CVE-2024-39540Improper Check for Unusual or Exceptional Conditions in Networks Junos OS

CWE-754Improper Check for Unusual or Exceptional Conditions4 documents4 sources
Severity
8.7HIGHNVD
EPSS
0.4%
top 39.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedJul 11

Description

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on SRX Series, and MX Series with SPC3 allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). When an affected device receives specific valid TCP traffic, the pfe crashes and restarts leading to a momentary but complete service outage. This issue affects Junos OS: 21.2 releases from 21.2R3-S5 before 21.2R3-S6. This issue does

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

Affected Packages2 packages

CVEListV5juniper_networks/junos_os21.2R3-S521.2R3-S6
NVDjuniper/junos21.2

🔴Vulnerability Details

2
CVEList
Junos OS: SRX Series, and MX Series with SPC3: Specific valid TCP traffic can cause a pfe crash2024-07-11
GHSA
GHSA-xwcp-g9fq-2mmp: An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on SRX Series2024-07-11

📋Vendor Advisories

1
Juniper
CVE-2024-39540: An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on SRX Series2024-07-11
CVE-2024-39540 — Networks Junos OS vulnerability | cvebase