{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-39529", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "state": "PUBLISHED", "assignerShortName": "juniper", "dateReserved": "2024-06-25T15:12:53.240Z", "datePublished": "2024-07-11T16:03:26.980Z", "dateUpdated": "2024-08-02T04:26:15.162Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["SRX Series"], "product": "Junos OS", "vendor": "Juniper Networks", "versions": [{"lessThan": "21.4R3-S6", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThan": "22.2R3-S3", "status": "affected", "version": "22.2", "versionType": "semver"}, {"lessThan": "22.3R3-S3", "status": "affected", "version": "22.3", "versionType": "semver"}, {"lessThan": "22.4R3", "status": "affected", "version": "22.4", "versionType": "semver"}, {"lessThan": "23.2R2", "status": "affected", "version": "23.2", "versionType": "semver"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "To be exposed to this issue at least one of DGA or tunnel detection needs to be configured:<br><br><tt>[ services security-metadata-streaming policy &lt;name&gt; dns detections dga ]<br>\n\n[ services security-metadata-streaming policy &lt;name&gt; dns detections tunneling ]</tt>\n\n<br><br>and DNS traceoptions have to be configured:<br><br><tt>[ services dns-filtering traceoptions ... ]</tt>"}], "value": "To be exposed to this issue at least one of DGA or tunnel detection needs to be configured:\n\n[ services security-metadata-streaming policy <name> dns detections dga ]\n\n\n[ services security-metadata-streaming policy <name> dns detections tunneling ]\n\n\n\nand DNS traceoptions have to be configured:\n\n[ services dns-filtering traceoptions ... ]"}], "datePublic": "2024-07-10T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A Use of Externally-Controlled Format String vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">Denial-of-Service (DoS).</span></span><br><br>\n\n<span style=\"background-color: rgb(255, 255, 255);\">If DNS Domain Generation Algorithm (DGA) detection or tunnel detection, and DNS-filtering traceoptions are <span style=\"background-color: rgb(255, 255, 255);\">configured, and specific valid transit DNS traffic is received this causes&nbsp;</span></span>a PFE crash and restart, leading to a Denial of Service.<br><br><span style=\"background-color: var(--wht);\">This issue affects Junos OS: <br><ul><li><span style=\"background-color: var(--wht);\">All versions before 21.4R3-S6,</span></li><li><span style=\"background-color: var(--wht);\">22.2 versions before 22.2R3-S3,</span></li><li><span style=\"background-color: var(--wht);\">22.3 versions before 22.3R3-S3,</span></li><li><span style=\"background-color: var(--wht);\">22.4 versions before 22.4R3,</span></li><li><span style=\"background-color: var(--wht);\">23.2 versions before 23.2R2.</span></li></ul></span>"}], "value": "A Use of Externally-Controlled Format String vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a\u00a0Denial-of-Service (DoS).\n\n\n\nIf DNS Domain Generation Algorithm (DGA) detection or tunnel detection, and DNS-filtering traceoptions are configured, and specific valid transit DNS traffic is received this causes\u00a0a PFE crash and restart, leading to a Denial of Service.\n\nThis issue affects Junos OS: \n * All versions before 21.4R3-S6,\n * 22.2 versions before 22.2R3-S3,\n * 22.3 versions before 22.3R3-S3,\n * 22.4 versions before 22.4R3,\n * 23.2 versions before 23.2R2."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.7, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-134", "description": "CWE-134 Use of Externally-Controlled Format String", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2024-07-11T16:03:26.980Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://supportportal.juniper.net/JSA82988"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The following software releases have been updated to resolve this specific issue: 21.4R3-S6, 22.2R3-S3, 22.3R3-S3, 22.4R3, 23.2R2, 23.4R1, and all subsequent releases."}], "value": "The following software releases have been updated to resolve this specific issue: 21.4R3-S6, 22.2R3-S3, 22.3R3-S3, 22.4R3, 23.2R2, 23.4R1, and all subsequent releases."}], "source": {"advisory": "JSA82988", "defect": ["1755484"], "discovery": "USER"}, "title": "Junos OS: SRX Series: If DNS traceoptions are configured in a DGA or tunnel detection scenario specific DNS traffic leads to a PFE crash", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "There are no known workarounds for this issue."