure Security Engineering team for responsibly reporting this vulnerability."
}
],
"datePublic": "2025-01-08T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Out-of-Bounds Read vulnerability in\n\nthe routing protocol daemon (rpd) of \n\n Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, logically adjacent BGP peer sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.\u003cbr\u003e\u003cbr\u003e\n\nThis issue only affects systems configured in\n either of two ways:\u003cbr\u003e\n \n \u003col\u003e\n \u003cli\u003esystems with BGP traceoptions enabled\u003c/li\u003e\n \u003cli\u003esystems with BGP family traffic-engineering (BGP-LS)\n configured\u003c/li\u003e\u003c/ol\u003e\n\n and can be exploited from a directly connected and configured BGP peer.\u0026nbsp;\u003cbr\u003e\u003cbr\u003eThis issue affects iBGP and eBGP \n\nwith \n\nany address family\n\n configured, and both IPv4 and IPv6 are affected by this vulnerability.\u003cbr\u003e\u003cbr\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJunos OS:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\n\nfrom 21.4 before 21.4R3-S9,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S5,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.3 before 22.3R3-S4,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3-S5,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-S3,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R2-S3,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 24.2 before 24.2R1-S2, 24.2R2;\u0026nbsp;\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eJunos OS Evolved:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003efrom 21.4-EVO before 21.4R3-S9-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.2-EVO before 22.2R3-S5-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.3-EVO before 22.3R3-S4-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.4-EVO before 22.4R3-S5-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.2-EVO before 23.2R2-S3-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.4-EVO before 23.4R2-S2-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 24.2-EVO before 24.2R1-S2-EVO, 24.2R2-EVO.\u003c/li\u003e\u003c/ul\u003eThis issue does not affect versions of Junos OS prior to 21.3R1.\u003cbr\u003e\n\nThis issue does not affect versions of Junos OS Evolved prior to 21.3R1-EVO.\n\n\u003cbr\u003e\u003cbr\u003eThis is a similar, but different vulnerability than the issue reported as CVE-2024-39516.\u003cp\u003e\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "An Out-of-Bounds Read vulnerability in\n\nthe routing protocol daemon (rpd) of \n\n Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, logically adjacent BGP peer sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.\n\n\n\nThis issue only affects systems configured in\n either of two ways:\n\n \n \n * systems with BGP traceoptions enabled\n\n * systems with BGP family traffic-engineering (BGP-LS)\n configured\n\n\n and can be exploited from a directly connected and configured BGP peer.\u00a0\n\nThis issue affects iBGP and eBGP \n\nwith \n\nany address family\n\n configured, and both IPv4 and IPv6 are affected by this vulnerability.\n\nThis issue affects:\n\nJunos OS:\u00a0\n\n\n\n * \n\nfrom 21.4 before 21.4R3-S9,\u00a0\n * from 22.2 before 22.2R3-S5,\u00a0\n * from 22.3 before 22.3R3-S4,\u00a0\n * from 22.4 before 22.4R3-S5,\u00a0\n * from 23.2 before 23.2R2-S3,\u00a0\n * from 23.4 before 23.4R2-S3,\u00a0\n * from 24.2 before 24.2R1-S2, 24.2R2;\u00a0\n\n\n\n\nJunos OS Evolved:\u00a0\n\n\n\n * from 21.4-EVO before 21.4R3-S9-EVO,\u00a0\n * from 22.2-EVO before 22.2R3-S5-EVO,\u00a0\n * from 22.3-EVO before 22.3R3-S4-EVO,\u00a0\n * from 22.4-EVO before 22.4R3-S5-EVO,\u00a0\n * from 23.2-EVO before 23.2R2-S3-EVO,\u00a0\n * from 23.4-EVO before 23.4R2-S2-EVO,\u00a0\n * from 24.2-EVO before 24.2R1-S2-EVO, 24.2R2-EVO.\n\n\nThis issue does not affect versions of Junos OS prior to 21.3R1.\n\n\nThis issue does not affect versions of Junos OS Evolved prior to 21.3R1-EVO.\n\n\n\nThis is a similar, but different vulnerability than the issue reported as CVE-2024-39516."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:N/R:A/V:C/RE:M/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-27T22:00:26.801Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA92870"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: \u003cbr\u003eJunos OS: 21.4R3-S9, 22.2R3-S5, 22.3R3-S4, 22.4R3-S5, 23.2R2-S3, 23.4R2-S3, 24.2R1-S2, 24.2R2, 24.4R1, and all subsequent releases.\u003cbr\u003eJunos OS Evolved: 21.4R3-S9-EVO, 22.2R3-S5-EVO, 22.3R3-S4-EVO, 22.4R3-S5-EVO, 23.2R2-S3-EVO, 23.4R2-S2-EVO, 24.2R1-S2-EVO, 24.2R2-EVO, 24.4R1-EVO, and all subsequent releases.\u003cbr\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue: \nJunos OS: 21.4R3-S9, 22.2R3-S5, 22.3R3-S4, 22.4R3-S5, 23.2R2-S3, 23.4R2-S3, 24.2R1-S2, 24.2R2, 24.4R1, and all subsequent releases.\nJunos OS Evolved: 21.4R3-S9-EVO, 22.2R3-S5-EVO, 22.3R3-S4-EVO, 22.4R3-S5-EVO, 23.2R2-S3-EVO, 23.4R2-S2-EVO, 24.2R1-S2-EVO, 24.2R2-EVO, 24.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA92870",
"defect": [
"1823612"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2025-01-08T17:00:00.000Z",
"value": "Initial Publication"
},
{
"lang": "en",
"time": "2025-01-27T17:00:00.000Z",
"value": "Clarified that versions of Junos OS prior to 21.3R1 and Junos OS Evolved prior to 21.3R1-EVO are unaffected."
