Sampling Service Vulnerability Impacts Resource Access and Integrity
CVE-2024-39553

6.5MEDIUM

Key Information:

Vendor: Juniper Networks
Status: Junos Os Evolved
Vendor: CVE Published:; 11 July 2024

Summary

An Exposure of Resource to Wrong Sphere vulnerability in the sampling service of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to send arbitrary data to the device, which leads msvcsd process to crash with limited availability impacting Denial of Service (DoS) and allows unauthorized network access to the device, potentially impacting system integrity.

This issue only happens when inline jflow is configured.

This does not impact any forwarding traffic. The impacted services MSVCS-DB app crashes momentarily and recovers by itself.

This issue affects Juniper Networks Junos OS Evolved:

21.4 versions earlier than 21.4R3-S7-EVO;
22.2 versions earlier than 22.2R3-S3-EVO;
22.3 versions earlier than 22.3R3-S2-EVO;
22.4 versions earlier than 22.4R3-EVO;
23.2 versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO.

Affected Version(s)

Junos OS Evolved 21.4-EVO < 21.4R3-S7-EVO

Junos OS Evolved 22.2-EVO < 22.2R3-S3-EVO

Junos OS Evolved 22.3-EVO < 22.3R3-S2-EVO

References

https://supportportal.juniper.net/JSA79101

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 11, 2024
Vulnerability Reserved
Jun 25, 2024

Collectors

NVD DatabaseMitre Database