Action not permitted
Modal body text goes here.
Modal Title
Modal Body
wid-sec-w-2025-0777
Vulnerability from csaf_certbund
Published
2025-04-09 22:00
Modified
2025-04-09 22:00
Summary
Juniper JUNOS: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
JUNOS ist das "Juniper Network Operating System", das in Juniper Appliances verwendet wird.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Juniper JUNOS ausnutzen, um einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen preiszugeben und möglicherweise beliebigen Code auszuführen.
Betroffene Betriebssysteme
- Sonstiges
- UNIX
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "JUNOS ist das \"Juniper Network Operating System\", das in Juniper Appliances verwendet wird.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Juniper JUNOS ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen preiszugeben und m\u00f6glicherweise beliebigen Code auszuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0777 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0777.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0777 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0777"
},
{
"category": "external",
"summary": "Juniper Security Bulletin vom 2025-04-09",
"url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-An-unauthenticated-adjacent-attacker-sending-a-malformed-DHCP-packet-causes-jdhcpd-to-crash-CVE-2025-21591"
},
{
"category": "external",
"summary": "Juniper Security Bulletin vom 2025-04-09",
"url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-MX-Series-In-DS-lite-and-NAT-senario-receipt-of-crafted-IPv4-traffic-causes-port-block-CVE-2025-21594"
},
{
"category": "external",
"summary": "Juniper Security Bulletin vom 2025-04-09",
"url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-an-EVPN-VXLAN-scenario-specific-ARP-or-NDP-packets-cause-FPC-to-crash-CVE-2025-21595"
},
{
"category": "external",
"summary": "Juniper Security Bulletin vom 2025-04-09",
"url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-SRX-and-EX-Series-MX240-MX480-MX960-QFX5120-Series-When-web-management-is-enabled-for-specific-services-an-attacker-may-cause-a-CPU-spike-by-sending-genuine-packets-to-the-device-CVE-2025-21601"
},
{
"category": "external",
"summary": "Juniper Security Bulletin vom 2025-04-09",
"url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-EX2300-EX3400-EX4000-Series-QFX5k-Series-Receipt-of-a-specific-DHCP-packet-causes-FPC-crash-when-DHCP-Option-82-is-enabled-CVE-2025-30644"
},
{
"category": "external",
"summary": "Juniper Security Bulletin vom 2025-04-09",
"url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-SRX-Series-Transmission-of-specific-control-traffic-sent-out-of-a-DS-Lite-tunnel-results-in-flowd-crash-CVE-2025-30645"
},
{
"category": "external",
"summary": "Juniper Security Bulletin vom 2025-04-09",
"url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-malformed-LLDP-TLV-results-in-l2cpd-crash-CVE-2025-30646"
},
{
"category": "external",
"summary": "Juniper Security Bulletin vom 2025-04-09",
"url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-MX-Series-Subscriber-login-logout-activity-will-lead-to-a-memory-leak-CVE-2025-30647"
},
{
"category": "external",
"summary": "Juniper Security Bulletin vom 2025-04-09",
"url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-specifically-malformed-DHCP-packet-causes-jdhcpd-process-to-crash-CVE-2025-30648"
},
{
"category": "external",
"summary": "Juniper Security Bulletin vom 2025-04-09",
"url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-specific-ICMPv6-packet-causes-a-memory-overrun-leading-to-an-rpd-crash-CVE-2025-30651"
},
{
"category": "external",
"summary": "Juniper Security Bulletin vom 2025-04-09",
"url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Executing-a-specific-CLI-command-when-asregex-optimized-is-configured-causes-an-RPD-crash-CVE-2025-30652"
},
{
"category": "external",
"summary": "Juniper Security Bulletin vom 2025-04-09",
"url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-LSP-flap-in-a-specific-MPLS-LSP-scenario-leads-to-RPD-crash-CVE-2025-30653"
},
{
"category": "external",
"summary": "Juniper Security Bulletin vom 2025-04-09",
"url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-local-low-privileged-user-can-access-sensitive-information-CVE-2025-30654"
},
{
"category": "external",
"summary": "Juniper Security Bulletin vom 2025-04-09",
"url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-specific-CLI-command-will-cause-a-RPD-crash-when-rib-sharding-and-update-threading-is-enabled-CVE-2025-30655"
},
{
"category": "external",
"summary": "Juniper Security Bulletin vom 2025-04-09",
"url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-MX-Series-SRX-Series-Processing-of-specific-SIP-INVITE-messages-by-the-SIP-ALG-will-lead-to-an-FPC-crash-CVE-2025-30656"
},
{
"category": "external",
"summary": "Juniper Security Bulletin vom 2025-04-09",
"url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-Processing-of-a-specific-BGP-update-causes-the-SRRD-process-to-crash-CVE-2025-30657"
},
{
"category": "external",
"summary": "Juniper Security Bulletin vom 2025-04-09",
"url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-SRX-Series-On-devices-with-Anti-Virus-enabled-malicious-server-responses-will-cause-memory-to-leak-ultimately-causing-forwarding-to-stop-CVE-2025-30658"
},
{
"category": "external",
"summary": "Juniper Security Bulletin vom 2025-04-09",
"url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-SRX-Series-A-device-configured-for-vector-routing-crashes-when-receiving-specific-traffic-CVE-2025-30659"
},
{
"category": "external",
"summary": "Juniper Security Bulletin vom 2025-04-09",
"url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-MX-Series-Decapsulation-of-specific-GRE-packets-leads-to-PFE-reset-CVE-2025-30660"
},
{
"category": "external",
"summary": "Juniper Security Bulletin vom 2025-04-09",
"url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-When-BGP-rib-sharding-and-update-threading-are-configured-and-a-peer-flaps-an-rpd-core-is-observed?language=en_US"
}
],
"source_lang": "en-US",
"title": "Juniper JUNOS: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-04-09T22:00:00.000+00:00",
"generator": {
"date": "2025-04-10T11:20:03.755+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-0777",
"initial_release_date": "2025-04-09T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-04-09T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Juniper JUNOS",
"product": {
"name": "Juniper JUNOS",
"product_id": "T042690",
"product_identification_helper": {
"cpe": "cpe:/o:juniper:junos:-"
}
}
},
{
"category": "product_version",
"name": "Evolved",
"product": {
"name": "Juniper JUNOS Evolved",
"product_id": "T042696",
"product_identification_helper": {
"cpe": "cpe:/o:juniper:junos:evolved"
}
}
}
],
"category": "product_name",
"name": "JUNOS"
}
],
"category": "vendor",
"name": "Juniper"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-21591",
"product_status": {
"known_affected": [
"T042696",
"T042690"
]
},
"release_date": "2025-04-09T22:00:00.000+00:00",
"title": "CVE-2025-21591"
},
{
"cve": "CVE-2025-21594",
"product_status": {
"known_affected": [
"T042696",
"T042690"
]
},
"release_date": "2025-04-09T22:00:00.000+00:00",
"title": "CVE-2025-21594"
},
{
"cve": "CVE-2025-21595",
"product_status": {
"known_affected": [
"T042696",
"T042690"
]
},
"release_date": "2025-04-09T22:00:00.000+00:00",
"title": "CVE-2025-21595"
},
{
"cve": "CVE-2025-21597",
"product_status": {
"known_affected": [
"T042696",
"T042690"
]
},
"release_date": "2025-04-09T22:00:00.000+00:00",
"title": "CVE-2025-21597"
},
{
"cve": "CVE-2025-21601",
"product_status": {
"known_affected": [
"T042696",
"T042690"
]
},
"release_date": "2025-04-09T22:00:00.000+00:00",
"title": "CVE-2025-21601"
},
{
"cve": "CVE-2025-30644",
"product_status": {
"known_affected": [
"T042696",
"T042690"
]
},
"release_date": "2025-04-09T22:00:00.000+00:00",
"title": "CVE-2025-30644"
},
{
"cve": "CVE-2025-30645",
"product_status": {
"known_affected": [
"T042696",
"T042690"
]
},
"release_date": "2025-04-09T22:00:00.000+00:00",
"title": "CVE-2025-30645"
},
{
"cve": "CVE-2025-30646",
"product_status": {
"known_affected": [
"T042696",
"T042690"
]
},
"release_date": "2025-04-09T22:00:00.000+00:00",
"title": "CVE-2025-30646"
},
{
"cve": "CVE-2025-30647",
"product_status": {
"known_affected": [
"T042696",
"T042690"
]
},
"release_date": "2025-04-09T22:00:00.000+00:00",
"title": "CVE-2025-30647"
},
{
"cve": "CVE-2025-30648",
"product_status": {
"known_affected": [
"T042696",
"T042690"
]
},
"release_date": "2025-04-09T22:00:00.000+00:00",
"title": "CVE-2025-30648"
},
{
"cve": "CVE-2025-30649",
"product_status": {
"known_affected": [
"T042696",
"T042690"
]
},
"release_date": "2025-04-09T22:00:00.000+00:00",
"title": "CVE-2025-30649"
},
{
"cve": "CVE-2025-30651",
"product_status": {
"known_affected": [
"T042696",
"T042690"
]
},
"release_date": "2025-04-09T22:00:00.000+00:00",
"title": "CVE-2025-30651"
},
{
"cve": "CVE-2025-30652",
"product_status": {
"known_affected": [
"T042696",
"T042690"
]
},
"release_date": "2025-04-09T22:00:00.000+00:00",
"title": "CVE-2025-30652"
},
{
"cve": "CVE-2025-30653",
"product_status": {
"known_affected": [
"T042696",
"T042690"
]
},
"release_date": "2025-04-09T22:00:00.000+00:00",
"title": "CVE-2025-30653"
},
{
"cve": "CVE-2025-30654",
"product_status": {
"known_affected": [
"T042696",
"T042690"
]
},
"release_date": "2025-04-09T22:00:00.000+00:00",
"title": "CVE-2025-30654"
},
{
"cve": "CVE-2025-30655",
"product_status": {
"known_affected": [
"T042696",
"T042690"
]
},
"release_date": "2025-04-09T22:00:00.000+00:00",
"title": "CVE-2025-30655"
},
{
"cve": "CVE-2025-30656",
"product_status": {
"known_affected": [
"T042696",
"T042690"
]
},
"release_date": "2025-04-09T22:00:00.000+00:00",
"title": "CVE-2025-30656"
},
{
"cve": "CVE-2025-30657",
"product_status": {
"known_affected": [
"T042696",
"T042690"
]
},
"release_date": "2025-04-09T22:00:00.000+00:00",
"title": "CVE-2025-30657"
},
{
"cve": "CVE-2025-30658",
"product_status": {
"known_affected": [
"T042696",
"T042690"
]
},
"release_date": "2025-04-09T22:00:00.000+00:00",
"title": "CVE-2025-30658"
},
{
"cve": "CVE-2025-30659",
"product_status": {
"known_affected": [
"T042696",
"T042690"
]
},
"release_date": "2025-04-09T22:00:00.000+00:00",
"title": "CVE-2025-30659"
},
{
"cve": "CVE-2025-30660",
"product_status": {
"known_affected": [
"T042696",
"T042690"
]
},
"release_date": "2025-04-09T22:00:00.000+00:00",
"title": "CVE-2025-30660"
}
]
}
CVE-2025-30654 (GCVE-0-2025-30654)
Vulnerability from cvelistv5
Published
2025-04-09 20:00
Modified
2025-04-09 20:40
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
6.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Summary
An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the User Interface (UI) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged, authenticated attacker with access to the CLI to access sensitive information.
Through the execution of a specific show mgd command, a user with limited permissions (e.g., a low-privileged login class user) can access sensitive information such as hashed passwords, that can be used to further impact the system.
This issue affects Junos OS: * All versions before 21.4R3-S10,
* from 22.2 before 22.2R3-S5,
* from 22.4 before 22.4R3-S5,
* from 23.2 before 23.2R2-S3,
* from 23.4 before 23.4R2-S3.
Junos OS Evolved:
* All versions before 21.4R3-S10-EVO,
* from 22.2-EVO before 22.2R3-S6-EVO,
* from 22.4-EVO before 22.4R3-S5-EVO,
* from 23.2-EVO before 23.2R2-S3-EVO,
* from 23.4-EVO before 23.4R2-S3-EVO.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Juniper Networks | Junos OS |
Version: 0 ≤ Version: 22.2 ≤ Version: 22.4 ≤ Version: 23.2 ≤ Version: 23.4 ≤ |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30654",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T20:40:20.427551Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T20:40:40.786Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.4R3-S10",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S5",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S5",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S3",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R2-S3",
"status": "affected",
"version": "23.4",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.4R3-S10-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S6-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S5-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S3-EVO",
"status": "affected",
"version": "23.2-EVO",
"versionType": "semver"
},
{
"lessThan": "23.4R2-S3-EVO",
"status": "affected",
"version": "23.4-EVO",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-04-09T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the User Interface (UI) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged, authenticated attacker with access to the CLI to access \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003esensitive information.\u0026nbsp;\u003cbr\u003e\u003cbr\u003eThrough the execution of a specific show mgd command, a user with limited permissions (e.g., a low-privileged login class user) can access sensitive information \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003esuch as hashed passwords,\u0026nbsp;\u003c/span\u003ethat can be used to further impact the system.\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e\u003cbr\u003eThis issue affects Junos OS:\u0026nbsp;\u003cul\u003e\u003cli\u003eAll versions before 21.4R3-S10,\u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S5,\u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3-S5,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-S3,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R2-S3.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eJunos OS Evolved:\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAll versions before 21.4R3-S10-EVO,\u003c/span\u003e\u003c/li\u003e\u003cli\u003efrom 22.2-EVO before 22.2R3-S6-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003efrom 22.4-EVO before 22.4R3-S5-EVO,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003efrom 23.2-EVO before \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e23.2R2-S3-EVO\u003c/span\u003e,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003efrom 23.4-EVO before 23.4R2-S3-EVO.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the User Interface (UI) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged, authenticated attacker with access to the CLI to access sensitive information.\u00a0\n\nThrough the execution of a specific show mgd command, a user with limited permissions (e.g., a low-privileged login class user) can access sensitive information such as hashed passwords,\u00a0that can be used to further impact the system.\n\n\nThis issue affects Junos OS:\u00a0 * All versions before 21.4R3-S10,\n * from 22.2 before 22.2R3-S5,\n * from 22.4 before 22.4R3-S5,\u00a0\n * from 23.2 before 23.2R2-S3,\u00a0\n * from 23.4 before 23.4R2-S3.\n\n\n\n\n\nJunos OS Evolved:\u00a0\n\n * All versions before 21.4R3-S10-EVO,\n * from 22.2-EVO before 22.2R3-S6-EVO,\u00a0\n * from 22.4-EVO before 22.4R3-S5-EVO,\u00a0\n * from 23.2-EVO before 23.2R2-S3-EVO,\u00a0\n * from 23.4-EVO before 23.4R2-S3-EVO."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T20:00:36.618Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA96464"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue:\u003cbr\u003e\u003cbr\u003eJunos OS: 21.4R3-S10, 22.2R3-S6, 22.4R3-S5, \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e23.2R2-S3,\u0026nbsp;\u003c/span\u003e23.4R2-S3, 24.2R1, and all subsequent releases.\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eJunos OS Evolved: 22.4R3-S5-EVO, \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e23.2R2-S3-EVO,\u0026nbsp;\u003c/span\u003e23.4R2-S3-EVO, 24.2R1-EVO,\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eand all subsequent releases.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 21.4R3-S10, 22.2R3-S6, 22.4R3-S5, 23.2R2-S3,\u00a023.4R2-S3, 24.2R1, and all subsequent releases.\n\nJunos OS Evolved: 22.4R3-S5-EVO, 23.2R2-S3-EVO,\u00a023.4R2-S3-EVO, 24.2R1-EVO,\u00a0and all subsequent releases."
}
],
"source": {
"advisory": "JSA96464",
"defect": [
"1807742"
],
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2025-04-09T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Junos OS and Junos OS Evolved: A local, low privileged user can access sensitive information",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.\u003cbr\u003e"
}
],
"value": "Use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2025-30654",
"datePublished": "2025-04-09T20:00:36.618Z",
"dateReserved": "2025-03-24T19:34:11.322Z",
"dateUpdated": "2025-04-09T20:40:40.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-30648 (GCVE-0-2025-30648)
Vulnerability from cvelistv5
Published
2025-04-09 19:54
Modified
2025-04-09 20:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
An Improper Input Validation vulnerability in the Juniper DHCP Daemon (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause the jdhcpd process to crash resulting in a Denial of Service (DoS).
When a specifically malformed DHCP packet is received from a DHCP client, the jdhcpd process crashes, which will lead to the unavailability of the DHCP service and thereby resulting in a sustained DoS. The DHCP process will restart automatically to recover the service.
This issue will occur when dhcp-security is enabled.
This issue affects Junos OS:
* All versions before 21.2R3-S9,
* from 21.4 before 21.4R3-S10,
* from 22.2 before 22.2R3-S6,
* from 22.4 before 22.4R3-S6,
* from 23.2 before 23.2R2-S3,
* from 23.4 before 23.4R2-S4,
* from 24.2 before 24.2R2;
Junos OS Evolved: * from 22.4 before 22.4R3-S6-EVO,
* from 23.2 before 23.2R2-S3-EVO,
* from 23.4 before 23.4R2-S4-EVO,
* from 24.2 before 24.2R2-EVO.
