github - ghsa-355p-vp22-pp2v

ghsa-355p-vp22-pp2v

Vulnerability from github

Published

2024-01-12 03:30

Modified

2024-01-12 03:30

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

An Improper Validation of Syntactic Correctness of Input vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS).

On all Junos OS MX Series and SRX Series platforms, when SIP ALG is enabled, and a specific SIP packet is received and processed, NAT IP allocation fails for genuine traffic, which causes Denial of Service (DoS). Continuous receipt of this specific SIP ALG packet will cause a sustained DoS condition.

NAT IP usage can be monitored by running the following command.

user@srx> show security nat resource-usage source-pool

Pool name: source_pool_name .. Address Factor-index Port-range Used Avail Total Usage X.X.X.X 0 Single Ports 50258 52342 62464 96% <<<<< - Alg Ports 0 2048 2048 0% This issue affects:

Juniper Networks Junos OS on MX Series and SRX Series

All versions earlier than 21.2R3-S6;
21.3 versions earlier than 21.3R3-S5;
21.4 versions earlier than 21.4R3-S5;
22.1 versions earlier than 22.1R3-S4;
22.2 versions earlier than 22.2R3-S3;
22.3 versions earlier than 22.3R3-S1;
22.4 versions earlier than 22.4R2-S2, 22.4R3;
23.2 versions earlier than 23.2R1-S1, 23.2R2.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-21616"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1286"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-12T01:15:50Z",
    "severity": "HIGH"
  },
  "details": "\nAn Improper Validation of Syntactic Correctness of Input vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS).\n\nOn all Junos OS MX Series and SRX Series platforms, when SIP ALG is enabled, and a specific SIP packet is received and processed, NAT IP allocation fails for genuine traffic, which causes Denial of Service (DoS). Continuous receipt of this specific SIP ALG packet will cause a sustained DoS condition.\n\nNAT IP usage can be monitored by running the following command.\n\nuser@srx\u003e show security nat resource-usage source-pool \u003csource_pool_name\u003e\n\n\nPool name: source_pool_name\n..\nAddress Factor-index Port-range Used Avail Total Usage\nX.X.X.X\n0 Single Ports 50258 52342 62464 96% \u003c\u003c\u003c\u003c\u003c\n- Alg Ports 0 2048 2048 0%\nThis issue affects:\n\nJuniper Networks Junos OS on MX Series and SRX Series\n\n\n\n  *  All versions earlier than 21.2R3-S6;\n  *  21.3 versions earlier than 21.3R3-S5;\n  *  21.4 versions earlier than 21.4R3-S5;\n  *  22.1 versions earlier than 22.1R3-S4;\n  *  22.2 versions earlier than 22.2R3-S3;\n  *  22.3 versions earlier than 22.3R3-S1;\n  *  22.4 versions earlier than 22.4R2-S2, 22.4R3;\n  *  23.2 versions earlier than 23.2R1-S1, 23.2R2.\n\n\n\n\n\n\n",
  "id": "GHSA-355p-vp22-pp2v",
  "modified": "2024-01-12T03:30:49Z",
  "published": "2024-01-12T03:30:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21616"
    },
    {
      "type": "WEB",
      "url": "https://supportportal.juniper.net/JSA75757"
    },
    {
      "type": "WEB",
      "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

cve-2024-21616

Vulnerability from cvelistv5

Published

2024-01-12 00:56

Modified

2024-08-01 22:27

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

Junos OS: MX Series and SRX Series: Processing of a specific SIP packet causes NAT IP allocation to fail

References

▼	URL	Tags
	https://supportportal.juniper.net/JSA75757	vendor-advisory
	https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N	technical-description

