Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability Affects Junos OS
CVE-2024-30398

7.5HIGH

Key Information:

Vendor: Juniper Networks
Status: Junos Os
Vendor: CVE Published:; 12 April 2024

Badges

👾 Exploit Exists

Summary

A vulnerability in the Packet Forwarding Engine (PFE) component of Junos OS by Juniper Networks allows unauthenticated network-based attackers to initiate Denial of Service (DoS) attacks. This occurs when the SRX4600 device receives a high volume of targeted traffic, leading to excessive CPU memory utilization due to flawed internal packet processing. The consequences include significant packet loss and eventual failure of the PFE, necessitating a manual reboot to restore functionality. Multiple versions of Junos OS are impacted, and users are advised to review their deployments to ensure protection against potential exploitation.

Affected Version(s)

Junos OS SRX4600 21.2 < 21.2R3-S7

Junos OS SRX4600 21.4 < 21.4R3-S6

Junos OS SRX4600 22.1 < 22.1R3-S5

References

https://supportportal.juniper.net/JSA79176

vendor-advisory

https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/A...

technical-description

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
May 16, 2024
Vulnerability published
Apr 12, 2024
Vulnerability Reserved
Mar 26, 2024

Collectors

NVD DatabaseMitre Database