CVE-2024-39545 - Vulnerability Details

CVE-2024-39545 - Junos OS: SRX Series, MX Series with SPC3 and NFX350: When VPN tunnels parameters are not configured in specific way the iked process will crash

An Improper Check for Unusual or Exceptional Conditions vulnerability in the the IKE daemon (iked) of Juniper Networks Junos OS on SRX Series, MX Series with SPC3 and NFX350 allows allows an unauthenticated, network-based attacker sending specific mismatching parameters as part of the IPsec negotiation to trigger an iked crash leading to Denial of Service (DoS).

This issue is applicable to all platforms that run iked. This issue affects Junos OS on SRX Series, MX Series with SPC3 and NFX350:

* All versions before 21.2R3-S8,
* from 21.4 before 21.4R3-S7,
* from 22.1 before 22.1R3-S2,
* from 22.2 before 22.2R3-S1,
* from 22.3 before 22.3R2-S1, 22.3R3,
* from 22.4 before 22.4R1-S2, 22.4R2, 22.4R3.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact Low

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00395.

Exploitation none

Automatable yes

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Juniper Networks

Junos OS

unaffected

Version	Status	Constraints
`0`	affected	< 21.2R3-S8
`21.4`	affected	< 21.4R3-S7
`22.1`	affected	< 22.1R3-S2
`22.2`	affected	< 22.2R3-S1
`22.3`	affected	< 22.3R2-S1, 22.3R3
`22.4`	affected	< 22.4R1-S2, 22.4R2, 22.4R3

Configuration 1 [-]

AND

OR	cpe:2.3:o:juniper:junos::::::::
	cpe:2.3:o:juniper:junos:21.2:-::::::
	cpe:2.3:o:juniper:junos:21.2:r1::::::
	cpe:2.3:o:juniper:junos:21.2:r1-s1::::::
	cpe:2.3:o:juniper:junos:21.2:r1-s2::::::
	cpe:2.3:o:juniper:junos:21.2:r2::::::
	cpe:2.3:o:juniper:junos:21.2:r2-s1::::::
	cpe:2.3:o:juniper:junos:21.2:r2-s2::::::
	cpe:2.3:o:juniper:junos:21.2:r3::::::
	cpe:2.3:o:juniper:junos:21.2:r3-s1::::::
	cpe:2.3:o:juniper:junos:21.2:r3-s2::::::
	cpe:2.3:o:juniper:junos:21.2:r3-s3::::::
	cpe:2.3:o:juniper:junos:21.2:r3-s4::::::
	cpe:2.3:o:juniper:junos:21.2:r3-s5::::::
	cpe:2.3:o:juniper:junos:21.2:r3-s6::::::
	cpe:2.3:o:juniper:junos:21.2:r3-s7::::::
	cpe:2.3:o:juniper:junos:21.4:-::::::
	cpe:2.3:o:juniper:junos:21.4:r1::::::
	cpe:2.3:o:juniper:junos:21.4:r1-s1::::::
	cpe:2.3:o:juniper:junos:21.4:r1-s2::::::
	cpe:2.3:o:juniper:junos:21.4:r2::::::
	cpe:2.3:o:juniper:junos:21.4:r2-s1::::::
	cpe:2.3:o:juniper:junos:21.4:r2-s2::::::
	cpe:2.3:o:juniper:junos:21.4:r3::::::
	cpe:2.3:o:juniper:junos:21.4:r3-s1::::::
	cpe:2.3:o:juniper:junos:21.4:r3-s2::::::
	cpe:2.3:o:juniper:junos:21.4:r3-s3::::::
	cpe:2.3:o:juniper:junos:21.4:r3-s4::::::
	cpe:2.3:o:juniper:junos:21.4:r3-s5::::::
	cpe:2.3:o:juniper:junos:21.4:r3-s6::::::
	cpe:2.3:o:juniper:junos:22.1:-::::::
	cpe:2.3:o:juniper:junos:22.1:r1::::::
	cpe:2.3:o:juniper:junos:22.1:r1-s1::::::
	cpe:2.3:o:juniper:junos:22.1:r1-s2::::::
	cpe:2.3:o:juniper:junos:22.1:r2::::::
	cpe:2.3:o:juniper:junos:22.1:r2-s1::::::
	cpe:2.3:o:juniper:junos:22.1:r2-s2::::::
	cpe:2.3:o:juniper:junos:22.1:r3::::::
	cpe:2.3:o:juniper:junos:22.1:r3-s1::::::
	cpe:2.3:o:juniper:junos:22.2:-::::::
	cpe:2.3:o:juniper:junos:22.2:r1::::::
	cpe:2.3:o:juniper:junos:22.2:r1-s1::::::
	cpe:2.3:o:juniper:junos:22.2:r1-s2::::::
	cpe:2.3:o:juniper:junos:22.2:r2::::::
	cpe:2.3:o:juniper:junos:22.2:r2-s1::::::
	cpe:2.3:o:juniper:junos:22.2:r2-s2::::::
	cpe:2.3:o:juniper:junos:22.2:r3::::::
	cpe:2.3:o:juniper:junos:22.3:-::::::
	cpe:2.3:o:juniper:junos:22.3:r1::::::
	cpe:2.3:o:juniper:junos:22.3:r1-s1::::::
	cpe:2.3:o:juniper:junos:22.3:r1-s2::::::
	cpe:2.3:o:juniper:junos:22.3:r2::::::
	cpe:2.3:o:juniper:junos:22.3:r3::::::
	cpe:2.3:o:juniper:junos:22.4:-::::::
	cpe:2.3:o:juniper:junos:22.4:r1::::::
	cpe:2.3:o:juniper:junos:22.4:r1-s1::::::
	cpe:2.3:o:juniper:junos:22.4:r2::::::
	cpe:2.3:o:juniper:junos:22.4:r3::::::

