CVE-2024-39562

Junos OS Evolved: A high rate of SSH connections causes a Denial of Service

Severity Score

8.7

*CVSS v4

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

A Missing Release of Resource after Effective Lifetime vulnerability the xinetd process, responsible for spawning SSH daemon (sshd) instances, of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to cause a Denial of Service (DoS) by blocking SSH access for legitimate users. Continued receipt of these connections will create a sustained Denial of Service (DoS) condition.

The issue is triggered when a high rate of concurrent SSH requests are received and terminated in a specific way, causing xinetd to crash, and leaving defunct sshd processes. Successful exploitation of this vulnerability blocks both SSH access as well as services which rely upon SSH, such as SFTP, and Netconf over SSH.

Once the system is in this state, legitimate users will be unable to SSH to the device until service is manually restored. See WORKAROUND section below.

Administrators can monitor an increase in defunct sshd processes by utilizing the CLI command:

> show system processes | match sshd
root 25219 30901 0 Jul16 ? 00:00:00 [sshd] <defunct>

This issue affects Juniper Networks Junos OS Evolved:
* All versions prior to 21.4R3-S7-EVO
* 22.3-EVO versions prior to 22.3R2-S2-EVO, 22.3R3-S2-EVO;
* 22.4-EVO versions prior to 22.4R3-EVO;
* 23.2-EVO versions prior to 23.2R2-EVO.

This issue does not affect Juniper Networks Junos OS Evolved 22.1-EVO nor 22.2-EVO.

Una versión faltante de recurso después de una vulnerabilidad de duración efectiva El proceso xinetd, responsable de generar instancias de demonio SSH (sshd), de Juniper Networks Junos OS Evolved permite que un atacante basado en red no autenticado provoque una denegación de servicio (DoS) al bloquear el acceso SSH para usuarios legítimos. La recepción continua de estas conexiones creará una condición sostenida de Denegación de Servicio (DoS). El problema se desencadena cuando se recibe y finaliza de una manera específica una alta tasa de solicitudes SSH simultáneas, lo que provoca que xinetd falle y deje procesos sshd inactivos. La explotación exitosa de esta vulnerabilidad bloquea tanto el acceso SSH como los servicios que dependen de SSH, como SFTP y Netconf sobre SSH. Una vez que el sistema esté en este estado, los usuarios legítimos no podrán conectarse mediante SSH al dispositivo hasta que el servicio se restablezca manualmente. Consulte la sección WORKAROUND a continuación. Los administradores pueden monitorear un aumento en los procesos sshd inactivos utilizando el comando CLI: > mostrar procesos del sistema | coincide con sshd root 25219 30901 0 16 de julio? 00:00:00 [sshd] Este problema afecta a Juniper Networks Junos OS Evolved: * Todas las versiones anteriores a 21.4R3-S7-EVO * Versiones 22.3-EVO anteriores a 22.3R2-S2-EVO, 22.3R3-S2- EVO; * Versiones 22.4-EVO anteriores a 22.4R3-EVO; * Versiones 23.2-EVO anteriores a 23.2R2-EVO. Este problema no afecta a Juniper Networks Junos OS Evolved 22.1-EVO ni 22.2-EVO.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Attack Requirements

None

Privileges Required

None

User Interaction

None

System

Vulnerable | Subsequent

Confidentiality

None

Integrity

None

Availability

High

None

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

None

Automatable

Yes

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-06-25 CVE Reserved
2024-07-10 CVE Published
2024-07-11 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-772: Missing Release of Resource after Effective Lifetime

CAPEC

References (2)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://supportportal.juniper.net/JSA75724	2024-07-11
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N	2024-07-11

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Juniper Networks Search vendor "Juniper Networks"		Junos OS Evolved Search vendor "Juniper Networks" for product "Junos OS Evolved"				< 21.4R3-S7-EVO Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " < 21.4R3-S7-EVO"		en		Affected
Juniper Networks Search vendor "Juniper Networks"		Junos OS Evolved Search vendor "Juniper Networks" for product "Junos OS Evolved"				>= 22.3-EVO < 22.3R2-S2-EVO Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " >= 22.3-EVO < 22.3R2-S2-EVO"		en		Affected
Juniper Networks Search vendor "Juniper Networks"		Junos OS Evolved Search vendor "Juniper Networks" for product "Junos OS Evolved"				>= 22.3-EVO < 22.3R3-S2-EVO Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " >= 22.3-EVO < 22.3R3-S2-EVO"		en		Affected
Juniper Networks Search vendor "Juniper Networks"		Junos OS Evolved Search vendor "Juniper Networks" for product "Junos OS Evolved"				>= 22.4-EVO < 22.4R3-EVO Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " >= 22.4-EVO < 22.4R3-EVO"		en		Affected
Juniper Networks Search vendor "Juniper Networks"		Junos OS Evolved Search vendor "Juniper Networks" for product "Junos OS Evolved"				>= 23.2-EVO < 23.2R2-EVO Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " >= 23.2-EVO < 23.2R2-EVO"		en		Affected