CVE-2024-39553

Published: Jul 11, 2024

Modified: Aug 2, 2024

PUBLISHED

CVSS v3.1

6.5

MEDIUM

Description

An Exposure of Resource to Wrong Sphere vulnerability in the sampling service of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to send arbitrary data to the device, which leads msvcsd process to crash with limited availability impacting Denial of Service (DoS) and allows unauthorized network access to the device, potentially impacting system integrity. This issue only happens when inline jflow is configured. This does not impact any forwarding traffic. The impacted services MSVCS-DB app crashes momentarily and recovers by itself. This issue affects Juniper Networks Junos OS Evolved: * 21.4 versions earlier than 21.4R3-S7-EVO; * 22.2 versions earlier than 22.2R3-S3-EVO; * 22.3 versions earlier than 22.3R3-S2-EVO; * 22.4 versions earlier than 22.4R3-EVO; * 23.2 versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO.

Vendor	Product	Versions
Juniper Networks	Junos OS Evolved	affected `21.4-EVO - < 21.4R3-S7-EVO` affected `22.2-EVO - < 22.2R3-S3-EVO` affected `22.3-EVO - < 22.3R3-S2-EVO` affected `22.4-EVO - < 22.4R3-EVO` affected `23.2-EVO - < 23.2R1-S2-EVO, 23.2R2-EVO`

Weaknesses (CWE)

CWE-668

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

Low

References

https://supportportal.juniper.net/JSA79101

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-39553

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References