Improper Check for Unusual or Exceptional Conditions Leads to Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS
CVE-2024-39545

7.5HIGH

Key Information:

Vendor: Juniper Networks
Status: Junos Os
Vendor: CVE Published:; 11 July 2024

Summary

An improper check for unusual or exceptional conditions vulnerability exists in the IKE daemon (iked) of Junos OS, utilized by Juniper Networks in its SRX Series, MX Series with SPC3, and NFX350 products. This vulnerability permits unauthenticated, network-based attackers to exploit specific mismatching parameters during the IPsec negotiation process. Successful exploitation can lead to a crash of the iked service, resulting in a Denial of Service (DoS). This vulnerability affects all platforms running the iked service, emphasizing the critical need for users to update their systems to the latest versions to mitigate potential risks.

Affected Version(s)

Junos OS SRX Series 0 < 21.2R3-S8

Junos OS SRX Series 21.4 < 21.4R3-S7

Junos OS SRX Series 22.1 < 22.1R3-S2

References

https://supportportal.juniper.net/JSA83007

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 11, 2024
Vulnerability Reserved
Jun 25, 2024