.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Juniper Networks | Junos OS |
Version: 0 ≤ Version: 21.4 ≤ Version: 22.2 ≤ Version: 22.4 ≤ Version: 23.2 ≤ Version: 23.4 ≤ Version: 24.2 ≤ |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30648",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T20:05:56.597700Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T20:06:17.698Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S9",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S10",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S6",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S6",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S3",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R2-S4",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "24.2R2",
"status": "affected",
"version": "24.2",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "22.4R3-S6-EVO",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S3-EVO",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R2-S4-EVO",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "24.2R2-EVO",
"status": "affected",
"version": "24.2",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is seen when dhcp-security is enabled:\u003cbr\u003e\u0026nbsp;\u003cbr\u003e\u003ctt\u003e[ vlans \u0026lt;vlan-name\u0026gt; forwarding-options dhcp-security ]\u003c/tt\u003e"
}
],
"value": "This issue is seen when dhcp-security is enabled:\n\u00a0\n[ vlans \u003cvlan-name\u003e forwarding-options dhcp-security ]"
}
],
"datePublic": "2025-04-09T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn Improper Input Validation vulnerability in the\u0026nbsp;\u003c/span\u003eJuniper DHCP Daemon (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause the jdhcpd process to crash resulting in a Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003eWhen a specifically malformed DHCP packet is received from a DHCP client, the jdhcpd process crashes, which\u0026nbsp;\u003cspan style=\"background-color: rgb(251, 251, 251);\"\u003ewill lead to the unavailability of the DHCP service and thereby resulting in a sustained DoS.\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eThe DHCP process will restart automatically \u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eto recover the service.\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003eThis issue will occur when\u0026nbsp;dhcp-security is enabled.\u0026nbsp;\u003cbr\u003e\u003c/span\u003e\u003cp\u003eThis issue affects Junos OS:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.2R3-S9,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 21.4 before 21.4R3-S10,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S6,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3-S6,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-S3,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R2-S4,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 24.2 before 24.2R2;\u0026nbsp;\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003eJunos OS Evolved:\u0026nbsp;\u003cul\u003e\u003cli\u003efrom 22.4 before 22.4R3-S6-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-S3-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R2-S4-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 24.2 before 24.2R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e.\u003c/p\u003e"
}
],
"value": "An Improper Input Validation vulnerability in the\u00a0Juniper DHCP Daemon (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause the jdhcpd process to crash resulting in a Denial of Service (DoS).\n\nWhen a specifically malformed DHCP packet is received from a DHCP client, the jdhcpd process crashes, which\u00a0will lead to the unavailability of the DHCP service and thereby resulting in a sustained DoS.\u00a0The DHCP process will restart automatically to recover the service.\n\nThis issue will occur when\u00a0dhcp-security is enabled.\u00a0\nThis issue affects Junos OS:\u00a0\n\n\n\n * All versions before 21.2R3-S9,\u00a0\n * from 21.4 before 21.4R3-S10,\u00a0\n * from 22.2 before 22.2R3-S6,\u00a0\n * from 22.4 before 22.4R3-S6,\u00a0\n * from 23.2 before 23.2R2-S3,\u00a0\n * from 23.4 before 23.4R2-S4,\u00a0\n * from 24.2 before 24.2R2;\u00a0\n\n\n\n\nJunos OS Evolved:\u00a0 * from 22.4 before 22.4R3-S6-EVO,\u00a0\n * from 23.2 before 23.2R2-S3-EVO,\u00a0\n * from 23.4 before 23.4R2-S4-EVO,\u00a0\n * from 24.2 before 24.2R2-EVO.\n\n\n\n\n."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/R:A",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T19:54:41.339Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA96458"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: \u003cbr\u003e\u003cbr\u003eJunos OS Evolved: 22.4R3-S6-EVO, 23.2R2-S3-EVO, 23.4R2-S4-EVO, 24.2R2-EVO, 24.4R1-EVO, and all\u0026nbsp;subsequent releases.\u003cbr\u003e\u003cbr\u003eJunos: 21.2R3-S9, 21.4R3-S10, 22.2R3-S6, 22.4R3-S6, 23.2R2-S3, 23.4R2-S4, 24.2R2, 24.4R1, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS Evolved: 22.4R3-S6-EVO, 23.2R2-S3-EVO, 23.4R2-S4-EVO, 24.2R2-EVO, 24.4R1-EVO, and all\u00a0subsequent releases.\n\nJunos: 21.2R3-S9, 21.4R3-S10, 22.2R3-S6, 22.4R3-S6, 23.2R2-S3, 23.4R2-S4, 24.2R2, 24.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA96458",
"defect": [
"1842682"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2025-04-09T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Junos OS and Junos OS Evolved: Receipt of a specifically malformed DHCP packet causes jdhcpd process to crash",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2025-30648",
"datePublished": "2025-04-09T19:54:41.339Z",
"dateReserved": "2025-03-24T19:34:11.321Z",
"dateUpdated": "2025-04-09T20:06:17.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-30646 (GCVE-0-2025-30646)
Vulnerability from cvelistv5
Published
2025-04-09 19:53
Modified
2025-04-09 20:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-195 - Signed to Unsigned Conversion Error
Summary
A Signed to Unsigned Conversion Error vulnerability in the Layer 2 Control Protocol daemon (l2cpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated adjacent attacker sending a specifically malformed LLDP TLV to cause the l2cpd process to crash and restart, causing a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.
When an LLDP telemetry subscription is active, receipt of a specifically malformed LLDP TLV causes the l2cpd process to crash and restart.
This issue affects:
Junos OS:
* All versions before 21.2R3-S9,
* from 21.4 before 21.4R3-S10,
* from 22.2 before 22.2R3-S6,
* from 22.4 before 22.4R3-S6,
* from 23.2 before 23.2R2-S3,
* from 23.4 before 23.4R2-S4,
* from 24.2 before 24.2R2;
Junos OS Evolved:
* All versions before 21.4R3-S10-EVO,
* from 22.2-EVO before 22.2R3-S6-EVO,
* from 22.4-EVO before 22.4R3-S6-EVO,
* from 23.2-EVO before 23.2R2-S3-EVO,
* from 23.4-EVO before 23.4R2-S4-EVO,
* from 24.2-EVO before 24.2R2-EVO.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Juniper Networks | Junos OS |
Version: 0 ≤ Version: 21.4 ≤ Version: 22.2 ≤ Version: 22.4 ≤ Version: 23.2 ≤ Version: 23.4 ≤ Version: 24.2 ≤ |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30646",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T20:39:38.876844Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T20:39:47.342Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S9",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S10",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S6",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S6",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S3",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R2-S4",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "24.2R2",
"status": "affected",
"version": "24.2",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.4R3-S10-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S6-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S6-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S3-EVO",
"status": "affected",
"version": "23.2-EVO",
"versionType": "semver"
},
{
"lessThan": "23.4R2-S4-EVO",
"status": "affected",
"version": "23.4-EVO",
"versionType": "semver"
},
{
"lessThan": "24.2R2-EVO",
"status": "affected",
"version": "24.2-EVO",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Only systems configured for LLDP with active telemetry subscriptions are vulnerable to this issue:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ protocols lldp ]\u003c/tt\u003e\u003cbr\u003e\u003cbr\u003eand:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ system services extension-service request-response ]\u003c/tt\u003e"
}
],
"value": "Only systems configured for LLDP with active telemetry subscriptions are vulnerable to this issue:\n\n[ protocols lldp ]\n\nand:\n\n[ system services extension-service request-response ]"
}
],
"datePublic": "2025-04-09T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Signed to Unsigned Conversion Error vulnerability in the Layer 2 Control Protocol daemon (l2cpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated adjacent attacker sending a specifically malformed LLDP TLV to cause the l2cpd process to crash and restart, causing a Denial of Service (DoS).\u0026nbsp; Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.\u003cbr\u003e\u003cbr\u003eWhen an LLDP telemetry subscription is active, receipt of a specifically malformed LLDP TLV causes the l2cpd process to crash and restart.\u003cbr\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJunos OS: \u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.2R3-S9,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 21.4 before 21.4R3-S10,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S6,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3-S6,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-S3,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R2-S4,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 24.2 before 24.2R2;\u0026nbsp;\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eJunos OS Evolved:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.4R3-S10-EVO,\u003c/li\u003e\u003cli\u003efrom 22.2-EVO before 22.2R3-S6-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.4-EVO before 22.4R3-S6-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.2-EVO before 23.2R2-S3-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.4-EVO before 23.4R2-S4-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 24.2-EVO before 24.2R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "A Signed to Unsigned Conversion Error vulnerability in the Layer 2 Control Protocol daemon (l2cpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated adjacent attacker sending a specifically malformed LLDP TLV to cause the l2cpd process to crash and restart, causing a Denial of Service (DoS).\u00a0 Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.\n\nWhen an LLDP telemetry subscription is active, receipt of a specifically malformed LLDP TLV causes the l2cpd process to crash and restart.\n\n\n\nThis issue affects:\n\nJunos OS: \n\n\n * All versions before 21.2R3-S9,\u00a0\n * from 21.4 before 21.4R3-S10,\u00a0\n * from 22.2 before 22.2R3-S6,\u00a0\n * from 22.4 before 22.4R3-S6,\u00a0\n * from 23.2 before 23.2R2-S3,\u00a0\n * from 23.4 before 23.4R2-S4,\u00a0\n * from 24.2 before 24.2R2;\u00a0\n\n\n\n\nJunos OS Evolved:\u00a0\n\n\n\n * All versions before 21.4R3-S10-EVO,\n * from 22.2-EVO before 22.2R3-S6-EVO,\u00a0\n * from 22.4-EVO before 22.4R3-S6-EVO,\u00a0\n * from 23.2-EVO before 23.2R2-S3-EVO,\u00a0\n * from 23.4-EVO before 23.4R2-S4-EVO,\u00a0\n * from 24.2-EVO before 24.2R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/V:C/RE:M",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-195",
"description": "CWE-195 Signed to Unsigned Conversion Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T19:53:27.087Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA96456"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue:\u0026nbsp;\u003cbr\u003eJunos OS: 21.2R3-S9, 21.4R3-S10, 22.2R3-S6, 22.4R3-S6, 23.2R2-S3, 23.4R2-S4, 24.2R2, 24.4R1, and all subsequent releases.\u003cbr\u003eJunos OS Evolved: 21.4R3-S10-EVO, 22.2R3-S6-EVO, 22.4R3-S6-EVO, 23.2R2-S3-EVO, 23.4R2-S4-EVO, 24.2R2-EVO, 24.4R1-EVO, and all subsequent releases.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue:\u00a0\nJunos OS: 21.2R3-S9, 21.4R3-S10, 22.2R3-S6, 22.4R3-S6, 23.2R2-S3, 23.4R2-S4, 24.2R2, 24.4R1, and all subsequent releases.\nJunos OS Evolved: 21.4R3-S10-EVO, 22.2R3-S6-EVO, 22.4R3-S6-EVO, 23.2R2-S3-EVO, 23.4R2-S4-EVO, 24.2R2-EVO, 24.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA96456",
"defect": [
"1845098"
],
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2025-04-09T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Junos OS and Junos OS Evolved: Receipt of a malformed LLDP TLV results in l2cpd crash",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2025-30646",
"datePublished": "2025-04-09T19:53:27.087Z",
"dateReserved": "2025-03-24T19:34:11.320Z",
"dateUpdated": "2025-04-09T20:39:47.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21601 (GCVE-0-2025-21601)
Vulnerability from cvelistv5
Published
2025-04-09 19:51
Modified
2025-04-15 20:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- 573 - Improper Following of Specification by Caller
Summary
An Improper Following of Specification by Caller vulnerability in web management (J-Web, Captive Portal, 802.1X, Juniper Secure Connect (JSC) of Juniper Networks Junos OS on SRX Series, EX Series, MX240, MX480, MX960, QFX5120 Series, allows an unauthenticated, network-based attacker, sending genuine traffic targeted to the device to cause the CPU to climb until the device becomes unresponsive.
Continuous receipt of these packets will create a sustained Denial of Service (DoS) condition.
This issue affects Junos OS:
* All versions before 21.4R3-S9,
* from 22.2 before 22.2R3-S5,
* from 22.4 before 22.4R3-S4,
* from 23.2 before 23.2R2-S3,
* from 23.4 before 23.4R2-S3,
* from 24.2 before 24.2R1-S1, 24.2R2.
An indicator of compromise is to review the CPU % of the httpd process in the CLI:
e.g.
show system processes extensive | match httpd PID nobody 52 0 20M 191M select 2 0:01 80.00% httpd{httpd} <<<<< the percentage of httpd usage if high may be an indicator
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Version: 0 ≤ Version: 22.2 ≤ Version: 22.4 ≤ Version: 23.2 ≤ Version: 23.4 ≤ Version: 24.2 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21601",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-10T13:11:29.847130Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-573",
"description": "CWE-573 Improper Following of Specification by Caller",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T20:30:05.134Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"J-Web",
"Captive Portal",
"802.1X",
"Juniper Secure Connect (JSC)",
"Firewall Authentication"
],
"packageName": "AppWeb",
"platforms": [
"SRX Series",
"EX Series",
"MX240",
"MX480",
"MX960",
"QFX5120 Series"
],
"product": "Junos OS",
"programRoutines": [
{
"name": "Mbedthis AppWeb"
}
],
"repo": "https://www.embedthis.com/appweb",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.4R3-S9",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S5",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S4",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S3",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R2-S3",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "24.2R1-S1, 24.2R2",
"status": "affected",
"version": "24.2",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following minimal configuration is necessary:\u003c/p\u003e\u003ccode\u003e\u0026nbsp; [ system services web-management ]\u003c/code\u003e"
}
],
"value": "The following minimal configuration is necessary:\n\n\u00a0 [ system services web-management ]"
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Alexander Zielke with VegaSystems GmbH \u0026 Co. KG"
}
],
"datePublic": "2025-04-09T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Following of Specification by Caller vulnerability in web management (J-Web, Captive Portal, 802.1X, Juniper Secure Connect (JSC) of\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003eJuniper Networks Junos OS on SRX Series, EX Series, MX240, MX480, MX960, QFX5120 Series, allows an\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;un\u003c/span\u003eauthenticated, network-based attacker, sending genuine traffic targeted to the device to cause the CPU to climb until the device becomes unresponsive. \u003cbr\u003e\u003cbr\u003eContinuous receipt of these packets will create a sustained Denial of Service (DoS) condition.\u003cbr\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Junos OS:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.4R3-S9,\u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S5,\u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3-S4,\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-S3,\u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R2-S3,\u003c/li\u003e\u003cli\u003efrom 24.2 before 24.2R1-S1, 24.2R2.\u003c/li\u003e\u003c/ul\u003eAn indicator of compromise is to review the CPU % of the httpd process in the CLI:\u003cbr\u003ee.g.\u003cbr\u003e\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;show system processes extensive | match httpd\u003c/span\u003e\u003cp\u003e\u003cstrong\u003e\u0026nbsp; \u003c/strong\u003ePID nobody \u0026nbsp; \u0026nbsp; \u0026nbsp; 52 \u0026nbsp; 0 \u0026nbsp; 20M\u0026nbsp; \u0026nbsp; 191M select \u0026nbsp; 2 \u0026nbsp; 0:01 \u0026nbsp; 80.00% httpd{httpd} \u003cstrong\u003e\u0026lt;\u0026lt;\u0026lt;\u0026lt;\u0026lt; the percentage of httpd usage if high may be an indicator\u003c/strong\u003e\u003c/p\u003e"
}
],
"value": "An Improper Following of Specification by Caller vulnerability in web management (J-Web, Captive Portal, 802.1X, Juniper Secure Connect (JSC) of\u00a0Juniper Networks Junos OS on SRX Series, EX Series, MX240, MX480, MX960, QFX5120 Series, allows an\u00a0unauthenticated, network-based attacker, sending genuine traffic targeted to the device to cause the CPU to climb until the device becomes unresponsive. \n\nContinuous receipt of these packets will create a sustained Denial of Service (DoS) condition.\n\n\n\n\nThis issue affects Junos OS:\u00a0\n\n\n\n * All versions before 21.4R3-S9,\n * from 22.2 before 22.2R3-S5,\n * from 22.4 before 22.4R3-S4,\n * from 23.2 before 23.2R2-S3,\n * from 23.4 before 23.4R2-S3,\n * from 24.2 before 24.2R1-S1, 24.2R2.\n\n\nAn indicator of compromise is to review the CPU % of the httpd process in the CLI:\ne.g.\n\u00a0\u00a0show system processes extensive | match httpd\u00a0 PID nobody \u00a0 \u00a0 \u00a0 52 \u00a0 0 \u00a0 20M\u00a0 \u00a0 191M select \u00a0 2 \u00a0 0:01 \u00a0 80.00% httpd{httpd} \u003c\u003c\u003c\u003c\u003c the percentage of httpd usage if high may be an indicator"
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/V:C/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "573 - Improper Following of Specification by Caller",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T19:51:36.325Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA96452"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS: 21.4R3-S9, 22.2R3-S5, 22.4R3-S4, 23.2R2-S3, 23.4R2-S3, 24.2R1-S1, 24.2R2, 24.4R1, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue: Junos OS: 21.4R3-S9, 22.2R3-S5, 22.4R3-S4, 23.2R2-S3, 23.4R2-S3, 24.2R1-S1, 24.2R2, 24.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA96452",
"defect": [
"1827265"
],
"discovery": "USER"
},
"timeline": [
{
"lang": "en",
"time": "2025-04-09T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Junos OS: SRX and EX Series, MX240, MX480, MX960, QFX5120 Series: When web management is enabled for specific services an attacker may cause a CPU spike by sending genuine packets to the device",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue.\u003cbr\u003e\u003cbr\u003eTo reduce the risk of exploitation use authentication when using web management services.\u003cbr\u003e"
}
],
"value": "There are no known workarounds for this issue.\n\nTo reduce the risk of exploitation use authentication when using web management services."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2025-21601",
"datePublished": "2025-04-09T19:51:36.325Z",
"dateReserved": "2024-12-26T14:47:11.670Z",
"dateUpdated": "2025-04-15T20:30:05.134Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-30652 (GCVE-0-2025-30652)
Vulnerability from cvelistv5
Published
2025-04-09 19:57
Modified
2025-04-09 20:33
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/R:A
6.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/R:A
VLAI Severity ?
