PT-2024-28525 · Juniper Networks · Junos
Published
2024-07-10
·
Updated
2024-07-11
·
CVE-2024-39545
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Junos OS versions prior to 21.2R3-S8
Junos OS versions from 21.4 before 21.4R3-S7
Junos OS versions from 22.1 before 22.1R3-S2
Junos OS versions from 22.2 before 22.2R3-S1
Junos OS versions from 22.3 before 22.3R2-S1, 22.3R3
Junos OS versions from 22.4 before 22.4R1-S2, 22.4R2, 22.4R3
Description
An Improper Check for Unusual or Exceptional Conditions issue in the IKE daemon (iked) of Juniper Networks Junos OS on SRX Series, MX Series with SPC3 and NFX350 allows an unauthenticated, network-based attacker to trigger an iked crash, leading to Denial of Service (DoS), by sending specific mismatching parameters as part of the IPsec negotiation. This issue affects all platforms that run iked.
Recommendations
For versions prior to 21.2R3-S8, update to 21.2R3-S8 or later.
For versions from 21.4 before 21.4R3-S7, update to 21.4R3-S7 or later.
For versions from 22.1 before 22.1R3-S2, update to 22.1R3-S2 or later.
For versions from 22.2 before 22.2R3-S1, update to 22.2R3-S1 or later.
For versions from 22.3 before 22.3R2-S1, 22.3R3, update to 22.3R2-S1, 22.3R3 or later.
For versions from 22.4 before 22.4R1-S2, 22.4R2, 22.4R3, update to 22.4R1-S2, 22.4R2, 22.4R3 or later.
Fix
Improper Check for Exceptional Conditions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Junos