6.9

CVE-2024-39553

Exploit

Junos OS Evolved: Receipt of arbitrary data when sampling service is enabled, leads to partial Denial of Service (DoS).

An Exposure of Resource to Wrong Sphere vulnerability in the sampling service of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to send arbitrary data to the device, which leads msvcsd process to crash with limited availability impacting Denial of Service (DoS) and allows unauthorized network access to the device, potentially impacting system integrity.

This issue only happens when inline jflow is configured.

This does not impact any forwarding traffic. The impacted services MSVCS-DB app crashes momentarily and recovers by itself. 

This issue affects Juniper Networks Junos OS Evolved: 
  *  21.4 versions earlier than 21.4R3-S7-EVO; 
  *  22.2 versions earlier than 22.2R3-S3-EVO;
  *  22.3 versions earlier than 22.3R3-S2-EVO;
  *  22.4 versions earlier than 22.4R3-EVO;
  *  23.2 versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
JuniperJunos Os Evolved Version21.4 Update-
JuniperJunos Os Evolved Version21.4 Updater1
JuniperJunos Os Evolved Version21.4 Updater1-s1
JuniperJunos Os Evolved Version21.4 Updater1-s2
JuniperJunos Os Evolved Version21.4 Updater2
JuniperJunos Os Evolved Version21.4 Updater2-s1
JuniperJunos Os Evolved Version21.4 Updater2-s2
JuniperJunos Os Evolved Version21.4 Updater3
JuniperJunos Os Evolved Version21.4 Updater3-s1
JuniperJunos Os Evolved Version21.4 Updater3-s2
JuniperJunos Os Evolved Version21.4 Updater3-s3
JuniperJunos Os Evolved Version21.4 Updater3-s4
JuniperJunos Os Evolved Version21.4 Updater3-s5
JuniperJunos Os Evolved Version21.4 Updater3-s6
JuniperJunos Os Evolved Version22.2 Update-
JuniperJunos Os Evolved Version22.2 Updater1
JuniperJunos Os Evolved Version22.2 Updater1-s1
JuniperJunos Os Evolved Version22.2 Updater1-s2
JuniperJunos Os Evolved Version22.2 Updater2
JuniperJunos Os Evolved Version22.2 Updater2-s1
JuniperJunos Os Evolved Version22.2 Updater2-s2
JuniperJunos Os Evolved Version22.2 Updater3
JuniperJunos Os Evolved Version22.2 Updater3-s1
JuniperJunos Os Evolved Version22.2 Updater3-s2
JuniperJunos Os Evolved Version22.3 Update-
JuniperJunos Os Evolved Version22.3 Updater1
JuniperJunos Os Evolved Version22.3 Updater1-s1
JuniperJunos Os Evolved Version22.3 Updater1-s2
JuniperJunos Os Evolved Version22.3 Updater2
JuniperJunos Os Evolved Version22.3 Updater2-s1
JuniperJunos Os Evolved Version22.3 Updater2-s2
JuniperJunos Os Evolved Version22.3 Updater3
JuniperJunos Os Evolved Version22.3 Updater3-s1
JuniperJunos Os Evolved Version22.4 Update-
JuniperJunos Os Evolved Version22.4 Updater1
JuniperJunos Os Evolved Version22.4 Updater1-s1
JuniperJunos Os Evolved Version22.4 Updater1-s2
JuniperJunos Os Evolved Version22.4 Updater2
JuniperJunos Os Evolved Version22.4 Updater2-s1
JuniperJunos Os Evolved Version22.4 Updater2-s2
JuniperJunos Os Evolved Version23.2 Update-
JuniperJunos Os Evolved Version23.2 Updater1
JuniperJunos Os Evolved Version23.2 Updater1-s1
JuniperJunos Os Evolved Version23.2 Updater2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.14% 0.348
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
sirt@juniper.net 6.9 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:A/V:X/RE:X/U:X
sirt@juniper.net 6.5 3.9 2.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
CWE-668 Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.