EPSS score ?
CWE
- CWE-755 - Improper Handling of Exceptional Conditions
Summary
An Improper Handling of Exceptional Conditions vulnerability in routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker executing a CLI command to cause a Denial of Service (DoS).
When asregex-optimized is configured and a specific "show route as-path" CLI command is executed, the rpd crashes and restarts. Repeated execution of this command will cause a sustained DoS condition.
This issue affects Junos OS:
* All versions before 21.2R3-S9,
* from 21.4 before 21.4R3-S10,
* from 22.2 before 22.2R3-S6,
* from 22.4 before 22.4R3-S6,
* from 23.2 before 23.2R2-S3,
* from 23.4 before 23.4R2-S4,
* from 24.2 before 24.2R2.
and Junos OS Evolved:
* All versions before 21.2R3-S9-EVO,
* from 21.4-EVO before 21.4R3-S10-EVO,
* from 22.2-EVO before 22.2R3-S6-EVO,
* from 22.4-EVO before 22.4R3-S6-EVO,
* from 23.2-EVO before 23.2R2-S3-EVO,
* from 23.4-EVO before 23.4R2-S4-EVO,
* from 24.2-EVO before 24.2R2-EVO.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Juniper Networks | Junos OS |
Version: 0 ≤ Version: 21.4 ≤ Version: 22.2 ≤ Version: 22.4 ≤ Version: 23.2 ≤ Version: 23.4 ≤ Version: 24.2 ≤ |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30652",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T20:33:13.671866Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T20:33:23.314Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S9",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S10",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S6",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S6",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S3",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R2-S4",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "24.2R2",
"status": "affected",
"version": "24.2",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S9-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S10-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S6-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S6-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S3-EVO",
"status": "affected",
"version": "23.2-EVO",
"versionType": "semver"
},
{
"lessThan": "23.4R2-S4-EVO",
"status": "affected",
"version": "23.4-EVO",
"versionType": "semver"
},
{
"lessThan": "24.2R2-EVO",
"status": "affected",
"version": "24.2-EVO",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Required configuration for exposure:\u003cbr\u003e\u003ctt\u003e[ edit policy-options defaults ]\u003cbr\u003e\u003c/tt\u003e\u003ctt\u003e[\u0026nbsp;asregex-optimize optimize ]\u003c/tt\u003e\u003cbr\u003e"
}
],
"value": "Required configuration for exposure:\n[ edit policy-options defaults ]\n[\u00a0asregex-optimize optimize ]"
}
],
"datePublic": "2025-04-09T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Handling of Exceptional Conditions vulnerability in routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker executing a CLI command to cause a Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003eWhen\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003easregex-optimized is configured and a specific \"show route as-path\"\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCLI command \u003c/span\u003e is executed, the rpd crashes and restarts. Repeated execution of this command will cause a sustained DoS condition.\u003c/span\u003e\u003cbr\u003e\u003cp\u003eThis issue affects Junos OS: \u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.2R3-S9, \u003c/li\u003e\u003cli\u003efrom 21.4 before 21.4R3-S10, \u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S6, \u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3-S6, \u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-S3, \u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R2-S4, \u003c/li\u003e\u003cli\u003efrom 24.2 before 24.2R2.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003eand Junos OS Evolved: \u003cbr\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.2R3-S9-EVO, \u003c/li\u003e\u003cli\u003efrom 21.4-EVO before 21.4R3-S10-EVO, \u003c/li\u003e\u003cli\u003efrom 22.2-EVO before 22.2R3-S6-EVO, \u003c/li\u003e\u003cli\u003efrom 22.4-EVO before 22.4R3-S6-EVO, \u003c/li\u003e\u003cli\u003efrom 23.2-EVO before 23.2R2-S3-EVO, \u003c/li\u003e\u003cli\u003efrom 23.4-EVO before 23.4R2-S4-EVO, \u003c/li\u003e\u003cli\u003efrom 24.2-EVO before 24.2R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "An Improper Handling of Exceptional Conditions vulnerability in routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker executing a CLI command to cause a Denial of Service (DoS).\n\nWhen\u00a0asregex-optimized is configured and a specific \"show route as-path\"\u00a0CLI command is executed, the rpd crashes and restarts. Repeated execution of this command will cause a sustained DoS condition.\nThis issue affects Junos OS: \n\n\n * All versions before 21.2R3-S9, \n * from 21.4 before 21.4R3-S10, \n * from 22.2 before 22.2R3-S6, \n * from 22.4 before 22.4R3-S6, \n * from 23.2 before 23.2R2-S3, \n * from 23.4 before 23.4R2-S4, \n * from 24.2 before 24.2R2.\n\n\n\nand Junos OS Evolved: \n * All versions before 21.2R3-S9-EVO, \n * from 21.4-EVO before 21.4R3-S10-EVO, \n * from 22.2-EVO before 22.2R3-S6-EVO, \n * from 22.4-EVO before 22.4R3-S6-EVO, \n * from 23.2-EVO before 23.2R2-S3-EVO, \n * from 23.4-EVO before 23.4R2-S4-EVO, \n * from 24.2-EVO before 24.2R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/R:A",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755 Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T19:57:01.859Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA96462"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue:\u003cbr\u003eJunos OS: 21.2R3-S9, 21.4R3-S10, 22.2R3-S6, 22.4R3-S6, 23.2R2-S3, 23.4R2-S4, 24.2R2, 24.4R1, and all subsequent releases.\u003cbr\u003eJunos OS Evolved: 21.2R3-S9-EVO, 21.4R3-S10-EVO, 22.2R3-S6-EVO, 22.4R3-S6-EVO, 23.2R2-S3-EVO, 23.4R2-S4-EVO, 24.2R2-EVO, 24.4R1-EVO, and all subsequent releases.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue:\nJunos OS: 21.2R3-S9, 21.4R3-S10, 22.2R3-S6, 22.4R3-S6, 23.2R2-S3, 23.4R2-S4, 24.2R2, 24.4R1, and all subsequent releases.\nJunos OS Evolved: 21.2R3-S9-EVO, 21.4R3-S10-EVO, 22.2R3-S6-EVO, 22.4R3-S6-EVO, 23.2R2-S3-EVO, 23.4R2-S4-EVO, 24.2R2-EVO, 24.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA96462",
"defect": [
"1848929"
],
"discovery": "USER"
},
"timeline": [
{
"lang": "en",
"time": "2025-04-09T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Junos OS and Junos OS Evolved: Executing a specific CLI command when asregex-optimized is configured causes an rpd crash",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.\u003cbr\u003e\u003cbr\u003eUtilize CLI authorization to disallow execution of the \u0027show route as-path\u0027 command.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.\n\nUtilize CLI authorization to disallow execution of the \u0027show route as-path\u0027 command."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2025-30652",
"datePublished": "2025-04-09T19:57:01.859Z",
"dateReserved": "2025-03-24T19:34:11.322Z",
"dateUpdated": "2025-04-09T20:33:23.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-30655 (GCVE-0-2025-30655)
Vulnerability from cvelistv5
Published
2025-04-09 20:01
Modified
2025-04-09 20:35
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
6.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Summary
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to cause a Denial-of-Service (DoS).
When a specific "show bgp neighbor" CLI command is run, the rpd cpu utilization rises and eventually causes a crash and restart. Repeated use of this command will cause a sustained DoS condition.
The device is only affected if BGP RIB sharding and update-threading is enabled.
This issue affects Junos OS:
* All versions before 21.2R3-S9,
* from 21.4 before 21.4R3-S8,
* from 22.2 before 22.2R3-S6,
* from 22.4 before 22.4R3-S2,
* from 23.2 before 23.2R2-S3,
* from 23.4 before 23.4R2.
and Junos OS Evolved:
* All versions before 21.2R3-S9-EVO,
* from 21.4-EVO before 21.4R3-S8-EVO,
* from 22.2-EVO before 22.2R3-S6-EVO,
* from 22.4-EVO before 22.4R3-S2-EVO,
* from 23.2-EVO before 23.2R2-S3-EVO,
* from 23.4-EVO before 23.4R2-EVO.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Juniper Networks | Junos OS |
Version: 0 ≤ Version: 21.4 ≤ Version: 22.2 ≤ Version: 22.4 ≤ Version: 23.2 ≤ Version: 23.4 ≤ |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30655",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T20:30:14.651561Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T20:35:13.421Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S9",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S8",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S6",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S2",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S3",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R2",
"status": "affected",
"version": "23.4",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S9-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S8-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S6-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S2-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S3-EVO",
"status": "affected",
"version": "23.2-EVO",
"versionType": "semver"
},
{
"lessThan": "23.4R2-EVO",
"status": "affected",
"version": "23.4-EVO",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following configuration is required on the device for it to be affected:\u003cbr\u003e\u003ctt\u003e[ system processes routing bgp rib-sharding ]\u003cbr\u003e[ system processes routing bgp \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eupdate-threading\u003c/span\u003e ]\u003c/tt\u003e"
}
],
"value": "The following configuration is required on the device for it to be affected:\n[ system processes routing bgp rib-sharding ]\n[ system processes routing bgp update-threading ]"
}
],
"datePublic": "2025-04-09T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to cause a Denial-of-Service (DoS).\u003cbr\u003e\u003cbr\u003eWhen a specific \"\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eshow bgp neighbor\"\u003c/span\u003e \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCLI command\u0026nbsp;\u003c/span\u003eis run, the rpd cpu utilization rises and eventually causes a crash and restart. Repeated use of this command will cause a sustained DoS condition.\u0026nbsp;\u003cbr\u003e\u003cbr\u003eThe device is only affected if BGP RIB sharding and update-threading is enabled.\u003cbr\u003e\u003cp\u003eThis issue affects Junos OS:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.2R3-S9,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 21.4 before 21.4R3-S8,\u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S6,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3-S2,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-S3,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eand Junos OS Evolved:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.2R3-S9-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 21.4-EVO before 21.4R3-S8-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.2-EVO before 22.2R3-S6-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.4-EVO before 22.4R3-S2-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.2-EVO before 23.2R2-S3-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.4-EVO before 23.4R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to cause a Denial-of-Service (DoS).\n\nWhen a specific \"show bgp neighbor\" CLI command\u00a0is run, the rpd cpu utilization rises and eventually causes a crash and restart. Repeated use of this command will cause a sustained DoS condition.\u00a0\n\nThe device is only affected if BGP RIB sharding and update-threading is enabled.\nThis issue affects Junos OS:\u00a0\n\n\n\n * All versions before 21.2R3-S9,\u00a0\n * from 21.4 before 21.4R3-S8,\n * from 22.2 before 22.2R3-S6,\u00a0\n * from 22.4 before 22.4R3-S2,\u00a0\n * from 23.2 before 23.2R2-S3,\u00a0\n * from 23.4 before 23.4R2.\n\n\nand Junos OS Evolved:\u00a0\n\n\n\n * All versions before 21.2R3-S9-EVO,\u00a0\n * from 21.4-EVO before 21.4R3-S8-EVO,\u00a0\n * from 22.2-EVO before 22.2R3-S6-EVO,\u00a0\n * from 22.4-EVO before 22.4R3-S2-EVO,\u00a0\n * from 23.2-EVO before 23.2R2-S3-EVO,\u00a0\n * from 23.4-EVO before 23.4R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T20:01:15.300Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA96465"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: \u003cbr\u003eJunos OS Evolved: 21.2R3-S9-EVO, 21.4R3-S8-EVO,\u0026nbsp;22.2R3-S6-EVO, 22.4R3-S2-EVO, 23.2R2-S3-EVO, 23.4R2-EVO, 24.2R1-EVO.\u003cbr\u003eJunos OS: 21.2R3-S9, 21.4R3-S8,\u0026nbsp;22.2R3-S6, 22.4R3-S2, 23.2R2-S3, 23.4R2, 24.2R1, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue: \nJunos OS Evolved: 21.2R3-S9-EVO, 21.4R3-S8-EVO,\u00a022.2R3-S6-EVO, 22.4R3-S2-EVO, 23.2R2-S3-EVO, 23.4R2-EVO, 24.2R1-EVO.\nJunos OS: 21.2R3-S9, 21.4R3-S8,\u00a022.2R3-S6, 22.4R3-S2, 23.2R2-S3, 23.4R2, 24.2R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA96465",
"defect": [
"1797777"
],
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2025-04-09T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Junos OS and Junos OS Evolved: A specific CLI command will cause an RPD crash when rib-sharding and update-threading is enabled",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue.\u003cbr\u003eUse access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.\u003cbr\u003e"
}
],
"value": "There are no known workarounds for this issue.\nUse access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2025-30655",
"datePublished": "2025-04-09T20:01:15.300Z",
"dateReserved": "2025-03-24T19:34:11.322Z",
"dateUpdated": "2025-04-09T20:35:13.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-30653 (GCVE-0-2025-30653)
Vulnerability from cvelistv5
Published
2025-04-09 19:57
Modified
2025-04-09 20:32
Severity ?
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.0 (Medium) - CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
6.0 (Medium) - CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
VLAI Severity ?
EPSS score ?
CWE
- CWE-825 - Expired Pointer Dereference
Summary
An Expired Pointer Dereference vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause Denial of Service (DoS).On all Junos OS and Junos OS Evolved platforms, when an MPLS Label-Switched Path (LSP) is configured with node-link-protection and transport-class, and an LSP flaps, rpd crashes and restarts. Continuous flapping of LSP can cause a sustained Denial of Service (DoS) condition.
This issue affects:
Junos OS:
* All versions before 22.2R3-S4,
* 22.4 versions before 22.4R3-S2,
* 23.2 versions before 23.2R2,
* 23.4 versions before 23.4R2.
