CVE-2024-21612 | Junos OS Evolved: Specific TCP traffic causes OFP core and restart of RE

An Improper Handling of Syntactically Invalid Structure vulnerability in Object Flooding Protocol (OFP) service of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On all Junos OS Evolved platforms, when specific TCP packets are received on an open OFP port, the OFP crashes leading to a restart of Routine Engine (RE). Continuous receipt of these specific TCP packets will lead to a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS Evolved * All versions earlier than 21.2R3-S7-EVO; * 21.3 versions earlier than 21.3R3-S5-EVO ; * 21.4 versions earlier than 21.4R3-S5-EVO; * 22.1 versions earlier than 22.1R3-S4-EVO; * 22.2 versions earlier than 22.2R3-S3-EVO ; * 22.3 versions earlier than 22.3R3-EVO; * 22.4 versions earlier than 22.4R2-EVO, 22.4R3-EVO.

Published: 2024-01-11 Last update: 2026-06-17 Assigner: [email protected] Source: [email protected]

Conclusion & alert: CVE-2024-21612 is rated Moderate Risk (44.5/100): CVSS High severity, with low exploitation likelihood (EPSS 0.53%). Mandatory action: Review affected assets and schedule remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2024-21612

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 0.19% 0.53% +0.34%
2 2025-11-21 0.40% 0.19% -0.21%
3 2025-11-18 0.40%

Full EPSS history (9 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2024-21612

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
7.5 3.1 HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:N)
Doesn’t really leak secrets in a meaningful way.
Integrity (I:N)
Data isn’t meaningfully altered or forged.
Availability (A:H)
Could take the service down hard or make it unusable for people who depend on it.
3.9 3.6 [email protected]
7.5 3.1 HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:N)
Doesn’t really leak secrets in a meaningful way.
Integrity (I:N)
Data isn’t meaningfully altered or forged.
Availability (A:H)
Could take the service down hard or make it unusable for people who depend on it.
3.9 3.6 [email protected]

