CVE-2024-39551

HIGH EPSS 37.6%
Published Jul 11, 20241y ago · Modified Jun 17, 20262w ago
8.7 CVSS 4.0
High
Find Similar
Published Jul 11, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

An Uncontrolled Resource Consumption vulnerability in the H.323 ALG (Application Layer Gateway) of  Juniper Networks Junos OS on SRX Series and MX Series with SPC3 and MS-MPC/MIC, allows an unauthenticated network-based attacker to send specific packets causing traffic loss leading to Denial of Service (DoS).  Continued receipt and processing of these specific packets will sustain the Denial of Service condition. The memory usage can be monitored using the below command.   user@host> show usp memory segment sha data objcache jsf  This issue affects SRX Series and MX Series with SPC3 and MS-MPC/MIC:  *  20.4 before 20.4R3-S10,  *  21.2 before 21.2R3-S6,  *  21.3 before 21.3R3-S5,  *  21.4 before 21.4R3-S6,  *  22.1 before 22.1R3-S4,  *  22.2 before 22.2R3-S2,  *  22.3 before 22.3R3-S1,  *  22.4 before 22.4R3,  *  23.2 before 23.2R2.

CVSS Details

Base Score
8.7
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
37.6% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-400 Uncontrolled Resource Consumption Resource Mgmt

Affected Products 123

VendorProductVersionRange
juniperjunos20.4any
juniperjunos20.4any
juniperjunos20.4any
juniperjunos20.4any
juniperjunos20.4any
juniperjunos20.4any
juniperjunos20.4any
juniperjunos20.4any
juniperjunos20.4any
juniperjunos20.4any
juniperjunos20.4any
juniperjunos20.4any
juniperjunos20.4any
juniperjunos20.4any
juniperjunos20.4any
juniperjunos20.4any
juniperjunos21.2any
juniperjunos21.2any
juniperjunos21.2any
juniperjunos21.2any
juniperjunos21.2any
juniperjunos21.2any
juniperjunos21.2any
juniperjunos21.2any
juniperjunos21.2any
juniperjunos21.2any
juniperjunos21.2any
juniperjunos21.2any
juniperjunos21.2any
juniperjunos21.3any
juniperjunos21.3any
juniperjunos21.3any
juniperjunos21.3any
juniperjunos21.3any
juniperjunos21.3any
juniperjunos21.3any
juniperjunos21.3any
juniperjunos21.3any
juniperjunos21.3any
juniperjunos21.3any
juniperjunos21.3any
juniperjunos21.4any
juniperjunos21.4any
juniperjunos21.4any
juniperjunos21.4any
juniperjunos21.4any
juniperjunos21.4any
juniperjunos21.4any
juniperjunos21.4any
juniperjunos21.4any
juniperjunos21.4any
juniperjunos21.4any
juniperjunos21.4any
juniperjunos21.4any
juniperjunos22.1any
juniperjunos22.1any
juniperjunos22.1any
juniperjunos22.1any
juniperjunos22.1any
juniperjunos22.1any
juniperjunos22.1any
juniperjunos22.1any
juniperjunos22.1any
juniperjunos22.1any
juniperjunos22.1any
juniperjunos22.2any
juniperjunos22.2any
juniperjunos22.2any
juniperjunos22.2any
juniperjunos22.2any
juniperjunos22.2any
juniperjunos22.2any
juniperjunos22.2any
juniperjunos22.2any
juniperjunos22.3any
juniperjunos22.3any
juniperjunos22.3any
juniperjunos22.3any
juniperjunos22.3any
juniperjunos22.3any
juniperjunos22.3any
juniperjunos22.3any
juniperjunos22.4any
juniperjunos22.4any
juniperjunos22.4any
juniperjunos22.4any
juniperjunos22.4any
juniperjunos22.4any
juniperjunos22.4any
juniperjunos23.2any
juniperjunos23.2any
juniperjunos23.2any
juniperjunos23.2any
juniperms-mic*any
juniperms-mpc*any
junipermx-spc3*any
junipermx10004*any
junipermx10008*any
junipermx2008*any
junipermx2010*any
junipermx2020*any
junipermx204*any
junipermx240*any
junipermx304*any
junipermx480*any
junipermx960*any
junipersrx1500*any
junipersrx1600*any
junipersrx2300*any
junipersrx300*any
junipersrx320*any
junipersrx340*any
junipersrx345*any
junipersrx380*any
junipersrx4100*any
junipersrx4120*any
junipersrx4200*any
junipersrx4300*any
junipersrx4600*any
junipersrx4700*any
junipersrx5400*any
junipersrx5600*any
junipersrx5800*any

References 1

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.