Junos OS Evolved:
* All versions before 22.2R3-S4-EVO,
* 22.4-EVO versions before 22.4R3-S2-EVO,
* 23.2-EVO versions before 23.2R2-EVO,
* 23.4-EVO versions before 23.4R2-EVO.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Juniper Networks | Junos OS |
Version: 0 ≤ Version: 22.4 ≤ Version: 23.2 ≤ Version: 23.4 ≤ |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30653",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T20:32:27.137092Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T20:32:41.398Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "22.2R3-S4",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S2",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R2",
"status": "affected",
"version": "23.4",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "22.2R3-S4-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S2-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
},
{
"lessThan": "23.2R2-EVO",
"status": "affected",
"version": "23.2-EVO",
"versionType": "semver"
},
{
"lessThan": "23.4R2-EVO",
"status": "affected",
"version": "23.4-EVO",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eFor this issue to occur, MPLS LSP needs to be configured with node-link-protection and transport-class. The tunnel\nneeds to be configured with both primary (strict hops) and secondary (partially strict hops) paths.\u003cbr\u003e\u003cbr\u003e[ protocols mpls label-switched-path tunnel-\u0026lt;name\u0026gt; node-link-protection ]\u003cbr\u003e[ protocols mpls label-switched-path tunnel-\u0026lt;name\u0026gt; adaptive ]\u003cbr\u003e[ protocols mpls label-switched-path tunnel-\u0026lt;name\u0026gt;\u0026nbsp;primary \u0026lt;route1_name\u0026gt; ]\u003cbr\u003e[ protocols mpls label-switched-path tunnel-\u0026lt;name\u0026gt; secondary \u0026lt;route2_name\u0026gt; ]\u003cbr\u003e[ protocols mpls label-switched-path tunnel-\u0026lt;name\u0026gt; transport-class \u0026lt;name\u0026gt; ]\u003c/p\u003e"
}
],
"value": "For this issue to occur, MPLS LSP needs to be configured with node-link-protection and transport-class. The tunnel\nneeds to be configured with both primary (strict hops) and secondary (partially strict hops) paths.\n\n[ protocols mpls label-switched-path tunnel-\u003cname\u003e node-link-protection ]\n[ protocols mpls label-switched-path tunnel-\u003cname\u003e adaptive ]\n[ protocols mpls label-switched-path tunnel-\u003cname\u003e\u00a0primary \u003croute1_name\u003e ]\n[ protocols mpls label-switched-path tunnel-\u003cname\u003e secondary \u003croute2_name\u003e ]\n[ protocols mpls label-switched-path tunnel-\u003cname\u003e transport-class \u003cname\u003e ]"
}
],
"datePublic": "2025-04-09T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Expired Pointer Dereference vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause Denial of Service (DoS).\u003cp\u003eOn all Junos OS and Junos OS Evolved platforms, when an MPLS Label-Switched Path (LSP) is configured with node-link-protection and transport-class, and an LSP flaps, rpd crashes and restarts. Continuous flapping of LSP can cause a sustained Denial of Service (DoS) condition.\u003c/p\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJunos OS:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 22.2R3-S4,\u003cbr\u003e\u003c/li\u003e\u003cli\u003e22.4 versions before 22.4R3-S2,\u003cbr\u003e\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R2,\u003cbr\u003e\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2.\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eJunos OS Evolved:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 22.2R3-S4-EVO,\u003cbr\u003e\u003c/li\u003e\u003cli\u003e22.4-EVO versions before 22.4R3-S2-EVO,\u003cbr\u003e\u003c/li\u003e\u003cli\u003e23.2-EVO versions before 23.2R2-EVO,\u003cbr\u003e\u003c/li\u003e\u003cli\u003e23.4-EVO versions before 23.4R2-EVO.\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "An Expired Pointer Dereference vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause Denial of Service (DoS).On all Junos OS and Junos OS Evolved platforms, when an MPLS Label-Switched Path (LSP) is configured with node-link-protection and transport-class, and an LSP flaps, rpd crashes and restarts. Continuous flapping of LSP can cause a sustained Denial of Service (DoS) condition.\n\nThis issue affects:\n\nJunos OS:\n\n\n\n * All versions before 22.2R3-S4,\n\n * 22.4 versions before 22.4R3-S2,\n\n * 23.2 versions before 23.2R2,\n\n * 23.4 versions before 23.4R2.\n\n\n\n\n\nJunos OS Evolved:\n\n\n\n * All versions before 22.2R3-S4-EVO,\n\n * 22.4-EVO versions before 22.4R3-S2-EVO,\n\n * 23.2-EVO versions before 23.2R2-EVO,\n\n * 23.4-EVO versions before 23.4R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-825",
"description": "CWE-825 Expired Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T19:57:37.713Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA96463"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue:\u003cbr\u003e\u003cbr\u003eJunos OS:\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e22.2R3-S4, 22.4R3-S2, 23.2R2, 23.4R2, 24.2R1,\u0026nbsp;and all subsequent releases.\u003cbr\u003e\u003c/span\u003e\u003cbr\u003eJunos OS Evolved: 22.2R3-S4-EVO, 22.4R3-S2-EVO, 23.2R2-EVO, 23.4R2-EVO, 24.2R1-EVO, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS:\u00a022.2R3-S4, 22.4R3-S2, 23.2R2, 23.4R2, 24.2R1,\u00a0and all subsequent releases.\n\nJunos OS Evolved: 22.2R3-S4-EVO, 22.4R3-S2-EVO, 23.2R2-EVO, 23.4R2-EVO, 24.2R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA96463",
"defect": [
"1788445"
],
"discovery": "USER"
},
"timeline": [
{
"lang": "en",
"time": "2025-04-09T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Junos OS and Junos OS Evolved: LSP flap in a specific MPLS scenario leads to rpd crash",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2025-30653",
"datePublished": "2025-04-09T19:57:37.713Z",
"dateReserved": "2025-03-24T19:34:11.322Z",
"dateUpdated": "2025-04-09T20:32:41.398Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-30660 (GCVE-0-2025-30660)
Vulnerability from cvelistv5
Published
2025-04-09 20:05
Modified
2025-04-09 20:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Summary
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).When processing a high rate of specific GRE traffic destined to the device, the respective PFE will hang causing traffic forwarding to stop.
When this issue occurs the following logs can be observed:
<fpc #> MQSS(0): LI-3: Received a parcel with more than 512B accompanying data
CHASSISD_FPC_ASIC_ERROR: ASIC Error detected <...>
This issue affects Junos OS:
* all versions before 21.2R3-S9,
* 21.4 versions before 21.4R3-S8,
* 22.2 versions before 22.2R3-S4,
* 22.4 versions before 22.4R3-S5,
* 23.2 versions before 23.2R2-S2,
* 23.4 versions before 23.4R2.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Version: 0 ≤ Version: 21.4 ≤ Version: 22.2 ≤ Version: 22.4 ≤ Version: 23.2 ≤ Version: 23.4 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30660",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T20:29:51.260047Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T20:29:59.919Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"MX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S9",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S8",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S4",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S5",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S2",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R2",
"status": "affected",
"version": "23.4",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-04-09T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\u003cp\u003eWhen processing a high rate of specific GRE traffic destined to the device, the respective P\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eFE will hang causing traffic forwarding to stop. \u003c/span\u003e\n\n\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWhen this issue occurs the following logs can be observed:\u003c/span\u003e\u003c/p\u003e \u003ctt\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026lt;fpc #\u0026gt; MQSS(0): LI-3: Received a parcel with more than 512B\u0026nbsp;accompanying data \u003cbr\u003e\u003c/span\u003e\u003c/tt\u003e\u003ctt\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCHASSISD_FPC_ASIC_ERROR: ASIC Error detected \u0026lt;...\u0026gt;\u003c/span\u003e\u003c/tt\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Junos OS:\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 21.2R3-S9,\u003c/li\u003e\u003cli\u003e21.4 versions before 21.4R3-S8,\u003c/li\u003e\u003cli\u003e22.2 versions before 22.2R3-S4,\u003c/li\u003e\u003cli\u003e22.4 versions before 22.4R3-S5,\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R2-S2,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
}
],
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).When processing a high rate of specific GRE traffic destined to the device, the respective PFE will hang causing traffic forwarding to stop. \n\n\n\nWhen this issue occurs the following logs can be observed:\n\n \u003cfpc #\u003e MQSS(0): LI-3: Received a parcel with more than 512B\u00a0accompanying data \nCHASSISD_FPC_ASIC_ERROR: ASIC Error detected \u003c...\u003e\n\n\nThis issue affects Junos OS:\n\n * all versions before 21.2R3-S9,\n * 21.4 versions before 21.4R3-S8,\n * 22.2 versions before 22.2R3-S4,\n * 22.4 versions before 22.4R3-S5,\n * 23.2 versions before 23.2R2-S2,\n * 23.4 versions before 23.4R2."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/RE:M",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T20:05:25.345Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA96471"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: 21.2R3-S9, 21.4R3-S8, 22.2R3-S4, 22.4R3-S5, 23.2R2-S2, 23.4R2, 24.2R1, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue: 21.2R3-S9, 21.4R3-S8, 22.2R3-S4, 22.4R3-S5, 23.2R2-S2, 23.4R2, 24.2R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA96471",
"defect": [
"1784246"
],
"discovery": "USER"
},
"timeline": [
{
"lang": "en",
"time": "2025-04-09T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Junos OS: MX Series: Decapsulation of specific GRE packets leads to PFE reset",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2025-30660",
"datePublished": "2025-04-09T20:05:25.345Z",
"dateReserved": "2025-03-24T19:34:11.323Z",
"dateUpdated": "2025-04-09T20:29:59.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-30647 (GCVE-0-2025-30647)
Vulnerability from cvelistv5
Published
2025-04-09 19:53
Modified
2025-04-09 20:07
Severity ?
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.1 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
7.1 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
VLAI Severity ?
EPSS score ?
CWE
- CWE-401 - Missing Release of Memory after Effective Lifetime
Summary
A Missing Release of Memory after Effective Lifetime vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS).
In a subscriber management scenario, login/logout activity triggers a memory leak, and the leaked memory gradually increments and eventually results in a crash.
user@host> show chassis fpc
Temp CPU Utilization (%) CPU Utilization (%) Memory Utilization (%)
Slot State (C) Total Interrupt 1min 5min 15min DRAM (MB) Heap Buffer
2 Online 36 10 0 9 8 9 32768 26 0
This issue affects Junos OS on MX Series:
* All versions before 21.2R3-S9
* from 21.4 before 21.4R3-S10
* from 22.2 before 22.2R3-S6
* from 22.4 before 22.4R3-S5
* from 23.2 before 23.2R2-S3
* from 23.4 before 23.4R2-S3
* from 24.2 before 24.2R2.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Version: 0 ≤ Version: 21.4 ≤ Version: 22.2 ≤ Version: 22.4 ≤ Version: 23.2 ≤ Version: 23.4 ≤ Version: 24.2 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30647",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T20:07:12.310391Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T20:07:25.649Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"MX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S9",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S10",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S6",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S5",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S3",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R2-S3",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "24.2R2",
"status": "affected",
"version": "24.2",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "To be exposed to this vulnerability subscriber management needs to be enabled via:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[system services subscriber-management enable]\u003c/tt\u003e\u003cbr\u003e"
}
],
"value": "To be exposed to this vulnerability subscriber management needs to be enabled via:\n\n[system services subscriber-management enable]"
}
],
"datePublic": "2025-04-09T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Missing Release of Memory after Effective Lifetime vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDenial-of-Service (DoS).\u003cbr\u003e\u003cbr\u003eIn a subscriber management scenario, login/logout activity triggers a memory leak, and the leaked memory gradually increments and eventually results in a\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;crash.\u0026nbsp;\u003c/span\u003e\u003cbr\u003e\u0026nbsp; \u0026nbsp;\u003c/span\u003e\u003ctt\u003e\u003c/tt\u003e\u003cbr\u003e\u003ctt\u003e\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003user@host\u0026gt; show chassis fpc\u003cbr\u003e\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003Temp \u2003\u2003 CPU Utilization (%) \u2003\u2003CPU Utilization (%) \u2003 Memory \u0026nbsp; \u2003\u2003Utilization (%)\u003cbr\u003e\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003Slot State\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;(C) \u2003\u2003\u0026nbsp; Total\u0026nbsp; \u0026nbsp;Interrupt \u0026nbsp; \u0026nbsp; 1min\u0026nbsp; \u0026nbsp;5min\u0026nbsp; 15min \u2003 \u2003DRAM (MB) \u2003Heap \u0026nbsp; Buffer\u003cbr\u003e\u003cbr\u003e\u0026nbsp; \u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u20032 Online\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;36 \u0026nbsp; \u2003\u2003\u2003 10 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 0\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 9 \u0026nbsp; \u0026nbsp; 8 \u0026nbsp; \u0026nbsp; 9 \u0026nbsp; \u2003\u2003\u2003\u2003\u200332768 \u0026nbsp; \u0026nbsp; \u200326 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 0\u003cbr\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\u003cbr\u003e\u003c/tt\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003eThis issue affects Junos OS on MX Series: \u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAll versions before 21.2R3-S9\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003efrom 21.4 before 21.4R3-S10\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003efrom 22.2 before 22.2R3-S6\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003efrom 22.4 before 22.4R3-S5\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003efrom 23.2 before 23.2R2-S3\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003efrom 23.4 before 23.4R2-S3\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003efrom 24.2 before 24.2R2.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/span\u003e"
}
],
"value": "A Missing Release of Memory after Effective Lifetime vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS).\n\nIn a subscriber management scenario, login/logout activity triggers a memory leak, and the leaked memory gradually increments and eventually results in a\u00a0crash.\u00a0\n\u00a0 \u00a0\n\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003user@host\u003e show chassis fpc\n\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003Temp \u2003\u2003 CPU Utilization (%) \u2003\u2003CPU Utilization (%) \u2003 Memory \u00a0 \u2003\u2003Utilization (%)\n\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003Slot State\u00a0 \u00a0 \u00a0 \u00a0(C) \u2003\u2003\u00a0 Total\u00a0 \u00a0Interrupt \u00a0 \u00a0 1min\u00a0 \u00a05min\u00a0 15min \u2003 \u2003DRAM (MB) \u2003Heap \u00a0 Buffer\n\n\u00a0 \u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u20032 Online\u00a0 \u00a0 \u00a0 \u00a0 \u00a036 \u00a0 \u2003\u2003\u2003 10 \u00a0 \u00a0 \u00a0 \u00a0 0\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 9 \u00a0 \u00a0 8 \u00a0 \u00a0 9 \u00a0 \u2003\u2003\u2003\u2003\u200332768 \u00a0 \u00a0 \u200326 \u00a0 \u00a0 \u00a0 \u00a0 0\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0\n\nThis issue affects Junos OS on MX Series: \n * All versions before 21.2R3-S9\n * from 21.4 before 21.4R3-S10\n * from 22.2 before 22.2R3-S6\n * from 22.4 before 22.4R3-S5\n * from 23.2 before 23.2R2-S3\n * from 23.4 before 23.4R2-S3\n * from 24.2 before 24.2R2."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T19:53:59.529Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA96457"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: \u003cbr\u003e\u003cbr\u003eJunos OS: 21.2R3-S9, 21.4R3-S10, 22.2R3-S6, 22.4R3-S5, 23.2R2-S3, 23.4R2-S3, 24.2R2, 24.4R1, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS: 21.2R3-S9, 21.4R3-S10, 22.2R3-S6, 22.4R3-S5, 23.2R2-S3, 23.4R2-S3, 24.2R2, 24.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA96457",
"defect": [
"1827261"
],
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2025-04-09T16:30:00.000Z",
"value": "Initial Publication"
}
],
"title": "Junos OS: MX Series: Subscriber login/logout activity will lead to a memory leak",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2025-30647",
"datePublished": "2025-04-09T19:53:59.529Z",
"dateReserved": "2025-03-24T19:34:11.321Z",
"dateUpdated": "2025-04-09T20:07:25.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21597 (GCVE-0-2025-21597)
Vulnerability from cvelistv5
Published
2025-04-09 19:50
Modified
2025-04-10 13:12
Severity ?
5.3 (Medium) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
6.0 (Medium) - CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/R:A
6.0 (Medium) - CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/R:A
VLAI Severity ?
EPSS score ?
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Summary
An Improper Check for Unusual or Exceptional Conditions vulnerability in routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, logically adjacent BGP peer to cause Denial of Service (DoS).
On all Junos OS and Junos OS Evolved platforms, when BGP rib-sharding and update-threading are configured, and a BGP peer flap is done with specific timing, rpd crashes and restarts. Continuous peer flapping at specific time intervals will result in a sustained Denial of Service (DoS) condition.
This issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations. This issue requires a remote attacker to have at least one established BGP session. The issue can occur with or without logical-systems enabled.
This issue affects:
Junos OS:
* All versions before 20.4R3-S8,
* 21.2 versions before 21.2R3-S6,
* 21.3 versions before 21.3R3-S5,
* 21.4 versions before 21.4R3-S4,
* 22.1 versions before 22.1R3-S3,
* 22.2 versions before 22.2R3-S1,
* 22.3 versions before 22.3R3,
* 22.4 versions before 22.4R3.
