CVE-2024-21585— Juniper Networks Junos OS 和 Junos OS Evolved 安全漏洞
新しい脆弱性情報の通知を購読するログインして購読
I. CVE-2024-21585の基本情報
脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗ 高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
Junos OS and Junos OS Evolved: BGP session flaps on NSR-enabled devices can cause rpd crash
ソース: NVD (National Vulnerability Database)
脆弱性説明
An Improper Handling of Exceptional Conditions vulnerability in BGP session processing of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker, using specific timing outside the attacker's control, to flap BGP sessions and cause the routing protocol daemon (rpd) process to crash and restart, leading to a Denial of Service (DoS) condition. Continued BGP session flapping will create a sustained Denial of Service (DoS) condition. This issue only affects routers configured with non-stop routing (NSR) enabled. Graceful Restart (GR) helper mode, enabled by default, is also required for this issue to be exploitable. Note: NSR is not supported on the SRX Series and is therefore not affected by this vulnerability. When the BGP session flaps on the NSR-enabled router, the device enters GR-helper/LLGR-helper mode due to the peer having negotiated GR/LLGR-restarter capability and the backup BGP requests for replication of the GR/LLGR-helper session, master BGP schedules, and initiates replication of GR/LLGR stale routes to the backup BGP. In this state, if the BGP session with the BGP peer comes up again, unsolicited replication is initiated for the peer without cleaning up the ongoing GR/LLGR-helper mode replication. This parallel two instances of replication for the same peer leads to the assert if the BGP session flaps again. This issue affects: Juniper Networks Junos OS * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R2-S2, 22.4R3; * 23.2 versions earlier than 23.2R1-S1, 23.2R2. Juniper Networks Junos OS Evolved * All versions earlier than 21.3R3-S5-EVO; * 21.4 versions earlier than 21.4R3-S5-EVO; * 22.1 versions earlier than 22.1R3-S4-EVO; * 22.2 versions earlier than 22.2R3-S3-EVO; * 22.3 versions earlier than 22.3R3-S1-EVO; * 22.4 versions earlier than 22.4R2-S2-EVO, 22.4R3-EVO; * 23.2 versions earlier than 23.2R1-S1-EVO, 23.2R2-EVO.
ソース: NVD (National Vulnerability Database)
CVSS情報
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
对异常条件的处理不恰当
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
Juniper Networks Junos OS 和 Junos OS Evolved 安全漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
Juniper Networks Junos OS和Juniper Networks Junos OS Evolved都是美国瞻博网络(Juniper Networks)公司的产品。Juniper Networks Junos OS是一套专用于该公司的硬件设备的网络操作系统。该操作系统提供了安全编程接口和Junos SDK。Juniper Networks Junos OS Evolved是Junos OS 的升级版系统。 Juniper Networks Junos OS 和 Junos OS Evol
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)
影響を受ける製品
| ベンダー | プロダクト | 影響を受けるバージョン | CPE | 購読 |
|---|---|---|---|---|
| Juniper Networks | Junos OS | 0 ~ 20.4R3-S9 | - | |
| Juniper Networks | Junos OS Evolved | 0 ~ 21.3R3-S5-EVO | - |
II. CVE-2024-21585の公開POC
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|
AI生成POCプレミアム
公開POCは見つかりませんでした。
ログインしてAI POCを生成III. CVE-2024-21585のインテリジェンス情報
请登录查看更多情报信息。
- Common Vulnerability Scoring System Version 4.0 Calculatortechnical-description
- https://nvd.nist.gov/vuln/detail/CVE-2024-21585
Same Patch Batch · Juniper Networks · 2024-01-12 · 23 CVEs total
| CVE-2024-21591 | 9.8 CRITICAL | Junos OS: SRX Series and EX Series: Security Vulnerability in J-web allows a preAuth Remot |