}], "value": "There are no known workarounds for this issue."}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "juniper", "product": "junos_os", "cpes": ["cpe:2.3:o:juniper:junos_os:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "21.4r3-s6", "versionType": "custom"}, {"version": "22.2", "status": "affected", "lessThan": "22.2r3-s3", "versionType": "custom"}, {"version": "22.3", "status": "affected", "lessThan": "22.3r3-s3", "versionType": "custom"}, {"version": "22.4", "status": "affected", "lessThan": "22.4r3", "versionType": "custom"}, {"version": "23.2", "status": "affected", "lessThan": "23.2r2", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-11T18:27:00.817170Z", "id": "CVE-2024-39529", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-12T16:35:49.572Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:26:15.162Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://supportportal.juniper.net/JSA82988"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-39529", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-11T18:27:00.817170Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:juniper:junos_os:*:*:*:*:*:*:*:*"], "vendor": "juniper", "product": "junos_os", "versions": [{"status": "affected", "version": "0", "lessThan": "21.4r3-s6", "versionType": "custom"}, {"status": "affected", "version": "22.2", "lessThan": "22.2r3-s3", "versionType": "custom"}, {"status": "affected", "version": "22.3", "lessThan": "22.3r3-s3", "versionType": "custom"}, {"status": "affected", "version": "22.4", "lessThan": "22.4r3", "versionType": "custom"}, {"status": "affected", "version": "23.2", "lessThan": "23.2r2", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-11T18:29:52.305Z"}}], "cna": {"title": "Junos OS: SRX Series: If DNS traceoptions are configured in a DGA or tunnel detection scenario specific DNS traffic leads to a PFE crash", "source": {"defect": ["1755484"], "advisory": "JSA82988", "discovery": "USER"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Juniper Networks", "product": "Junos OS", "versions": [{"status": "affected", "version": "0", "lessThan": "21.4R3-S6", "versionType": "semver"}, {"status": "affected", "version": "22.2", "lessThan": "22.2R3-S3", "versionType": "semver"}, {"status": "affected", "version": "22.3", "lessThan": "22.3R3-S3", "versionType": "semver"}, {"status": "affected", "version": "22.4", "lessThan": "22.4R3", "versionType": "semver"}, {"status": "affected", "version": "23.2", "lessThan": "23.2R2", "versionType": "semver"}], "platforms": ["SRX Series"], "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.", "supportingMedia": [{"type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.", "base64": false}]}], "solutions": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue: 21.4R3-S6, 22.2R3-S3, 22.3R3-S3, 22.4R3, 23.2R2, 23.4R1, and all subsequent releases.", "supportingMedia": [{"type": "text/html", "value": "The following software releases have been updated to resolve this specific issue: 21.4R3-S6, 22.2R3-S3, 22.3R3-S3, 22.4R3, 23.2R2, 23.4R1, and all subsequent releases.", "base64": false}]}], "datePublic": "2024-07-10T16:00:00.000Z", "references": [{"url": "https://supportportal.juniper.net/JSA82988", "tags": ["vendor-advisory"]}], "workarounds": [{"lang": "en", "value": "There are no known workarounds for this issue.", "supportingMedia": [{"type": "text/html", "value": "There are no known workarounds for this issue.", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A Use of Externally-Controlled Format String vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a\u00a0Denial-of-Service (DoS).\n\n\n\nIf DNS Domain Generation Algorithm (DGA) detection or tunnel detection, and DNS-filtering traceoptions are configured, and specific valid transit DNS traffic is received this causes\u00a0a PFE crash and restart, leading to a Denial of Service.\n\nThis issue affects Junos OS: \n * All versions before 21.4R3-S6,\n * 22.2 versions before 22.2R3-S3,\n * 22.3 versions before 22.3R3-S3,\n * 22.4 versions before 22.4R3,\n * 23.2 versions before 23.2R2.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A Use of Externally-Controlled Format String vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">Denial-of-Service (DoS).