Junos OS Evolved:
* All versions before 21.2R3-S6-EVO,
* 21.3-EVO versions before 21.3R3-S5-EVO,
* 21.4-EVO versions before 21.4R3-S4-EVO,
* 22.1-EVO versions before 22.1R3-S3-EVO,
* 22.2-EVO versions before :22.2R3-S1-EVO,
* 22.3-EVO versions before 22.3R3-EVO,
* 22.4-EVO versions before 22.4R3-EVO.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Juniper Networks | Junos OS |
Version: 0 ≤ Version: 21.2 ≤ Version: 21.3 ≤ Version: 21.4 ≤ Version: 22.1 ≤ Version: 22.2 ≤ Version: 22.3 ≤ Version: 22.4 ≤ |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21597",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-10T13:12:39.304791Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T13:12:47.198Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.2R3-S6",
"status": "affected",
"version": "21.2",
"versionType": "semver"
},
{
"lessThan": "21.3R3-S5",
"status": "affected",
"version": "21.3",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S4",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S3",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S1",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S6-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.3R3-S5-EVO",
"status": "affected",
"version": "21.3-EVO",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S4-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S3-EVO",
"status": "affected",
"version": "22.1-EVO",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S1-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R3-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R3-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "For this issue to occur, BGP rib-sharding and update-threading needs to be configured:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[system processes routing bgp rib-sharding]\u003cbr\u003e[\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003esystem processes routing bgp update-threading\u003c/span\u003e]\u003c/tt\u003e"
}
],
"value": "For this issue to occur, BGP rib-sharding and update-threading needs to be configured:\n\n[system processes routing bgp rib-sharding]\n[system processes routing bgp update-threading]"
}
],
"datePublic": "2025-04-09T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, logically adjacent BGP peer to cause Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003eOn all Junos OS and Junos OS Evolved platforms, when BGP rib-sharding and update-threading are configured, and a BGP peer flap is done with specific timing, rpd crashes and restarts. Continuous peer flapping at specific time intervals will result in a sustained Denial of Service (DoS) condition.\u003cbr\u003e\u003cbr\u003eThis issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations. This issue requires a remote attacker to have at least one established BGP session. The issue can occur with or without logical-systems enabled.\u003cbr\u003e\u003cbr\u003eThis issue affects:\u003cbr\u003e\u003cp\u003eJunos OS:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 20.4R3-S8,\u003c/li\u003e\u003cli\u003e21.2 versions before 21.2R3-S6,\u003cbr\u003e\u003c/li\u003e\u003cli\u003e21.3 versions before 21.3R3-S5,\u003c/li\u003e\u003cli\u003e21.4 versions before 21.4R3-S4,\u003c/li\u003e\u003cli\u003e22.1 versions before 22.1R3-S3,\u003c/li\u003e\u003cli\u003e22.2 versions before 22.2R3-S1,\u003c/li\u003e\u003cli\u003e22.3 versions before 22.3R3,\u003c/li\u003e\u003cli\u003e22.4 versions before 22.4R3.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eJunos OS Evolved:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.2R3-S6-EVO,\u003c/li\u003e\u003cli\u003e21.3-EVO versions before 21.3R3-S5-EVO,\u003c/li\u003e\u003cli\u003e21.4-EVO versions before 21.4R3-S4-EVO,\u003c/li\u003e\u003cli\u003e22.1-EVO versions before 22.1R3-S3-EVO,\u003c/li\u003e\u003cli\u003e22.2-EVO versions before :22.2R3-S1-EVO,\u003c/li\u003e\u003cli\u003e22.3-EVO versions before 22.3R3-EVO,\u003c/li\u003e\u003cli\u003e22.4-EVO versions before 22.4R3-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, logically adjacent BGP peer to cause Denial of Service (DoS).\n\nOn all Junos OS and Junos OS Evolved platforms, when BGP rib-sharding and update-threading are configured, and a BGP peer flap is done with specific timing, rpd crashes and restarts. Continuous peer flapping at specific time intervals will result in a sustained Denial of Service (DoS) condition.\n\nThis issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations. This issue requires a remote attacker to have at least one established BGP session. The issue can occur with or without logical-systems enabled.\n\nThis issue affects:\nJunos OS:\n\n\n\n * All versions before 20.4R3-S8,\n * 21.2 versions before 21.2R3-S6,\n\n * 21.3 versions before 21.3R3-S5,\n * 21.4 versions before 21.4R3-S4,\n * 22.1 versions before 22.1R3-S3,\n * 22.2 versions before 22.2R3-S1,\n * 22.3 versions before 22.3R3,\n * 22.4 versions before 22.4R3.\n\n\nJunos OS Evolved:\n\n\n\n * All versions before 21.2R3-S6-EVO,\n * 21.3-EVO versions before 21.3R3-S5-EVO,\n * 21.4-EVO versions before 21.4R3-S4-EVO,\n * 22.1-EVO versions before 22.1R3-S3-EVO,\n * 22.2-EVO versions before :22.2R3-S1-EVO,\n * 22.3-EVO versions before 22.3R3-EVO,\n * 22.4-EVO versions before 22.4R3-EVO."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e"
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/R:A",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T19:50:57.792Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://kb.juniper.net/JSA96451"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue:\u003c/p\u003e\u003cp\u003eJunos OS: 20.4R3-S8,\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e21.2R3-S6, 21.3R3-S5, 21.4R3-S4, 22.1R3-S3, 22.2R3-S1, 22.3R3, 22.4R3, 23.2R1\u003c/span\u003e, and all subsequent releases.\u003c/p\u003e\u003cp\u003eJunos OS Evolved: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e21.2R3-S6-EVO, 21.3R3-S5-EVO, 21.4R3-S4-EVO, 22.1R3-S3-EVO, 22.2R3-S1-EVO, 22.3R3-EVO, 22.4R3-EVO, 23.2R1-EVO\u003c/span\u003e, and all subsequent releases.\u003c/p\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 20.4R3-S8,\u00a021.2R3-S6, 21.3R3-S5, 21.4R3-S4, 22.1R3-S3, 22.2R3-S1, 22.3R3, 22.4R3, 23.2R1, and all subsequent releases.\n\nJunos OS Evolved: 21.2R3-S6-EVO, 21.3R3-S5-EVO, 21.4R3-S4-EVO, 22.1R3-S3-EVO, 22.2R3-S1-EVO, 22.3R3-EVO, 22.4R3-EVO, 23.2R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA96451",
"defect": [
"1732833"
],
"discovery": "USER"
},
"timeline": [
{
"lang": "en",
"time": "2024-04-09T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Junos OS and Junos OS Evolved: When BGP rib-sharding and update-threading are configured and a peer flaps, an rpd core is observed",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-av217"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2025-21597",
"datePublished": "2025-04-09T19:50:57.792Z",
"dateReserved": "2024-12-26T14:47:11.669Z",
"dateUpdated": "2025-04-10T13:12:47.198Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-30649 (GCVE-0-2025-30649)
Vulnerability from cvelistv5
Published
2025-04-09 19:55
Modified
2025-04-09 20:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
An Improper Input Validation vulnerability in the syslog stream TCP transport of Juniper Networks Junos OS on MX240, MX480 and MX960 devices with MX-SPC3 Security Services Card allows an unauthenticated, network-based attacker, to send specific spoofed packets to cause a CPU Denial of Service (DoS) to the MX-SPC3 SPUs.
Continued receipt and processing of these specific packets will sustain the DoS condition.
This issue affects Junos OS: * All versions before 22.2R3-S6,
* from 22.4 before 22.4R3-S4,
* from 23.2 before 23.2R2-S3,
* from 23.4 before 23.4R2-S4,
* from 24.2 before 24.2R1-S2, 24.2R2
An indicator of compromise will indicate the SPC3 SPUs utilization has spiked.
For example:
user@device> show services service-sets summary
Service sets CPU
Interface configured Bytes used Session bytes used Policy bytes used utilization
"interface" 1 "bytes" (percent%) "sessions" ("percent"%) "bytes" ("percent"%) 99.97 % OVLD <<<<<< look for high CPU usage
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Version: 0 ≤ Version: 22.4 ≤ Version: 23.2 ≤ Version: 23.4 ≤ Version: 24.2 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30649",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T20:02:41.255699Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T20:03:04.073Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"syslog stream with TCP transport enabled"
],
"platforms": [
"MX240",
"MX480",
"MX960",
"with SPC3"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "22.2R3-S6",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S4",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S3",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R2-S4",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "24.2R1-S2, 24.2R2",
"status": "affected",
"version": "24.2",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u0026nbsp; [services service-set \"service-set-name\" syslog stream \"stream-name\" host \"syslog-server-ip-address-or-hostname\"]\u003cbr\u003e\u0026nbsp; [services service-set \"service-set-name\" syslog stream \"stream-name\" host port \"syslog-server-port\"]\u003cbr\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp; [services service-set \"service-set-name\" syslog stream \"stream-name\" transport protocol tcp]\u003cbr\u003e\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp; [services service-set \"service-set-name\" syslog stream \"stream-name\" source-address \"syslog-collector-ip-address\"]\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "[services service-set \"service-set-name\" syslog stream \"stream-name\" host \"syslog-server-ip-address-or-hostname\"]\n\u00a0 [services service-set \"service-set-name\" syslog stream \"stream-name\" host port \"syslog-server-port\"]\n\u00a0 [services service-set \"service-set-name\" syslog stream \"stream-name\" transport protocol tcp]\n\u00a0 [services service-set \"service-set-name\" syslog stream \"stream-name\" source-address \"syslog-collector-ip-address\"]"
}
],
"datePublic": "2025-04-09T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Input Validation vulnerability in the\u0026nbsp;syslog stream TCP transport\u0026nbsp;of Juniper Networks Junos OS on MX240, MX480 and MX960 devices with MX-SPC3 Security Services Card allows an unauthenticated, network-based attacker, to send specific spoofed packets to cause a CPU Denial of Service (DoS) to the MX-SPC3 SPUs.\u003cbr\u003e\u003cbr\u003eContinued receipt and processing of these specific packets will sustain the DoS condition.\u003cbr\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u003cbr\u003eThis issue affects Junos OS:\u003c/span\u003e\u003cul\u003e\u003cli\u003eAll versions before 22.2R3-S6,\u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3-S4,\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-S3,\u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R2-S4,\u003c/li\u003e\u003cli\u003efrom 24.2 before 24.2R1-S2, 24.2R2\u003c/li\u003e\u003c/ul\u003e\u003cdiv\u003eAn indicator of compromise will indicate the SPC3 SPUs utilization has spiked.\u003c/div\u003e\u003cbr\u003eFor example:\u0026nbsp;\u003cbr\u003e\u0026nbsp; \u0026nbsp;user@device\u0026gt; show services service-sets summary\u003cbr\u003e\u003cdiv\u003e\u003cpre\u003e Service sets CPU\n Interface configured Bytes used Session bytes used Policy bytes used utilization\n \"interface\" 1 \"bytes\" (percent%) \"sessions\" (\"percent\"%) \"bytes\" (\"percent\"%) 99.97 % OVLD \u0026lt;\u0026lt;\u0026lt;\u0026lt;\u0026lt;\u0026lt; look for high CPU usage\n\u003c/pre\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "An Improper Input Validation vulnerability in the\u00a0syslog stream TCP transport\u00a0of Juniper Networks Junos OS on MX240, MX480 and MX960 devices with MX-SPC3 Security Services Card allows an unauthenticated, network-based attacker, to send specific spoofed packets to cause a CPU Denial of Service (DoS) to the MX-SPC3 SPUs.\n\nContinued receipt and processing of these specific packets will sustain the DoS condition.\n\nThis issue affects Junos OS: * All versions before 22.2R3-S6,\n * from 22.4 before 22.4R3-S4,\n * from 23.2 before 23.2R2-S3,\n * from 23.4 before 23.4R2-S4,\n * from 24.2 before 24.2R1-S2, 24.2R2\n\n\nAn indicator of compromise will indicate the SPC3 SPUs utilization has spiked.\n\n\nFor example:\u00a0\n\u00a0 \u00a0user@device\u003e show services service-sets summary\n Service sets CPU\n Interface configured Bytes used Session bytes used Policy bytes used utilization\n \"interface\" 1 \"bytes\" (percent%) \"sessions\" (\"percent\"%) \"bytes\" (\"percent\"%) 99.97 % OVLD \u003c\u003c\u003c\u003c\u003c\u003c look for high CPU usage"
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:U/V:C/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T19:55:37.363Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA96459"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS: 22.2R3-S6, 22.4R3-S4, 23.2R2-S3, 23.4R2-S4, 24.2R1-S2, 24.2R2, 24.4R1, and all subsequent releases.\u003cbr\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue: Junos OS: 22.2R3-S6, 22.4R3-S4, 23.2R2-S3, 23.4R2-S4, 24.2R1-S2, 24.2R2, 24.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA96459",
"defect": [
"1823932"
],
"discovery": "USER"
},
"timeline": [
{
"lang": "en",
"time": "2025-04-09T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Junos OS: MX240, MX480, MX960 with SPC3: An attacker sending specific packets will cause a CPU utilization DoS.",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2025-30649",
"datePublished": "2025-04-09T19:55:37.363Z",
"dateReserved": "2025-03-24T19:34:11.321Z",
"dateUpdated": "2025-04-09T20:03:04.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-30651 (GCVE-0-2025-30651)
Vulnerability from cvelistv5
Published
2025-04-09 19:56
Modified
2025-04-09 20:36
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
VLAI Severity ?
EPSS score ?
CWE
- CWE-805 - Buffer Access with Incorrect Length Value
Summary
A Buffer Access with Incorrect Length Value vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).
When an attacker sends a specific ICMPv6 packet to an interface with "protocols router-advertisement" configured, rpd crashes and restarts. Continued receipt of this packet will cause a sustained DoS condition.
This issue only affects systems configured with IPv6.
This issue affects Junos OS:
* All versions before 21.2R3-S9,
* from 21.4 before 21.4R3-S10,
* from 22.2 before 22.2R3-S6,
* from 22.4 before 22.4R3-S4,
* from 23.2 before 23.2R2-S2,
* from 23.4 before 23.4R2;
and Junos OS Evolved:
* All versions before 21.2R3-S9-EVO,
* from 21.4-EVO before 21.4R3-S10-EVO,
* from 22.2-EVO before 22.2R3-S6-EVO,
* from 22.4-EVO before 22.4R3-S4-EVO,
* from 23.2-EVO before 23.2R2-S2-EVO,
* from 23.4-EVO before 23.4R2-EVO.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Juniper Networks | Junos OS |
Version: 0 ≤ Version: 21.4 ≤ Version: 22.2 ≤ Version: 22.4 ≤ Version: 23.2 ≤ Version: 23.4 ≤ |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30651",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T20:36:29.443531Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T20:36:41.381Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S9",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S10",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S6",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S4",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S2",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R2",
"status": "affected",
"version": "23.4",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S9-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S10-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S6-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S4-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S2-EVO",
"status": "affected",
"version": "23.2-EVO",
"versionType": "semver"
},
{
"lessThan": "23.4R2-EVO",
"status": "affected",
"version": "23.4-EVO",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following configuration is required to be affected by this issue:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ protocols router-advertisement interface \u0026lt;interface-name\u0026gt; ]\u003cbr\u003e\u003c/tt\u003e\u003ccode\u003e[ interfaces \u0026lt;interface-name\u0026gt; unit \u0026lt;unit\u0026gt; family inet6 address \u0026lt;ipv6-addr\u0026gt; ]\u003c/code\u003e\u003cbr\u003e"
}
],
"value": "The following configuration is required to be affected by this issue:\n\n[ protocols router-advertisement interface \u003cinterface-name\u003e ]\n[ interfaces \u003cinterface-name\u003e unit \u003cunit\u003e family inet6 address \u003cipv6-addr\u003e ]"
}
],
"datePublic": "2025-04-09T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Buffer Access with Incorrect Length Value vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).\u003cbr\u003e\u003cp\u003eWhen an attacker sends a specific ICMPv6 packet to an interface with \"protocols router-advertisement\" configured, rpd crashes and restarts. Continued receipt of this packet will cause a sustained DoS condition.\u0026nbsp;\u003cbr\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eThis issue only affects systems configured with IPv6.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Junos OS:\u0026nbsp;\u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eAll versions before 21.2R3-S9,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 21.4 before 21.4R3-S10, \u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 22.2 before 22.2R3-S6, \u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 22.4 before 22.4R3-S4, \u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 23.2 before 23.2R2-S2, \u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 23.4 before 23.4R2; \u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u003cbr\u003eand Junos OS Evolved: \u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eAll versions before 21.2R3-S9-EVO, \u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 21.4-EVO before 21.4R3-S10-EVO, \u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 22.2-EVO before 22.2R3-S6-EVO, \u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 22.4-EVO before 22.4R3-S4-EVO, \u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 23.2-EVO before 23.2R2-S2-EVO, \u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 23.4-EVO before 23.4R2-EVO.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/span\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "A Buffer Access with Incorrect Length Value vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).\nWhen an attacker sends a specific ICMPv6 packet to an interface with \"protocols router-advertisement\" configured, rpd crashes and restarts. Continued receipt of this packet will cause a sustained DoS condition.\u00a0\n\n\n\n\nThis issue only affects systems configured with IPv6.\n\n\n\nThis issue affects Junos OS:\u00a0\n\n\n * All versions before 21.2R3-S9,\u00a0\n * from 21.4 before 21.4R3-S10, \n * from 22.2 before 22.2R3-S6, \n * from 22.4 before 22.4R3-S4, \n * from 23.2 before 23.2R2-S2, \n * from 23.4 before 23.4R2; \n\n\n\nand Junos OS Evolved: \n * All versions before 21.2R3-S9-EVO, \n * from 21.4-EVO before 21.4R3-S10-EVO, \n * from 22.2-EVO before 22.2R3-S6-EVO, \n * from 22.4-EVO before 22.4R3-S4-EVO, \n * from 23.2-EVO before 23.2R2-S2-EVO, \n * from 23.4-EVO before 23.4R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-805",
"description": "CWE-805 Buffer Access with Incorrect Length Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T19:56:28.305Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA96461"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue:\u0026nbsp;\u003cbr\u003eJunos OS: 21.2R3-S9, 21.4R3-S10, 22.2R3-S6, 22.4R3-S4, 23.2R2-S2, 23.4R2, 24.2R1, and all subsequent releases.\u003cbr\u003eJunos OS Evolved:\u0026nbsp;21.2R3-S9-EVO, 21.4R3-S10-EVO, 22.2R3-S6-EVO, 22.4R3-S4-EVO, 23.2R2-S2-EVO, 23.4R2-EVO, 24.2R1-EVO, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue:\u00a0\nJunos OS: 21.2R3-S9, 21.4R3-S10, 22.2R3-S6, 22.4R3-S4, 23.2R2-S2, 23.4R2, 24.2R1, and all subsequent releases.\nJunos OS Evolved:\u00a021.2R3-S9-EVO, 21.4R3-S10-EVO, 22.2R3-S6-EVO, 22.4R3-S4-EVO, 23.2R2-S2-EVO, 23.4R2-EVO, 24.2R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA96461",
"defect": [
"1809088"
],
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2025-04-09T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Junos OS and Junos OS Evolved: Receipt of a specific ICMPv6 packet causes a memory overrun leading to an rpd crash",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue.\u003cbr\u003e\u003cbr\u003eA firewall filter can be implemented to restrict ICMPv6 traffic."
