Improper Check for Unusual or Exceptional Conditions in Junos OS Leads to Denial-of-Service Attack
CVE-2024-39530

7.5HIGH

Key Information:

Vendor: Juniper Networks
Status: Junos Os
Vendor: CVE Published:; 11 July 2024

Summary

An Improper Check for Unusual or Exceptional Conditions vulnerability exists in the chassis management daemon (chassisd) of Juniper Networks Junos OS. This vulnerability allows an unauthenticated attacker to exploit specific sensors on platforms lacking support. When attempted via GRPC or netconf, the chassisd process will crash and subsequently restart, which can delay system functionality and disrupt access to other components. As a result, this can lead to a Denial-of-Service condition affecting all FPCs, resulting in a complete outage. Only Junos OS versions from 21.4 onward are impacted, making it crucial for users to monitor and manage their upgrade paths accordingly.

Affected Version(s)

Junos OS 21.4R3 < 21.4R3-S5

Junos OS 22.1R3 < 22.1R3-S4

Junos OS 22.2R2 < 22.2R3

References

https://supportportal.juniper.net/JSA82989

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 11, 2024
Vulnerability Reserved
Jun 25, 2024