}
],
"title": "Junos OS and Junos OS Evolved: With certain BGP options enabled, receipt of specifically malformed BGP update causes RPD crash",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "If BGP traceoptions are enabled, and traffic engineering is not configured, disable BGP traceoptions if they are not being used for active troubleshooting."
}
],
"value": "If BGP traceoptions are enabled, and traffic engineering is not configured, disable BGP traceoptions if they are not being used for active troubleshooting."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2025-21600",
"datePublished": "2025-01-09T16:49:42.367Z",
"dateReserved": "2024-12-26T14:47:11.669Z",
"dateUpdated": "2025-01-27T22:00:26.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21602 (GCVE-0-2025-21602)
Vulnerability from cvelistv5 – Published: 2025-01-09 16:49 – Updated: 2025-01-09 19:22
VLAI
EPSS
Title
Junos OS and Junos OS Evolved: Receipt of specially crafted BGP update packet causes RPD crash
Summary
An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker sending a specific BGP update packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS).
Continuous receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.
This issue affects iBGP and eBGP, and both IPv4 and IPv6 are affected by this vulnerability.
This issue affects Junos OS:
* from 21.4 before 21.4R3-S9,
* from 22.2 before 22.2R3-S5,
* from 22.3 before 22.3R3-S4,
* from 22.4 before 22.4R3-S5,
* from 23.2 before 23.2R2-S3,
* from 23.4 before 23.4R2-S3,
* from 24.2 before 24.2R1-S2, 24.2R2;
This issue does not affect versions prior to 21.1R1.
Junos OS Evolved:
* from 21.4 before 21.4R3-S9-EVO,
* from 22.2 before 22.2R3-S5-EVO,
* from 22.3 before 22.3R3-S4-EVO,
* from 22.4 before 22.4R3-S5-EVO,
* from 23.2 before 23.2R2-S3-EVO,
* from 23.4 before 23.4R2-S3-EVO,
* from 24.2 before 24.2R1-S2-EVO, 24.2R2-EVO.
This issue does not affect versions prior to 21.1R1-EVO
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-755 - Improper Handling of Exceptional Conditions
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://supportportal.juniper.net/JSA92872 | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
21.4 , < 21.4R3-S9
(semver)
Affected: 22.2 , < 22.2R3-S5 (semver) Affected: 22.3 , < 22.3R3-S4 (semver) Affected: 22.4 , < 22.4R3-S5 (semver) Affected: 23.2 , < 23.2R2-S3 (semver) Affected: 23.4 , < 23.4R2-S3 (semver) Affected: 24.2 , < 24.2R1-S2, 24.2R2 (semver) Unaffected: 0 , < 21.3R1 (semver) |
|
| Juniper Networks | Junos OS Evolved |
Affected:
21.4 , < 21.4R3-S9-EVO
(semver)
Affected: 22.2 , < 22.2R3-S5-EVO (semver) Affected: 22.3 , < 22.3R3-S4-EVO (semver) Affected: 22.4 , < 22.4R3-S5-EVO (semver) Affected: 23.2 , < 23.2R2-S3-EVO (semver) Affected: 23.4 , < 23.4R2-S3-EVO (semver) Affected: 24.2 , < 24.2R1-S2-EVO, 24.2R2-EVO (semver) Unaffected: 0 , < 21.3R1-EVO (semver) |
Date Public
2025-01-08 17:00
Credits
Juniper SIRT would like to acknowledge and thank Craig Dods from Meta’s Infrastructure Security Engineering team for responsibly reporting this vulnerability.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21602",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-09T19:10:59.249131Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T19:22:10.606Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.4R3-S9",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S5",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S4",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S5",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S3",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R2-S3",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "24.2R1-S2, 24.2R2",
"status": "affected",
"version": "24.2",
"versionType": "semver"
},
{
"lessThan": "21.3R1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.4R3-S9-EVO",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S5-EVO",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S4-EVO",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S5-EVO",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S3-EVO",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R2-S3-EVO",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "24.2R1-S2-EVO, 24.2R2-EVO",
"status": "affected",
"version": "24.2",
"versionType": "semver"
},
{
"lessThan": "21.3R1-EVO",
"status": "unaffected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Juniper SIRT would like to acknowledge and thank Craig Dods from Meta\u2019s Infrastructure Security Engineering team for responsibly reporting this vulnerability."
