CVE-2024-21616

{"id": "CVE-2024-21616", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "sirt@juniper.net", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-01-12T01:15:50.027", "references": [{"url": "https://supportportal.juniper.net/JSA75757", "tags": ["Vendor Advisory"], "source": "sirt@juniper.net"}, {"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "tags": ["Third Party Advisory"], "source": "sirt@juniper.net"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "sirt@juniper.net", "description": [{"lang": "en", "value": "CWE-1286"}]}], "descriptions": [{"lang": "en", "value": "\nAn Improper Validation of Syntactic Correctness of Input vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS).\n\nOn all Junos OS MX Series and SRX Series platforms, when SIP ALG is enabled, and a specific SIP packet is received and processed, NAT IP allocation fails for genuine traffic, which causes Denial of Service (DoS). Continuous receipt of this specific SIP ALG packet will cause a sustained DoS condition.\n\nNAT IP usage can be monitored by running the following command.\n\nuser@srx> show security nat resource-usage source-pool <source_pool_name>\n\n\nPool name: source_pool_name\n..\nAddress Factor-index Port-range Used Avail Total Usage\nX.X.X.X\n0 Single Ports 50258 52342 62464 96% <<<<<\n- Alg Ports 0 2048 2048 0%\nThis issue affects:\n\nJuniper Networks Junos OS on MX Series and SRX Series\n\n\n\n * All versions earlier than 21.2R3-S6;\n * 21.3 versions earlier than 21.3R3-S5;\n * 21.4 versions earlier than 21.4R3-S5;\n * 22.1 versions earlier than 22.1R3-S4;\n * 22.2 versions earlier than 22.2R3-S3;\n * 22.3 versions earlier than 22.3R3-S1;\n * 22.4 versions earlier than 22.4R2-S2, 22.4R3;\n * 23.2 versions earlier than 23.2R1-S1, 23.2R2.\n\n\n\n\n\n\n"}, {"lang": "es", "value": "Una vulnerabilidad de validaci\u00f3n inadecuada de la correcci\u00f3n sint\u00e1ctica de la entrada en Packet Forwarding Engine (PFE) de Juniper Networks Junos OS permite que un atacante no autenticado basado en la red provoque una denegaci\u00f3n de servicio (DoS). En todas las plataformas Junos OS MX Series y SRX Series, cuando SIP ALG est\u00e1 habilitado y se recibe y procesa un paquete SIP espec\u00edfico, la asignaci\u00f3n de IP NAT falla para el tr\u00e1fico genuino, lo que provoca una denegaci\u00f3n de servicio (DoS). La recepci\u00f3n continua de este paquete SIP ALG espec\u00edfico provocar\u00e1 una condici\u00f3n DoS sostenida. El uso de NAT IP se puede monitorear ejecutando el siguiente comando. user@srx&gt; show security nat resource-usage source-pool Pool name: source_pool_name. Direcci\u00f3n Factor-\u00edndice Rango de puertos Disponibilidad utilizada Uso total XXXX 0 Puertos individuales 50258 52342 62464 96% &lt;&lt;&lt;&lt;&lt; - Puertos Alg 0 2048 2048 0% Este problema afecta a: Juniper Networks Junos OS en las series MX y SRX * Todas las versiones anteriores a 21.2R3-S6; * Versiones 21.3 anteriores a 21.3R3-S5; * Versiones 21.4 anteriores a 21.4R3-S5; * Versiones 22.1 anteriores a 22.1R3-S4; * Versiones 22.2 anteriores a 22.2R3-S3; * Versiones 22.3 anteriores a 22.3R3-S1; * Versiones 22.4 anteriores a 22.4R2-S2, 22.4R3; * Versiones 23.2 anteriores a 23.2R1-S1, 23.2R2."}], "lastModified": "2024-01-19T20:37:44.537", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "216E7DDE-453D-481F-92E2-9F8466CDDA3F"}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A52AF794-B36B-43A6-82E9-628658624B0A"}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:r1-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3998DC76-F72F-4452-9150-652140B113EB"}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:r1-s2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36ED4552-2420-45F9-B6E4-6DA2B2B12870"}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:r2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C28A14E7-7EA0-4757-9764-E39A27CFDFA5"}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:r2-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A43752D-A4AF-4B4E-B95B-192E42883A5B"}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:r2-s2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42986538-E9D0-4C2E-B1C4-A763A4EE451B"}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:r3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE22CA01-EA7E-4EE5-B59F-EE100688C1DA"}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