Vulnerability-Lookup

CVE-2025-30660 (GCVE-0-2025-30660)

Vulnerability from cvelistv5 – Published: 2025-04-09 20:05 – Updated: 2025-04-09 20:29

Title

Junos OS: MX Series: Decapsulation of specific GRE packets leads to PFE reset

Summary

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).When processing a high rate of specific GRE traffic destined to the device, the respective PFE will hang causing traffic forwarding to stop. When this issue occurs the following logs can be observed: <fpc #> MQSS(0): LI-3: Received a parcel with more than 512B accompanying data CHASSISD_FPC_ASIC_ERROR: ASIC Error detected <...> This issue affects Junos OS: * all versions before 21.2R3-S9, * 21.4 versions before 21.4R3-S8, * 22.2 versions before 22.2R3-S4, * 22.4 versions before 22.4R3-S5, * 23.2 versions before 23.2R2-S2, * 23.4 versions before 23.4R2.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

8.7 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/RE:M

CWE

CWE-754 - Improper Check for Unusual or Exceptional Conditions

Assigner

juniper

References

URL

Tags

https://supportportal.juniper.net/JSA96471

vendor-advisory

Impacted products

	Vendor	Product	Version
	Juniper Networks	Junos OS	Affected: 0 , < 21.2R3-S9 (semver) Affected: 21.4 , < 21.4R3-S8 (semver) Affected: 22.2 , < 22.2R3-S4 (semver) Affected: 22.4 , < 22.4R3-S5 (semver) Affected: 23.2 , < 23.2R2-S2 (semver) Affected: 23.4 , < 23.4R2 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-30660",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-09T20:29:51.260047Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-09T20:29:59.919Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "MX Series"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "21.2R3-S9",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "21.4R3-S8",
              "status": "affected",
              "version": "21.4",
              "versionType": "semver"
            },
            {
              "lessThan": "22.2R3-S4",
              "status": "affected",
              "version": "22.2",
              "versionType": "semver"
            },
            {
              "lessThan": "22.4R3-S5",
              "status": "affected",
              "version": "22.4",
              "versionType": "semver"
            },
            {
              "lessThan": "23.2R2-S2",
              "status": "affected",
              "version": "23.2",
              "versionType": "semver"
            },
            {
              "lessThan": "23.4R2",
              "status": "affected",
              "version": "23.4",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-04-09T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\u003cp\u003eWhen processing a high rate of specific GRE traffic destined to the device, the respective P\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eFE will hang causing traffic forwarding to stop. \u003c/span\u003e\n\n\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWhen this issue occurs the following logs can be observed:\u003c/span\u003e\u003c/p\u003e \u003ctt\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026lt;fpc #\u0026gt; MQSS(0): LI-3: Received a parcel with more than 512B\u0026nbsp;accompanying data \u003cbr\u003e\u003c/span\u003e\u003c/tt\u003e\u003ctt\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCHASSISD_FPC_ASIC_ERROR: ASIC Error detected \u0026lt;...\u0026gt;\u003c/span\u003e\u003c/tt\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Junos OS:\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 21.2R3-S9,\u003c/li\u003e\u003cli\u003e21.4 versions before 21.4R3-S8,\u003c/li\u003e\u003cli\u003e22.2 versions before 22.2R3-S4,\u003c/li\u003e\u003cli\u003e22.4 versions before 22.4R3-S5,\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R2-S2,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
            }
          ],
          "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).When processing a high rate of specific GRE traffic destined to the device, the respective PFE will hang causing traffic forwarding to stop. \n\n\n\nWhen this issue occurs the following logs can be observed:\n\n \u003cfpc #\u003e MQSS(0): LI-3: Received a parcel with more than 512B\u00a0accompanying data \nCHASSISD_FPC_ASIC_ERROR: ASIC Error detected \u003c...\u003e\n\n\nThis issue affects Junos OS:\n\n  *  all versions before 21.2R3-S9,\n  *  21.4 versions before 21.4R3-S8,\n  *  22.2 versions before 22.2R3-S4,\n  *  22.4 versions before 22.4R3-S5,\n  *  23.2 versions before 23.2R2-S2,\n  *  23.4 versions before 23.4R2."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "YES",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/RE:M",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-754",
              "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-09T20:05:25.345Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://supportportal.juniper.net/JSA96471"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The following software releases have been updated to resolve this specific issue: 21.2R3-S9, 21.4R3-S8, 22.2R3-S4, 22.4R3-S5, 23.2R2-S2, 23.4R2, 24.2R1, and all subsequent releases."
            }
          ],
          "value": "The following software releases have been updated to resolve this specific issue: 21.2R3-S9, 21.4R3-S8, 22.2R3-S4, 22.4R3-S5, 23.2R2-S2, 23.4R2, 24.2R1, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA96471",
        "defect": [
          "1784246"
        ],
        "discovery": "USER"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2025-04-09T16:00:00.000Z",
          "value": "Initial Publication"
        }
      ],
      "title": "Junos OS: MX Series: Decapsulation of specific GRE packets leads to PFE reset",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "There are no known workarounds for this issue."
            }
          ],
          "value": "There are no known workarounds for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2025-30660",
    "datePublished": "2025-04-09T20:05:25.345Z",
    "dateReserved": "2025-03-24T19:34:11.323Z",
    "dateUpdated": "2025-04-09T20:29:59.919Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-30660\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-09T20:29:51.260047Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-09T20:29:54.956Z\"}}], \"cna\": {\"title\": \"Junos OS: MX Series: Decapsulation of specific GRE packets leads to PFE reset\", \"source\": {\"defect\": [\"1784246\"], \"advisory\": \"JSA96471\", \"discovery\": \"USER\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 8.7, \"Automatable\": \"YES\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/RE:M\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"LOW\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"MODERATE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Juniper Networks\", \"product\": \"Junos OS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"21.2R3-S9\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"21.4\", \"lessThan\": \"21.4R3-S8\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"22.2\", \"lessThan\": \"22.2R3-S4\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"22.4\", \"lessThan\": \"22.4R3-S5\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"23.2\", \"lessThan\": \"23.2R2-S2\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"23.4\", \"lessThan\": \"23.4R2\", \"versionType\": \"semver\"}], \"platforms\": [\"MX Series\"], \"defaultStatus\": \"unaffected\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\", \"base64\": false}]}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-04-09T16:00:00.000Z\", \"value\": \"Initial Publication\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"The following software releases have been updated to resolve this specific issue: 21.2R3-S9, 21.4R3-S8, 22.2R3-S4, 22.4R3-S5, 23.2R2-S2, 23.4R2, 24.2R1, and all subsequent releases.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"The following software releases have been updated to resolve this specific issue: 21.2R3-S9, 21.4R3-S8, 22.2R3-S4, 22.4R3-S5, 23.2R2-S2, 23.4R2, 24.2R1, and all subsequent releases.\", \"base64\": false}]}], \"datePublic\": \"2025-04-09T16:00:00.000Z\", \"references\": [{\"url\": \"https://supportportal.juniper.net/JSA96471\", \"tags\": [\"vendor-advisory\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"There are no known workarounds for this issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"There are no known workarounds for this issue.\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).When processing a high rate of specific GRE traffic destined to the device, the respective PFE will hang causing traffic forwarding to stop. \\n\\n\\n\\nWhen this issue occurs the following logs can be observed:\\n\\n \u003cfpc #\u003e MQSS(0): LI-3: Received a parcel with more than 512B\\u00a0accompanying data \\nCHASSISD_FPC_ASIC_ERROR: ASIC Error detected \u003c...\u003e\\n\\n\\nThis issue affects Junos OS:\\n\\n  *  all versions before 21.2R3-S9,\\n  *  21.4 versions before 21.4R3-S8,\\n  *  22.2 versions before 22.2R3-S4,\\n  *  22.4 versions before 22.4R3-S5,\\n  *  23.2 versions before 23.2R2-S2,\\n  *  23.4 versions before 23.4R2.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\u003cp\u003eWhen processing a high rate of specific GRE traffic destined to the device, the respective P\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eFE will hang causing traffic forwarding to stop. \u003c/span\u003e\\n\\n\u003c/p\u003e\u003cp\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eWhen this issue occurs the following logs can be observed:\u003c/span\u003e\u003c/p\u003e \u003ctt\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e\u0026lt;fpc #\u0026gt; MQSS(0): LI-3: Received a parcel with more than 512B\u0026nbsp;accompanying data \u003cbr\u003e\u003c/span\u003e\u003c/tt\u003e\u003ctt\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eCHASSISD_FPC_ASIC_ERROR: ASIC Error detected \u0026lt;...\u0026gt;\u003c/span\u003e\u003c/tt\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Junos OS:\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 21.2R3-S9,\u003c/li\u003e\u003cli\u003e21.4 versions before 21.4R3-S8,\u003c/li\u003e\u003cli\u003e22.2 versions before 22.2R3-S4,\u003c/li\u003e\u003cli\u003e22.4 versions before 22.4R3-S5,\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R2-S2,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-754\", \"description\": \"CWE-754 Improper Check for Unusual or Exceptional Conditions\"}]}], \"providerMetadata\": {\"orgId\": \"8cbe9d5a-a066-4c94-8978-4b15efeae968\", \"shortName\": \"juniper\", \"dateUpdated\": \"2025-04-09T20:05:25.345Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-30660\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-09T20:29:59.919Z\", \"dateReserved\": \"2025-03-24T19:34:11.323Z\", \"assignerOrgId\": \"8cbe9d5a-a066-4c94-8978-4b15efeae968\", \"datePublished\": \"2025-04-09T20:05:25.345Z\", \"assignerShortName\": \"juniper\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

FKIE_CVE-2025-30660

Vulnerability from fkie_nvd - Published: 2025-04-09 20:15 - Updated: 2026-01-23 19:35

