CVE-2024-39561

Junos OS: SRX4600, SRX5000 Series: TCP packets with SYN/FIN or SYN/RST are transferred after enabling no-syn-check with Express Path

Severity Score

6.9

*CVSS v4

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on

SRX4600 and SRX5000 Series

allows an attacker to send TCP packets with

SYN/FIN or SYN/RST

flags, bypassing the expected blocking of these packets.

A TCP packet with SYN/FIN or SYN/RST should be dropped in flowd. However, when no-syn-check and Express Path are enabled, these TCP packets are unexpectedly transferred to the downstream network.

This issue affects Junos OS on SRX4600 and SRX5000 Series:

* All versions before 21.2R3-S8,
* from 21.4 before 21.4R3-S7,
* from 22.1 before 22.1R3-S6,
* from 22.2 before 22.2R3-S4,
* from 22.3 before 22.3R3-S3,
* from 22.4 before 22.4R3-S2,
* from 23.2 before 23.2R2,
* from 23.4 before 23.4R1-S1, 23.4R2.

Una vulnerabilidad de verificación inadecuada de condiciones inusuales o excepcionales en el demonio de flujo (flowd) de Juniper Networks Junos OS en las series SRX4600 y SRX5000 permite a un atacante enviar paquetes TCP con indicadores SYN/FIN o SYN/RST, evitando el bloqueo esperado de estos paquetes. . Un paquete TCP con SYN/FIN o SYN/RST debe descartarse en flowd. Sin embargo, cuando no-syn-check y Express Path están habilitados, estos paquetes TCP se transfieren inesperadamente a la red descendente. Este problema afecta a Junos OS en las series SRX4600 y SRX5000: * Todas las versiones anteriores a 21.2R3-S8, * desde 21.4 antes de 21.4R3-S7, * desde 22.1 antes de 22.1R3-S6, * desde 22.2 antes de 22.2R3-S4, * desde 22.3 antes de 22.3R3-S3, * desde 22.4 antes de 22.4R3-S2, * desde 23.2 antes de 23.2R2, * desde 23.4 antes de 23.4R1-S1, 23.4R2.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Attack Requirements

None

Privileges Required

None

User Interaction

None

System

Vulnerable | Subsequent

Confidentiality

None

Integrity

None

Low

Availability

None

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

Low

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

None

Automatable

Yes

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-06-25 CVE Reserved
2024-07-10 CVE Published
2024-07-11 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-754: Improper Check for Unusual or Exceptional Conditions

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://supportportal.juniper.net/JSA83021	2024-07-11

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Juniper Networks Search vendor "Juniper Networks"		Junos OS Search vendor "Juniper Networks" for product "Junos OS"				< 21.2R3-S8 Search vendor "Juniper Networks" for product "Junos OS" and version " < 21.2R3-S8"		en		Affected
Juniper Networks Search vendor "Juniper Networks"		Junos OS Search vendor "Juniper Networks" for product "Junos OS"				>= 21.4 < 21.4R3-S7 Search vendor "Juniper Networks" for product "Junos OS" and version " >= 21.4 < 21.4R3-S7"		en		Affected
Juniper Networks Search vendor "Juniper Networks"		Junos OS Search vendor "Juniper Networks" for product "Junos OS"				>= 22.1 < 22.1R3-S6 Search vendor "Juniper Networks" for product "Junos OS" and version " >= 22.1 < 22.1R3-S6"		en		Affected
Juniper Networks Search vendor "Juniper Networks"		Junos OS Search vendor "Juniper Networks" for product "Junos OS"				>= 22.2 < 22.2R3-S4 Search vendor "Juniper Networks" for product "Junos OS" and version " >= 22.2 < 22.2R3-S4"		en		Affected
Juniper Networks Search vendor "Juniper Networks"		Junos OS Search vendor "Juniper Networks" for product "Junos OS"				>= 22.3 < 22.3R3-S3 Search vendor "Juniper Networks" for product "Junos OS" and version " >= 22.3 < 22.3R3-S3"		en		Affected
Juniper Networks Search vendor "Juniper Networks"		Junos OS Search vendor "Juniper Networks" for product "Junos OS"				>= 22.4 < 22.4R3-S2 Search vendor "Juniper Networks" for product "Junos OS" and version " >= 22.4 < 22.4R3-S2"		en		Affected
Juniper Networks Search vendor "Juniper Networks"		Junos OS Search vendor "Juniper Networks" for product "Junos OS"				>= 23.2 < 23.2R2 Search vendor "Juniper Networks" for product "Junos OS" and version " >= 23.2 < 23.2R2"		en		Affected
Juniper Networks Search vendor "Juniper Networks"		Junos OS Search vendor "Juniper Networks" for product "Junos OS"				>= 23.4 < 23.4R1-S1 Search vendor "Juniper Networks" for product "Junos OS" and version " >= 23.4 < 23.4R1-S1"		en		Affected
Juniper Networks Search vendor "Juniper Networks"		Junos OS Search vendor "Juniper Networks" for product "Junos OS"				>= 23.4 < 23.4R2 Search vendor "Juniper Networks" for product "Junos OS" and version " >= 23.4 < 23.4R2"		en		Affected