}
],
"datePublic": "2025-01-08T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker sending a specific BGP update packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). \u003cbr\u003e\u003cbr\u003eContinuous receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.\u003cbr\u003e\u003cbr\u003eThis issue affects iBGP and eBGP, and both IPv4 and IPv6 are affected by this vulnerability.\u003cbr\u003e\u003cbr\u003e\u003cp\u003eThis issue affects Junos OS:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003efrom 21.4 before 21.4R3-S9,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S5,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.3 before 22.3R3-S4,\u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3-S5,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-S3,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R2-S3,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 24.2 before 24.2R1-S2, 24.2R2;\u0026nbsp;\u003c/li\u003e\u003c/ul\u003eThis issue does not affect versions prior to\u0026nbsp;21.1R1.\u003cbr\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eJunos OS Evolved:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003efrom 21.4 before 21.4R3-S9-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S5-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.3 before 22.3R3-S4-EVO,\u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3-S5-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-S3-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R2-S3-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 24.2 before 24.2R1-S2-EVO, 24.2R2-EVO.\u003c/li\u003e\u003c/ul\u003eThis issue does not affect versions prior to 21.1R1-EVO\u003cbr\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker sending a specific BGP update packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). \n\nContinuous receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.\n\nThis issue affects iBGP and eBGP, and both IPv4 and IPv6 are affected by this vulnerability.\n\nThis issue affects Junos OS:\u00a0\n\n\n\n * from 21.4 before 21.4R3-S9,\u00a0\n * from 22.2 before 22.2R3-S5,\u00a0\n * from 22.3 before 22.3R3-S4,\n * from 22.4 before 22.4R3-S5,\u00a0\n * from 23.2 before 23.2R2-S3,\u00a0\n * from 23.4 before 23.4R2-S3,\u00a0\n * from 24.2 before 24.2R1-S2, 24.2R2;\u00a0\n\n\nThis issue does not affect versions prior to\u00a021.1R1.\n\n\n\n\n\nJunos OS Evolved:\u00a0\n\n\n\n * from 21.4 before 21.4R3-S9-EVO,\u00a0\n * from 22.2 before 22.2R3-S5-EVO,\u00a0\n * from 22.3 before 22.3R3-S4-EVO,\n * from 22.4 before 22.4R3-S5-EVO,\u00a0\n * from 23.2 before 23.2R2-S3-EVO,\u00a0\n * from 23.4 before 23.4R2-S3-EVO,\u00a0\n * from 24.2 before 24.2R1-S2-EVO, 24.2R2-EVO.\n\n\nThis issue does not affect versions prior to 21.1R1-EVO"
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:N/R:A/V:C/RE:M/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755 Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T16:49:25.387Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA92872"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: \u003cbr\u003e\u003cbr\u003eJunos OS Evolved: 21.4R3-S9-EVO, 22.2R3-S5-EVO, 22.3R3-S4-EVO, 22.4R3-S5-EVO, 23.2R2-S3-EVO*, 23.4R2-S3-EVO, 24.2R1-S2-EVO, 24.2R2-EVO*, 24.4R1-EVO, and all subsequent releases. \u003cbr\u003e\u003cbr\u003eJunos OS: 21.4R3-S9, 22.2R3-S5, 22.3R3-S4, 22.4R3-S5, 23.2R2-S3*, 23.4R2-S3, 24.2R1-S2, 24.2R2*, 24.4R1, and all subsequent releases.\u003cbr\u003e\u003cbr\u003e* Future Release"
}
],
"value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS Evolved: 21.4R3-S9-EVO, 22.2R3-S5-EVO, 22.3R3-S4-EVO, 22.4R3-S5-EVO, 23.2R2-S3-EVO*, 23.4R2-S3-EVO, 24.2R1-S2-EVO, 24.2R2-EVO*, 24.4R1-EVO, and all subsequent releases. \n\nJunos OS: 21.4R3-S9, 22.2R3-S5, 22.3R3-S4, 22.4R3-S5, 23.2R2-S3*, 23.4R2-S3, 24.2R1-S2, 24.2R2*, 24.4R1, and all subsequent releases.\n\n* Future Release"
}
],
"source": {
"advisory": "JSA92872",
"defect": [
"1828380"
],
"discovery": "EXTERNAL"
},
"title": "Junos OS and Junos OS Evolved: Receipt of specially crafted BGP update packet causes RPD crash",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2025-21602",
"datePublished": "2025-01-09T16:49:25.387Z",
"dateReserved": "2024-12-26T14:47:11.670Z",
"dateUpdated": "2025-01-09T19:22:10.606Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…