CVE-2024-21603 : Security Advisory and Response
Detailed info on CVE-2024-21603 affecting Juniper Networks Junos OS for MX Series. Allows DoS via SCU/DCU configuration.
This CVE-2024-21603 content provides detailed information about a vulnerability in Juniper Networks Junos OS affecting MX Series devices.
Understanding CVE-2024-21603
The vulnerability in the kernel of Juniper Networks Junos OS on MX Series allows a network-based attacker with low privileges to cause a denial of service. Exploiting this issue involves a scaled configuration for Source Class Usage (SCU) / Destination Class Usage (DCU) with more than 10 route classes. Continued exploitation can lead to a sustained Denial of Service (DoS) attack.
What is CVE-2024-21603?
An Improper Check for Unusual or Exceptional Conditions vulnerability in the kernel of Juniper Network Junos OS on MX Series allows a network-based attacker with low privileges to cause a denial of service. This issue only affects MX Series devices with specific hardware configurations.
The Impact of CVE-2024-21603
The vulnerability allows an attacker to disrupt the normal operation of affected devices, potentially leading to downtime and service unavailability. It poses a significant risk to the availability of network services and can result in financial losses for organizations relying on these devices.
Technical Details of CVE-2024-21603
The vulnerability requires a scaled SCU/DCU configuration with more than 10 classes to be present on the device. When specific SNMP requests or CLI commands are executed to gather SCU/DCU statistics, a 'vmcore' for the RE kernel is triggered, resulting in a device restart.
Vulnerability Description
The vulnerability arises due to an improper check for unusual or exceptional conditions in handling SCU/DCU configurations, leading to a device crash and subsequent denial of service.
Affected Systems and Versions
Juniper Networks Junos OS versions earlier than 20.4R3-S9, 21.2R3-S6, 21.3R3-S5, 21.4R3, 22.1R3, 22.2R2, and 22.3R2 are affected by this vulnerability, specifically impacting MX Series devices with certain hardware configurations.
Exploitation Mechanism
The exploit involves manipulating SCU/DCU configurations with more than 10 route classes and gathering associated statistics using SNMP requests or CLI commands.
Mitigation and Prevention
Organizations can take immediate steps to address the CVE-2024-21603 vulnerability and implement long-term security practices to protect against similar threats.
Immediate Steps to Take
It is crucial to update the affected software versions to the patched releases provided by Juniper Networks to mitigate the vulnerability effectively.
Long-Term Security Practices
Regularly monitor and update system configurations, apply security patches promptly, and conduct thorough security assessments to reduce the risk of exploitation.
Patching and Updates
Juniper Networks has released updated software versions, including Junos OS 20.4R3-S9, 21.2R3-S6, 21.3R3-S5, 21.4R3, 22.1R3, 22.2R2, 22.3R2, 22.4R1, and subsequent releases, to address the CVE-2024-21603 vulnerability.
By following recommended mitigation strategies and ensuring systems are up to date with the latest patches, organizations can enhance their security posture and protect their networks from potential threats.