| CVE-2024-21616 | 7.5 HIGH | Junos OS: MX Series and SRX Series: Processing of a specific SIP packet causes NAT IP allo |
| CVE-2024-21614 | 7.5 HIGH | Junos OS and Junos OS Evolved: A specific query via DREND causes rpd crash |
| CVE-2024-21612 | 7.5 HIGH | Junos OS Evolved: Specific TCP traffic causes OFP core and restart of RE |
| CVE-2024-21611 | 7.5 HIGH | Junos OS and Junos OS Evolved: In a jflow scenario continuous route churn will cause a mem |
| CVE-2024-21606 | 7.5 HIGH | Junos OS: SRX Series: When "tcp-encap" is configured and specific packets are received flo |
| CVE-2024-21604 | 7.5 HIGH | Junos OS Evolved: A high rate of specific traffic will cause a complete system outage |
| CVE-2024-21602 | 7.5 HIGH | Junos OS Evolved: ACX7024, ACX7100-32C and ACX7100-48L: Traffic stops when a specific IPv4 |
| CVE-2024-21595 | 7.5 HIGH | Junos OS: EX4100, EX4400, EX4600, QFX5000 Series: A high rate of specific ICMP traffic wil |
| CVE-2024-21589 | 7.4 HIGH | Paragon Active Assurance Control Center: Information disclosure vulnerability |
| CVE-2023-36842 | 6.5 MEDIUM | Junos OS: jdhcpd will hang on receiving a specific DHCP packet |
| CVE-2024-21617 | 6.5 MEDIUM | Junos OS: BGP flap on NSR-enabled devices causes memory leak |
| CVE-2024-21587 | 6.5 MEDIUM | Junos OS: MX Series: Memory leak in bbe-smgd process if BFD liveness detection for DHCP su |
| CVE-2024-21599 | 6.5 MEDIUM | Junos OS: MX Series: MPC3E memory leak with PTP configuration |
| CVE-2024-21600 | 6.5 MEDIUM | Junos OS: PTX Series: In an FTI scenario MPLS packets hitting reject next-hop will cause a |
| CVE-2024-21603 | 6.5 MEDIUM | Junos OS: MX Series: Gathering statistics in a scaled SCU/DCU configuration will lead to a |
| CVE-2024-21613 | 6.5 MEDIUM | Junos OS and Junos OS Evolved: A link flap causes patroot memory leak which leads to rpd c |
| CVE-2024-21601 | 5.9 MEDIUM | Junos OS: SRX Series: Due to an error in processing TCP events flowd will crash |
| CVE-2024-21594 | 5.5 MEDIUM | Junos OS: SRX 5000 Series: Repeated execution of a specific CLI command causes a flowd cra |
| CVE-2024-21597 | 5.3 MEDIUM | Junos OS: MX Series: In an AF scenario traffic can bypass configured lo0 firewall filters |
Showing 20 of 23 CVEs. View all on vendor page →
IV. 関連脆弱性
同じ製品: Junos OS
- CVE-2026-33791
Junos OS and Junos OS Evolved: Execution of crafted CLI comm - CVE-2026-33790
Junos OS: SRX Series: In a NAT64 configuration, receipt of a - CVE-2026-33787
Junos OS: SRX1500, SRX4100, SRX4200, SRX4600: When a specifi - CVE-2026-33785
Junos OS: MX Series: Missing Authorization for specific 'req - CVE-2026-33781
Junos OS: EX Series, QFX Series: In a VXLAN scenario when sp
同じベンダー: Juniper Networks
- CVE-2026-33791
Junos OS and Junos OS Evolved: Execution of crafted CLI comm - CVE-2026-33790
Junos OS: SRX Series: In a NAT64 configuration, receipt of a - CVE-2026-33787
Junos OS: SRX1500, SRX4100, SRX4200, SRX4600: When a specifi - CVE-2026-33785
Junos OS: MX Series: Missing Authorization for specific 'req - CVE-2026-33784
JSI Virtual Lightweight Collector: Default password is not r
同じ弱点: CWE-755
- CVE-2026-23666
.NET Framework Denial of Service Vulnerability - CVE-2026-40074
SvelteKit's invalidated redirect in handle hook causes Denia - CVE-2026-28542
Huawei EMUI和Huawei HarmonyOS 安全漏洞 - CVE-2026-27195
Wasmtime is vulnerable to panic when dropping a `[Typed]Func - CVE-2026-27586
Caddy's mTLS client authentication silently fails open when
V. CVE-2024-21585へのコメント
まだコメントはありません