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

	URL	Tags
	sirt@juniper.net	https://supportportal.juniper.net/JSA96471	Vendor Advisory

Impacted products

Vendor	Product	Version
juniper	junos	*
juniper	junos	21.2
juniper	junos	21.2
juniper	junos	21.2
juniper	junos	21.2
juniper	junos	21.2
juniper	junos	21.2
juniper	junos	21.2
juniper	junos	21.2
juniper	junos	21.2
juniper	junos	21.2
juniper	junos	21.2
juniper	junos	21.2
juniper	junos	21.2
juniper	junos	21.2
juniper	junos	21.2
juniper	junos	21.2
juniper	junos	21.4
juniper	junos	21.4
juniper	junos	21.4
juniper	junos	21.4
juniper	junos	21.4
juniper	junos	21.4
juniper	junos	21.4
juniper	junos	21.4
juniper	junos	21.4
juniper	junos	21.4
juniper	junos	21.4
juniper	junos	21.4
juniper	junos	21.4
juniper	junos	21.4
juniper	junos	21.4
juniper	junos	22.2
juniper	junos	22.2
juniper	junos	22.2
juniper	junos	22.2
juniper	junos	22.2
juniper	junos	22.2
juniper	junos	22.2
juniper	junos	22.2
juniper	junos	22.2
juniper	junos	22.2
juniper	junos	22.2
juniper	junos	22.4
juniper	junos	22.4
juniper	junos	22.4
juniper	junos	22.4
juniper	junos	22.4
juniper	junos	22.4
juniper	junos	22.4
juniper	junos	22.4
juniper	junos	22.4
juniper	junos	22.4
juniper	junos	22.4
juniper	junos	22.4
juniper	junos	23.2
juniper	junos	23.2
juniper	junos	23.2
juniper	junos	23.2
juniper	junos	23.2
juniper	junos	23.2
juniper	junos	23.4
juniper	junos	23.4
juniper	junos	23.4
juniper	junos	23.4
juniper	mx10004	-
juniper	mx10008	-
juniper	mx2008	-
juniper	mx2010	-
juniper	mx2020	-
juniper	mx204	-
juniper	mx240	-
juniper	mx304	-
juniper	mx480	-
juniper	mx960	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "331C0F12-D9B9-483B-9EF0-28E48ED8346D",
              "versionEndExcluding": "21.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "216E7DDE-453D-481F-92E2-9F8466CDDA3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.2:r1:*:*:*:*:*:*",
              "matchCriteriaId": "A52AF794-B36B-43A6-82E9-628658624B0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.2:r1-s1:*:*:*:*:*:*",
              "matchCriteriaId": "3998DC76-F72F-4452-9150-652140B113EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.2:r1-s2:*:*:*:*:*:*",
              "matchCriteriaId": "36ED4552-2420-45F9-B6E4-6DA2B2B12870",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.2:r2:*:*:*:*:*:*",
              "matchCriteriaId": "C28A14E7-7EA0-4757-9764-E39A27CFDFA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.2:r2-s1:*:*:*:*:*:*",
              "matchCriteriaId": "4A43752D-A4AF-4B4E-B95B-192E42883A5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.2:r2-s2:*:*:*:*:*:*",
              "matchCriteriaId": "42986538-E9D0-4C2E-B1C4-A763A4EE451B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.2:r3:*:*:*:*:*:*",
              "matchCriteriaId": "DE22CA01-EA7E-4EE5-B59F-EE100688C1DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s1:*:*:*:*:*:*",
              "matchCriteriaId": "E596ABD9-6ECD-48DC-B770-87B7E62EA345",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s2:*:*:*:*:*:*",
              "matchCriteriaId": "71745D02-D226-44DC-91AD-678C85F5E6FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s3:*:*:*:*:*:*",
              "matchCriteriaId": "39E44B09-7310-428C-8144-AE9DB0484D1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s4:*:*:*:*:*:*",
              "matchCriteriaId": "53938295-8999-4316-9DED-88E24D037852",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s5:*:*:*:*:*:*",
              "matchCriteriaId": "2307BF56-640F-49A8-B060-6ACB0F653A61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s6:*:*:*:*:*:*",
              "matchCriteriaId": "737DDF96-7B1D-44E2-AD0F-E2F50858B2A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s7:*:*:*:*:*:*",
              "matchCriteriaId": "35E0BB39-18AE-4FAD-A528-FDFF6222DDE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s8:*:*:*:*:*:*",
              "matchCriteriaId": "5DCAA120-20A2-43D8-87D3-716225CE233F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "79ED3CE8-CC57-43AB-9A26-BBC87816062D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.4:r1:*:*:*:*:*:*",
              "matchCriteriaId": "4310D2D9-A8A6-48F8-9384-0A0692A1E1C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s1:*:*:*:*:*:*",
              "matchCriteriaId": "9962B01C-C57C-4359-9532-676AB81CE8B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s2:*:*:*:*:*:*",
              "matchCriteriaId": "62178549-B679-4902-BFDB-2993803B7FCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.4:r2:*:*:*:*:*:*",
              "matchCriteriaId": "9AD697DF-9738-4276-94ED-7B9380CD09F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.4:r2-s1:*:*:*:*:*:*",
              "matchCriteriaId": "09FF5818-0803-4646-A386-D7C645EE58A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.4:r2-s2:*:*:*:*:*:*",
              "matchCriteriaId": "2229FA59-EB24-49A2-85CE-F529A8DE6BA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.4:r3:*:*:*:*:*:*",