}
],
"value": "There are no known workarounds for this issue.\n\nA firewall filter can be implemented to restrict ICMPv6 traffic."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2025-30651",
"datePublished": "2025-04-09T19:56:28.305Z",
"dateReserved": "2025-03-24T19:34:11.321Z",
"dateUpdated": "2025-04-09T20:36:41.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21591 (GCVE-0-2025-21591)
Vulnerability from cvelistv5
Published
2025-04-09 19:46
Modified
2025-04-28 16:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-805 - Buffer Access with Incorrect Length Value
Summary
A Buffer Access with Incorrect Length Value vulnerability in the jdhcpd daemon of Juniper Networks Junos OS, when DHCP snooping is enabled, allows an unauthenticated, adjacent, attacker to send a DHCP packet with a malformed DHCP option to cause jdhcp to crash creating a Denial of Service (DoS) condition.
Continuous receipt of these DHCP packets using the malformed DHCP Option will create a sustained Denial of Service (DoS) condition.
This issue affects Junos OS:
* from 23.1 before 23.2R2-S3,
* from 23.4 before 23.4R2-S3,
* from 24.2 before 24.2R2.
This issue isn't applicable to any versions of Junos OS before 23.1R1.
This issue doesn't affect vSRX Series which doesn't support DHCP Snooping.
This issue doesn't affect Junos OS Evolved.
There are no indicators of compromise for this issue.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Version: 23.1 ≤ Version: 23.4 ≤ Version: 24.2 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21591",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-10T13:17:33.869610Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T13:17:41.109Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"dhcp"
],
"packageName": "jdhcpd",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "23.2R2-S3",
"status": "affected",
"version": "23.1",
"versionType": "semver"
},
{
"lessThan": "23.4R2-S3",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "24.2R2",
"status": "affected",
"version": "24.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "23.1R1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The required minimal configuration is DHCP is configured with DHCP snooping enabled with\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003ethe mine-dhcp-client-options and/or mine-dhcpv6-client-options.\u003c/span\u003e\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp; [ vlans \u0026lt;vlan-name\u0026gt; forwarding-options dhcp-security \u003c/span\u003emine-dhcp-client-options ]\u003cbr\u003e\u0026nbsp; [ mine-dhcpv6-client-options ]\u003cbr\u003e\u003c/p\u003e\u003cp\u003ePlease note: It is atypical to use the above configuration with a DHCP server on the same device.\u003c/p\u003e"
}
],
"value": "The required minimal configuration is DHCP is configured with DHCP snooping enabled with\u00a0the mine-dhcp-client-options and/or mine-dhcpv6-client-options.\u00a0 [ vlans \u003cvlan-name\u003e forwarding-options dhcp-security mine-dhcp-client-options ]\n\u00a0 [ mine-dhcpv6-client-options ]\n\n\nPlease note: It is atypical to use the above configuration with a DHCP server on the same device."
}
],
"datePublic": "2025-04-09T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Buffer Access with Incorrect Length Value vulnerability in the jdhcpd daemon of Juniper Networks Junos OS, when DHCP snooping is enabled, allows an unauthenticated, adjacent, attacker to send a DHCP packet with a malformed DHCP option to cause jdhcp to crash creating a Denial of Service (DoS) condition.\u003cbr\u003e\u003cbr\u003eContinuous receipt of these DHCP packets using the malformed DHCP Option will create a sustained Denial of Service (DoS) condition.\u003cbr\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Junos OS:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003efrom 23.1 before 23.2R2-S3,\u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R2-S3,\u003c/li\u003e\u003cli\u003efrom 24.2 before 24.2R2.\u003c/li\u003e\u003c/ul\u003eThis issue isn\u0027t applicable to any versions of Junos OS before 23.1R1. \u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003eThis issue doesn\u0027t affect vSRX Series which doesn\u0027t support DHCP Snooping. \u003cbr\u003e\u003cbr\u003eThis issue doesn\u0027t affect Junos OS Evolved.\u003cbr\u003e\u003cbr\u003eThere are no indicators of compromise for this issue.\u003cbr\u003e"
}
],
"value": "A Buffer Access with Incorrect Length Value vulnerability in the jdhcpd daemon of Juniper Networks Junos OS, when DHCP snooping is enabled, allows an unauthenticated, adjacent, attacker to send a DHCP packet with a malformed DHCP option to cause jdhcp to crash creating a Denial of Service (DoS) condition.\n\nContinuous receipt of these DHCP packets using the malformed DHCP Option will create a sustained Denial of Service (DoS) condition.\n\n\nThis issue affects Junos OS:\n\n\n\n * from 23.1 before 23.2R2-S3,\n * from 23.4 before 23.4R2-S3,\n * from 24.2 before 24.2R2.\n\n\nThis issue isn\u0027t applicable to any versions of Junos OS before 23.1R1. \n\n\n\nThis issue doesn\u0027t affect vSRX Series which doesn\u0027t support DHCP Snooping. \n\nThis issue doesn\u0027t affect Junos OS Evolved.\n\nThere are no indicators of compromise for this issue."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:U/V:C/RE:M/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-805",
"description": "CWE-805: Buffer Access with Incorrect Length Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T16:21:26.535Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA96448"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: 23.2R2-S3, 23.4R2-S3, 24.2R2, 24.4R1, and all subsequent releases.\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue: 23.2R2-S3, 23.4R2-S3, 24.2R2, 24.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA96448",
"defect": [
"1827395"
],
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2025-04-09T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Junos OS: An unauthenticated adjacent attacker sending a malformed DHCP packet causes jdhcpd to crash",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2025-21591",
"datePublished": "2025-04-09T19:46:55.976Z",
"dateReserved": "2024-12-26T14:47:11.667Z",
"dateUpdated": "2025-04-28T16:21:26.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21594 (GCVE-0-2025-21594)
Vulnerability from cvelistv5
Published
2025-04-09 19:49
Modified
2025-04-10 13:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Summary
An Improper Check for Unusual or Exceptional Conditions vulnerability in the pfe (packet forwarding engine) of Juniper Networks Junos OS on MX Series causes a port within a pool to be blocked leading to Denial of Service (DoS).
In a DS-Lite (Dual-Stack Lite) and NAT (Network Address Translation) scenario, when crafted IPv6 traffic is received and prefix-length is set to 56, the ports assigned to the user will not be freed. Eventually, users cannot establish new connections. Affected FPC/PIC need to be manually restarted to recover.
Following is the command to identify the issue:
user@host> show services nat source port-block
Host_IP External_IP Port_Block Ports_Used/ Block_State/
Range Ports_Total Left_Time(s)
2001:: x.x.x.x 58880-59391 256/256*1 Active/- >>>>>>>>port still usedThis issue affects Junos OS on MX Series:
* from 21.2 before 21.2R3-S8,
* from 21.4 before 21.4R3-S7,
* from 22.1 before 22.1R3-S6,
* from 22.2 before 22.2R3-S4,
* from 22.3 before 22.3R3-S3,
* from 22.4 before 22.4R3-S2,
* from 23.2 before 23.2R2-S1,
* from 23.4 before 23.4R1-S2, 23.4R2.
This issue does not affect versions before 20.2R1.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Version: 0 ≤ Version: 21.4 ≤ Version: 22.1 ≤ Version: 22.2 ≤ Version: 22.3 ≤ Version: 22.4 ≤ Version: 23.2 ≤ Version: 23.4 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21594",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-10T13:13:47.889505Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T13:14:00.650Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"MX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S7",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S6",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S4",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S3",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S2",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S1",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R1-S2, 23.4R2",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "20.2R1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue only occurs when below config is enabled:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ set services service-set \u0026lt;*\u0026gt; softwire-options dslite-ipv6-prefix-length 56]\u003cbr\u003e\u003c/tt\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "This issue only occurs when below config is enabled:\n\n[ set services service-set \u003c*\u003e softwire-options dslite-ipv6-prefix-length 56]"
}
],
"datePublic": "2025-04-09T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn Improper Check for Unusual or Exceptional Conditions vulnerability in the pfe (packet forwarding engine) of Juniper Networks Junos OS on MX Series causes a port within a pool to be blocked leading to Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003eIn a DS-Lite (Dual-Stack Lite) and NAT (Network Address Translation) scenario, when crafted IPv6 traffic is received and\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;prefix-length is set to 56,\u003c/span\u003e\u0026nbsp;the ports assigned to the user will not be freed.\u0026nbsp; Eventually, users cannot establish new connections. \u003cspan style=\"background-color: rgb(251, 251, 251);\"\u003eAffected FPC/PIC need to be manually restarted to recover.\u003c/span\u003e\u003cbr\u003e\u003c/span\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eFollowing is the command to identify the issue:\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003ctt\u003e\u003cbr\u003e\u0026nbsp; \u0026nbsp; user@host\u0026gt; show services nat source port-block\u0026nbsp;\u003c/tt\u003e\u003ctt\u003e\u003cbr\u003e\u2003\u2003\u2003\u2003Host_IP \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; External_IP \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Port_Block\u0026nbsp; \u0026nbsp; \u0026nbsp; Ports_Used/ \u0026nbsp; \u0026nbsp; \u0026nbsp; Block_State/\u003cbr\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Range \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Ports_Total \u0026nbsp; \u0026nbsp; \u0026nbsp; Left_Time(s)\u003cbr\u003e\u2003\u2003\u2003\u20032001::\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; x.x.x.x\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;58880-59391\u0026nbsp; \u0026nbsp; \u0026nbsp;256/256*1\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;Active/- \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026gt;\u0026gt;\u0026gt;\u0026gt;\u0026gt;\u0026gt;\u0026gt;\u0026gt;port still used\u003c/tt\u003e\u003cp\u003eThis issue affects Junos OS on MX Series:\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003efrom 21.2 before 21.2R3-S8,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 21.4 before 21.4R3-S7,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.1 before 22.1R3-S6,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S4,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.3 before 22.3R3-S3,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3-S2,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-S1,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R1-S2, 23.4R2.\u003c/li\u003e\u003c/ul\u003eThis issue does not affect versions before 20.2R1.\u0026nbsp;\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the pfe (packet forwarding engine) of Juniper Networks Junos OS on MX Series causes a port within a pool to be blocked leading to Denial of Service (DoS).\n\nIn a DS-Lite (Dual-Stack Lite) and NAT (Network Address Translation) scenario, when crafted IPv6 traffic is received and\u00a0prefix-length is set to 56,\u00a0the ports assigned to the user will not be freed.\u00a0 Eventually, users cannot establish new connections. Affected FPC/PIC need to be manually restarted to recover.\nFollowing is the command to identify the issue:\u00a0\n\n\n\u00a0 \u00a0 user@host\u003e show services nat source port-block\u00a0\n\u2003\u2003\u2003\u2003Host_IP \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 External_IP \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Port_Block\u00a0 \u00a0 \u00a0 Ports_Used/ \u00a0 \u00a0 \u00a0 Block_State/\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Range \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Ports_Total \u00a0 \u00a0 \u00a0 Left_Time(s)\n\u2003\u2003\u2003\u20032001::\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 x.x.x.x\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a058880-59391\u00a0 \u00a0 \u00a0256/256*1\u00a0 \u00a0 \u00a0 \u00a0 \u00a0Active/- \u00a0 \u00a0 \u00a0 \u003e\u003e\u003e\u003e\u003e\u003e\u003e\u003eport still usedThis issue affects Junos OS on MX Series:\u00a0\n\n * from 21.2 before 21.2R3-S8,\u00a0\n * from 21.4 before 21.4R3-S7,\u00a0\n * from 22.1 before 22.1R3-S6,\u00a0\n * from 22.2 before 22.2R3-S4,\u00a0\n * from 22.3 before 22.3R3-S3,\u00a0\n * from 22.4 before 22.4R3-S2,\u00a0\n * from 23.2 before 23.2R2-S1,\u00a0\n * from 23.4 before 23.4R1-S2, 23.4R2.\n\n\nThis issue does not affect versions before 20.2R1."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/R:U",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T19:49:41.391Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA96449"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: \u003cbr\u003e\u003cbr\u003eJunos OS: 21.2R3-S8, 21.4R3-S7, 22.1R3-S6, 22.2R3-S4, 22.3R3-S3, 22.4R3-S2, 23.2R2-S1, 23.4R1-S2, 23.4R2, 24.2R1, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS: 21.2R3-S8, 21.4R3-S7, 22.1R3-S6, 22.2R3-S4, 22.3R3-S3, 22.4R3-S2, 23.2R2-S1, 23.4R1-S2, 23.4R2, 24.2R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA96449",
"defect": [
"1785403"
],
"discovery": "USER"
},
"timeline": [
{
"lang": "en",
"time": "2025-04-09T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Junos OS: MX Series: In DS-lite and NAT scenario receipt of crafted IPv6 traffic causes port block",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Modify the IPv6 prefix-length to be 64/96/128 through the command:\u003cbr\u003e\u003ctt\u003e\u003cbr\u003e[ set services service-set \u0026lt;*\u0026gt; softwire-options dslite-ipv6-prefix-length 64/96/128]\u003c/tt\u003e"
}
],
"value": "Modify the IPv6 prefix-length to be 64/96/128 through the command:\n\n[ set services service-set \u003c*\u003e softwire-options dslite-ipv6-prefix-length 64/96/128]"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2025-21594",
"datePublished": "2025-04-09T19:49:41.391Z",
"dateReserved": "2024-12-26T14:47:11.669Z",
"dateUpdated": "2025-04-10T13:14:00.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-30658 (GCVE-0-2025-30658)
Vulnerability from cvelistv5
Published
2025-04-09 20:02
Modified
2025-04-09 20:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-401 - Missing Release of Memory after Effective Lifetime
Summary
A Missing Release of Memory after Effective Lifetime vulnerability in the Anti-Virus processing of Juniper Networks Junos OS on SRX Series
allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).
On all SRX platforms with Anti-Virus enabled, if a server sends specific content in the HTTP body of a response to a client request, these packets are queued by Anti-Virus processing in Juniper Buffers (jbufs) which are never released. When these jbufs are exhausted, the device stops forwarding all transit traffic.
A jbuf memory leak can be noticed from the following logs:
(<node>.)<fpc> Warning: jbuf pool id <#> utilization level (<current level>%) is above <threshold>%!
To recover from this issue, the affected device needs to be manually rebooted to free the leaked jbufs.
This issue affects Junos OS on SRX Series:
* all versions before 21.2R3-S9,
* 21.4 versions before 21.4R3-S10,
* 22.2 versions before 22.2R3-S6,
* 22.4 versions before 22.4R3-S6,
* 23.2 versions before 23.2R2-S3,
* 23.4 versions before 23.4R2-S3,
* 24.2 versions before 24.2R2.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Version: 0 ≤ Version: 21.4 ≤ Version: 22.2 ≤ Version: 22.4 ≤ Version: 23.2 ≤ Version: 23.4 ≤ Version: 24.2 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30658",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T20:31:25.467424Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T20:31:32.793Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"SRX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S9",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S10",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S6",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S6",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S3",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R2-S3",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "24.2R2",
"status": "affected",
"version": "24.2",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "To be exposed to this issue the device needs to be configured with Anti-Virus:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ security utm utm-policy \u0026lt;name\u0026gt; anti-virus ]\u003c/tt\u003e"
}
],
"value": "To be exposed to this issue the device needs to be configured with Anti-Virus:\n\n[ security utm utm-policy \u003cname\u003e anti-virus ]"
}
],
"datePublic": "2025-04-09T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Missing Release of Memory after Effective Lifetime vulnerability in the Anti-Virus processing of Juniper Networks Junos OS on SRX Series \n\n\u003cspan style=\"background-color: rgb(251, 251, 251);\"\u003eallows an unauthenticated, network-based attacker\u003c/span\u003e\u0026nbsp;to cause a Denial-of-Service (DoS).\u003cp\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOn all SRX platforms with Anti-Virus enabled, if a server sends specific content in the HTTP body of a response to a client request, these packets are queued by Anti-Virus processing in \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eJuniper Buffers (\u003c/span\u003ejbufs) which are never released. When these jbufs are exhausted, the device stops forwarding all transit traffic.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA jbuf memory leak can be noticed from the following logs:\u003c/span\u003e\u003c/p\u003e\u003ctt\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e(\u0026lt;node\u0026gt;.)\u0026lt;fpc\u0026gt; Warning: jbuf pool id \u0026lt;#\u0026gt; utilization level (\u0026lt;current level\u0026gt;%) is above \u0026lt;threshold\u0026gt;%!\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003c/tt\u003e\u003cp\u003eTo recover from this issue, the affected device needs to be manually rebooted to free the leaked jbufs.\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Junos OS on SRX Series:\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 21.2R3-S9,\u003c/li\u003e\u003cli\u003e21.4 versions before 21.4R3-S10,\u003c/li\u003e\u003cli\u003e22.2 versions before 22.2R3-S6,\u003c/li\u003e\u003cli\u003e22.4 versions before 22.4R3-S6,\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R2-S3,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S3,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2.\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "A Missing Release of Memory after Effective Lifetime vulnerability in the Anti-Virus processing of Juniper Networks Junos OS on SRX Series \n\nallows an unauthenticated, network-based attacker\u00a0to cause a Denial-of-Service (DoS).\n\nOn all SRX platforms with Anti-Virus enabled, if a server sends specific content in the HTTP body of a response to a client request, these packets are queued by Anti-Virus processing in Juniper Buffers (jbufs) which are never released. When these jbufs are exhausted, the device stops forwarding all transit traffic.\n\nA jbuf memory leak can be noticed from the following logs:\n\n(\u003cnode\u003e.)\u003cfpc\u003e Warning: jbuf pool id \u003c#\u003e utilization level (\u003ccurrent level\u003e%) is above \u003cthreshold\u003e%!\n\nTo recover from this issue, the affected device needs to be manually rebooted to free the leaked jbufs.\n\n\n\n\nThis issue affects Junos OS on SRX Series:\u00a0\n\n * all versions before 21.2R3-S9,\n * 21.4 versions before 21.4R3-S10,\n * 22.2 versions before 22.2R3-S6,\n * 22.4 versions before 22.4R3-S6,\n * 23.2 versions before 23.2R2-S3,\n * 23.4 versions before 23.4R2-S3,\n * 24.2 versions before 24.2R2."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:U/RE:M",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T20:02:50.588Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA96469"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: 21.2R3-S9, 21.4R3-S10, 22.2R3-S6, 22.4R3-S6, 23.2R2-S3, 23.4R2-S3, 24.2R2, 24.4R1, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue: 21.2R3-S9, 21.4R3-S10, 22.2R3-S6, 22.4R3-S6, 23.2R2-S3, 23.4R2-S3, 24.2R2, 24.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA96469",
"defect": [
"1815930"
],
"discovery": "USER"
},
"timeline": [
{
"lang": "en",
"time": "2025-04-09T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Junos OS: SRX Series: On devices with Anti-Virus enabled, malicious server responses will cause memory to leak ultimately causing forwarding to stop",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2025-30658",
"datePublished": "2025-04-09T20:02:50.588Z",
"dateReserved": "2025-03-24T19:34:11.323Z",
"dateUpdated": "2025-04-09T20:31:32.793Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-30657 (GCVE-0-2025-30657)
Vulnerability from cvelistv5
Published
2025-04-09 20:02
Modified
2025-04-09 20:32
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/AU:Y/R:A/RE:M
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/AU:Y/R:A/RE:M
VLAI Severity ?