OR	cpe:2.3:h:juniper:mx-spc3:-:::::::*
	cpe:2.3:h:juniper:mx10004:-:::::::*
	cpe:2.3:h:juniper:mx10008:-:::::::*
	cpe:2.3:h:juniper:mx2008:-:::::::*
	cpe:2.3:h:juniper:mx2010:-:::::::*
	cpe:2.3:h:juniper:mx2020:-:::::::*
	cpe:2.3:h:juniper:mx204:-:::::::*
	cpe:2.3:h:juniper:mx240:-:::::::*
	cpe:2.3:h:juniper:mx304:-:::::::*
	cpe:2.3:h:juniper:mx480:-:::::::*
	cpe:2.3:h:juniper:mx960:-:::::::*
	cpe:2.3:h:juniper:nfx350:-:::::::*
	cpe:2.3:h:juniper:srx1500:-:::::::*
	cpe:2.3:h:juniper:srx1600:-:::::::*
	cpe:2.3:h:juniper:srx2300:-:::::::*
	cpe:2.3:h:juniper:srx300:-:::::::*
	cpe:2.3:h:juniper:srx320:-:::::::*
	cpe:2.3:h:juniper:srx340:-:::::::*
	cpe:2.3:h:juniper:srx345:-:::::::*
	cpe:2.3:h:juniper:srx380:-:::::::*
	cpe:2.3:h:juniper:srx4100:-:::::::*
	cpe:2.3:h:juniper:srx4120:-:::::::*
	cpe:2.3:h:juniper:srx4200:-:::::::*
	cpe:2.3:h:juniper:srx4300:-:::::::*
	cpe:2.3:h:juniper:srx4600:-:::::::*
	cpe:2.3:h:juniper:srx4700:-:::::::*
	cpe:2.3:h:juniper:srx5400:-:::::::*
	cpe:2.3:h:juniper:srx5600:-:::::::*
	cpe:2.3:h:juniper:srx5800:-:::::::*

No data.

Project Subscriptions

Vendors	Products
Juniper Subscribe	Junos Subscribe Junos Os Subscribe Mx-spc3 Subscribe Mx10004 Subscribe Mx10008 Subscribe Mx2008 Subscribe Mx2010 Subscribe Mx2020 Subscribe Mx204 Subscribe Mx240 Subscribe Mx304 Subscribe Mx480 Subscribe Mx960 Subscribe Nfx350 Subscribe Srx1500 Subscribe Srx1600 Subscribe Srx2300 Subscribe Srx300 Subscribe Srx320 Subscribe Srx340 Subscribe Srx345 Subscribe Srx380 Subscribe Srx4100 Subscribe Srx4120 Subscribe Srx4200 Subscribe Srx4300 Subscribe Srx4600 Subscribe Srx4700 Subscribe Srx5400 Subscribe Srx5600 Subscribe Srx5800 Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2024-38071	An Improper Check for Unusual or Exceptional Conditions vulnerability in the the IKE daemon (iked) of Juniper Networks Junos OS on SRX Series, MX Series with SPC3 and NFX350 allows allows an unauthenticated, network-based attacker sending specific mismatching parameters as part of the IPsec negotiation to trigger an iked crash leading to Denial of Service (DoS). This issue is applicable to all platforms that run iked. This issue affects Junos OS on SRX Series, MX Series with SPC3 and NFX350: * All versions before 21.2R3-S8, * from 21.4 before 21.4R3-S7, * from 22.1 before 22.1R3-S2, * from 22.2 before 22.2R3-S1, * from 22.3 before 22.3R2-S1, 22.3R3, * from 22.4 before 22.4R1-S2, 22.4R2, 22.4R3.

