CVE-2025-21594

{"id": "CVE-2025-21594", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "sirt@juniper.net", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "sirt@juniper.net", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "USER", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:U/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-04-09T20:15:25.620", "references": [{"url": "https://supportportal.juniper.net/JSA96449", "source": "sirt@juniper.net"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "sirt@juniper.net", "description": [{"lang": "en", "value": "CWE-754"}]}], "descriptions": [{"lang": "en", "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the pfe (packet forwarding engine) of Juniper Networks Junos OS on MX Series causes a port within a pool to be blocked leading to Denial of Service (DoS).\n\nIn a DS-Lite (Dual-Stack Lite) and NAT (Network Address Translation) scenario, when crafted IPv6 traffic is received and\u00a0prefix-length is set to 56,\u00a0the ports assigned to the user will not be freed.\u00a0 Eventually, users cannot establish new connections. Affected FPC/PIC need to be manually restarted to recover.\nFollowing is the command to identify the issue:\u00a0\n\n\n\u00a0 \u00a0 user@host> show services nat source port-block\u00a0\n\u2003\u2003\u2003\u2003Host_IP  \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0  External_IP  \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Port_Block\u00a0 \u00a0 \u00a0 Ports_Used/  \u00a0 \u00a0 \u00a0 Block_State/\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0  Range  \u00a0 \u00a0 \u00a0 \u00a0 \u00a0  Ports_Total  \u00a0 \u00a0 \u00a0 Left_Time(s)\n\u2003\u2003\u2003\u20032001::\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 x.x.x.x\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a058880-59391\u00a0 \u00a0 \u00a0256/256*1\u00a0 \u00a0 \u00a0 \u00a0 \u00a0Active/-  \u00a0 \u00a0 \u00a0 >>>>>>>>port still usedThis issue affects Junos OS on MX Series:\u00a0\n\n  *  from 21.2 before 21.2R3-S8,\u00a0\n  *  from 21.4 before 21.4R3-S7,\u00a0\n  *  from 22.1 before 22.1R3-S6,\u00a0\n  *  from 22.2 before 22.2R3-S4,\u00a0\n  *  from 22.3 before 22.3R3-S3,\u00a0\n  *  from 22.4 before 22.4R3-S2,\u00a0\n  *  from 23.2 before 23.2R2-S1,\u00a0\n  *  from 23.4 before 23.4R1-S2, 23.4R2.\n\n\nThis issue does not affect versions before 20.2R1."}, {"lang": "es", "value": "Una vulnerabilidad de Comprobaci\u00f3n Incorrecta de Condiciones Inusuales o Excepcionales en el motor de reenv\u00edo de paquetes (pfe) de Juniper Networks Junos OS en la serie MX provoca el bloqueo de un puerto dentro de un pool, lo que provoca una denegaci\u00f3n de servicio (DoS). En un escenario de DS-Lite (Dual-Stack Lite) y NAT (Traducci\u00f3n de Direcciones de Red), al recibir tr\u00e1fico IPv6 manipulado y con una longitud de prefijo de 56, los puertos asignados al usuario no se liberan. Finalmente, los usuarios no pueden establecer nuevas conexiones. El FPC/PIC afectado debe reiniciarse manualmente para recuperarse. A continuaci\u00f3n se muestra el comando para identificar el problema: user@host> show services nat source port-block  ????Host_IP                     External_IP                   Port_Block      Ports_Used/       Block_State/                                                               Range           Ports_Total       Left_Time(s) ????2001::                        x.x.x.x                     58880-59391     256/256*1         Active/-       >>>>>>>>port still used Este problema afecta a Junos OS en la serie MX: * desde 21.2 antes de 21.2R3-S8, * desde 21.4 antes de 21.4R3-S7, * desde 22.1 antes de 22.1R3-S6, * desde 22.2 antes de 22.2R3-S4, * desde 22.3 antes de 22.3R3-S3, * desde 22.4 antes de 22.4R3-S2, * desde 23.2 antes de 23.2R2-S1, * desde 23.4 anteriores a 23.4R1-S2 y 23.4R2. Este problema no afecta a las versiones anteriores a 20.2R1."}], "lastModified": "2025-04-11T15:40:10.277", "sourceIdentifier": "sirt@juniper.net"}