PT-2024-2948 · Juniper Networks · Junos
Published
2024-04-10
·
Updated
2024-05-16
·
CVE-2024-30405
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Juniper Networks Junos OS SRX 5000 Series versions prior to 21.2R3-S7
Juniper Networks Junos OS SRX 5000 Series version 21.4 versions prior to 21.4R3-S6
Juniper Networks Junos OS SRX 5000 Series version 22.1 versions prior to 22.1R3-S5
Juniper Networks Junos OS SRX 5000 Series version 22.2 versions prior to 22.2R3-S3
Juniper Networks Junos OS SRX 5000 Series version 22.3 versions prior to 22.3R3-S2
Juniper Networks Junos OS SRX 5000 Series version 22.4 versions prior to 22.4R3
Juniper Networks Junos OS SRX 5000 Series version 23.2 versions prior to 23.2R2
Description
The issue is related to an incorrect calculation of buffer size in the Application Layer Gateway (ALG) module of Juniper Networks Junos OS SRX 5000 Series devices. This can be exploited by an attacker sending specific crafted packets, potentially causing a Denial of Service (DoS) condition. Continued receipt and processing of these packets will sustain the DoS condition.
Recommendations
For versions prior to 21.2R3-S7, update to version 21.2R3-S7 or later.
For version 21.4 prior to 21.4R3-S6, update to version 21.4R3-S6 or later.
For version 22.1 prior to 22.1R3-S5, update to version 22.1R3-S5 or later.
For version 22.2 prior to 22.2R3-S3, update to version 22.2R3-S3 or later.
For version 22.3 prior to 22.3R3-S2, update to version 22.3R3-S2 or later.
For version 22.4 prior to 22.4R3, update to version 22.4R3 or later.
For version 23.2 prior to 23.2R2, update to version 23.2R2 or later.
Fix
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Junos