CVE-2024-39553 — Resource Exposure in Networks Junos OS Evolved

CWE-668 — Resource Exposure4 documents4 sources

Severity

6.9MEDIUMNVD

EPSS

0.1%

top 65.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Evolved Juniper Junos OS Evolved

Timeline

PublishedJul 11

Description

An Exposure of Resource to Wrong Sphere vulnerability in the sampling service of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to send arbitrary data to the device, which leads msvcsd process to crash with limited availability impacting Denial of Service (DoS) and allows unauthorized network access to the device, potentially impacting system integrity. This issue only happens when inline jflow is configured. This does not impact any forwarding traffic. The …

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:L

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_os_evolved21.4-EVO — 21.4R3-S7-EVO+4

▶NVDjuniper/junos_os_evolved5 versions+4

🔴Vulnerability Details

GHSA

GHSA-48wm-jcwq-6m89: An Exposure of Resource to Wrong Sphere vulnerability in the sampling service of Juniper Networks Junos OS Evolved allows an unauthenticated network-b↗2024-07-11

▶

CVEList

Junos OS Evolved: Receipt of arbitrary data when sampling service is enabled, leads to partial Denial of Service (DoS).↗2024-07-11

▶

📋Vendor Advisories

Juniper

CVE-2024-39553: An Exposure of Resource to Wrong Sphere vulnerability in the sampling service of Juniper Networks Junos OS Evolved allows an unauthenticated network-b↗2024-07-11

▶