fkie_cve-2024-39553
Vulnerability from fkie_nvd
Published
2024-07-11 17:15
Modified
2024-11-21 09:27
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Summary
An Exposure of Resource to Wrong Sphere vulnerability in the sampling service of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to send arbitrary data to the device, which leads msvcsd process to crash with limited availability impacting Denial of Service (DoS) and allows unauthorized network access to the device, potentially impacting system integrity. This issue only happens when inline jflow is configured. This does not impact any forwarding traffic. The impacted services MSVCS-DB app crashes momentarily and recovers by itself.  This issue affects Juniper Networks Junos OS Evolved:  * 21.4 versions earlier than 21.4R3-S7-EVO;  * 22.2 versions earlier than 22.2R3-S3-EVO; * 22.3 versions earlier than 22.3R3-S2-EVO; * 22.4 versions earlier than 22.4R3-EVO; * 23.2 versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO.
References
sirt@juniper.nethttps://supportportal.juniper.net/JSA79101
af854a3a-2127-422b-91ae-364da2661108https://supportportal.juniper.net/JSA79101
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An Exposure of Resource to Wrong Sphere vulnerability in the sampling service\u00a0of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to send arbitrary data to the device, which leads msvcsd process to crash with limited availability impacting Denial of Service (DoS) and allows unauthorized network access to the device, potentially impacting system integrity.\n\nThis issue only happens when inline jflow is configured.\n\nThis does not impact any forwarding traffic. The impacted services MSVCS-DB app crashes momentarily and recovers by itself.\u00a0\n\nThis issue affects Juniper Networks Junos OS Evolved:\u00a0\n  *  21.4 versions earlier than 21.4R3-S7-EVO;\u00a0\n  *  22.2 versions earlier than\u00a022.2R3-S3-EVO;\n  *  22.3 versions earlier than 22.3R3-S2-EVO;\n  *  22.4 versions earlier than 22.4R3-EVO;\n  *  23.2 versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de exposici\u00f3n de recursos a una esfera incorrecta en el servicio de muestreo de Juniper Networks Junos OS Evolved permite que un atacante basado en red no autenticado env\u00ede datos arbitrarios al dispositivo, lo que provoca que el proceso msvcsd falle con disponibilidad limitada, lo que afecta la denegaci\u00f3n de servicio (DoS) y permite el acceso no autorizado a la red al dispositivo, lo que podr\u00eda afectar la integridad del sistema. Este problema solo ocurre cuando se configura jflow en l\u00ednea. Esto no afecta el tr\u00e1fico de reenv\u00edo. La aplicaci\u00f3n MSVCS-DB de servicios afectados falla moment\u00e1neamente y se recupera por s\u00ed sola. Este problema afecta a Juniper Networks Junos OS Evolved: * Versiones 21.4 anteriores a 21.4R3-S7-EVO; * Versiones 22.2 anteriores a 22.2R3-S3-EVO; * Versiones 22.3 anteriores a 22.3R3-S2-EVO; * Versiones 22.4 anteriores a 22.4R3-EVO; * Versiones 23.2 anteriores a 23.2R1-S2-EVO, 23.2R2-EVO."
    }
  ],
  "id": "CVE-2024-39553",
  "lastModified": "2024-11-21T09:27:59.850",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.5,
        "source": "sirt@juniper.net",
        "type": "Secondary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "AUTOMATIC",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 6.9,
          "baseSeverity": "MEDIUM",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "LOW",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:A/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "LOW",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "LOW",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "sirt@juniper.net",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-07-11T17:15:16.620",
  "references": [
    {
      "source": "sirt@juniper.net",
      "url": "https://supportportal.juniper.net/JSA79101"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://supportportal.juniper.net/JSA79101"
    }
  ],
  "sourceIdentifier": "sirt@juniper.net",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-668"
        }
      ],
      "source": "sirt@juniper.net",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.