CVE-2024-39553

11.07.2024, 17:15

An Exposure of Resource to Wrong Sphere vulnerability in the sampling serviceof Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to send arbitrary data to the device, which leads msvcsd process to crash with limited availability impacting Denial of Service (DoS) and allows unauthorized network access to the device, potentially impacting system integrity.

This issue only happens when inline jflow is configured.

This does not impact any forwarding traffic. The impacted services MSVCS-DB app crashes momentarily and recovers by itself.

This issue affects Juniper Networks Junos OS Evolved:
  *  21.4 versions earlier than 21.4R3-S7-EVO;
  *  22.2 versions earlier than22.2R3-S3-EVO;
  *  22.3 versions earlier than 22.3R3-S2-EVO;
  *  22.4 versions earlier than 22.4R3-EVO;
  *  23.2 versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.5 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
juniper	CNA	6.5 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
CISA-ADP	ADP	---				---
CVE	ADP	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 44%

Common Weakness Enumeration

CWE-668 - Exposure of Resource to Wrong Sphere
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

References

https://supportportal.juniper.net/JSA79101