              "matchCriteriaId": "0CB280D8-C5D8-4B51-A879-496ACCDE4538",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s1:*:*:*:*:*:*",
              "matchCriteriaId": "5F3F54F1-75B3-400D-A735-2C27C8CEBE79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s2:*:*:*:*:*:*",
              "matchCriteriaId": "476A49E7-37E9-40F9-BF2D-9BBFFAA1DFFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s3:*:*:*:*:*:*",
              "matchCriteriaId": "0A5B196A-2AF1-4AE5-9148-A75A572807BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s4:*:*:*:*:*:*",
              "matchCriteriaId": "3B457616-2D91-4913-9A7D-038BBF8F1F66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s5:*:*:*:*:*:*",
              "matchCriteriaId": "C470FB4E-A927-4AF3-ACB0-AD1E264218B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s6:*:*:*:*:*:*",
              "matchCriteriaId": "44E98BC3-1D43-481A-AB09-FFA502C36AAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s7:*:*:*:*:*:*",
              "matchCriteriaId": "1A0DA88F-6C61-4FEA-ABF3-99F7DD43DB0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "06156CD6-09D3-4A05-9C5E-BC64A70640F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.2:r1:*:*:*:*:*:*",
              "matchCriteriaId": "E949B21B-AD62-4022-9088-06313277479E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.2:r1-s1:*:*:*:*:*:*",
              "matchCriteriaId": "8D862E6F-0D01-4B25-8340-888C30F75A2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.2:r1-s2:*:*:*:*:*:*",
              "matchCriteriaId": "2F28F73E-8563-41B9-A313-BBAAD5B57A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.2:r2:*:*:*:*:*:*",
              "matchCriteriaId": "E37D4694-C80B-475E-AB5B-BB431F59C5E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.2:r2-s1:*:*:*:*:*:*",
              "matchCriteriaId": "5EC0D2D2-4922-4675-8A2C-57A08D7BE334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.2:r2-s2:*:*:*:*:*:*",
              "matchCriteriaId": "9EC91F9D-DEDA-46B4-A39F-59A2CDB86C2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.2:r3:*:*:*:*:*:*",
              "matchCriteriaId": "591AA3E6-62A2-4A1A-A04C-E808F71D8B6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.2:r3-s1:*:*:*:*:*:*",
              "matchCriteriaId": "786F993E-32CB-492A-A7CC-A7E4F48EA8B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.2:r3-s2:*:*:*:*:*:*",
              "matchCriteriaId": "60CEA89D-BAC4-41CD-A1D1-AA5EDDEBD54A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.2:r3-s3:*:*:*:*:*:*",
              "matchCriteriaId": "BC449CC7-B2D6-41CB-8D6C-81DE89E79520",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1379EF30-AF04-4F98-8328-52A631F24737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.4:r1:*:*:*:*:*:*",
              "matchCriteriaId": "28E42A41-7965-456B-B0AF-9D3229CE4D4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.4:r1-s1:*:*:*:*:*:*",
              "matchCriteriaId": "CB1A77D6-D3AD-481B-979C-8F778530B175",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.4:r1-s2:*:*:*:*:*:*",
              "matchCriteriaId": "3A064B6B-A99B-4D8D-A62D-B00C7870BC30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.4:r2:*:*:*:*:*:*",
              "matchCriteriaId": "40813417-A938-4F74-A419-8C5188A35486",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.4:r2-s1:*:*:*:*:*:*",
              "matchCriteriaId": "7FC1BA1A-DF0E-4B15-86BA-24C60E546732",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.4:r2-s2:*:*:*:*:*:*",
              "matchCriteriaId": "EBB967BF-3495-476D-839A-9DBFCBE69F91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.4:r3:*:*:*:*:*:*",
              "matchCriteriaId": "7E5688D6-DCA4-4550-9CD1-A3D792252129",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.4:r3-s1:*:*:*:*:*:*",
              "matchCriteriaId": "8494546C-00EA-49B6-B6FA-FDE42CA5B1FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.4:r3-s2:*:*:*:*:*:*",
              "matchCriteriaId": "8BB98579-FA33-4E41-A162-A46E9709FBD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.4:r3-s3:*:*:*:*:*:*",
              "matchCriteriaId": "08E2562F-FB18-4347-8497-7D61B8157EBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.4:r3-s4:*:*:*:*:*:*",
              "matchCriteriaId": "494D1D96-1DA2-4B0A-9536-1B5A4FDFCA09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:23.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "1A78CC80-E8B1-4CDA-BB35-A61833657FA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:23.2:r1:*:*:*:*:*:*",
              "matchCriteriaId": "4B3B2FE1-C228-46BE-AC76-70C2687050AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:23.2:r1-s1:*:*:*:*:*:*",
              "matchCriteriaId": "F1B16FF0-900F-4AEE-B670-A537139F6909",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:23.2:r1-s2:*:*:*:*:*:*",
              "matchCriteriaId": "B227E831-30FF-4BE1-B8B2-31829A5610A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:23.2:r2:*:*:*:*:*:*",
              "matchCriteriaId": "1ADA814B-EF98-45B1-AF7A-0C89688F7CA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:23.2:r2-s1:*:*:*:*:*:*",
