CVE-2024-39551

An Uncontrolled Resource Consumption vulnerability in the H.323 ALG (Application Layer Gateway) of Juniper Networks Junos OS on SRX Series and MX Series with SPC3 and MS-MPC/MIC, allows an unauthenticated network-based attacker to send specific packets causing traffic loss leading to Denial of Service (DoS). Continued receipt and processing of these specific packets will sustain the Denial of Service condition. The memory usage can be monitored using the below command. user@host> show usp memory segment sha data objcache jsf This issue affects SRX Series and MX Series with SPC3 and MS-MPC/MIC: * 20.4 before 20.4R3-S10, * 21.2 before 21.2R3-S6, * 21.3 before 21.3R3-S5, * 21.4 before 21.4R3-S6, * 22.1 before 22.1R3-S4, * 22.2 before 22.2R3-S2, * 22.3 before 22.3R3-S1, * 22.4 before 22.4R3, * 23.2 before 23.2R2.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://supportportal.juniper.net/JSA83013
https://supportportal.juniper.net/JSA83013

Configurations

No configuration.

History

21 Nov 2024, 09:27

Type	Values Removed	Values Added
References	~~() https://supportportal.juniper.net/JSA83013 -~~	() https://supportportal.juniper.net/JSA83013 -
Summary		(es) Una vulnerabilidad de consumo de recursos no controlado en H.323 ALG (Application Layer Gateway) de Juniper Networks Junos OS en las series SRX y MX con SPC3 y MS-MPC/MIC, permite que un atacante basado en red no autenticado envíe paquetes específicos que causen pérdida de tráfico. lo que lleva a una denegación de servicio (DoS). La recepción y el procesamiento continuo de estos paquetes específicos mantendrán la condición de Denegación de Servicio. El uso de la memoria se puede monitorear usando el siguiente comando. usuario@host> show usp memory segment sha data objcache jsf Este problema afecta a las series SRX y MX con SPC3 y MS-MPC/MIC: * 20.4 antes de 20.4R3-S10, * 21.2 antes de 21.2R3-S6, * 21.3 antes de 21.3R3 -S5, 21.4 antes de 21.4R3-S6, 22.1 antes de 22.1R3-S4, 22.2 antes de 22.2R3-S2, 22.3 antes de 22.3R3-S1, 22.4 antes de 22.4R3, 23.2 antes de 23.2R2.

11 Jul 2024, 19:15

Type	Values Removed	Values Added
Summary	(en) An Uncontrolled Resource Consumption vulnerability in the H.323 ALG (Application Layer Gateway) of Juniper Networks Junos OS on SRX Series and MX Series with SPC3 and MS-MPC/MIC, allows an unauthenticated network-based attacker to send specific packets causing traffic loss leading to Denial of Service (DoS). Continued receipt and processing of these specific packets will sustain the Denial of Service condition. The memory usage can be monitored using the below command. ??user@host> show usp memory segment sha data objcache jsf This issue affects SRX Series and MX Series with SPC3 and MS-MPC/MIC: * ?20.4 before 20.4R3-S10, * ?21.2 before 21.2R3-S6, * ?21.3 before 21.3R3-S5, * ?21.4 before 21.4R3-S6, * ?22.1 before 22.1R3-S4, * ?22.2 before 22.2R3-S2, * ?22.3 before 22.3R3-S1, * ?22.4 before 22.4R3, * ?23.2 before 23.2R2.	(en) An Uncontrolled Resource Consumption vulnerability in the H.323 ALG (Application Layer Gateway) of Juniper Networks Junos OS on SRX Series and MX Series with SPC3 and MS-MPC/MIC, allows an unauthenticated network-based attacker to send specific packets causing traffic loss leading to Denial of Service (DoS). Continued receipt and processing of these specific packets will sustain the Denial of Service condition. The memory usage can be monitored using the below command. user@host> show usp memory segment sha data objcache jsf This issue affects SRX Series and MX Series with SPC3 and MS-MPC/MIC: * 20.4 before 20.4R3-S10, * 21.2 before 21.2R3-S6, * 21.3 before 21.3R3-S5, * 21.4 before 21.4R3-S6, * 22.1 before 22.1R3-S4, * 22.2 before 22.2R3-S2, * 22.3 before 22.3R3-S1, * 22.4 before 22.4R3, * 23.2 before 23.2R2.

11 Jul 2024, 18:09

Type	Values Removed	Values Added
Summary	(en) An Uncontrolled Resource Consumption vulnerability in the H.323 ALG (Application Layer Gateway) of Juniper Networks Junos OS on SRX Series and MX Series with SPC3 and MS-MPC/MIC, allows an unauthenticated network-based attacker to send specific packets causing traffic loss leading to Denial of Service (DoS). Continued receipt and processing of these specific packets will sustain the Denial of Service condition. The memory usage can be monitored using the below command. user@host> show usp memory segment sha data objcache jsf This issue affects SRX Series and MX Series with SPC3 and MS-MPC/MIC: * 20.4 before 20.4R3-S10, * 21.2 before 21.2R3-S6, * 21.3 before 21.3R3-S5, * 21.4 before 21.4R3-S6, * 22.1 before 22.1R3-S4, * 22.2 before 22.2R3-S2, * 22.3 before 22.3R3-S1, * 22.4 before 22.4R3, * 23.2 before 23.2R2.	(en) An Uncontrolled Resource Consumption vulnerability in the H.323 ALG (Application Layer Gateway) of Juniper Networks Junos OS on SRX Series and MX Series with SPC3 and MS-MPC/MIC, allows an unauthenticated network-based attacker to send specific packets causing traffic loss leading to Denial of Service (DoS). Continued receipt and processing of these specific packets will sustain the Denial of Service condition. The memory usage can be monitored using the below command. ??user@host> show usp memory segment sha data objcache jsf This issue affects SRX Series and MX Series with SPC3 and MS-MPC/MIC: * ?20.4 before 20.4R3-S10, * ?21.2 before 21.2R3-S6, * ?21.3 before 21.3R3-S5, * ?21.4 before 21.4R3-S6, * ?22.1 before 22.1R3-S4, * ?22.2 before 22.2R3-S2, * ?22.3 before 22.3R3-S1, * ?22.4 before 22.4R3, * ?23.2 before 23.2R2.

11 Jul 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-11 17:15

Updated : 2024-11-21 09:27

NVD link : CVE-2024-39551

Mitre link : CVE-2024-39551

CVE.ORG link : CVE-2024-39551

JSON object : View

Products Affected

No product.

CWE

CWE-400

Uncontrolled Resource Consumption

7.5 /10