CVE-2024-30405

{"id": "CVE-2024-30405", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "sirt@juniper.net", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-04-12T15:15:25.133", "references": [{"url": "https://supportportal.juniper.net/JSA79105", "source": "sirt@juniper.net"}, {"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:Y/R:A/V:D/RE:L/U:Green", "source": "sirt@juniper.net"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "sirt@juniper.net", "description": [{"lang": "en", "value": "CWE-131"}]}], "descriptions": [{"lang": "en", "value": "An Incorrect Calculation of Buffer Size vulnerability in Juniper Networks Junos OS SRX 5000 Series devices using SPC2 line cards while ALGs are enabled allows an attacker sending specific crafted packets to cause a transit traffic Denial of Service (DoS).\n\nContinued receipt and processing of these specific packets will sustain the Denial of Service condition.\n\nThis issue affects:\nJuniper Networks Junos OS SRX 5000 Series with SPC2 with ALGs enabled.\n * All versions earlier than 21.2R3-S7;\n * 21.4 versions earlier than 21.4R3-S6;\n * 22.1 versions earlier than 22.1R3-S5;\n * 22.2 versions earlier than 22.2R3-S3;\n * 22.3 versions earlier than 22.3R3-S2;\n * 22.4 versions earlier than 22.4R3;\n * 23.2 versions earlier than 23.2R2.\u00a0\n\n\n"}, {"lang": "es", "value": "Una vulnerabilidad de c\u00e1lculo incorrecto del tama\u00f1o del b\u00fafer en dispositivos Juniper Networks Junos OS SRX 5000 Series que utilizan tarjetas de l\u00ednea SPC2 mientras los ALG est\u00e1n habilitados permite que un atacante env\u00ede paquetes manipulados espec\u00edficos para provocar una denegaci\u00f3n de servicio (DoS) de tr\u00e1fico de tr\u00e1nsito. La recepci\u00f3n y el procesamiento continuo de estos paquetes espec\u00edficos mantendr\u00e1n la condici\u00f3n de Denegaci\u00f3n de Servicio. Este problema afecta a: Juniper Networks Junos OS SRX 5000 Series con SPC2 con ALG habilitado. * Todas las versiones anteriores a 21.2R3-S7; * Versiones 21.4 anteriores a 21.4R3-S6; * Versiones 22.1 anteriores a 22.1R3-S5; * Versiones 22.2 anteriores a 22.2R3-S3; * Versiones 22.3 anteriores a 22.3R3-S2; * Versiones 22.4 anteriores a 22.4R3; * Versiones 23.2 anteriores a 23.2R2."}], "lastModified": "2024-04-15T13:15:51.577", "sourceIdentifier": "sirt@juniper.net"}