CVE-2024-39545

An Improper Check for Unusual or Exceptional Conditions vulnerability in the the IKE daemon (iked) of Juniper Networks Junos OS on SRX Series, MX Series with SPC3 and NFX350 allows allows an unauthenticated, network-based attacker sending specific mismatching parameters as part of the IPsec negotiation to trigger an iked crash leading to Denial of Service (DoS). This issue is applicable to all platforms that run iked. This issue affects Junos OS on SRX Series, MX Series with SPC3 and NFX350: * All versions before 21.2R3-S8, * from 21.4 before 21.4R3-S7, * from 22.1 before 22.1R3-S2, * from 22.2 before 22.2R3-S1, * from 22.3 before 22.3R2-S1, 22.3R3, * from 22.4 before 22.4R1-S2, 22.4R2, 22.4R3.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://supportportal.juniper.net/JSA83007
https://supportportal.juniper.net/JSA83007

Configurations

No configuration.

History

21 Nov 2024, 09:27

Type	Values Removed	Values Added
References	~~() https://supportportal.juniper.net/JSA83007 -~~	() https://supportportal.juniper.net/JSA83007 -
Summary		(es) Una vulnerabilidad de verificación inadecuada de condiciones inusuales o excepcionales en el daemon IKE (iked) de Juniper Networks Junos OS en las series SRX, MX con SPC3 y NFX350 permite que un atacante basado en red no autenticado envíe parámetros específicos que no coinciden como parte de IPsec. negociación para desencadenar un bloqueo de iked que conduce a una denegación de servicio (DoS). Este problema se aplica a todas las plataformas que ejecutan iked. Este problema afecta a Junos OS en las series SRX, MX con SPC3 y NFX350: * Todas las versiones anteriores a 21.2R3-S8, * desde 21.4 antes de 21.4R3-S7, * desde 22.1 antes de 22.1R3-S2, * desde 22.2 antes de 22.2R3- S1, * desde 22.3 antes de 22.3R2-S1, 22.3R3, * desde 22.4 antes de 22.4R1-S2, 22.4R2, 22.4R3.

11 Jul 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-11 17:15

Updated : 2024-11-21 09:27

NVD link : CVE-2024-39545

Mitre link : CVE-2024-39545

CVE.ORG link : CVE-2024-39545

JSON object : View

Products Affected

No product.

CWE

CWE-754

Improper Check for Unusual or Exceptional Conditions

{"id": "CVE-2024-39545", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "sirt@juniper.net", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "sirt@juniper.net", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 8.7, "automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "NONE", "vulnerableSystemIntegrity": "NONE", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "LOW", "vulnerableSystemAvailability": "HIGH", "subsequentSystemConfidentiality": "NONE", "vulnerableSystemConfidentiality": "NONE", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-07-11T17:15:13.823", "references": [{"url": "https://supportportal.juniper.net/JSA83007", "source": "sirt@juniper.net"}, {"url": "https://supportportal.juniper.net/JSA83007", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "sirt@juniper.net", "description": [{"lang": "en", "value": "CWE-754"}]}], "descriptions": [{"lang": "en", "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the the IKE daemon (iked) of Juniper Networks Junos OS on SRX Series, MX Series with SPC3 and NFX350 allows allows an unauthenticated, network-based attacker sending specific mismatching parameters as part of the IPsec negotiation to trigger an iked crash leading to Denial of Service (DoS).\n\nThis issue is applicable to all platforms that run iked.\u00a0This issue affects Junos OS on SRX Series, MX Series with SPC3 and NFX350:\u00a0\n\n\n\n * All versions before 21.2R3-S8,\u00a0\n * from 21.4 before 21.4R3-S7,\u00a0\n * from 22.1 before 22.1R3-S2,\u00a0\n * from 22.2 before 22.2R3-S1,\u00a0\n * from 22.3 before 22.3R2-S1, 22.3R3,\u00a0\n * from 22.4 before 22.4R1-S2, 22.4R2, 22.4R3."}, {"lang": "es", "value": "Una vulnerabilidad de verificaci\u00f3n inadecuada de condiciones inusuales o excepcionales en el daemon IKE (iked) de Juniper Networks Junos OS en las series SRX, MX con SPC3 y NFX350 permite que un atacante basado en red no autenticado env\u00ede par\u00e1metros espec\u00edficos que no coinciden como parte de IPsec. negociaci\u00f3n para desencadenar un bloqueo de iked que conduce a una denegaci\u00f3n de servicio (DoS). Este problema se aplica a todas las plataformas que ejecutan iked. Este problema afecta a Junos OS en las series SRX, MX con SPC3 y NFX350: * Todas las versiones anteriores a 21.2R3-S8, * desde 21.4 antes de 21.4R3-S7, * desde 22.1 antes de 22.1R3-S2, * desde 22.2 antes de 22.2R3- S1, * desde 22.3 antes de 22.3R2-S1, 22.3R3, * desde 22.4 antes de 22.4R1-S2, 22.4R2, 22.4R3."}], "lastModified": "2024-11-21T09:27:58.627", "sourceIdentifier": "sirt@juniper.net"}

7.5 /10