PT-2024-5533 · Juniper Networks · Junos
Published
2024-07-10
·
Updated
2024-09-23
·
CVE-2024-39529
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Junos OS versions prior to 21.4R3-S6
Junos OS 22.2 versions prior to 22.2R3-S3
Junos OS 22.3 versions prior to 22.3R3-S3
Junos OS 22.4 versions prior to 22.4R3
Junos OS 23.2 versions prior to 23.2R2
Description
A Use of Externally-Controlled Format String vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If DNS Domain Generation Algorithm (DGA) detection or tunnel detection, and DNS-filtering traceoptions are configured, and specific valid transit DNS traffic is received, this causes a PFE crash and restart, leading to a Denial of Service.
Recommendations
Update to version 21.4R3-S6 or later for Junos OS versions prior to 21.4R3-S6
Update to version 22.2R3-S3 or later for Junos OS 22.2 versions prior to 22.2R3-S3
Update to version 22.3R3-S3 or later for Junos OS 22.3 versions prior to 22.3R3-S3
Update to version 22.4R3 or later for Junos OS 22.4 versions prior to 22.4R3
Update to version 23.2R2 or later for Junos OS 23.2 versions prior to 23.2R2
Fix
DoS
Use of Externally-Controlled Format String
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Junos