CVE-2024-21595

HIGH
Published Jan 12, 2024 Modified Nov 21, 2024 CWE-1286

Description

An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). If an attacker sends high rate of specific ICMP traffic to a device with VXLAN configured, this causes a deadlock of the PFE and results in the device becoming unresponsive. A manual restart will be required to recover the device. This issue only affects EX4100, EX4400, EX4600, QFX5000 Series devices. This issue affects: Juniper Networks Junos OS * 21.4R3 versions earlier than 21.4R3-S4; * 22.1R3 versions earlier than 22.1R3-S3; * 22.2R2 versions earlier than 22.2R3-S1; * 22.3 versions earlier than 22.3R2-S2, 22.3R3; * 22.4 versions earlier than 22.4R2; * 23.1 versions earlier than 23.1R2.

CVSS v3.1 Score

7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Weakness Type (CWE)

CWE-1286 CWE-1286

Affected Products

Vendor Product
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper ex4100
juniper ex4400
juniper ex4600
juniper qfx5100
juniper qfx5100-96s
juniper qfx5110
juniper qfx5120
juniper qfx5130
juniper qfx5200
juniper qfx5200-32c
juniper qfx5200-48y
juniper qfx5210
juniper qfx5210-64c
juniper qfx5220
juniper qfx5700

References

Frequently Asked Questions

What is CVE-2024-21595? +
An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). If an attacker sends high rate of specific ICMP traffic to a device with VXLAN configured, this causes a deadlock of the PFE and results in the device becoming unresponsive. A manual restart will be required to recover the device. This issue only affects EX4100, EX4400, EX4600, QFX5000 Series devices. This issue affects: Juniper Networks Junos OS * 21.4R3 versions earlier than 21.4R3-S4; * 22.1R3 versions earlier than 22.1R3-S3; * 22.2R2 versions earlier than 22.2R3-S1; * 22.3 versions earlier than 22.3R2-S2, 22.3R3; * 22.4 versions earlier than 22.4R2; * 23.1 versions earlier than 23.1R2. It has a CVSS v3.1 base score of 7.5 (HIGH).
How severe is CVE-2024-21595? +
CVE-2024-21595 has a CVSS v3.1 score of 7.5 out of 10, rated HIGH. This is a high-severity vulnerability that should be prioritized for patching.
What products are affected by CVE-2024-21595? +
CVE-2024-21595 affects products from juniper, specifically: ex4100, ex4400, ex4600, junos, qfx5100, qfx5100-96s, qfx5110, qfx5120, qfx5130, qfx5200, qfx5200-32c, qfx5200-48y, qfx5210, qfx5210-64c, qfx5220, qfx5700. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2024-21595? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2026-0983

Denial-of-service condition in M-Files Server versions before 26.5.16015.0, before 26.2 LTS, and before 25.8 LTS SR3 allows an authenticated user …
CVE-2024-7954 9.8

The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A …
CVE-2025-41719 8.8

A low privileged remote attacker can corrupt the webserver users storage on the device by setting a sequence of unsupported …
CVE-2026-6442 8.3

Improper validation of bash commands in Snowflake Cortex Code CLI versions prior to 1.0.25 allowed subsequent commands to execute outside …
CVE-2024-26507 7.8

An issue in FinalWire AIRDA Extreme, AIDA64 Engineer, AIDA64 Business, AIDA64 Network Audit v.7.00.6700 and before allows a local attacker …
CVE-2024-3384 7.5

A vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to reboot PAN-OS firewalls when receiving Windows New …

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2024-21595 — free, no signup required.

Start Free Scan