ГлавнаяУязвимости → CVE-2024-39529
7.5высокая

CVE-2024-39529

Описание

A Use of Externally-Controlled Format String vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If DNS Domain Generation Algorithm (DGA) detection or tunnel detection, and DNS-filtering traceoptions are configured, and specific valid transit DNS traffic is received this causes a PFE crash and restart, leading to a Denial of Service. This issue affects Junos OS: * All versions before 21.4R3-S6, * 22.2 versions before 22.2R3-S3, * 22.3 versions before 22.3R3-S3, * 22.4 versions before 22.4R3, * 23.2 versions before 23.2R2.

Затрагиваемое ПО
Juniper JunosJuniper Srx100Juniper Srx110Juniper Srx1400Juniper Srx1500Juniper Srx1600Juniper Srx210Juniper Srx220Juniper Srx2300Juniper Srx240Juniper Srx240h2Juniper Srx240mJuniper Srx300Juniper Srx320Juniper Srx340Juniper Srx3400Juniper Srx345Juniper Srx3600Juniper Srx380Juniper Srx4000Juniper Srx4100Juniper Srx4200Juniper Srx4300Juniper Srx4600Juniper Srx4700
CVSS
Балл7.5 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Источники
https://supportportal.juniper.net/JSA82988https://supportportal.juniper.net/JSA82988