CVE-2024-39562 — Missing Release of Resource after Effective Lifetime in Networks Junos OS Evolved

CWE-772 — Missing Release of Resource after Effective Lifetime4 documents4 sources

Severity

8.7HIGHNVD

EPSS

0.4%

top 39.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Evolved Juniper Junos OS Evolved

Timeline

PublishedJul 10

Latest updateJul 11

Description

A Missing Release of Resource after Effective Lifetime vulnerability the xinetd process, responsible for spawning SSH daemon (sshd) instances, of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to cause a Denial of Service (DoS) by blocking SSH access for legitimate users. Continued receipt of these connections will create a sustained Denial of Service (DoS) condition. The issue is triggered when a high rate of concurrent SSH requests are received and terminat…

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_os_evolved22.3-EVO — 22.3R2-S2-EVO, 22.3R3-S2-EVO+3

▶NVDjuniper/junos_os_evolved< 21.4+4

🔴Vulnerability Details

GHSA

GHSA-8j3v-w6gq-fj6q: A Missing Release of Resource after Effective Lifetime vulnerability the xinetd process, responsible for spawning SSH daemon (sshd) instances, of Juni↗2024-07-11

▶

CVEList

Junos OS Evolved: A high rate of SSH connections causes a Denial of Service↗2024-07-10

▶

📋Vendor Advisories

Juniper

CVE-2024-39562: A Missing Release of Resource after Effective Lifetime vulnerability the xinetd process, responsible for spawning SSH daemon (sshd) instances, of Juni↗2024-07-10

▶