Certain Juniper Networks Routers Vulnerable to Denial of Service Attacks

CVECVE-2024-21595
CVSScvssV3_1: 7.5
SourceCVE-2024-21595

Juniper Networks routers running specific versions of Junos OS are vulnerable to denial of service attacks from unauthenticated remote attackers. The vulnerability lies in the Packet Forwarding Engine (PFE) that processes network traffic on affected devices.

An attacker can exploit this by sending a high rate of specially crafted ICMP packets to routers with VXLAN configured. This can cause the PFE to deadlock and make the router completely unresponsive, requiring a manual restart to recover.

Device models like EX4100, EX4400, EX4600 and QFX5000 series running versions prior to the latest updates are vulnerable. This leaves networks relying on these routers open to downtime if hit with a denial of service attack.

It is recommended that network administrators using affected Juniper routers apply the latest security patches as soon as possible. Keeping devices up to date will prevent exploits of known issues. Proper network segmentation and filtering of ICMP traffic can also reduce exposure to such attacks. Vigilance against emerging threats is key to maintaining uptime and protecting critical network infrastructure.

References