Weakness enumeration for CVE-2024-21612

Affected software / configurations for CVE-2024-21612

Vendor Product Version Raw CPE
juniper junos_os_evolved < 21.2 cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*
juniper junos_os_evolved 21.2 cpe:2.3:o:juniper:junos_os_evolved:21.2:-:*:*:*:*:*:*
juniper junos_os_evolved 21.2 cpe:2.3:o:juniper:junos_os_evolved:21.2:r1:*:*:*:*:*:*
juniper junos_os_evolved 21.2 cpe:2.3:o:juniper:junos_os_evolved:21.2:r1-s1:*:*:*:*:*:*
juniper junos_os_evolved 21.2 cpe:2.3:o:juniper:junos_os_evolved:21.2:r1-s2:*:*:*:*:*:*
juniper junos_os_evolved 21.2 cpe:2.3:o:juniper:junos_os_evolved:21.2:r2:*:*:*:*:*:*
juniper junos_os_evolved 21.2 cpe:2.3:o:juniper:junos_os_evolved:21.2:r2-s1:*:*:*:*:*:*
juniper junos_os_evolved 21.2 cpe:2.3:o:juniper:junos_os_evolved:21.2:r2-s2:*:*:*:*:*:*
juniper junos_os_evolved 21.2 cpe:2.3:o:juniper:junos_os_evolved:21.2:r3:*:*:*:*:*:*
juniper junos_os_evolved 21.2 cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s1:*:*:*:*:*:*
juniper junos_os_evolved 21.2 cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s2:*:*:*:*:*:*
juniper junos_os_evolved 21.2 cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s3:*:*:*:*:*:*
juniper junos_os_evolved 21.2 cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s4:*:*:*:*:*:*
juniper junos_os_evolved 21.2 cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s5:*:*:*:*:*:*
juniper junos_os_evolved 21.2 cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s6:*:*:*:*:*:*
juniper junos_os_evolved 21.3 cpe:2.3:o:juniper:junos_os_evolved:21.3:-:*:*:*:*:*:*
juniper junos_os_evolved 21.3 cpe:2.3:o:juniper:junos_os_evolved:21.3:r1:*:*:*:*:*:*
juniper junos_os_evolved 21.3 cpe:2.3:o:juniper:junos_os_evolved:21.3:r1-s1:*:*:*:*:*:*
juniper junos_os_evolved 21.3 cpe:2.3:o:juniper:junos_os_evolved:21.3:r2:*:*:*:*:*:*
juniper junos_os_evolved 21.3 cpe:2.3:o:juniper:junos_os_evolved:21.3:r2-s1:*:*:*:*:*:*
juniper junos_os_evolved 21.3 cpe:2.3:o:juniper:junos_os_evolved:21.3:r2-s2:*:*:*:*:*:*
juniper junos_os_evolved 21.3 cpe:2.3:o:juniper:junos_os_evolved:21.3:r3:*:*:*:*:*:*
juniper junos_os_evolved 21.3 cpe:2.3:o:juniper:junos_os_evolved:21.3:r3-s1:*:*:*:*:*:*
juniper junos_os_evolved 21.3 cpe:2.3:o:juniper:junos_os_evolved:21.3:r3-s2:*:*:*:*:*:*
juniper junos_os_evolved 21.3 cpe:2.3:o:juniper:junos_os_evolved:21.3:r3-s3:*:*:*:*:*:*
juniper junos_os_evolved 21.3 cpe:2.3:o:juniper:junos_os_evolved:21.3:r3-s4:*:*:*:*:*:*
juniper junos_os_evolved 21.4 cpe:2.3:o:juniper:junos_os_evolved:21.4:-:*:*:*:*:*:*
juniper junos_os_evolved 21.4 cpe:2.3:o:juniper:junos_os_evolved:21.4:r1:*:*:*:*:*:*
juniper junos_os_evolved 21.4 cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s1:*:*:*:*:*:*
juniper junos_os_evolved 21.4 cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s2:*:*:*:*:*:*
juniper junos_os_evolved 21.4 cpe:2.3:o:juniper:junos_os_evolved:21.4:r2:*:*:*:*:*:*
juniper junos_os_evolved 21.4 cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s1:*:*:*:*:*:*
juniper junos_os_evolved 21.4 cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s2:*:*:*:*:*:*
juniper junos_os_evolved 21.4 cpe:2.3:o:juniper:junos_os_evolved:21.4:r3:*:*:*:*:*:*
juniper junos_os_evolved 21.4 cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s1:*:*:*:*:*:*
juniper junos_os_evolved 21.4 cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s2:*:*:*:*:*:*
juniper junos_os_evolved 21.4 cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s3:*:*:*:*:*:*
juniper junos_os_evolved 21.4 cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s4:*:*:*:*:*:*
juniper junos_os_evolved 22.1 cpe:2.3:o:juniper:junos_os_evolved:22.1:-:*:*:*:*:*:*
juniper junos_os_evolved 22.1 cpe:2.3:o:juniper:junos_os_evolved:22.1:r1:*:*:*:*:*:*
juniper junos_os_evolved 22.1 cpe:2.3:o:juniper:junos_os_evolved:22.1:r1-s1:*:*:*:*:*:*
juniper junos_os_evolved 22.1 cpe:2.3:o:juniper:junos_os_evolved:22.1:r1-s2:*:*:*:*:*:*
juniper junos_os_evolved 22.1 cpe:2.3:o:juniper:junos_os_evolved:22.1:r2:*:*:*:*:*:*
juniper junos_os_evolved 22.1 cpe:2.3:o:juniper:junos_os_evolved:22.1:r2-s1:*:*:*:*:*:*
juniper junos_os_evolved 22.1 cpe:2.3:o:juniper:junos_os_evolved:22.1:r3:*:*:*:*:*:*
juniper junos_os_evolved 22.1 cpe:2.3:o:juniper:junos_os_evolved:22.1:r3-s1:*:*:*:*:*:*
juniper junos_os_evolved 22.1 cpe:2.3:o:juniper:junos_os_evolved:22.1:r3-s2:*:*:*:*:*:*
juniper junos_os_evolved 22.1 cpe:2.3:o:juniper:junos_os_evolved:22.1:r3-s3:*:*:*:*:*:*
juniper junos_os_evolved 22.2 cpe:2.3:o:juniper:junos_os_evolved:22.2:-:*:*:*:*:*:*
juniper junos_os_evolved 22.2 cpe:2.3:o:juniper:junos_os_evolved:22.2:r1:*:*:*:*:*:*
juniper junos_os_evolved 22.2 cpe:2.3:o:juniper:junos_os_evolved:22.2:r1-s1:*:*:*:*:*:*
juniper junos_os_evolved 22.2 cpe:2.3:o:juniper:junos_os_evolved:22.2:r2:*:*:*:*:*:*
juniper junos_os_evolved 22.2 cpe:2.3:o:juniper:junos_os_evolved:22.2:r2-s1:*:*:*:*:*:*
juniper junos_os_evolved 22.2 cpe:2.3:o:juniper:junos_os_evolved:22.2:r2-s2:*:*:*:*:*:*
juniper junos_os_evolved 22.2 cpe:2.3:o:juniper:junos_os_evolved:22.2:r3:*:*:*:*:*:*
juniper junos_os_evolved 22.2 cpe:2.3:o:juniper:junos_os_evolved:22.2:r3-s1:*:*:*:*:*:*
juniper junos_os_evolved 22.2 cpe:2.3:o:juniper:junos_os_evolved:22.2:r3-s2:*:*:*:*:*:*
juniper junos_os_evolved 22.3 cpe:2.3:o:juniper:junos_os_evolved:22.3:-:*:*:*:*:*:*
juniper junos_os_evolved 22.3 cpe:2.3:o:juniper:junos_os_evolved:22.3:r1:*:*:*:*:*:*
juniper junos_os_evolved 22.3 cpe:2.3:o:juniper:junos_os_evolved:22.3:r1-s1:*:*:*:*:*:*
juniper junos_os_evolved 22.3 cpe:2.3:o:juniper:junos_os_evolved:22.3:r1-s2:*:*:*:*:*:*
juniper junos_os_evolved 22.3 cpe:2.3:o:juniper:junos_os_evolved:22.3:r2:*:*:*:*:*:*
juniper junos_os_evolved 22.3 cpe:2.3:o:juniper:junos_os_evolved:22.3:r2-s1:*:*:*:*:*:*
juniper junos_os_evolved 22.3 cpe:2.3:o:juniper:junos_os_evolved:22.3:r2-s2:*:*:*:*:*:*
juniper junos_os_evolved 22.4 cpe:2.3:o:juniper:junos_os_evolved:22.4:-:*:*:*:*:*:*
juniper junos_os_evolved 22.4 cpe:2.3:o:juniper:junos_os_evolved:22.4:r1:*:*:*:*:*:*
juniper junos_os_evolved 22.4 cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s1:*:*:*:*:*:*
juniper junos_os_evolved 22.4 cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s2:*:*:*:*:*:*

References for CVE-2024-21612

cvelogic Threat Intelligence