EPSS score ?
CWE
- CWE-116 - Improper Encoding or Escaping of Output
Summary
An Improper Encoding or Escaping of Output vulnerability in the Sampling Route Record Daemon (SRRD) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).
When a device configured for flow-monitoring receives a specific BGP update message, it is correctly processed internally by the routing protocol daemon (rpd), but when it's sent to SRRD it's encoded incorrectly which leads to a crash and momentary interruption of jflow processing until it automatically restarts. This issue does not affect traffic forwarding itself.
This issue affects Junos OS:
* All versions before 21.2R3-S9,
* 21.4 versions before 21.4R3-S10,
* 22.2 versions before 22.2R3-S6,
* 22.4 versions before 22.4R3,
* 23.2 versions before 23.2R1-S2, 23.2R2.
This issue does not affected Junos OS Evolved.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Version: 0 ≤ Version: 21.4 ≤ Version: 22.2 ≤ Version: 22.4 ≤ Version: 23.2 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30657",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T20:31:55.715760Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T20:32:08.395Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S9",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S10",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S6",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.4R3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R1-S2, 23.2R2",
"status": "affected",
"version": "23.2",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "For a system to be exposed to this issue flow-monitoring needs to be configured:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e[ services flow-monitoring (version-ipfix|version9) ]\u003c/span\u003e\u003c/tt\u003e"
}
],
"value": "For a system to be exposed to this issue flow-monitoring needs to be configured:\n\n[ services flow-monitoring (version-ipfix|version9) ]"
}
],
"datePublic": "2025-04-09T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Encoding or Escaping of Output vulnerability in the Sampling Route Record Daemon (\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSRRD\u003c/span\u003e) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\u003cbr\u003e\u003cbr\u003eWhen a device configured for flow-monitoring receives a specific BGP update message, it is correctly processed internally by the routing protocol daemon (rpd), but when it\u0027s sent to SRRD it\u0027s encoded incorrectly which leads to a crash and momentary interruption of jflow processing until it automatically restarts. This issue does not affect traffic forwarding itself.\u003cbr\u003e\u003cp\u003eThis issue affects Junos OS:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.2R3-S9,\u003c/li\u003e\u003cli\u003e21.4 versions before 21.4R3-S10,\u003c/li\u003e\u003cli\u003e22.2 versions before 22.2R3-S6,\u003c/li\u003e\u003cli\u003e22.4 versions before 22.4R3,\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R1-S2, 23.2R2.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003eThis issue does not affected Junos OS Evolved.\u003cp\u003e\u003c/p\u003e"
}
],
"value": "An Improper Encoding or Escaping of Output vulnerability in the Sampling Route Record Daemon (SRRD) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\n\nWhen a device configured for flow-monitoring receives a specific BGP update message, it is correctly processed internally by the routing protocol daemon (rpd), but when it\u0027s sent to SRRD it\u0027s encoded incorrectly which leads to a crash and momentary interruption of jflow processing until it automatically restarts. This issue does not affect traffic forwarding itself.\nThis issue affects Junos OS:\u00a0\n\n\n\n * All versions before 21.2R3-S9,\n * 21.4 versions before 21.4R3-S10,\n * 22.2 versions before 22.2R3-S6,\n * 22.4 versions before 22.4R3,\n * 23.2 versions before 23.2R1-S2, 23.2R2.\n\n\n\nThis issue does not affected Junos OS Evolved."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/AU:Y/R:A/RE:M",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116 Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T20:02:21.815Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA96467"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: 21.2R3-S9, 21.4R3-S10, 22.2R3-S6, 22.4R3, 23.2R1-S2, 23.2R2, 23.4R1, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue: 21.2R3-S9, 21.4R3-S10, 22.2R3-S6, 22.4R3, 23.2R1-S2, 23.2R2, 23.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA96467",
"defect": [
"1744804"
],
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2025-04-09T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Junos OS: Processing of a specific BGP update causes the SRRD process to crash",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2025-30657",
"datePublished": "2025-04-09T20:02:21.815Z",
"dateReserved": "2025-03-24T19:34:11.322Z",
"dateUpdated": "2025-04-09T20:32:08.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-30656 (GCVE-0-2025-30656)
Vulnerability from cvelistv5
Published
2025-04-09 20:01
Modified
2025-04-10 14:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-167 - Improper Handling of Additional Special Element
Summary
An Improper Handling of Additional Special Element vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series with MS-MPC, MS-MIC and SPC3, and SRX Series, allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).
If the SIP ALG processes specifically formatted SIP invites, a memory corruption will occur which will lead to a crash of the FPC processing these packets. Although the system will automatically recover with the restart of the FPC, subsequent SIP invites will cause the crash again and lead to a sustained DoS.
This issue affects Junos OS on MX Series and SRX Series:
* all versions before 21.2R3-S9,
* 21.4 versions before 21.4R3-S10,
* 22.2 versions before 22.2R3-S6,
* 22.4 versions before 22.4R3-S5,
* 23.2 versions before 23.2R2-S3,
* 23.4 versions before 23.4R2-S3,
* 24.2 versions before 24.2R1-S2, 24.2R2.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Version: 0 ≤ Version: 21.4 ≤ Version: 22.2 ≤ Version: 22.4 ≤ Version: 23.2 ≤ Version: 23.4 ≤ Version: 24.2 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30656",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T20:24:04.424419Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T14:23:32.306Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"MX Series",
"SRX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S9",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S10",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S6",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S5",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S3",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R2-S3",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "24.2R1-S2, 24.2R2",
"status": "affected",
"version": "24.2",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTo be affected the SIP ALG needs to be enabled, either implicitly / by default or by way of configuration. Please verify on SRX, and MX with SPC3 with:\u003c/p\u003e\u003ccode\u003euser@host\u0026gt; show security alg status | match sip\u003c/code\u003e\u003cbr\u003e\u003ccode\u003eSIP : Enabled\u003c/code\u003e\u003cbr\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003ePlease verify on MX whether the following is configured:\u003c/p\u003e\u003ccode\u003e[ services ... rule \u0026lt;rule-name\u0026gt; (term \u0026lt;term-name\u0026gt; ) from/match application/application-set \u0026lt;name\u0026gt; ]\u003c/code\u003e\u003cbr\u003e\u003cp\u003ewhere either\u003c/p\u003e\u003ccode\u003ea. name = junos-sip or\u003c/code\u003e\u003cbr\u003e\u003cp\u003ean application or application-set refers to SIP:\u003c/p\u003e\u003ccode\u003eb. [ applications application \u0026lt;name\u0026gt; application-protocol sip ] or\u003c/code\u003e\u003cbr\u003e\u003ccode\u003ec. [ applications application-set \u0026lt;name\u0026gt; application junos-sip ]\u003c/code\u003e\n\n\u003cbr\u003e"
}
],
"value": "To be affected the SIP ALG needs to be enabled, either implicitly / by default or by way of configuration. Please verify on SRX, and MX with SPC3 with:\n\nuser@host\u003e show security alg status | match sip\nSIP : Enabled\n\n\n\nPlease verify on MX whether the following is configured:\n\n[ services ... rule \u003crule-name\u003e (term \u003cterm-name\u003e ) from/match application/application-set \u003cname\u003e ]\nwhere either\n\na. name = junos-sip or\nan application or application-set refers to SIP:\n\nb. [ applications application \u003cname\u003e application-protocol sip ] or\nc. [ applications application-set \u003cname\u003e application junos-sip ]"
}
],
"datePublic": "2025-04-09T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Handling of Additional Special Element vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series with MS-MPC, MS-MIC and SPC3, and SRX Series, allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\u003cp\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIf the SIP ALG processes specifically formatted SIP invites, a memory corruption will occur which will lead to a crash of the FPC processing these packets. Although the system will automatically recover with the restart of the FPC, subsequent SIP invites will cause the crash again and lead to a sustained DoS.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u003cbr\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects Junos OS on MX Series and SRX Series:\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 21.2R3-S9,\u003c/li\u003e\u003cli\u003e21.4 versions before 21.4R3-S10,\u003c/li\u003e\u003cli\u003e22.2 versions before 22.2R3-S6,\u003c/li\u003e\u003cli\u003e22.4 versions before 22.4R3-S5,\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R2-S3,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S3,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R1-S2, 24.2R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "An Improper Handling of Additional Special Element vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series with MS-MPC, MS-MIC and SPC3, and SRX Series, allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\n\nIf the SIP ALG processes specifically formatted SIP invites, a memory corruption will occur which will lead to a crash of the FPC processing these packets. Although the system will automatically recover with the restart of the FPC, subsequent SIP invites will cause the crash again and lead to a sustained DoS.\n\n\n\n\nThis issue affects Junos OS on MX Series and SRX Series:\u00a0\n\n * all versions before 21.2R3-S9,\n * 21.4 versions before 21.4R3-S10,\n * 22.2 versions before 22.2R3-S6,\n * 22.4 versions before 22.4R3-S5,\n * 23.2 versions before 23.2R2-S3,\n * 23.4 versions before 23.4R2-S3,\n * 24.2 versions before 24.2R1-S2, 24.2R2."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-167",
"description": "CWE-167 Improper Handling of Additional Special Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T20:01:48.339Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA96466"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: 21.2R3-S9, \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e21.4R3-S10\u003c/span\u003e, 22.2R3-S6, 22.4R3-S5, 23.2R2-S3, 23.4R2-S3, 24.2R1-S2, 24.2R2, 24.4R1, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue: 21.2R3-S9, \n\n21.4R3-S10, 22.2R3-S6, 22.4R3-S5, 23.2R2-S3, 23.4R2-S3, 24.2R1-S2, 24.2R2, 24.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA96466",
"defect": [
"1833097"
],
"discovery": "USER"
},
"timeline": [
{
"lang": "en",
"time": "2025-04-09T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Junos OS: MX Series, SRX Series: Processing of specific SIP INVITE messages by the SIP ALG will lead to an FPC crash",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue.\u003cbr\u003e\u003cbr\u003eTo reduce the risk of exploitation customers not requiring the SIP ALG functionality could explicitly disable it (in case it\u0027s by default enabled) by configuring:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[\u0026nbsp;security alg sip disable\n\n\n\n]\u003c/tt\u003e"
}
],
"value": "There are no known workarounds for this issue.\n\nTo reduce the risk of exploitation customers not requiring the SIP ALG functionality could explicitly disable it (in case it\u0027s by default enabled) by configuring:\n\n[\u00a0security alg sip disable\n\n\n\n]"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2025-30656",
"datePublished": "2025-04-09T20:01:48.339Z",
"dateReserved": "2025-03-24T19:34:11.322Z",
"dateUpdated": "2025-04-10T14:23:32.306Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-30645 (GCVE-0-2025-30645)
Vulnerability from cvelistv5
Published
2025-04-09 19:52
Modified
2025-04-24 20:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - NULL Pointer Dereference
Summary
A NULL Pointer Dereference vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an attacker causing specific, valid control traffic to be sent out of a Dual-Stack (DS) Lite tunnel to crash the flowd process, resulting in a Denial of Service (DoS). Continuous triggering of specific control traffic will create a sustained Denial of Service (DoS) condition.
On all SRX platforms, when specific, valid control traffic needs to be sent out of a DS-Lite tunnel, a segmentation fault occurs within the flowd process, resulting in a network outage until the flowd process restarts.
This issue affects Junos OS on SRX Series:
* All versions before 21.2R3-S9,
* from 21.4 before 21.4R3-S9,
* from 22.2 before 22.2R3-S5,
* from 22.4 before 22.4R3-S6,
* from 23.2 before 23.2R2-S3,
* from 23.4 before 23.4R2.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Version: 0 ≤ Version: 21.4 ≤ Version: 22.2 ≤ Version: 22.4 ≤ Version: 23.2 ≤ Version: 23.4 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30645",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T20:40:11.024712Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T20:40:21.092Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"SRX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S9",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S9",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S5",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S6",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S3",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R2",
"status": "affected",
"version": "23.4",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Exploitation of this issue requires DS-Lite tunneling to be configured on the SRX Series device:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ security softwires softwire-name \u0026lt;name\u0026gt;\u0026nbsp;softwire-concentrator ...]\u003c/tt\u003e"
}
],
"value": "Exploitation of this issue requires DS-Lite tunneling to be configured on the SRX Series device:\n\n[ security softwires softwire-name \u003cname\u003e\u00a0softwire-concentrator ...]"
}
],
"datePublic": "2025-04-09T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A NULL Pointer Dereference vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an attacker causing specific, valid control traffic to be sent out of a Dual-Stack (DS) Lite tunnel to crash the flowd process, resulting in a Denial of Service (DoS).\u0026nbsp; Continuous triggering of specific control traffic will create a sustained Denial of Service (DoS) condition.\u003cbr\u003e\u003cbr\u003eOn all SRX platforms, when specific, valid control traffic needs to be sent out of a DS-Lite tunnel, a segmentation fault occurs within the flowd process, resulting in a network outage until the flowd process restarts.\u003cbr\u003e\u003cbr\u003eThis issue affects Junos OS on SRX Series: \u003cbr\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.2R3-S9, \u003c/li\u003e\u003cli\u003efrom 21.4 before 21.4R3-S9, \u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S5, \u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3-S6, \u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-S3, \u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R2.\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "A NULL Pointer Dereference vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an attacker causing specific, valid control traffic to be sent out of a Dual-Stack (DS) Lite tunnel to crash the flowd process, resulting in a Denial of Service (DoS).\u00a0 Continuous triggering of specific control traffic will create a sustained Denial of Service (DoS) condition.\n\nOn all SRX platforms, when specific, valid control traffic needs to be sent out of a DS-Lite tunnel, a segmentation fault occurs within the flowd process, resulting in a network outage until the flowd process restarts.\n\nThis issue affects Junos OS on SRX Series: \n * All versions before 21.2R3-S9, \n * from 21.4 before 21.4R3-S9, \n * from 22.2 before 22.2R3-S5, \n * from 22.4 before 22.4R3-S6, \n * from 23.2 before 23.2R2-S3, \n * from 23.4 before 23.4R2."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:Y/R:A/V:C/RE:M/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-24T20:04:34.131Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA96455"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 21.2R3-S9, 21.4R3-S9, 22.2R3-S5, 22.4R3-S6, 23.2R2-S3, 23.4R2, 24.2R1, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 21.2R3-S9, 21.4R3-S9, 22.2R3-S5, 22.4R3-S6, 23.2R2-S3, 23.4R2, 24.2R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA96455",
"defect": [
"1779792"
],
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2025-04-09T16:00:00.000Z",
"value": "Initial Publication"
},
{
"lang": "en",
"time": "2025-04-24T16:00:00.000Z",
"value": "Corrected configuration example for SRX Series"
}
],
"title": "Junos OS: SRX Series: Transmission of specific control traffic sent out of a DS-Lite tunnel results in flowd crash",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2025-30645",
"datePublished": "2025-04-09T19:52:51.730Z",
"dateReserved": "2025-03-24T19:34:11.320Z",
"dateUpdated": "2025-04-24T20:04:34.131Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21595 (GCVE-0-2025-21595)
Vulnerability from cvelistv5
Published
2025-04-09 19:50
Modified
2025-04-10 13:13
Severity ?
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.1 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
7.1 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
VLAI Severity ?
EPSS score ?