              "matchCriteriaId": "A6FB32DF-D062-4FB9-8777-452978BEC7B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:23.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "78481ABC-3620-410D-BC78-334657E0BB75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:23.4:r1:*:*:*:*:*:*",
              "matchCriteriaId": "BE8A5BA3-87BD-473A-B229-2AAB2C797005",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:23.4:r1-s1:*:*:*:*:*:*",
              "matchCriteriaId": "8B74AC3E-8FC9-400A-A176-4F7F21F10756",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:23.4:r1-s2:*:*:*:*:*:*",
              "matchCriteriaId": "CB2D1FCE-8019-4CE1-BA45-D62F91AF7B51",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:juniper:mx10004:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "84F7BB7E-3A52-4C23-A4D2-50E75C912AFC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:mx10008:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6F0EA2F-BF7E-45D0-B2B4-8A7B67A9475A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:mx2008:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FEF33EB-B2E0-42EF-A1BB-D41021B6D08F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:mx2010:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "27175D9A-CA2C-4218-8042-835E25DFCA43",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:mx2020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "00C7FC57-8ACF-45AA-A227-7E3B350FD24F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:mx204:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2754C2DF-DF6E-4109-9463-38B4E0465B77",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:mx240:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4A26704-A6A4-4C4F-9E12-A0A0259491EF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:mx304:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F7FB0CC-624D-4AB9-A7AC-BB19838C3B22",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:mx480:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "104858BD-D31D-40E0-8524-2EC311F10EAC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:mx960:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5E08E1E-0FE4-4294-9497-BBFFECA2A220",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).When processing a high rate of specific GRE traffic destined to the device, the respective PFE will hang causing traffic forwarding to stop. \n\n\n\nWhen this issue occurs the following logs can be observed:\n\n \u003cfpc #\u003e MQSS(0): LI-3: Received a parcel with more than 512B\u00a0accompanying data \nCHASSISD_FPC_ASIC_ERROR: ASIC Error detected \u003c...\u003e\n\n\nThis issue affects Junos OS:\n\n  *  all versions before 21.2R3-S9,\n  *  21.4 versions before 21.4R3-S8,\n  *  22.2 versions before 22.2R3-S4,\n  *  22.4 versions before 22.4R3-S5,\n  *  23.2 versions before 23.2R2-S2,\n  *  23.4 versions before 23.4R2."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de verificaci\u00f3n incorrecta de condiciones inusuales o excepcionales en el motor de reenv\u00edo de paquetes (pfe) de Juniper Networks Junos OS en la serie MX permite que un atacante no autenticado basado en la red cause una denegaci\u00f3n de servicio (DoS). Al procesar una alta tasa de tr\u00e1fico GRE espec\u00edfico destinado al dispositivo, el PFE respectivo se bloquear\u00e1, lo que provocar\u00e1 que se detenga el reenv\u00edo de tr\u00e1fico. Cuando se produce este problema, se pueden observar los siguientes registros:  MQSS(0): LI-3: Se recibi\u00f3 un paquete con m\u00e1s de 512 B de datos adjuntos CHASSISD_FPC_ASIC_ERROR: Error de ASIC detectado \u0026lt;...\u0026gt; Este problema afecta a Junos OS: * todas las versiones anteriores a 21.2R3-S9, * versiones 21.4 anteriores a 21.4R3-S8, * versiones 22.2 anteriores a 22.2R3-S4, * versiones 22.4 anteriores a 22.4R3-S5, * versiones 23.2 anteriores a 23.2R2-S2, * versiones 23.4 anteriores a 23.4R2."
    }
  ],
  "id": "CVE-2025-30660",
  "lastModified": "2026-01-23T19:35:57.027",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "sirt@juniper.net",
        "type": "Secondary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "YES",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 8.7,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "LOW",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:M/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "HIGH",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "NONE",
          "vulnerabilityResponseEffort": "MODERATE"
        },
        "source": "sirt@juniper.net",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-04-09T20:15:30.307",
  "references": [
    {
      "source": "sirt@juniper.net",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://supportportal.juniper.net/JSA96471"
    }
  ],
  "sourceIdentifier": "sirt@juniper.net",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-754"
        }
      ],
      "source": "sirt@juniper.net",
      "type": "Secondary"
    }
  ]
}

