CVE-2024-39553 Information

Description

An Exposure of Resource to Wrong Sphere vulnerability in the sampling service of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to send arbitrary data to the device which leads msvcsd process to crash with limited availability impacting Denial of Service (DoS) and allows unauthorized network access to the device potentially impacting system integrity.

This issue only happens when inline jflow is configured.

This does not impact any forwarding traffic. The impacted services MSVCS-DB app crashes momentarily and recovers by itself. 

This issue affects Juniper Networks Junos OS Evolved:  21.4 versions earlier than 21.4R3-S7-EVO;  22.2 versions earlier than 22.2R3-S3-EVO; 22.3 versions earlier than 22.3R3-S2-EVO; 22.4 versions earlier than 22.4R3-EVO; 23.2 versions earlier than 23.2R1-S2-EVO 23.2R2-EVO.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Reference

https://supportportal.juniper.net/JSA79101

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

LOW

Base Score

LOW

Base Severity

6.5