CVE-2024-21616

EPSS 0.21%
Veröffentlicht 12.01.2024 01:15:50
Zuletzt bearbeitet 21.11.2024 08:54:43
Quelle sirt@juniper.net
CVE-Watchlists
Login
Unerledigt
Login

Junos OS: MX Series and SRX Series: Processing of a specific SIP packet causes NAT IP allocation to fail

An Improper Validation of Syntactic Correctness of Input vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS).

On all Junos OS MX Series and SRX Series platforms, when SIP ALG is enabled, and a specific SIP packet is received and processed, NAT IP allocation fails for genuine traffic, which causes Denial of Service (DoS). Continuous receipt of this specific SIP ALG packet will cause a sustained DoS condition.

NAT IP usage can be monitored by running the following command.

user@srx> show security nat resource-usage source-pool <source_pool_name>


Pool name: source_pool_name
..
Address Factor-index Port-range Used Avail Total Usage
X.X.X.X
0 Single Ports 50258 52342 62464 96% <<<<<
- Alg Ports 0 2048 2048 0%
This issue affects:

Juniper Networks Junos OS on MX Series and SRX Series



  *  All versions earlier than 21.2R3-S6;
  *  21.3 versions earlier than 21.3R3-S5;
  *  21.4 versions earlier than 21.4R3-S5;
  *  22.1 versions earlier than 22.1R3-S4;
  *  22.2 versions earlier than 22.2R3-S3;
  *  22.3 versions earlier than 22.3R3-S1;
  *  22.4 versions earlier than 22.4R2-S2, 22.4R3;
  *  23.2 versions earlier than 23.2R1-S1, 23.2R2.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 74 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Juniper ≫ Junos Version21.2 Update-

Juniper ≫ Junos Version21.2 Updater1

Juniper ≫ Junos Version21.2 Updater1-s1

Juniper ≫ Junos Version21.2 Updater1-s2

Juniper ≫ Junos Version21.2 Updater2

Juniper ≫ Junos Version21.2 Updater2-s1

Juniper ≫ Junos Version21.2 Updater2-s2

Juniper ≫ Junos Version21.2 Updater3

Juniper ≫ Junos Version21.2 Updater3-s1

Juniper ≫ Junos Version21.2 Updater3-s2

Juniper ≫ Junos Version21.2 Updater3-s3

Juniper ≫ Junos Version21.2 Updater3-s4

Juniper ≫ Junos Version21.2 Updater3-s5

Juniper ≫ Junos Version21.3 Update-

Juniper ≫ Junos Version21.3 Updater1

Juniper ≫ Junos Version21.3 Updater1-s1

Juniper ≫ Junos Version21.3 Updater1-s2

Juniper ≫ Junos Version21.3 Updater2

Juniper ≫ Junos Version21.3 Updater2-s1

Juniper ≫ Junos Version21.3 Updater2-s2

Juniper ≫ Junos Version21.3 Updater3

Juniper ≫ Junos Version21.3 Updater3-s1

Juniper ≫ Junos Version21.3 Updater3-s2

Juniper ≫ Junos Version21.3 Updater3-s3

Juniper ≫ Junos Version21.3 Updater3-s4

Juniper ≫ Junos Version21.4 Update-

Juniper ≫ Junos Version21.4 Updater1

Juniper ≫ Junos Version21.4 Updater1-s1

Juniper ≫ Junos Version21.4 Updater1-s2

Juniper ≫ Junos Version21.4 Updater2

Juniper ≫ Junos Version21.4 Updater2-s1

Juniper ≫ Junos Version21.4 Updater2-s2

Juniper ≫ Junos Version21.4 Updater3

Juniper ≫ Junos Version21.4 Updater3-s1

Juniper ≫ Junos Version21.4 Updater3-s2

Juniper ≫ Junos Version21.4 Updater3-s3

Juniper ≫ Junos Version21.4 Updater3-s4

Juniper ≫ Junos Version22.1 Update-

Juniper ≫ Junos Version22.1 Updater1

Juniper ≫ Junos Version22.1 Updater1-s1

Juniper ≫ Junos Version22.1 Updater1-s2

Juniper ≫ Junos Version22.1 Updater2

Juniper ≫ Junos Version22.1 Updater2-s1

Juniper ≫ Junos Version22.1 Updater2-s2

Juniper ≫ Junos Version22.1 Updater3

Juniper ≫ Junos Version22.1 Updater3-s1

Juniper ≫ Junos Version22.1 Updater3-s2

Juniper ≫ Junos Version22.1 Updater3-s3

Juniper ≫ Junos Version22.2 Update-

Juniper ≫ Junos Version22.2 Updater1

Juniper ≫ Junos Version22.2 Updater1-s1

Juniper ≫ Junos Version22.2 Updater1-s2

Juniper ≫ Junos Version22.2 Updater2

Juniper ≫ Junos Version22.2 Updater2-s1

Juniper ≫ Junos Version22.2 Updater2-s2

Juniper ≫ Junos Version22.2 Updater3

Juniper ≫ Junos Version22.2 Updater3-s1

Juniper ≫ Junos Version22.2 Updater3-s2

Juniper ≫ Junos Version22.3 Update-

Juniper ≫ Junos Version22.3 Updater1

Juniper ≫ Junos Version22.3 Updater1-s1

Juniper ≫ Junos Version22.3 Updater1-s2

Juniper ≫ Junos Version22.3 Updater2

Juniper ≫ Junos Version22.3 Updater2-s1

Juniper ≫ Junos Version22.3 Updater2-s2

Juniper ≫ Junos Version22.3 Updater3

Juniper ≫ Junos Version22.4 Update-

Juniper ≫ Junos Version22.4 Updater1

Juniper ≫ Junos Version22.4 Updater1-s1

Juniper ≫ Junos Version22.4 Updater1-s2

Juniper ≫ Junos Version22.4 Updater2

Juniper ≫ Junos Version22.4 Updater2-s1

Juniper ≫ Junos Version23.2 Update-

Juniper ≫ Junos Version23.2 Updater1

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.21%	0.43

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
sirt@juniper.net	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1286 Improper Validation of Syntactic Correctness of Input

The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax.

https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Third Party Advisory

https://supportportal.juniper.net/JSA75757

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-21616

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-21616

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-21616

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-21616