Impacted products

▼	Vendor	Product
	Juniper Networks	Junos OS

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:27:35.547Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://supportportal.juniper.net/JSA75757"
          },
          {
            "tags": [
              "technical-description",
              "x_transferred"
            ],
            "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "MX Series",
            "SRX Series"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "21.2R3-S6",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "21.3R3-S5",
              "status": "affected",
              "version": "21.3",
              "versionType": "semver"
            },
            {
              "lessThan": "21.4R3-S5",
              "status": "affected",
              "version": "21.4",
              "versionType": "semver"
            },
            {
              "lessThan": "22.1R3-S4",
              "status": "affected",
              "version": "22.1",
              "versionType": "semver"
            },
            {
              "lessThan": "22.2R3-S3",
              "status": "affected",
              "version": "22.2",
              "versionType": "semver"
            },
            {
              "lessThan": "22.3R3-S1",
              "status": "affected",
              "version": "22.3",
              "versionType": "semver"
            },
            {
              "lessThan": "22.4R2-S2, 22.4R3",
              "status": "affected",
              "version": "22.4",
              "versionType": "semver"
            },
            {
              "lessThan": "23.2R1-S1, 23.2R2",
              "status": "affected",
              "version": "23.2",
              "versionType": "semver"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eTo be affected the SIP ALG needs to be enabled, either implicitly / by default or by way of configuration.\u003c/p\u003e\u003cp\u003ePlease verify on SRX with:\u003c/p\u003e\u003ccode\u003e  user@host\u0026gt; show security alg status | match sip\u003c/code\u003e\u003cbr/\u003e\u003ccode\u003e  SIP : Enabled\u003c/code\u003e\u003cbr/\u003e\u003cp\u003ePlease verify on MX whether the following is configured:\u003c/p\u003e\u003ccode\u003e  user@host\u0026gt; show security alg status | match sip\u003c/code\u003e\u003cbr/\u003e\u003ccode\u003e  SIP : Enabled\u003c/code\u003e\u003cbr/\u003e\u003ccode\u003e  [services ... rule \u0026lt;rule-name\u0026gt; (term \u0026lt;term-name\u0026gt; ) from/match application/application-set \u0026lt;name\u0026gt;]\u003c/code\u003e\u003cbr/\u003e\u003cp\u003ewhere either\u003c/p\u003e\u003ccode\u003e  a. name = junos-sip\u003c/code\u003e\u003cbr/\u003e\u003cp\u003eor an application or application-set refers to SIP:\u003c/p\u003e\u003ccode\u003e  b. [applications application \u0026lt;name\u0026gt; application-protocol sip]\u003c/code\u003e\u003cbr/\u003e\u003cp\u003eor\u003c/p\u003e\u003ccode\u003e  c. [applications application-set \u0026lt;name\u0026gt; application junos-sip]\u003c/code\u003e\u003cbr/\u003e"
            }
          ],
          "value": "To be affected the SIP ALG needs to be enabled, either implicitly / by default or by way of configuration.\n\nPlease verify on SRX with:\n\n  user@host\u003e show security alg status | match sip\n  SIP : Enabled\nPlease verify on MX whether the following is configured:\n\n  user@host\u003e show security alg status | match sip\n  SIP : Enabled\n  [services ... rule \u003crule-name\u003e (term \u003cterm-name\u003e ) from/match application/application-set \u003cname\u003e]\nwhere either\n\n  a. name = junos-sip\nor an application or application-set refers to SIP:\n\n  b. [applications application \u003cname\u003e application-protocol sip]\nor\n\n  c. [applications application-set \u003cname\u003e application junos-sip]\n"
        }
      ],
      "datePublic": "2024-01-10T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cp\u003eAn Improper Validation of Syntactic Correctness of Input vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS).\u003c/p\u003e\u003cp\u003eOn all Junos OS MX Series and SRX Series platforms, when SIP ALG is enabled, and a specific SIP packet is received and processed, NAT IP allocation fails for genuine traffic, which causes Denial of Service (DoS). Continuous receipt of this specific SIP ALG packet will cause a sustained DoS condition.\u003c/p\u003e\u003cp\u003eNAT IP usage can be monitored by running the following command.\u003c/p\u003e\u003ccode\u003euser@srx\u0026gt; show security nat resource-usage source-pool \u0026lt;source_pool_name\u0026gt;\u003c/code\u003e\u003cbr\u003e\u003cp\u003e\u003c/p\u003e\u003ccode\u003ePool name: source_pool_name\u003c/code\u003e\u003cbr\u003e\u003ccode\u003e..