CERTFR-2025-AVI-0304

Vulnerability from certfr_avis - Published: 2025-04-10 - Updated: 2025-04-10

De multiples vulnérabilités ont été découvertes dans les produits Juniper Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

L'éditeur indique que les versions 21.4.x de Junos OS pour SRX Series ne bénéficient pas de correctif pour la vulnérabilité CVE-2025-30659.

Impacted products

Vendor	Product	Description
Juniper Networks	Junos OS	Junos OS versions 21.4.x antérieures à 21.4R3-S10
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions 22.4.x-EVO antérieures à 22.4R3-S6-EVO
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions 23.4.x-EVO antérieures à 23.4R2-S4-EVO
Juniper Networks	Junos OS	Junos OS versions 22.2.x antérieures à 22.2R3-S6
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions antérieures à 21.4R3-S10-EVO
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions 23.2.x-EVO antérieures à 23.2R2-S3-EVO
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions 24.2.x-EVO antérieures à 24.2R2-EVO
Juniper Networks	Junos Space	Junos Space versions antérieures à 24.1R3
Juniper Networks	Junos Space	Junos Space Security Director versions antérieures à 24.1R3
Juniper Networks	Junos OS	Junos OS versions 23.4.x antérieures à 23.4R2-S4
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions 22.2.x-EVO antérieures à 22.2R3-S6-EVO
Juniper Networks	CTPView	CTPView versions antérieures à 9.2R1
Juniper Networks	Junos OS	Junos OS versions 22.4.x antérieures à 22.4R3-S6
Juniper Networks	Junos OS	Junos OS versions 23.2.x antérieures à 23.2R2-S3
Juniper Networks	Junos OS	Junos OS versions 24.2.x antérieures à 24.2R2
Juniper Networks	Junos OS	Junos OS versions antérieures à 21.2R3-S9