E596ABD9-6ECD-48DC-B770-87B7E62EA345"}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "71745D02-D226-44DC-91AD-678C85F5E6FC"}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "39E44B09-7310-428C-8144-AE9DB0484D1F"}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53938295-8999-4316-9DED-88E24D037852"}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2307BF56-640F-49A8-B060-6ACB0F653A61"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:21.3:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E7D597D-F6B6-44C3-9EBC-4FA0686ACB5C"}, {"criteria": "cpe:2.3:o:juniper:junos:21.3:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC78A4CB-D617-43FC-BB51-287D2D0C44ED"}, {"criteria": "cpe:2.3:o:juniper:junos:21.3:r1-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30FF67F8-1E3C-47A8-8859-709B3614BA6E"}, {"criteria": "cpe:2.3:o:juniper:junos:21.3:r1-s2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C7C507E-C85E-4BC6-A3B0-549516BAB524"}, {"criteria": "cpe:2.3:o:juniper:junos:21.3:r2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6514CDE8-35DC-469F-89A3-078684D18F7A"}, {"criteria": "cpe:2.3:o:juniper:junos:21.3:r2-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4624565D-8F59-44A8-B7A8-01AD579745E7"}, {"criteria": "cpe:2.3:o:juniper:junos:21.3:r2-s2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4BF8CD82-C338-4D9A-8C98-FCB3CEAA9227"}, {"criteria": "cpe:2.3:o:juniper:junos:21.3:r3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "57E08E70-1AF3-4BA5-9A09-06DFE9663ADE"}, {"criteria": "cpe:2.3:o:juniper:junos:21.3:r3-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "255B6F20-D32F-42C1-829C-AE9C7923558A"}, {"criteria": "cpe:2.3:o:juniper:junos:21.3:r3-s2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "90AE30DB-C448-4FE9-AC11-FF0F27CDA227"}, {"criteria": "cpe:2.3:o:juniper:junos:21.3:r3-s3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93F324AE-65D3-4CFC-AEAB-898CE1BD05CD"}, {"criteria": "cpe:2.3:o:juniper:junos:21.3:r3-s4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3CCBB2F4-F05B-4CC5-9B1B-ECCB798D0483"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:21.4:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "79ED3CE8-CC57-43AB-9A26-BBC87816062D"}, {"criteria": "cpe:2.3:o:juniper:junos:21.4:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4310D2D9-A8A6-48F8-9384-0A0692A1E1C3"}, {"criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9962B01C-C57C-4359-9532-676AB81CE8B0"}, {"criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62178549-B679-4902-BFDB-2993803B7FCE"}, {"criteria": "cpe:2.3:o:juniper:junos:21.4:r2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9AD697DF-9738-4276-94ED-7B9380CD09F5"}, {"criteria": "cpe:2.3:o:juniper:junos:21.4:r2-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09FF5818-0803-4646-A386-D7C645EE58A3"}, {"criteria": "cpe:2.3:o:juniper:junos:21.4:r2-s2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2229FA59-EB24-49A2-85CE-F529A8DE6BA7"}, {"criteria": "cpe:2.3:o:juniper:junos:21.4:r3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0CB280D8-C5D8-4B51-A879-496ACCDE4538"}, {"criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F3F54F1-75B3-400D-A735-2C27C8CEBE79"}, {"criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "476A49E7-37E9-40F9-BF2D-9BBFFAA1DFFC"}, {"criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A5B196A-2AF1-4AE5-9148-A75A572807BC"}, {"criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B457616-2D91-4913-9A7D-038BBF8F1F66"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:22.1:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9D157211-535E-4B2D-B2FE-F697FAFDF65C"}, {"criteria": "cpe:2.3:o:juniper:junos:22.1:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F96EBE9-2532-4E35-ABA5-CA68830476A4"}, {"criteria": "cpe:2.3:o:juniper:junos:22.1:r1-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B4D936AE-FD74-4823-A824-2D9F24C25BFB"}, {"criteria": "cpe:2.3:o:juniper:junos:22.1:r1-s2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E117E493-F4E1-4568-88E3-F243C74A2662"}, {"criteria": "cpe:2.3:o:juniper:junos:22.1:r2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "01E3E308-FD9C-4686-8C35-8472A0E99F0D"}, {"criteria": "cpe:2.3:o:juniper:junos:22.1:r2-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3683A8F5-EE0E-4936-A005-DF7F6B75DED3"}, {"criteria": "cpe