Fixes

Solution

The following software releases have been updated to resolve this specific issue: Junos OS: 21.2R3-S8, 21.4R3-S7, 22.1R3-J1, 22.1R3-S2, 22.2R3-S1, 22.3R2-S1, 22.3R3, 22.4R1-S2, 22.4R2, 22.4R3, 23.2R1, and all subsequent releases.

Workaround

There are no known workarounds for this issue.

References

Link	Providers
https://supportportal.juniper.net/JSA83007

History

Fri, 23 Jan 2026 19:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Juniper junos Juniper mx-spc3 Juniper mx10004 Juniper mx10008 Juniper mx2008 Juniper mx2010 Juniper mx2020 Juniper mx204 Juniper mx240 Juniper mx304 Juniper mx480 Juniper mx960 Juniper nfx350 Juniper srx1500 Juniper srx1600 Juniper srx2300 Juniper srx300 Juniper srx320 Juniper srx340 Juniper srx345 Juniper srx380 Juniper srx4100 Juniper srx4120 Juniper srx4200 Juniper srx4300 Juniper srx4600 Juniper srx4700 Juniper srx5400 Juniper srx5600 Juniper srx5800
CPEs		cpe:2.3:h:juniper:mx-spc3:-:::::::* cpe:2.3:h:juniper:mx10004:-:::::::* cpe:2.3:h:juniper:mx10008:-:::::::* cpe:2.3:h:juniper:mx2008:-:::::::* cpe:2.3:h:juniper:mx2010:-:::::::* cpe:2.3:h:juniper:mx2020:-:::::::* cpe:2.3:h:juniper:mx204:-:::::::* cpe:2.3:h:juniper:mx240:-:::::::* cpe:2.3:h:juniper:mx304:-:::::::* cpe:2.3:h:juniper:mx480:-:::::::* cpe:2.3:h:juniper:mx960:-:::::::* cpe:2.3:h:juniper:nfx350:-:::::::* cpe:2.3:h:juniper:srx1500:-:::::::* cpe:2.3:h:juniper:srx1600:-:::::::* cpe:2.3:h:juniper:srx2300:-:::::::* cpe:2.3:h:juniper:srx300:-:::::::* cpe:2.3:h:juniper:srx320:-:::::::* cpe:2.3:h:juniper:srx340:-:::::::* cpe:2.3:h:juniper:srx345:-:::::::* cpe:2.3:h:juniper:srx380:-:::::::* cpe:2.3:h:juniper:srx4100:-:::::::* cpe:2.3:h:juniper:srx4120:-:::::::* cpe:2.3:h:juniper:srx4200:-:::::::* cpe:2.3:h:juniper:srx4300:-:::::::* cpe:2.3:h:juniper:srx4600:-:::::::* cpe:2.3:h:juniper:srx4700:-:::::::* cpe:2.3:h:juniper:srx5400:-:::::::* cpe:2.3:h:juniper:srx5600:-:::::::* cpe:2.3:h:juniper:srx5800:-:::::::* cpe:2.3:o:juniper:junos:::::::: cpe:2.3:o:juniper:junos:21.2:-:::::: cpe:2.3:o:juniper:junos:21.2:r1-s1:::::: cpe:2.3:o:juniper:junos:21.2:r1-s2:::::: cpe:2.3:o:juniper:junos:21.2:r1:::::: cpe:2.3:o:juniper:junos:21.2:r2-s1:::::: cpe:2.3:o:juniper:junos:21.2:r2-s2:::::: cpe:2.3:o:juniper:junos:21.2:r2:::::: cpe:2.3:o:juniper:junos:21.2:r3-s1:::::: cpe:2.3:o:juniper:junos:21.2:r3-s2:::::: cpe:2.3:o:juniper:junos:21.2:r3-s3:::::: cpe:2.3:o:juniper:junos:21.2:r3-s4:::::: cpe:2.3:o:juniper:junos:21.2:r3-s5:::::: cpe:2.3:o:juniper:junos:21.2:r3-s6:::::: cpe:2.3:o:juniper:junos:21.2:r3-s7:::::: cpe:2.3:o:juniper:junos:21.2:r3:::::: cpe:2.3:o:juniper:junos:21.4:-:::::: cpe:2.3:o