</span></span><br><br>\n\n<span style=\"background-color: rgb(255, 255, 255);\">If DNS Domain Generation Algorithm (DGA) detection or tunnel detection, and DNS-filtering traceoptions are <span style=\"background-color: rgb(255, 255, 255);\">configured, and specific valid transit DNS traffic is received this causes&nbsp;</span></span>a PFE crash and restart, leading to a Denial of Service.<br><br><span style=\"background-color: var(--wht);\">This issue affects Junos OS: <br><ul><li><span style=\"background-color: var(--wht);\">All versions before 21.4R3-S6,</span></li><li><span style=\"background-color: var(--wht);\">22.2 versions before 22.2R3-S3,</span></li><li><span style=\"background-color: var(--wht);\">22.3 versions before 22.3R3-S3,</span></li><li><span style=\"background-color: var(--wht);\">22.4 versions before 22.4R3,</span></li><li><span style=\"background-color: var(--wht);\">23.2 versions before 23.2R2.</span></li></ul></span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-134", "description": "CWE-134 Use of Externally-Controlled Format String"}]}], "configurations": [{"lang": "en", "value": "To be exposed to this issue at least one of DGA or tunnel detection needs to be configured:\n\n[ services security-metadata-streaming policy <name> dns detections dga ]\n\n\n[ services security-metadata-streaming policy <name> dns detections tunneling ]\n\n\n\nand DNS traceoptions have to be configured:\n\n[ services dns-filtering traceoptions ... ]", "supportingMedia": [{"type": "text/html", "value": "To be exposed to this issue at least one of DGA or tunnel detection needs to be configured:<br><br><tt>[ services security-metadata-streaming policy &lt;name&gt; dns detections dga ]<br>\n\n[ services security-metadata-streaming policy &lt;name&gt; dns detections tunneling ]</tt>\n\n<br><br>and DNS traceoptions have to be configured:<br><br><tt>[ services dns-filtering traceoptions ... ]</tt>", "base64": false}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2024-07-11T16:03:26.980Z"}}}, "cveMetadata": {"cveId": "CVE-2024-39529", "state": "PUBLISHED", "dateUpdated": "2024-07-12T16:35:49.572Z", "dateReserved": "2024-06-25T15:12:53.240Z", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "datePublished": "2024-07-11T16:03:26.980Z", "assignerShortName": "juniper"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A Use of Externally-Controlled Format String vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a\u00a0Denial-of-Service (DoS).\n\n\n\nIf DNS Domain Generation Algorithm (DGA) detection or tunnel detection, and DNS-filtering traceoptions are configured, and specific valid transit DNS traffic is received this causes\u00a0a PFE crash and restart, leading to a Denial of Service.\n\nThis issue affects Junos OS: \n * All versions before 21.4R3-S6,\n * 22.2 versions before 22.2R3-S3,\n * 22.3 versions before 22.3R3-S3,\n * 22.4 versions before 22.4R3,\n * 23.2 versions before 23.2R2."}, {"lang": "es", "value": "Una vulnerabilidad de uso de cadena de formato controlada externamente en Packet Forwarding Engine (PFE) de Juniper Networks Junos OS en la serie SRX permite que un atacante no autenticado basado en la red provoque una denegaci\u00f3n de servicio (DoS). Si se configuran la detecci\u00f3n del algoritmo de generaci\u00f3n de dominio DNS (DGA) o la detecci\u00f3n de t\u00faneles y las opciones de rastreo de filtrado de DNS, y se recibe tr\u00e1fico DNS de tr\u00e1nsito v\u00e1lido espec\u00edfico, esto provoca un bloqueo y reinicio del PFE, lo que lleva a una denegaci\u00f3n de servicio. Este problema afecta a Junos OS: * Todas las versiones anteriores a 21.4R3-S6, * Versiones 22.2 anteriores a 22.2R3-S3, * Versiones 22.3 anteriores a 22.3R3-S3, * Versiones 22.4 anteriores a 22.4R3, * Versiones 23.2 anteriores a 23.2R2."}], "id": "CVE-2024-39529", "lastModified": "2024-07-11T18:09:58.777", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "sirt@juniper.net", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "LOW", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "HIGH", "vulnerableSystemConfidentiality": "NONE", "vulnerableSystemIntegrity": "NONE"}, "source": "sirt@juniper.net", "type": "Secondary"}]}, "published": "2024-07-11T16:15:04.343", "references": [{"source": "sirt@juniper.net", "url": "https://supportportal.juniper.net/JSA82988"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-134"}], "source": "sirt@juniper.net", "type": "Secondary"}]}

{}