CVE-2024-39562
Junos OS Evolved: A high rate of SSH connections causes a Denial of Service
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A Missing Release of Resource after Effective Lifetime vulnerability the xinetd process, responsible for spawning SSH daemon (sshd) instances, of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to cause a Denial of Service (DoS) by blocking SSH access for legitimate users. Continued receipt of these connections will create a sustained Denial of Service (DoS) condition.
The issue is triggered when a high rate of concurrent SSH requests are received and terminated in a specific way, causing xinetd to crash, and leaving defunct sshd processes. Successful exploitation of this vulnerability blocks both SSH access as well as services which rely upon SSH, such as SFTP, and Netconf over SSH.
Once the system is in this state, legitimate users will be unable to SSH to the device until service is manually restored. See WORKAROUND section below.
Administrators can monitor an increase in defunct sshd processes by utilizing the CLI command:
> show system processes | match sshd
root 25219 30901 0 Jul16 ? 00:00:00 [sshd] <defunct>
This issue affects Juniper Networks Junos OS Evolved:
* All versions prior to 21.4R3-S7-EVO
* 22.3-EVO versions prior to 22.3R2-S2-EVO, 22.3R3-S2-EVO;
* 22.4-EVO versions prior to 22.4R3-EVO;
* 23.2-EVO versions prior to 23.2R2-EVO.
This issue does not affect Juniper Networks Junos OS Evolved 22.1-EVO nor 22.2-EVO.
Una versión faltante de recurso después de una vulnerabilidad de duración efectiva El proceso xinetd, responsable de generar instancias de demonio SSH (sshd), de Juniper Networks Junos OS Evolved permite que un atacante basado en red no autenticado provoque una denegación de servicio (DoS) al bloquear el acceso SSH para usuarios legítimos. La recepción continua de estas conexiones creará una condición sostenida de Denegación de Servicio (DoS). El problema se desencadena cuando se recibe y finaliza de una manera específica una alta tasa de solicitudes SSH simultáneas, lo que provoca que xinetd falle y deje procesos sshd inactivos. La explotación exitosa de esta vulnerabilidad bloquea tanto el acceso SSH como los servicios que dependen de SSH, como SFTP y Netconf sobre SSH. Una vez que el sistema esté en este estado, los usuarios legítimos no podrán conectarse mediante SSH al dispositivo hasta que el servicio se restablezca manualmente. Consulte la sección WORKAROUND a continuación. Los administradores pueden monitorear un aumento en los procesos sshd inactivos utilizando el comando CLI: > mostrar procesos del sistema | coincide con sshd root 25219 30901 0 16 de julio? 00:00:00 [sshd] Este problema afecta a Juniper Networks Junos OS Evolved: * Todas las versiones anteriores a 21.4R3-S7-EVO * Versiones 22.3-EVO anteriores a 22.3R2-S2-EVO, 22.3R3-S2- EVO; * Versiones 22.4-EVO anteriores a 22.4R3-EVO; * Versiones 23.2-EVO anteriores a 23.2R2-EVO. Este problema no afecta a Juniper Networks Junos OS Evolved 22.1-EVO ni 22.2-EVO.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2024-06-25 CVE Reserved
- 2024-07-10 CVE Published
- 2024-07-11 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-772: Missing Release of Resource after Effective Lifetime
CAPEC
References (2)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Juniper Networks Search vendor "Juniper Networks" | Junos OS Evolved Search vendor "Juniper Networks" for product "Junos OS Evolved" | < 21.4R3-S7-EVO Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " < 21.4R3-S7-EVO" | en |
Affected
| ||||||
Juniper Networks Search vendor "Juniper Networks" | Junos OS Evolved Search vendor "Juniper Networks" for product "Junos OS Evolved" | >= 22.3-EVO < 22.3R2-S2-EVO Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " >= 22.3-EVO < 22.3R2-S2-EVO" | en |
Affected
| ||||||
Juniper Networks Search vendor "Juniper Networks" | Junos OS Evolved Search vendor "Juniper Networks" for product "Junos OS Evolved" | >= 22.3-EVO < 22.3R3-S2-EVO Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " >= 22.3-EVO < 22.3R3-S2-EVO" | en |
Affected
| ||||||
Juniper Networks Search vendor "Juniper Networks" | Junos OS Evolved Search vendor "Juniper Networks" for product "Junos OS Evolved" | >= 22.4-EVO < 22.4R3-EVO Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " >= 22.4-EVO < 22.4R3-EVO" | en |
Affected
| ||||||
Juniper Networks Search vendor "Juniper Networks" | Junos OS Evolved Search vendor "Juniper Networks" for product "Junos OS Evolved" | >= 23.2-EVO < 23.2R2-EVO Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " >= 23.2-EVO < 23.2R2-EVO" | en |
Affected
|