:juniper:junos:21.4:r1-s1:::::: cpe:2.3:o:juniper:junos:21.4:r1-s2:::::: cpe:2.3:o:juniper:junos:21.4:r1:::::: cpe:2.3:o:juniper:junos:21.4:r2-s1:::::: cpe:2.3:o:juniper:junos:21.4:r2-s2:::::: cpe:2.3:o:juniper:junos:21.4:r2:::::: cpe:2.3:o:juniper:junos:21.4:r3-s1:::::: cpe:2.3:o:juniper:junos:21.4:r3-s2:::::: cpe:2.3:o:juniper:junos:21.4:r3-s3:::::: cpe:2.3:o:juniper:junos:21.4:r3-s4:::::: cpe:2.3:o:juniper:junos:21.4:r3-s5:::::: cpe:2.3:o:juniper:junos:21.4:r3-s6:::::: cpe:2.3:o:juniper:junos:21.4:r3:::::: cpe:2.3:o:juniper:junos:22.1:-:::::: cpe:2.3:o:juniper:junos:22.1:r1-s1:::::: cpe:2.3:o:juniper:junos:22.1:r1-s2:::::: cpe:2.3:o:juniper:junos:22.1:r1:::::: cpe:2.3:o:juniper:junos:22.1:r2-s1:::::: cpe:2.3:o:juniper:junos:22.1:r2-s2:::::: cpe:2.3:o:juniper:junos:22.1:r2:::::: cpe:2.3:o:juniper:junos:22.1:r3-s1:::::: cpe:2.3:o:juniper:junos:22.1:r3:::::: cpe:2.3:o:juniper:junos:22.2:-:::::: cpe:2.3:o:juniper:junos:22.2:r1-s1:::::: cpe:2.3:o:juniper:junos:22.2:r1-s2:::::: cpe:2.3:o:juniper:junos:22.2:r1:::::: cpe:2.3:o:juniper:junos:22.2:r2-s1:::::: cpe:2.3:o:juniper:junos:22.2:r2-s2:::::: cpe:2.3:o:juniper:junos:22.2:r2:::::: cpe:2.3:o:juniper:junos:22.2:r3:::::: cpe:2.3:o:juniper:junos:22.3:-:::::: cpe:2.3:o:juniper:junos:22.3:r1-s1:::::: cpe:2.3:o:juniper:junos:22.3:r1-s2:::::: cpe:2.3:o:juniper:junos:22.3:r1:::::: cpe:2.3:o:juniper:junos:22.3:r2:::::: cpe:2.3:o:juniper:junos:22.3:r3:::::: cpe:2.3:o:juniper:junos:22.4:-:::::: cpe:2.3:o:juniper:junos:22.4:r1-s1:::::: cpe:2.3:o:juniper:junos:22.4:r1:::::: cpe:2.3:o:juniper:junos:22.4:r2:::::: cpe:2.3:o:juniper:junos:22.4:r3::::::
Vendors & Products		Juniper junos Juniper mx-spc3 Juniper mx10004 Juniper mx10008 Juniper mx2008 Juniper mx2010 Juniper mx2020 Juniper mx204 Juniper mx240 Juniper mx304 Juniper mx480 Juniper mx960 Juniper nfx350 Juniper srx1500 Juniper srx1600 Juniper srx2300 Juniper srx300 Juniper srx320 Juniper srx340 Juniper srx345 Juniper srx380 Juniper srx4100 Juniper srx4120 Juniper srx4200 Juniper srx4300 Juniper srx4600 Juniper srx4700 Juniper srx5400 Juniper srx5600 Juniper srx5800

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: juniper

Published: 2024-07-11T16:22:13.915Z

Updated: 2024-08-02T04:26:15.979Z

Reserved: 2024-06-25T15:12:53.245Z

Link: CVE-2024-39545

Vulnrichment

Updated: 2024-07-11T17:35:57.625Z

NVD

Status : Analyzed

Published: 2024-07-11T17:15:13.823

Modified: 2026-01-23T19:23:53.800

Link: CVE-2024-39545

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-754

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact Low

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object