CWE
- CWE-401 - Missing Release of Memory after Effective Lifetime
Summary
A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause an FPC to crash, leading to Denial of Service (DoS).
On all Junos OS and Junos OS Evolved platforms, in an EVPN-VXLAN scenario, when specific ARP packets are received on an IPv4 network, or specific NDP packets are received on an IPv6 network, kernel heap memory leaks, which eventually leads to an FPC crash and restart.
This issue does not affect MX Series platforms.
Heap size growth on FPC can be seen using below command.
user@host> show chassis fpc
Temp CPU Utilization (%) CPU Utilization (%) Memory Utilization (%)
Slot State (C) Total Interrupt 1min 5min 15min DRAM (MB) Heap Buffer
0 Online 45 3 0 2 2 2 32768 19 0 <<<<<<< Heap increase in all fPCs
This issue affects Junos OS:
* All versions before 21.2R3-S7,
* 21.4 versions before 21.4R3-S4,
* 22.2 versions before 22.2R3-S1,
* 22.3 versions before 22.3R3-S1,
* 22.4 versions before 22.4R2-S2, 22.4R3.
and Junos OS Evolved:
* All versions before 21.2R3-S7-EVO,
* 21.4-EVO versions before 21.4R3-S4-EVO,
* 22.2-EVO versions before 22.2R3-S1-EVO,
* 22.3-EVO versions before 22.3R3-S1-EVO,
* 22.4-EVO versions before 22.4R3-EVO.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Juniper Networks | Junos OS |
Version: 0 ≤ Version: 21.4 ≤ Version: 22.2 ≤ Version: 22.3 ≤ Version: 22.4 ≤ |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21595",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-10T13:13:13.960516Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T13:13:22.128Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S7",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S4",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S1",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S1",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R2-S2, 22.4R3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S7-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S4-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S1-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S1-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R3-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "To be exposed to this issue the device must be configured for EVPN-VXLAN. Refer to product documentation for how to configure EVPN-VXLAN as there are different configuration options."
}
],
"value": "To be exposed to this issue the device must be configured for EVPN-VXLAN. Refer to product documentation for how to configure EVPN-VXLAN as there are different configuration options."
}
],
"datePublic": "2025-04-09T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Missing Release of Memory after Effective Lifetime\u0026nbsp;vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause an FPC to crash, leading to Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003eOn all Junos OS and Junos OS Evolved platforms, in an EVPN-VXLAN scenario, when specific ARP packets are received on an IPv4 network, or specific NDP packets are received on an IPv6 network, kernel heap memory leaks, which eventually leads to an FPC crash and restart.\u003cbr\u003e\u003cbr\u003eThis issue does not affect MX Series platforms.\u003cbr\u003e\u003cp\u003eHeap size growth on FPC can be seen using below command.\u003cbr\u003e\u003c/p\u003e\u003ctt\u003euser@host\u0026gt; show chassis fpc\u003cbr\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Temp CPU Utilization (%) CPU Utilization (%) Memory \u0026nbsp; Utilization (%)\u003cbr\u003eSlot State \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; (C) Total Interrupt \u0026nbsp; \u0026nbsp; 1min \u0026nbsp; 5min \u0026nbsp; 15min \u0026nbsp; DRAM (MB) \u0026nbsp; Heap \u0026nbsp; Buffer\u003cbr\u003e\u0026nbsp; 0 Online \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 45 \u0026nbsp; \u0026nbsp; 3 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 0 \u0026nbsp; \u0026nbsp; \u0026nbsp; 2 \u0026nbsp; \u0026nbsp; \u0026nbsp; 2 \u0026nbsp; \u0026nbsp; \u0026nbsp;2 \u0026nbsp; \u0026nbsp; \u0026nbsp; 32768 \u0026nbsp; \u0026nbsp; \u0026nbsp;\u003cspan style=\"background-color: rgb(229, 241, 143);\"\u003e19\u003c/span\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;0\u2003\u0026lt;\u0026lt;\u0026lt;\u0026lt;\u0026lt;\u0026lt;\u0026lt; Heap increase in all fPCs\u003c/tt\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Junos OS:\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.2R3-S7,\u003c/li\u003e\u003cli\u003e21.4 versions before 21.4R3-S4,\u003c/li\u003e\u003cli\u003e22.2 versions before 22.2R3-S1,\u0026nbsp;\u003c/li\u003e\u003cli\u003e22.3 versions before 22.3R3-S1,\u0026nbsp;\u003c/li\u003e\u003cli\u003e22.4 versions before 22.4R2-S2, 22.4R3.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eand Junos OS Evolved:\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.2R3-S7-EVO,\u003c/li\u003e\u003cli\u003e21.4-EVO versions before 21.4R3-S4-EVO,\u003c/li\u003e\u003cli\u003e22.2-EVO versions before 22.2R3-S1-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003e22.3-EVO versions before 22.3R3-S1-EVO,\u0026nbsp;\u003cbr\u003e\u003c/li\u003e\u003cli\u003e22.4-EVO versions before 22.4R3-EVO.\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "A Missing Release of Memory after Effective Lifetime\u00a0vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause an FPC to crash, leading to Denial of Service (DoS).\n\nOn all Junos OS and Junos OS Evolved platforms, in an EVPN-VXLAN scenario, when specific ARP packets are received on an IPv4 network, or specific NDP packets are received on an IPv6 network, kernel heap memory leaks, which eventually leads to an FPC crash and restart.\n\nThis issue does not affect MX Series platforms.\nHeap size growth on FPC can be seen using below command.\n\n\nuser@host\u003e show chassis fpc\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Temp CPU Utilization (%) CPU Utilization (%) Memory \u00a0 Utilization (%)\nSlot State \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 (C) Total Interrupt \u00a0 \u00a0 1min \u00a0 5min \u00a0 15min \u00a0 DRAM (MB) \u00a0 Heap \u00a0 Buffer\n\u00a0 0 Online \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 45 \u00a0 \u00a0 3 \u00a0 \u00a0 \u00a0 \u00a0 0 \u00a0 \u00a0 \u00a0 2 \u00a0 \u00a0 \u00a0 2 \u00a0 \u00a0 \u00a02 \u00a0 \u00a0 \u00a0 32768 \u00a0 \u00a0 \u00a019\u00a0 \u00a0 \u00a0 \u00a00\u2003\u003c\u003c\u003c\u003c\u003c\u003c\u003c Heap increase in all fPCs\n\n\nThis issue affects Junos OS:\n\n * All versions before 21.2R3-S7,\n * 21.4 versions before 21.4R3-S4,\n * 22.2 versions before 22.2R3-S1,\u00a0\n * 22.3 versions before 22.3R3-S1,\u00a0\n * 22.4 versions before 22.4R2-S2, 22.4R3.\n\n\nand Junos OS Evolved:\n\n * All versions before 21.2R3-S7-EVO,\n * 21.4-EVO versions before 21.4R3-S4-EVO,\n * 22.2-EVO versions before 22.2R3-S1-EVO,\u00a0\n * 22.3-EVO versions before 22.3R3-S1-EVO,\u00a0\n\n * 22.4-EVO versions before 22.4R3-EVO."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e"
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T19:50:28.091Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA96450"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue.\u003c/p\u003e\u003cp\u003eJunos OS: 21.2R3-S7, 21.4R3-S4, 22.2R3-S1, 22.3R3-S1, 22.4R2-S2, 22.4R3, 23.2R1, and all subsequent releases.\u003c/p\u003e\u003cp\u003eJunos OS Evolved: 21.2R3-S7-EVO, 21.4R3-S4-EVO, 22.2R3-S1-EVO, 22.3R3-S1-EVO, 22.4R3-EVO, 23.2R1-EVO, and all subsequent releases.\u003c/p\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue.\n\nJunos OS: 21.2R3-S7, 21.4R3-S4, 22.2R3-S1, 22.3R3-S1, 22.4R2-S2, 22.4R3, 23.2R1, and all subsequent releases.\n\nJunos OS Evolved: 21.2R3-S7-EVO, 21.4R3-S4-EVO, 22.2R3-S1-EVO, 22.3R3-S1-EVO, 22.4R3-EVO, 23.2R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA96450",
"defect": [
"1731460"
],
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2025-04-09T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Junos OS and Junos OS Evolved: In an EVPN-VXLAN scenario specific ARP or NDP packets cause FPC to crash",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-av217"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2025-21595",
"datePublished": "2025-04-09T19:50:28.091Z",
"dateReserved": "2024-12-26T14:47:11.669Z",
"dateUpdated": "2025-04-10T13:13:22.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-30644 (GCVE-0-2025-30644)
Vulnerability from cvelistv5
Published
2025-04-09 19:52
Modified
2025-05-07 18:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Summary
A Heap-based Buffer Overflow vulnerability in the flexible PIC concentrator (FPC) of Juniper Networks Junos OS on EX2300, EX3400, EX4100, EX4300, EX4300MP, EX4400, EX4600, EX4650-48Y, and QFX5k Series allows an attacker to send a specific DHCP packet to the device, leading to an FPC crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.
Under a rare timing scenario outside the attacker's control, memory corruption may be observed when DHCP Option 82 is enabled, leading to an FPC crash and affecting packet forwarding. Due to the nature of the heap-based overflow, exploitation of this vulnerability could also lead to remote code execution within the FPC, resulting in complete control of the vulnerable component.
This issue affects Junos OS on EX2300, EX3400, EX4100, EX4300, EX4300MP, EX4400, EX4600, EX4650-48Y, and QFX5k Series:
* All versions before 21.4R3-S9,
* from 22.2 before 22.2R3-S5,
* from 22.4 before 22.4R3-S5,
* from 23.2 before 23.2R2-S3,
* from 23.4 before 23.4R2-S3,
* from 24.2 before 24.2R2.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Version: 0 ≤ Version: 22.2 ≤ Version: 22.4 ≤ Version: 23.2 ≤ Version: 23.4 ≤ Version: 24.2 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30644",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-10T03:55:42.671128Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T18:55:01.374Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"EX2300",
"EX3400",
"EX4100",
"EX4300",
"EX4300MP",
"EX4400",
"EX4600",
"EX4650-48Y",
"QFX5k Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.4R3-S9",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S5",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S5",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S3",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R2-S3",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "24.2R2",
"status": "affected",
"version": "24.2",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue only occurs when DHCP forwarding-options Option 82 is enabled, as shown below:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[vlans \u0026lt;name\u0026gt; forwarding-options dhcp-security option-82]\u003c/tt\u003e"
}
],
"value": "This issue only occurs when DHCP forwarding-options Option 82 is enabled, as shown below:\n\n[vlans \u003cname\u003e forwarding-options dhcp-security option-82]"
}
],
"datePublic": "2025-04-09T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Heap-based Buffer Overflow vulnerability in the flexible PIC concentrator (FPC) of Juniper Networks Junos OS on EX2300, EX3400, EX4100, EX4300, EX4300MP, EX4400, EX4600, EX4650-48Y, and QFX5k Series allows an attacker to send a specific DHCP packet to the device, leading to an FPC crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.\u003cbr\u003e\u003cbr\u003eUnder a rare timing scenario outside the attacker\u0027s control, memory corruption may be observed when DHCP Option 82 is enabled, leading to an FPC crash and affecting packet forwarding. Due to the nature of the heap-based overflow, exploitation of this vulnerability could also lead to remote code execution within the FPC, resulting in complete control of the vulnerable component.\u003cbr\u003e\u003cp\u003eThis issue affects Junos OS on EX2300, EX3400, EX4100, EX4300, EX4300MP, EX4400, EX4600, EX4650-48Y, and QFX5k Series: \u003cbr\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.4R3-S9,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S5,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3-S5,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-S3,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R2-S3,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 24.2 before 24.2R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "A Heap-based Buffer Overflow vulnerability in the flexible PIC concentrator (FPC) of Juniper Networks Junos OS on EX2300, EX3400, EX4100, EX4300, EX4300MP, EX4400, EX4600, EX4650-48Y, and QFX5k Series allows an attacker to send a specific DHCP packet to the device, leading to an FPC crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.\n\nUnder a rare timing scenario outside the attacker\u0027s control, memory corruption may be observed when DHCP Option 82 is enabled, leading to an FPC crash and affecting packet forwarding. Due to the nature of the heap-based overflow, exploitation of this vulnerability could also lead to remote code execution within the FPC, resulting in complete control of the vulnerable component.\nThis issue affects Junos OS on EX2300, EX3400, EX4100, EX4300, EX4300MP, EX4400, EX4600, EX4650-48Y, and QFX5k Series: \n\n\n\n\n * All versions before 21.4R3-S9,\u00a0\n * from 22.2 before 22.2R3-S5,\u00a0\n * from 22.4 before 22.4R3-S5,\u00a0\n * from 23.2 before 23.2R2-S3,\u00a0\n * from 23.4 before 23.4R2-S3,\u00a0\n * from 24.2 before 24.2R2."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:L/AU:N/R:A/RE:M/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T19:52:16.737Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA96453"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: 21.4R3-S9, 22.2R3-S5, 22.4R3-S5, 23.2R2-S3, 23.4R2-S3, 24.2R2, 24.4R1, and all subsequent releases.\u003cbr\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue: 21.4R3-S9, 22.2R3-S5, 22.4R3-S5, 23.2R2-S3, 23.4R2-S3, 24.2R2, 24.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA96453",
"defect": [
"1818760"
],
"discovery": "USER"
},
"timeline": [
{
"lang": "en",
"time": "2025-04-09T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Junos OS: EX2300, EX3400, EX4000 Series, QFX5k Series: Receipt of a specific DHCP packet causes FPC crash when DHCP Option 82 is enabled",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Disable\u0026nbsp;dhcp-option82 if it is not required."
}
],
"value": "Disable\u00a0dhcp-option82 if it is not required."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2025-30644",
"datePublished": "2025-04-09T19:52:16.737Z",
"dateReserved": "2025-03-24T19:34:11.320Z",
"dateUpdated": "2025-05-07T18:55:01.374Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-30659 (GCVE-0-2025-30659)
Vulnerability from cvelistv5
Published
2025-04-09 20:03
Modified
2025-04-09 20:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-130 - Improper Handling of Length Parameter Inconsistency
Summary
An Improper Handling of Length Parameter Inconsistency vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).
When a device configured for Secure Vector Routing (SVR) receives a specifically malformed packet the PFE will crash and restart.
This issue affects Junos OS on SRX Series:
* All 21.4 versions,
* 22.2 versions before 22.2R3-S6,
* 22.4 versions before 22.4R3-S6,
* 23.2 versions before 23.2R2-S3,
* 23.4 versions before 23.4R2-S4,
* 24.2 versions before 24.2R2.
This issue does not affect versions before 21.4.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Version: 21.4R1 ≤ Version: 22.2 ≤ Version: 22.4 ≤ Version: 23.2 ≤ Version: 23.4 ≤ Version: 24.2 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30659",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T20:30:29.483767Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T20:30:38.589Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"SRX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.4*",
"status": "affected",
"version": "21.4R1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S6",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S6",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S3",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R2-S4",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "24.2R2",
"status": "affected",
"version": "24.2",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "To be exposed to this issue the SRX needs to be configured for SVR:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ services\u0026nbsp;vector-routing ]\u003c/tt\u003e"
}
],
"value": "To be exposed to this issue the SRX needs to be configured for SVR:\n\n[ services\u00a0vector-routing ]"
}
],
"datePublic": "2025-04-09T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Handling of Length Parameter Inconsistency vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\u003cbr\u003e\u003cbr\u003eWhen a device configured for Secure Vector Routing (SVR) receives a specifically malformed packet the PFE will crash and restart.\u003cbr\u003e\u003cp\u003eThis issue affects Junos OS on SRX Series:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll 21.4 versions,\u003c/li\u003e\u003cli\u003e22.2 versions before 22.2R3-S6,\u003c/li\u003e\u003cli\u003e22.4 versions before 22.4R3-S6,\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R2-S3,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S4,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003eThis issue does not affect versions before 21.4."
}
],
"value": "An Improper Handling of Length Parameter Inconsistency vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\n\nWhen a device configured for Secure Vector Routing (SVR) receives a specifically malformed packet the PFE will crash and restart.\nThis issue affects Junos OS on SRX Series:\n\n\n\n * All 21.4 versions,\n * 22.2 versions before 22.2R3-S6,\n * 22.4 versions before 22.4R3-S6,\n * 23.2 versions before 23.2R2-S3,\n * 23.4 versions before 23.4R2-S4,\n * 24.2 versions before 24.2R2.\n\n\n\n\nThis issue does not affect versions before 21.4."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-130",
"description": "CWE-130 Improper Handling of Length Parameter Inconsistency",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T20:03:23.936Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA96470"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: 22.2R3-S6, 22.4R3-S6, 23.2R2-S3, 23.4R2-S4, 24.2R2, 24.4R1, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue: 22.2R3-S6, 22.4R3-S6, 23.2R2-S3, 23.4R2-S4, 24.2R2, 24.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA96470",
"defect": [
"1820807"
],
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2025-04-09T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Junos OS: SRX Series: A device configured for vector routing crashes when receiving malformed traffic",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2025-30659",
"datePublished": "2025-04-09T20:03:23.936Z",
"dateReserved": "2025-03-24T19:34:11.323Z",
"dateUpdated": "2025-04-09T20:30:38.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…