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper Networks JSA96456	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96447	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96467	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96461	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96446	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96451	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96470	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96458	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96462	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96457	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96466	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96463	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96459	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96450	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96464	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96453	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96465	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96444	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96469	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96448	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96471	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96449	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96455	2025-04-09	vendor-advisory
Bulletin de sécurité Juniper Networks JSA96452	2025-04-09	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Junos OS versions 21.4.x ant\u00e9rieures \u00e0 21.4R3-S10 ",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 22.4.x-EVO ant\u00e9rieures \u00e0 22.4R3-S6-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 23.4.x-EVO ant\u00e9rieures \u00e0 23.4R2-S4-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 22.2.x ant\u00e9rieures \u00e0 22.2R3-S6",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 21.4R3-S10-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 23.2.x-EVO ant\u00e9rieures \u00e0 23.2R2-S3-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 24.2.x-EVO ant\u00e9rieures \u00e0 24.2R2-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos Space versions ant\u00e9rieures \u00e0 24.1R3",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos Space Security Director versions ant\u00e9rieures \u00e0 24.1R3",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 23.4.x ant\u00e9rieures \u00e0 23.4R2-S4",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 22.2.x-EVO ant\u00e9rieures \u00e0 22.2R3-S6-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "CTPView versions ant\u00e9rieures \u00e0 9.2R1",
      "product": {
        "name": "CTPView",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 22.4.x ant\u00e9rieures \u00e0 22.4R3-S6",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 23.2.x ant\u00e9rieures \u00e0 23.2R2-S3",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 24.2.x ant\u00e9rieures \u00e0 24.2R2",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 21.2R3-S9",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "L\u0027\u00e9diteur indique que les versions 21.4.x de Junos OS pour SRX Series ne b\u00e9n\u00e9ficient pas de correctif pour la vuln\u00e9rabilit\u00e9 CVE-2025-30659.",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-42472",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42472"
    },
    {
      "name": "CVE-2024-7006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7006"
    },
    {
      "name": "CVE-2024-21235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
    },
    {
      "name": "CVE-2024-27820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27820"
    },
    {
      "name": "CVE-2024-42284",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42284"
    },
    {
      "name": "CVE-2024-27052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27052"
    },
    {
      "name": "CVE-2025-21597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21597"
    },
    {
      "name": "CVE-2024-33602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33602"
    },
    {
      "name": "CVE-2024-4076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4076"
    },
    {
      "name": "CVE-2025-30658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30658"
    },
    {
      "name": "CVE-2024-40866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40866"
    },
    {
      "name": "CVE-2024-6232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6232"
    },
    {
      "name": "CVE-2024-21823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21823"
    },
    {
      "name": "CVE-2023-28746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28746"
    },
    {
      "name": "CVE-2024-26993",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26993"
    },
    {
      "name": "CVE-2024-1975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-1975"
    },
    {
      "name": "CVE-2024-40898",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40898"
    },
    {
      "name": "CVE-2024-26852",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26852"
    },
    {
      "name": "CVE-2011-5094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-5094"
    },
    {
      "name": "CVE-2025-30657",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30657"
    },
    {
      "name": "CVE-2025-30660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30660"
    },
    {
      "name": "CVE-2024-1737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-1737"
    },
    {
      "name": "CVE-2024-33600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33600"
    },
    {
      "name": "CVE-2024-3652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3652"
    },
    {
      "name": "CVE-2024-44187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44187"
    },
    {
      "name": "CVE-2025-21601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21601"
    },
    {
      "name": "CVE-2024-32021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32021"
    },
    {
      "name": "CVE-2024-40725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40725"
    },
    {
      "name": "CVE-2019-7611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7611"
    },
    {
      "name": "CVE-2024-33599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33599"
    },
    {
      "name": "CVE-2025-21591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21591"
    },
    {
      "name": "CVE-2025-30649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30649"
    },
    {
      "name": "CVE-2025-30652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30652"
    },
    {
      "name": "CVE-2024-40789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40789"
    },
    {
      "name": "CVE-2024-35845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35845"
    },
    {
      "name": "CVE-2025-30651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30651"
    },
    {
      "name": "CVE-2024-32004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32004"
    },
    {
      "name": "CVE-2024-39884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39884"
    },
    {
      "name": "CVE-2023-48161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48161"
    },
    {
      "name": "CVE-2024-32020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32020"
    },
    {
      "name": "CVE-2024-0450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0450"
    },
    {
      "name": "CVE-2024-27838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27838"
    },
    {
      "name": "CVE-2024-23271",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23271"
    },
    {
      "name": "CVE-2024-39487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39487"
    },
    {
      "name": "CVE-2024-36971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36971"
    },
    {
      "name": "CVE-2024-33601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33601"
    },
    {
      "name": "CVE-2025-30647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30647"
    },
    {
      "name": "CVE-2024-32465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32465"
    },
    {
      "name": "CVE-2011-1473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1473"
    },
    {
      "name": "CVE-2025-30654",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30654"
    },
    {
      "name": "CVE-2025-30655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30655"
    },
    {
      "name": "CVE-2024-40782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40782"
    },
    {
