{"{\"score\":6.5,\"description\":\"An Improper Validation of Syntactic Correctness of Input vulnerability\"}"}
CVE-2024-39542

7.5HIGH

Key Information:

Vendor: Juniper Networks
Status: Junos Os; Junos Os Evolved
Vendor: CVE Published:; 11 July 2024

Summary

An improper validation of syntactic correctness of input in Juniper Networks' Junos OS, affecting the Packet Forwarding Engine (PFE), allows unauthenticated network-based attackers to induce a Denial-of-Service (DoS). This vulnerability manifests in two specific scenarios. The first scenario occurs when devices configured with both SFLOW and ECMP encounter specific valid transit traffic that triggers a crash in the packetio process, causing an overall failure in the forwarding control plane (FPC) until a restart is performed. This scenario is pertinent to the PTX Series but does not apply to ACX or MX Series devices. The second scenario arises when a malformed CFM packet is received on an interface configured with CFM, similarly resulting in a packetio crash and subsequent FPC failure requiring a restart. These vulnerabilities pose significant operational risks, making it crucial for users to roadmap necessary mitigations.

Affected Version(s)

Junos OS Evolved PTX Series 0 < 21.2R3-S8-EVO

Junos OS Evolved PTX Series 21.4 < 21.4R2-EVO

Junos OS MX Series with MPC10 MPC11 or LC9600 0 < 21.2R3-S4

References

https://supportportal.juniper.net/JSA83002

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 11, 2024
Vulnerability Reserved
Jun 25, 2024

Collectors

NVD DatabaseMitre Database