fkie_cve-2025-21594
Vulnerability from fkie_nvd
Published
2025-04-09 20:15
Modified
2025-04-11 15:40
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
An Improper Check for Unusual or Exceptional Conditions vulnerability in the pfe (packet forwarding engine) of Juniper Networks Junos OS on MX Series causes a port within a pool to be blocked leading to Denial of Service (DoS). In a DS-Lite (Dual-Stack Lite) and NAT (Network Address Translation) scenario, when crafted IPv6 traffic is received and prefix-length is set to 56, the ports assigned to the user will not be freed.  Eventually, users cannot establish new connections. Affected FPC/PIC need to be manually restarted to recover. Following is the command to identify the issue:      user@host> show services nat source port-block      Host_IP                     External_IP                   Port_Block      Ports_Used/       Block_State/                                                               Range           Ports_Total       Left_Time(s)     2001::                        x.x.x.x                     58880-59391     256/256*1         Active/-       >>>>>>>>port still usedThis issue affects Junos OS on MX Series:  * from 21.2 before 21.2R3-S8,  * from 21.4 before 21.4R3-S7,  * from 22.1 before 22.1R3-S6,  * from 22.2 before 22.2R3-S4,  * from 22.3 before 22.3R3-S3,  * from 22.4 before 22.4R3-S2,  * from 23.2 before 23.2R2-S1,  * from 23.4 before 23.4R1-S2, 23.4R2. This issue does not affect versions before 20.2R1.
References
sirt@juniper.nethttps://supportportal.juniper.net/JSA96449
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the pfe (packet forwarding engine) of Juniper Networks Junos OS on MX Series causes a port within a pool to be blocked leading to Denial of Service (DoS).\n\nIn a DS-Lite (Dual-Stack Lite) and NAT (Network Address Translation) scenario, when crafted IPv6 traffic is received and\u00a0prefix-length is set to 56,\u00a0the ports assigned to the user will not be freed.\u00a0 Eventually, users cannot establish new connections. Affected FPC/PIC need to be manually restarted to recover.\nFollowing is the command to identify the issue:\u00a0\n\n\n\u00a0 \u00a0 user@host\u003e show services nat source port-block\u00a0\n\u2003\u2003\u2003\u2003Host_IP  \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0  External_IP  \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Port_Block\u00a0 \u00a0 \u00a0 Ports_Used/  \u00a0 \u00a0 \u00a0 Block_State/\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0  Range  \u00a0 \u00a0 \u00a0 \u00a0 \u00a0  Ports_Total  \u00a0 \u00a0 \u00a0 Left_Time(s)\n\u2003\u2003\u2003\u20032001::\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 x.x.x.x\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a058880-59391\u00a0 \u00a0 \u00a0256/256*1\u00a0 \u00a0 \u00a0 \u00a0 \u00a0Active/-  \u00a0 \u00a0 \u00a0 \u003e\u003e\u003e\u003e\u003e\u003e\u003e\u003eport still usedThis issue affects Junos OS on MX Series:\u00a0\n\n  *  from 21.2 before 21.2R3-S8,\u00a0\n  *  from 21.4 before 21.4R3-S7,\u00a0\n  *  from 22.1 before 22.1R3-S6,\u00a0\n  *  from 22.2 before 22.2R3-S4,\u00a0\n  *  from 22.3 before 22.3R3-S3,\u00a0\n  *  from 22.4 before 22.4R3-S2,\u00a0\n  *  from 23.2 before 23.2R2-S1,\u00a0\n  *  from 23.4 before 23.4R1-S2, 23.4R2.\n\n\nThis issue does not affect versions before 20.2R1."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de Comprobaci\u00f3n Incorrecta de Condiciones Inusuales o Excepcionales en el motor de reenv\u00edo de paquetes (pfe) de Juniper Networks Junos OS en la serie MX provoca el bloqueo de un puerto dentro de un pool, lo que provoca una denegaci\u00f3n de servicio (DoS). En un escenario de DS-Lite (Dual-Stack Lite) y NAT (Traducci\u00f3n de Direcciones de Red), al recibir tr\u00e1fico IPv6 manipulado y con una longitud de prefijo de 56, los puertos asignados al usuario no se liberan. Finalmente, los usuarios no pueden establecer nuevas conexiones. El FPC/PIC afectado debe reiniciarse manualmente para recuperarse. A continuaci\u00f3n se muestra el comando para identificar el problema: user@host\u0026gt; show services nat source port-block  ????Host_IP                     External_IP                   Port_Block      Ports_Used/       Block_State/                                                               Range           Ports_Total       Left_Time(s) ????2001::                        x.x.x.x                     58880-59391     256/256*1         Active/-       \u0026gt;\u0026gt;\u0026gt;\u0026gt;\u0026gt;\u0026gt;\u0026gt;\u0026gt;port still used Este problema afecta a Junos OS en la serie MX: * desde 21.2 antes de 21.2R3-S8, * desde 21.4 antes de 21.4R3-S7, * desde 22.1 antes de 22.1R3-S6, * desde 22.2 antes de 22.2R3-S4, * desde 22.3 antes de 22.3R3-S3, * desde 22.4 antes de 22.4R3-S2, * desde 23.2 antes de 23.2R2-S1, * desde 23.4 anteriores a 23.4R1-S2 y 23.4R2. Este problema no afecta a las versiones anteriores a 20.2R1."
    }
  ],
  "id": "CVE-2025-21594",
  "lastModified": "2025-04-11T15:40:10.277",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "sirt@juniper.net",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "USER",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 8.7,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "LOW",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:U/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "HIGH",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "NONE",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "sirt@juniper.net",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-04-09T20:15:25.620",
  "references": [
    {
      "source": "sirt@juniper.net",
      "url": "https://supportportal.juniper.net/JSA96449"
    }
  ],
  "sourceIdentifier": "sirt@juniper.net",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-754"
        }
      ],
      "source": "sirt@juniper.net",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.