      "name": "CVE-2024-26735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26735"
    },
    {
      "name": "CVE-2024-35899",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35899"
    },
    {
      "name": "CVE-2024-40954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40954"
    },
    {
      "name": "CVE-2021-47596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47596"
    },
    {
      "name": "CVE-2025-30659",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30659"
    },
    {
      "name": "CVE-2025-30653",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30653"
    },
    {
      "name": "CVE-2025-30645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30645"
    },
    {
      "name": "CVE-2020-7021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7021"
    },
    {
      "name": "CVE-2021-22135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22135"
    },
    {
      "name": "CVE-2025-30646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30646"
    },
    {
      "name": "CVE-2024-27851",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27851"
    },
    {
      "name": "CVE-2025-30644",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30644"
    },
    {
      "name": "CVE-2024-3651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
    },
    {
      "name": "CVE-2025-30656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30656"
    },
    {
      "name": "CVE-2022-39253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39253"
    },
    {
      "name": "CVE-2021-22144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22144"
    },
    {
      "name": "CVE-2024-40958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40958"
    },
    {
      "name": "CVE-2025-21595",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21595"
    },
    {
      "name": "CVE-2025-30648",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30648"
    },
    {
      "name": "CVE-2024-21210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
    },
    {
      "name": "CVE-2021-22137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22137"
    },
    {
      "name": "CVE-2024-32002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32002"
    },
    {
      "name": "CVE-2024-2961",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2961"
    },
    {
      "name": "CVE-2024-21217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
    },
    {
      "name": "CVE-2024-28182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28182"
    },
    {
      "name": "CVE-2023-6597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6597"
    },
    {
      "name": "CVE-2022-24808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24808"
    },
    {
      "name": "CVE-2024-21208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
    },
    {
      "name": "CVE-2025-21594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21594"
    },
    {
      "name": "CVE-2020-7020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7020"
    }
  ],
  "initial_release_date": "2025-04-10T00:00:00",
  "last_revision_date": "2025-04-10T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0304",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-04-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Juniper Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper Networks",
  "vendor_advisories": [
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96456",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-malformed-LLDP-TLV-results-in-l2cpd-crash-CVE-2025-30646"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96447",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-24-1R3-release"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96467",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-Processing-of-a-specific-BGP-update-causes-the-SRRD-process-to-crash-CVE-2025-30657?language=en_US"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96461",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-specific-ICMPv6-packet-causes-a-memory-overrun-leading-to-an-rpd-crash-CVE-2025-30651"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96446",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-Space-Security-Director-Multiple-vulnerabilities-resolved-in-24-1R3-release"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96451",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-When-BGP-rib-sharding-and-update-threading-are-configured-and-a-peer-flaps-an-rpd-core-is-observed"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96470",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-SRX-Series-A-device-configured-for-vector-routing-crashes-when-receiving-specific-traffic-CVE-2025-30659?language=en_US"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96458",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-specifically-malformed-DHCP-packet-causes-jdhcpd-process-to-crash-CVE-2025-30648"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96462",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Executing-a-specific-CLI-command-when-asregex-optimized-is-configured-causes-an-RPD-crash-CVE-2025-30652"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96457",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-MX-Series-Subscriber-login-logout-activity-will-lead-to-a-memory-leak-CVE-2025-30647"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96466",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-MX-Series-SRX-Series-Processing-of-specific-SIP-INVITE-messages-by-the-SIP-ALG-will-lead-to-an-FPC-crash-CVE-2025-30656?language=en_US"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96463",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-LSP-flap-in-a-specific-MPLS-LSP-scenario-leads-to-RPD-crash-CVE-2025-30653"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96459",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-MX240-MX480-MX960-with-SPC3-An-attacker-sending-specific-packets-will-cause-a-CPU-utilization-DoS-CVE-2025-30649"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96450",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-an-EVPN-VXLAN-scenario-specific-ARP-or-NDP-packets-cause-FPC-to-crash-CVE-2025-21595"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96464",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-local-low-privileged-user-can-access-sensitive-information-CVE-2025-30654"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96453",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-EX2300-EX3400-EX4000-Series-QFX5k-Series-Receipt-of-a-specific-DHCP-packet-causes-FPC-crash-when-DHCP-Option-82-is-enabled-CVE-2025-30644"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96465",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-specific-CLI-command-will-cause-a-RPD-crash-when-rib-sharding-and-update-threading-is-enabled-CVE-2025-30655?language=en_US"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96444",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-CTP-View-Multiple-Vulnerabilities-resolved-in-9-2R1-release"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96469",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-SRX-Series-On-devices-with-Anti-Virus-enabled-malicious-server-responses-will-cause-memory-to-leak-ultimately-causing-forwarding-to-stop-CVE-2025-30658?language=en_US"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96448",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-An-unauthenticated-adjacent-attacker-sending-a-malformed-DHCP-packet-causes-jdhcpd-to-crash-CVE-2025-21591"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96471",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-MX-Series-Decapsulation-of-specific-GRE-packets-leads-to-PFE-reset-CVE-2025-30660?language=en_US"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96449",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-MX-Series-In-DS-lite-and-NAT-senario-receipt-of-crafted-IPv4-traffic-causes-port-block-CVE-2025-21594"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96455",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-SRX-Series-Transmission-of-specific-control-traffic-sent-out-of-a-DS-Lite-tunnel-results-in-flowd-crash-CVE-2025-30645"
    },
    {
      "published_at": "2025-04-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96452",
      "url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-SRX-and-EX-Series-MX240-MX480-MX960-QFX5120-Series-When-web-management-is-enabled-for-specific-services-an-attacker-may-cause-a-CPU-spike-by-sending-genuine-packets-to-the-device-CVE-2025-21601"
    }
  ]
}

