CVE-2024-39553

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS Evolved versions 21.4 through 21.4R3-S7-EVO Juniper Networks Junos OS Evolved versions 22.2 through 22.2R3-S3-EVO Juniper Networks Junos OS Evolved versions 22.3 through 22.3R3-S2-EVO Juniper Networks Junos OS Evolved versions 22.4 through 22.4R3-EVO Juniper Networks Junos OS Evolved versions 23.2 through 23.2R1-S2-EVO, 23.2R2-EVO

Description An Exposure of Resource to Wrong Sphere issue in the sampling service of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to send arbitrary data to the device, leading to a crash of the msvcsd process and potentially impacting system integrity. This issue only occurs when inline jflow is configured and does not affect forwarding traffic. The impacted MSVCS-DB app crashes momentarily and recovers by itself.

Recommendations For versions 21.4 through 21.4R3-S7-EVO, update to version 21.4R3-S7-EVO or later. For versions 22.2 through 22.2R3-S3-EVO, update to version 22.2R3-S3-EVO or later. For versions 22.3 through 22.3R3-S2-EVO, update to version 22.3R3-S2-EVO or later. For versions 22.4 through 22.4R3-EVO, update to version 22.4R3-EVO or later. For versions 23.2 through 23.2R1-S2-EVO, 23.2R2-EVO, update to a version later than 23.2R1-S2-EVO, 23.2R2-EVO.