Juniper Networks Junos OS Vulnerability Leads to Denial of Service
CVE-2024-39529

7.5HIGH

Key Information:

Vendor

Juniper Networks
Status
Junos Os
Vendor
CVE Published:
11 July 2024

What is CVE-2024-39529?

A vulnerability exists in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS affecting the SRX Series. This vulnerability allows unauthenticated, network-based attackers to exploit a use of externally-controlled format string. When certain configurations, such as DNS Domain Generation Algorithm (DGA) detection, tunnel detection, and DNS-filtering traceoptions are enabled, the vulnerability can be triggered by specific valid transit DNS traffic. Consequently, this results in a crash and restart of the PFE, leading to a Denial-of-Service condition. Affected versions include all before 21.4R3-S6, as well as specific prior versions of 22.2, 22.3, 22.4, and 23.2.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Junos OS SRX Series 0 < 21.4R3-S6

Junos OS SRX Series 22.2 < 22.2R3-S3

Junos OS SRX Series 22.3 < 22.3R3-S3

References

https://supportportal.juniper.net/JSA82988
vendor-advisory

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.