GHSA-332P-X9C3-3HM3

Vulnerability from github – Published: 2025-04-09 21:31 – Updated: 2025-04-09 21:31

Details

When this issue occurs the following logs can be observed:

MQSS(0): LI-3: Received a parcel with more than 512B accompanying data CHASSISD_FPC_ASIC_ERROR: ASIC Error detected <...>

This issue affects Junos OS:

all versions before 21.2R3-S9,
21.4 versions before 21.4R3-S8,
22.2 versions before 22.2R3-S4,
22.4 versions before 22.4R3-S5,
23.2 versions before 23.2R2-S2,
23.4 versions before 23.4R2.

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

8.7 (High)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/RE:M

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-30660"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-754"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-09T20:15:30Z",
    "severity": "HIGH"
  },
  "details": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).When processing a high rate of specific GRE traffic destined to the device, the respective PFE will hang causing traffic forwarding to stop. \n\n\n\nWhen this issue occurs the following logs can be observed:\n\n \u003cfpc #\u003e MQSS(0): LI-3: Received a parcel with more than 512B\u00a0accompanying data \nCHASSISD_FPC_ASIC_ERROR: ASIC Error detected \u003c...\u003e\n\n\nThis issue affects Junos OS:\n\n  *  all versions before 21.2R3-S9,\n  *  21.4 versions before 21.4R3-S8,\n  *  22.2 versions before 22.2R3-S4,\n  *  22.4 versions before 22.4R3-S5,\n  *  23.2 versions before 23.2R2-S2,\n  *  23.4 versions before 23.4R2.",
  "id": "GHSA-332p-x9c3-3hm3",
  "modified": "2025-04-09T21:31:44Z",
  "published": "2025-04-09T21:31:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30660"
    },
    {
      "type": "WEB",
      "url": "https://supportportal.juniper.net/JSA96471"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:M/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-30660 (GCVE-0-2025-30660)

FKIE_CVE-2025-30660

CERTFR-2025-AVI-0304

Solutions

GHSA-332P-X9C3-3HM3

Tags

Sightings

Nomenclature