Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-30405— Junos OS: SRX 5000 Series with SPC2: Processing of specific crafted packets when ALG is enabled causes a transit traffic Denial of Service

CVSS 7.5 · High EPSS 0.14% · P34
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-30405

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Junos OS: SRX 5000 Series with SPC2: Processing of specific crafted packets when ALG is enabled causes a transit traffic Denial of Service
Source: NVD (National Vulnerability Database)
Vulnerability Description
An Incorrect Calculation of Buffer Size vulnerability in Juniper Networks Junos OS SRX 5000 Series devices using SPC2 line cards while ALGs are enabled allows an attacker sending specific crafted packets to cause a transit traffic Denial of Service (DoS). Continued receipt and processing of these specific packets will sustain the Denial of Service condition. This issue affects: Juniper Networks Junos OS SRX 5000 Series with SPC2 with ALGs enabled. * All versions earlier than 21.2R3-S7; * 21.4 versions earlier than 21.4R3-S6; * 22.1 versions earlier than 22.1R3-S5; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R2.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
缓冲区大小计算不正确
Source: NVD (National Vulnerability Database)
Vulnerability Title
Juniper Networks Junos OS SRX 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Juniper Networks Junos OS SRX是美国瞻博网络(Juniper Networks)公司的一套专用于该公司的硬件设备的网络操作系统。该操作系统提供了安全编程接口和Junos SDK。 Juniper Networks Junos OS SRX 5000 21.2R3-S7之前、21.4R3-S6之前、22.1R3-S5之前、22.2R3-S3之前、22.3R3-S2之前版本存在安全漏洞,该漏洞源于设备中使用 SPC2 线卡的缓冲区大小计算不正确,允许攻击者发送特定的精心设计的数据包
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
Juniper NetworksJunos OS 0 ~ 21.2R3-S7 -

II. Public POCs for CVE-2024-30405

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2024-30405

登录查看更多情报信息。

Same Patch Batch · Juniper Networks · 2024-04-12 · 29 CVEs total

CVE-2024-303818.4 HIGHParagon Active Assurance: probe_serviced exposes internal objects to local users
CVE-2024-303987.5 HIGHJunos OS: SRX4600 Series - A high amount of specific traffic causes packet drops and an ev
CVE-2024-215987.5 HIGHJunos OS and Junos OS Evolved: A malformed BGP tunnel encapsulation attribute will lead to
CVE-2024-303977.5 HIGHJunos OS: An invalid certificate causes a Denial of Service in the Internet Key Exchange (
CVE-2024-303827.5 HIGHJunos OS and Junos OS Evolved: RPD crash when CoS-based forwarding (CBF) policy is configu
CVE-2024-303927.5 HIGHJunos OS: MX Series with SPC3 and MS-MPC/-MIC: When URL filtering is enabled and a specifi
CVE-2024-303947.5 HIGHJunos OS and Junos OS Evolved: A specific EVPN type-5 route causes rpd crash
CVE-2024-303957.5 HIGHJunos OS and Junos OS Evolved: A malformed BGP tunnel encapsulation attribute will lead to
CVE-2024-304036.5 MEDIUMJunos OS Evolved: When MAC learning happens, and an interface gets flapped, the PFE crashe
CVE-2024-303876.5 MEDIUMJunos OS: ACX5448 & ACX710: Due to interface flaps the PFE process can crash
CVE-2024-303886.5 MEDIUMJunos OS: QFX5000 Series and EX Series: Specific malformed LACP packets will cause flaps
CVE-2024-216186.5 MEDIUMJunos OS and Junos OS Evolved: When LLDP is enabled and a malformed LLDP packet is receive
CVE-2024-216096.5 MEDIUMJunos OS: MX Series with SPC3, and SRX Series: If specific IPsec parameters are negotiated
CVE-2024-215936.5 MEDIUMJunos OS: MX Series with MPC10, MPC11, LC9600, and MX304: A specific MPLS packet will caus
CVE-2024-216056.5 MEDIUMJunos OS: SRX 300 Series: Specific link local traffic causes a control plane overload
CVE-2024-304025.9 MEDIUMJunos OS and Junos OS Evolved: The l2ald crashes on receiving telemetry messages from a sp
CVE-2024-304015.9 MEDIUMJunos OS: MX Series and EX9200-15C: Stack-based buffer overflow in aftman
CVE-2024-304105.8 MEDIUMJunos OS: EX4300 Series: Loopback filter not blocking traffic despite having discard term.
CVE-2024-303895.8 MEDIUMJunos OS: EX4300 Series: Firewall filter not blocking egress traffic
CVE-2024-303845.5 MEDIUMJunos OS: EX4300 Series: If a specific CLI command is issued PFE crashes will occur

Showing top 20 of 29 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Junos OS
Same vendor: Juniper Networks
Same weakness: CWE-131

V. Comments for CVE-2024-30405

No comments yet

Leave a comment