\u003c/code\u003e\u003cbr\u003e\u003ccode\u003eAddress Factor-index Port-range Used Avail Total Usage\u003c/code\u003e\u003cbr\u003e\u003ccode\u003eX.X.X.X\u003c/code\u003e\u003cbr\u003e\u003ccode\u003e0 Single Ports 50258 52342 62464 96% \u0026lt;\u0026lt;\u0026lt;\u0026lt;\u0026lt;\u003c/code\u003e\u003cbr\u003e\u003ccode\u003e- Alg Ports 0 2048 2048 0%\u003c/code\u003e\u003cbr\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJuniper Networks Junos OS on MX Series and SRX Series\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions earlier than 21.2R3-S6;\u003c/li\u003e\u003cli\u003e21.3 versions earlier than 21.3R3-S5;\u003c/li\u003e\u003cli\u003e21.4 versions earlier than 21.4R3-S5;\u003c/li\u003e\u003cli\u003e22.1 versions earlier than 22.1R3-S4;\u003c/li\u003e\u003cli\u003e22.2 versions earlier than 22.2R3-S3;\u003c/li\u003e\u003cli\u003e22.3 versions earlier than 22.3R3-S1;\u003c/li\u003e\u003cli\u003e22.4 versions earlier than 22.4R2-S2, 22.4R3;\u003c/li\u003e\u003cli\u003e23.2 versions earlier than 23.2R1-S1, 23.2R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\n\n"
            }
          ],
          "value": "\nAn Improper Validation of Syntactic Correctness of Input vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS).\n\nOn all Junos OS MX Series and SRX Series platforms, when SIP ALG is enabled, and a specific SIP packet is received and processed, NAT IP allocation fails for genuine traffic, which causes Denial of Service (DoS). Continuous receipt of this specific SIP ALG packet will cause a sustained DoS condition.\n\nNAT IP usage can be monitored by running the following command.\n\nuser@srx\u003e show security nat resource-usage source-pool \u003csource_pool_name\u003e\n\n\nPool name: source_pool_name\n..\nAddress Factor-index Port-range Used Avail Total Usage\nX.X.X.X\n0 Single Ports 50258 52342 62464 96% \u003c\u003c\u003c\u003c\u003c\n- Alg Ports 0 2048 2048 0%\nThis issue affects:\n\nJuniper Networks Junos OS on MX Series and SRX Series\n\n\n\n  *  All versions earlier than 21.2R3-S6;\n  *  21.3 versions earlier than 21.3R3-S5;\n  *  21.4 versions earlier than 21.4R3-S5;\n  *  22.1 versions earlier than 22.1R3-S4;\n  *  22.2 versions earlier than 22.2R3-S3;\n  *  22.3 versions earlier than 22.3R3-S1;\n  *  22.4 versions earlier than 22.4R2-S2, 22.4R3;\n  *  23.2 versions earlier than 23.2R1-S1, 23.2R2.\n\n\n\n\n\n\n"
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e"
            }
          ],
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1286",
              "description": "CWE-1286: Improper Validation of Syntactic Correctness of Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "description": "Denial of Service (DoS)",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-12T00:56:20.566Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://supportportal.juniper.net/JSA75757"
        },
        {
          "tags": [
            "technical-description"
          ],
          "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue: Junos OS 21.2R3-S6, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S3, 22.3R3-S1, 22.4R2-S2, 22.4R3, 23.2R1-S1, 23.2R2, 23.4R1, and all subsequent releases.\u003c/p\u003e"
            }
          ],
          "value": "The following software releases have been updated to resolve this specific issue: Junos OS 21.2R3-S6, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S3, 22.3R3-S1, 22.4R2-S2, 22.4R3, 23.2R1-S1, 23.2R2, 23.4R1, and all subsequent releases.\n\n"
        }
      ],
      "source": {
        "advisory": "JSA75757",
        "defect": [
          "1702811"
        ],
        "discovery": "USER"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2024-01-10T17:00:00.000Z",
          "value": "Initial Publication"
        }
      ],
      "title": "Junos OS: MX Series and SRX Series: Processing of a specific SIP packet causes NAT IP allocation to fail",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThere are no known workarounds for this issue, but it should be considered to disable the SIP ALG if it\u0027s not strictly needed.\u003c/p\u003e"
            }
          ],
          "value": "There are no known workarounds for this issue, but it should be considered to disable the SIP ALG if it\u0027s not strictly needed.\n\n"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-av217"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2024-21616",
    "datePublished": "2024-01-12T00:56:20.566Z",
    "dateReserved": "2023-12-27T19:38:25.710Z",
    "dateUpdated": "2024-08-01T22:27:35.547Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted