CVE-2024-39553 Vulnerability Details

  /     /     /  

CVE-2024-39553 Metadata Quick Info

CVE Published: 11/07/2024 | CVE Updated: 02/08/2024 | CVE Year: 2024
Source: juniper | Vendor: Juniper Networks | Product: Junos OS Evolved
Status : PUBLISHED

---

CVE-2024-39553 Description

An Exposure of Resource to Wrong Sphere vulnerability in the sampling service of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to send arbitrary data to the device, which leads msvcsd process to crash with limited availability impacting Denial of Service (DoS) and allows unauthorized network access to the device, potentially impacting system integrity. This issue only happens when inline jflow is configured. This does not impact any forwarding traffic. The impacted services MSVCS-DB app crashes momentarily and recovers by itself.  This issue affects Juniper Networks Junos OS Evolved:  * 21.4 versions earlier than 21.4R3-S7-EVO;  * 22.2 versions earlier than 22.2R3-S3-EVO; * 22.3 versions earlier than 22.3R3-S2-EVO; * 22.4 versions earlier than 22.4R3-EVO; * 23.2 versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO.

Metrics

CVSS Version: 3.1 | Base Score: 6.5 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* NONE
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* NONE
    Integrity Impact (I)* LOW
    Availability Impact (A)* LOW

Weakness Enumeration (CWE)

CWE-ID: CWE-668
CWE Name: CWE-668: Exposure of Resource to Wrong Sphere
Source: Juniper Networks

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).