GHSA-MHXW-PRXV-H6HR

Vulnerability from github – Published: 2024-07-11 18:31 – Updated: 2024-07-11 18:31
VLAI?
Details

An Improper Check for Unusual or Exceptional Conditions vulnerability in the the IKE daemon (iked) of Juniper Networks Junos OS on SRX Series, MX Series with SPC3 and NFX350 allows allows an unauthenticated, network-based attacker sending specific mismatching parameters as part of the IPsec negotiation to trigger an iked crash leading to Denial of Service (DoS).

This issue is applicable to all platforms that run iked. This issue affects Junos OS on SRX Series, MX Series with SPC3 and NFX350: 

  • All versions before 21.2R3-S8, 
  • from 21.4 before 21.4R3-S7, 
  • from 22.1 before 22.1R3-S2, 
  • from 22.2 before 22.2R3-S1, 
  • from 22.3 before 22.3R2-S1, 22.3R3, 
  • from 22.4 before 22.4R1-S2, 22.4R2, 22.4R3.
Severity ?
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.7 (High)
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
Show details on source website
To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2024-39545"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-754"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-11T17:15:13Z",
    "severity": "HIGH"
  },
  "details": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the the IKE daemon (iked) of Juniper Networks Junos OS on SRX Series, MX Series with SPC3 and NFX350 allows allows an unauthenticated, network-based attacker sending specific mismatching parameters as part of the IPsec negotiation to trigger an iked crash leading to Denial of Service (DoS).\n\nThis issue is applicable to all platforms that run iked.\u00a0This issue affects Junos OS on SRX Series, MX Series with SPC3 and NFX350:\u00a0\n\n\n\n  *  All versions before 21.2R3-S8,\u00a0\n  *  from 21.4 before 21.4R3-S7,\u00a0\n  *  from 22.1 before 22.1R3-S2,\u00a0\n  *  from 22.2 before 22.2R3-S1,\u00a0\n  *  from 22.3 before 22.3R2-S1, 22.3R3,\u00a0\n  *  from 22.4 before 22.4R1-S2, 22.4R2, 22.4R3.",
  "id": "GHSA-mhxw-prxv-h6hr",
  "modified": "2024-07-11T18:31:13Z",
  "published": "2024-07-11T18:31:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39545"
    },
    {
      "type": "WEB",
      "url": "https://supportportal.juniper.net/JSA83007"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.