CVE-2024-30392
Junos OS: MX Series with SPC3 and MS-MPC/-MIC: When URL filtering is enabled and a specific URL request is received a flowd crash occurs
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A Stack-based Buffer Overflow vulnerability in Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS).
On all Junos OS MX Series platforms with SPC3 and MS-MPC/-MIC, when URL filtering is enabled and a specific URL request is received and processed, flowd will crash and restart. Continuous reception of the specific URL request will lead to a sustained Denial of Service (DoS) condition.
This issue affects:
Junos OS:
* all versions before 21.2R3-S6,
* from 21.3 before 21.3R3-S5,
* from 21.4 before 21.4R3-S5,
* from 22.1 before 22.1R3-S3,
* from 22.2 before 22.2R3-S1,
* from 22.3 before 22.3R2-S2, 22.3R3,
* from 22.4 before 22.4R2-S1, 22.4R3.
Una vulnerabilidad de desbordamiento de búfer en la región stack de la memoria en Flow Processing Daemon (flowd) de Juniper Networks Junos OS permite que un atacante no autenticado basado en red provoque una denegación de servicio (DoS). En todas las plataformas Junos OS MX Series con SPC3 y MS-MPC/-MIC, cuando el filtrado de URL está habilitado y se recibe y procesa una solicitud de URL específica, el flujo se bloqueará y se reiniciará. La recepción continua de la solicitud de URL específica dará lugar a una condición sostenida de Denegación de Servicio (DoS). Este problema afecta a: Junos OS: * todas las versiones anteriores a 21.2R3-S6, * desde 21.3 anterior a 21.3R3-S5, * desde 21.4 anterior a 21.4R3-S5, * desde 22.1 anterior a 22.1R3-S3, * desde 22.2 anterior a 22.2R3- S1, * de 22.3 antes de 22.3R2-S2, 22.3R3, * de 22.4 antes de 22.4R2-S1, 22.4R3.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2024-03-26 CVE Reserved
- 2024-04-12 CVE Published
- 2024-04-21 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-121: Stack-based Buffer Overflow
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L | Technical Description |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://supportportal.juniper.net/JSA79092 | 2024-05-16 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Juniper Networks Search vendor "Juniper Networks" | Junos OS Search vendor "Juniper Networks" for product "Junos OS" | < 21.2R3-S6 Search vendor "Juniper Networks" for product "Junos OS" and version " < 21.2R3-S6" | en |
Affected
| ||||||
Juniper Networks Search vendor "Juniper Networks" | Junos OS Search vendor "Juniper Networks" for product "Junos OS" | >= 21.3 < 21.3R3-S5 Search vendor "Juniper Networks" for product "Junos OS" and version " >= 21.3 < 21.3R3-S5" | en |
Affected
| ||||||
Juniper Networks Search vendor "Juniper Networks" | Junos OS Search vendor "Juniper Networks" for product "Junos OS" | >= 21.4 < 21.4R3-S5 Search vendor "Juniper Networks" for product "Junos OS" and version " >= 21.4 < 21.4R3-S5" | en |
Affected
| ||||||
Juniper Networks Search vendor "Juniper Networks" | Junos OS Search vendor "Juniper Networks" for product "Junos OS" | >= 22.1 < 22.1R3-S3 Search vendor "Juniper Networks" for product "Junos OS" and version " >= 22.1 < 22.1R3-S3" | en |
Affected
| ||||||
Juniper Networks Search vendor "Juniper Networks" | Junos OS Search vendor "Juniper Networks" for product "Junos OS" | >= 22.2 < 22.2R3-S1 Search vendor "Juniper Networks" for product "Junos OS" and version " >= 22.2 < 22.2R3-S1" | en |
Affected
| ||||||
Juniper Networks Search vendor "Juniper Networks" | Junos OS Search vendor "Juniper Networks" for product "Junos OS" | >= 22.3 < 22.3R2-S2 Search vendor "Juniper Networks" for product "Junos OS" and version " >= 22.3 < 22.3R2-S2" | en |
Affected
| ||||||
Juniper Networks Search vendor "Juniper Networks" | Junos OS Search vendor "Juniper Networks" for product "Junos OS" | >= 22.3 < 22.3R3 Search vendor "Juniper Networks" for product "Junos OS" and version " >= 22.3 < 22.3R3" | en |
Affected
| ||||||
Juniper Networks Search vendor "Juniper Networks" | Junos OS Search vendor "Juniper Networks" for product "Junos OS" | >= 22.4 < 22.4R2-S1 Search vendor "Juniper Networks" for product "Junos OS" and version " >= 22.4 < 22.4R2-S1" | en |
Affected
| ||||||
Juniper Networks Search vendor "Juniper Networks" | Junos OS Search vendor "Juniper Networks" for product "Junos OS" | >= 22.4 < 22.4R3 Search vendor "Juniper Networks" for product "Junos OS" and version " >= 22.4 < 22.4R3" | en |
Affected
|