:2.3:o:juniper:junos:22.1:r2-s2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B615DBA-8C53-41D4-B264-D3EED8578471"}, {"criteria": "cpe:2.3:o:juniper:junos:22.1:r3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3124DD0-9E42-4896-9060-CB7DD07FC342"}, {"criteria": "cpe:2.3:o:juniper:junos:22.1:r3-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44F6FD6C-03AF-4D2C-B411-A753DE12A2DA"}, {"criteria": "cpe:2.3:o:juniper:junos:22.1:r3-s2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D49FFB60-BA71-4902-9404-E67162919ADC"}, {"criteria": "cpe:2.3:o:juniper:junos:22.1:r3-s3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EFF72FCA-C440-4D43-9BDB-F712DB413717"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:22.2:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06156CD6-09D3-4A05-9C5E-BC64A70640F9"}, {"criteria": "cpe:2.3:o:juniper:junos:22.2:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E949B21B-AD62-4022-9088-06313277479E"}, {"criteria": "cpe:2.3:o:juniper:junos:22.2:r1-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D862E6F-0D01-4B25-8340-888C30F75A2F"}, {"criteria": "cpe:2.3:o:juniper:junos:22.2:r1-s2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F28F73E-8563-41B9-A313-BBAAD5B57A67"}, {"criteria": "cpe:2.3:o:juniper:junos:22.2:r2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E37D4694-C80B-475E-AB5B-BB431F59C5E1"}, {"criteria": "cpe:2.3:o:juniper:junos:22.2:r2-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5EC0D2D2-4922-4675-8A2C-57A08D7BE334"}, {"criteria": "cpe:2.3:o:juniper:junos:22.2:r2-s2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9EC91F9D-DEDA-46B4-A39F-59A2CDB86C2E"}, {"criteria": "cpe:2.3:o:juniper:junos:22.2:r3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "591AA3E6-62A2-4A1A-A04C-E808F71D8B6E"}, {"criteria": "cpe:2.3:o:juniper:junos:22.2:r3-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "786F993E-32CB-492A-A7CC-A7E4F48EA8B9"}, {"criteria": "cpe:2.3:o:juniper:junos:22.2:r3-s2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "60CEA89D-BAC4-41CD-A1D1-AA5EDDEBD54A"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:22.3:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CEB98E3F-B0A9-488F-ACFC-56B9485E7C9E"}, {"criteria": "cpe:2.3:o:juniper:junos:22.3:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19519212-51DD-4448-B115-8A20A40192CC"}, {"criteria": "cpe:2.3:o:juniper:junos:22.3:r1-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5CC9909E-AE9F-414D-99B1-83AA04D5297B"}, {"criteria": "cpe:2.3:o:juniper:junos:22.3:r1-s2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FDE9E767-4713-4EA2-8D00-1382975A4A15"}, {"criteria": "cpe:2.3:o:juniper:junos:22.3:r2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "59DDA54E-6845-47EB-AE3C-5EC6BD33DFA7"}, {"criteria": "cpe:2.3:o:juniper:junos:22.3:r2-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "574730B0-56C8-4A03-867B-1737148ED9B1"}, {"criteria": "cpe:2.3:o:juniper:junos:22.3:r2-s2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20EBC676-1B26-4A71-8326-0F892124290A"}, {"criteria": "cpe:2.3:o:juniper:junos:22.3:r3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB4C0FBF-8813-44E5-B71A-22CBAA603E2F"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:22.4:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1379EF30-AF04-4F98-8328-52A631F24737"}, {"criteria": "cpe:2.3:o:juniper:junos:22.4:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "28E42A41-7965-456B-B0AF-9D3229CE4D4C"}, {"criteria": "cpe:2.3:o:juniper:junos:22.4:r1-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB1A77D6-D3AD-481B-979C-8F778530B175"}, {"criteria": "cpe:2.3:o:juniper:junos:22.4:r1-s2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A064B6B-A99B-4D8D-A62D-B00C7870BC30"}, {"criteria": "cpe:2.3:o:juniper:junos:22.4:r2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40813417-A938-4F74-A419-8C5188A35486"}, {"criteria": "cpe:2.3:o:juniper:junos:22.4:r2-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7FC1BA1A-DF0E-4B15-86BA-24C60E546732"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:23.2:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A78CC80-E8B1-4CDA-BB35-A61833657FA7"}, {"criteria": "cpe:2.3:o:juniper:junos:23.2:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B3B2FE1-C228-46BE-AC76-70C2687050AE"}], "operator": "OR"}]}], "sourceIdentifier": "sirt@juniper.net"}