Juniper Networks Junos OS Vulnerability Leads to Denial of Service
CVE-2024-39540

7.5HIGH

Key Information:

Vendor: Juniper Networks
Status: Junos Os
Vendor: CVE Published:; 11 July 2024

Summary

The vulnerability in Juniper Networks' Junos OS manifests within the Packet Forwarding Engine (pfe) on SRX Series and MX Series devices equipped with SPC3. An unauthenticated, network-based attacker can exploit this flaw by sending specific valid TCP traffic, leading to a crash and restart of the pfe. This results in a complete, albeit temporary, service outage. Affected versions include releases from Junos OS 21.2R3-S5 up to but not including 21.2R3-S6. Devices running earlier or later releases remain unaffected.

Affected Version(s)

Junos OS SRX Series 21.2R3-S5 < 21.2R3-S6

References

https://supportportal.juniper.net/JSA83000

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 11, 2024
Vulnerability Reserved
Jun 25, 2024