Critical Flaw in Juniper Networks Software Allows Remote Denial of Service Attacks

CVECVE-2024-21612
CVSScvssV3_1: 7.5
SourceCVE-2024-21612

Juniper Networks Junos OS software is prone to a vulnerability that can allow remote attackers to cause denial of service without authentication.

The Object Flooding Protocol (OFP) service in Juniper Networks Junos OS is improperly handling syntactically invalid TCP packets. When specific malicious packets are received on an open OFP port, it causes the OFP service to crash, restarting the Routine Engine (RE) component and leading to a sustained denial of service.

This issue affects all versions of Juniper Networks Junos OS Evolved software prior to certain versions released in 2021 and 2022. Remote attackers can exploit this by simply sending crafted TCP packets to exposed OFP ports to trigger crashes and denial of service.

If you are a Juniper Networks customer, you should immediately update your Junos OS Evolved installation to the latest version to apply the fix. Also consider firewall rules to block unnecessary inbound traffic to OFP ports as a mitigation. Regular patching is critical to protect against vulnerabilities like this that can disrupt your network availability from external threats.

References