CVE-2024-21616
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
12/01/2024
Last modified:
19/01/2024
Description
<br />
An Improper Validation of Syntactic Correctness of Input vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS).<br />
<br />
On all Junos OS MX Series and SRX Series platforms, when SIP ALG is enabled, and a specific SIP packet is received and processed, NAT IP allocation fails for genuine traffic, which causes Denial of Service (DoS). Continuous receipt of this specific SIP ALG packet will cause a sustained DoS condition.<br />
<br />
NAT IP usage can be monitored by running the following command.<br />
<br />
user@srx> show security nat resource-usage source-pool <br />
<br />
<br />
Pool name: source_pool_name<br />
..<br />
Address Factor-index Port-range Used Avail Total Usage<br />
X.X.X.X<br />
0 Single Ports 50258 52342 62464 96%
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:21.2:r1:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:21.2:r1-s1:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:21.2:r1-s2:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:21.2:r2:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:21.2:r2-s1:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:21.2:r2-s2:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:21.2:r3:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:21.2:r3-s1:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:21.2:r3-s2:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:21.2:r3-s3:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:21.2:r3-s4:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:21.2:r3-s5:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:21.3:-:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:21.3:r1:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page