CVE-2024-39551

An Uncontrolled Resource Consumption vulnerability in the H.323 ALG (Application Layer Gateway) of Juniper Networks Junos OS on SRX Series and MX Series with SPC3 and MS-MPC/MIC, allows an unauthenticated network-based attacker to send specific packets causing traffic loss leading to Denial of Service (DoS). Continued receipt and processing of these specific packets will sustain the Denial of Service condition. The memory usage can be monitored using the below command. user@host> show usp memory segment sha data objcache jsf This issue affects SRX Series and MX Series with SPC3 and MS-MPC/MIC: * 20.4 before 20.4R3-S10, * 21.2 before 21.2R3-S6, * 21.3 before 21.3R3-S5, * 21.4 before 21.4R3-S6, * 22.1 before 22.1R3-S4, * 22.2 before 22.2R3-S2, * 22.3 before 22.3R3-S1, * 22.4 before 22.4R3, * 23.2 before 23.2R2.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://supportportal.juniper.net/JSA83013

Configurations

No configuration.

History

No history.

Information

Published : 2024-07-11 17:15

Updated : 2024-07-11 19:15

NVD link : CVE-2024-39551

Mitre link : CVE-2024-39551

CVE.ORG link : CVE-2024-39551

JSON object : View

Products Affected

No product.

CWE

CWE-400

Uncontrolled Resource Consumption

{"id": "CVE-2024-39551", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "sirt@juniper.net", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "sirt@juniper.net", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 8.7, "automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "NONE", "vulnerableSystemIntegrity": "NONE", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "LOW", "vulnerableSystemAvailability": "HIGH", "subsequentSystemConfidentiality": "NONE", "vulnerableSystemConfidentiality": "NONE", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-07-11T17:15:16.140", "references": [{"url": "https://supportportal.juniper.net/JSA83013", "source": "sirt@juniper.net"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "sirt@juniper.net", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "An Uncontrolled Resource Consumption vulnerability in the H.323 ALG (Application Layer Gateway) of\u00a0 Juniper Networks Junos OS on SRX Series and MX Series with SPC3 and MS-MPC/MIC, allows an\u00a0unauthenticated network-based attacker to send specific packets causing traffic loss leading to Denial of Service (DoS).\u00a0\n\nContinued receipt and processing of these specific packets will sustain the Denial of Service condition.\n\nThe memory usage can be monitored using the below command.\n\n\u2003\u2003user@host> show usp memory segment sha data objcache jsf\u00a0\nThis issue affects SRX Series and MX Series with SPC3 and MS-MPC/MIC:\u00a0\n\n * \u200320.4 before 20.4R3-S10,\u00a0\n * \u200321.2 before 21.2R3-S6,\u00a0\n * \u200321.3 before 21.3R3-S5,\u00a0\n * \u200321.4 before 21.4R3-S6,\u00a0\n * \u200322.1 before 22.1R3-S4,\u00a0\n * \u200322.2 before 22.2R3-S2,\u00a0\n * \u200322.3 before 22.3R3-S1,\u00a0\n * \u200322.4 before 22.4R3,\u00a0\n * \u200323.2 before 23.2R2."}, {"lang": "es", "value": "Una vulnerabilidad de consumo de recursos no controlado en H.323 ALG (Application Layer Gateway) de Juniper Networks Junos OS en las series SRX y MX con SPC3 y MS-MPC/MIC, permite que un atacante basado en red no autenticado env\u00ede paquetes espec\u00edficos que causen p\u00e9rdida de tr\u00e1fico. lo que lleva a una denegaci\u00f3n de servicio (DoS). La recepci\u00f3n y el procesamiento continuo de estos paquetes espec\u00edficos mantendr\u00e1n la condici\u00f3n de Denegaci\u00f3n de Servicio. El uso de la memoria se puede monitorear usando el siguiente comando. usuario@host> show usp memory segment sha data objcache jsf Este problema afecta a las series SRX y MX con SPC3 y MS-MPC/MIC: * 20.4 antes de 20.4R3-S10, * 21.2 antes de 21.2R3-S6, * 21.3 antes de 21.3R3 -S5, *21.4 antes de 21.4R3-S6, *22.1 antes de 22.1R3-S4, *22.2 antes de 22.2R3-S2, *22.3 antes de 22.3R3-S1, *22.4 antes de 22.4R3, *23.2 antes de 23.2R2."}], "lastModified": "2024-07-11T19:15:12.260", "sourceIdentifier": "sirt@juniper.net"}