CVE-2024-30405: Junos OS: SRX 5000 Series with SPC2: Processing of specific crafted packets when ALG is enabled causes a transit traffic Denial of Service
First published: Fri Apr 12 2024(Updated: )
An Incorrect Calculation of Buffer Size vulnerability in Juniper Networks Junos OS SRX 5000 Series devices using SPC2 line cards while ALGs are enabled allows an attacker sending specific crafted packets to cause a transit traffic Denial of Service (DoS). Continued receipt and processing of these specific packets will sustain the Denial of Service condition. This issue affects: Juniper Networks Junos OS SRX 5000 Series with SPC2 with ALGs enabled. * All versions earlier than 21.2R3-S7; * 21.4 versions earlier than 21.4R3-S6; * 22.1 versions earlier than 22.1R3-S5; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R2.
Credit: sirt@juniper.net
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Junos OS SRX 5000 Series | <21.2R3-S7<21.4R3-S6<22.1R3-S5<22.2R3-S3<22.3R3-S2<22.4R3<23.2R2 | |
| All of | ||
| Any of | ||
| Junos OS Evolved | <21.2 | |
| Junos OS Evolved | =21.2 | |
| Junos OS Evolved | =21.2-r1 | |
| Junos OS Evolved | =21.2-r1-s1 | |
| Junos OS Evolved | =21.2-r1-s2 | |
| Junos OS Evolved | =21.2-r2 | |
| Junos OS Evolved | =21.2-r2-s1 | |
| Junos OS Evolved | =21.2-r2-s2 | |
| Junos OS Evolved | =21.2-r3 | |
| Junos OS Evolved | =21.2-r3-s1 | |
| Junos OS Evolved | =21.2-r3-s2 | |
| Junos OS Evolved | =21.2-r3-s3 | |
| Junos OS Evolved | =21.2-r3-s4 | |
| Junos OS Evolved | =21.2-r3-s5 | |
| Junos OS Evolved | =21.2-r3-s6 | |
| Junos OS Evolved | =21.4 | |
| Junos OS Evolved | =21.4-r1 | |
| Junos OS Evolved | =21.4-r1-s1 | |
| Junos OS Evolved | =21.4-r1-s2 | |
| Junos OS Evolved | =21.4-r2 | |
| Junos OS Evolved | =21.4-r2-s1 | |
| Junos OS Evolved | =21.4-r2-s2 | |
| Junos OS Evolved | =21.4-r3 | |
| Junos OS Evolved | =21.4-r3-s1 | |
| Junos OS Evolved | =21.4-r3-s2 | |
| Junos OS Evolved | =21.4-r3-s3 | |
| Junos OS Evolved | =21.4-r3-s4 | |
| Junos OS Evolved | =21.4-r3-s5 | |
| Junos OS Evolved | =22.1 | |
| Junos OS Evolved | =22.1-r1 | |
| Junos OS Evolved | =22.1-r1-s1 | |
| Junos OS Evolved | =22.1-r1-s2 | |
| Junos OS Evolved | =22.1-r2 | |
| Junos OS Evolved | =22.1-r2-s1 | |
| Junos OS Evolved | =22.1-r2-s2 | |
| Junos OS Evolved | =22.1-r3 | |
| Junos OS Evolved | =22.1-r3-s1 | |
| Junos OS Evolved | =22.1-r3-s2 | |
| Junos OS Evolved | =22.1-r3-s3 | |
| Junos OS Evolved | =22.1-r3-s4 | |
| Junos OS Evolved | =22.2 | |
| Junos OS Evolved | =22.2-r1 | |
| Junos OS Evolved | =22.2-r1-s1 | |
| Junos OS Evolved | =22.2-r1-s2 | |
| Junos OS Evolved | =22.2-r2 | |
| Junos OS Evolved | =22.2-r2-s1 | |
| Junos OS Evolved | =22.2-r2-s2 | |
| Junos OS Evolved | =22.2-r3 | |
| Junos OS Evolved | =22.2-r3-s1 | |
| Junos OS Evolved | =22.2-r3-s2 | |
| Junos OS Evolved | =22.3 | |
| Junos OS Evolved | =22.3-r1 | |
| Junos OS Evolved | =22.3-r1-s1 | |
| Junos OS Evolved | =22.3-r1-s2 | |
| Junos OS Evolved | =22.3-r2 | |
| Junos OS Evolved | =22.3-r2-s1 | |
| Junos OS Evolved | =22.3-r2-s2 | |
| Junos OS Evolved | =22.3-r3 | |
| Junos OS Evolved | =22.3-r3-s1 | |
| Junos OS Evolved | =22.4 | |
| Junos OS Evolved | =22.4-r1 | |
| Junos OS Evolved | =22.4-r1-s1 | |
| Junos OS Evolved | =22.4-r1-s2 | |
| Junos OS Evolved | =22.4-r2 | |
| Junos OS Evolved | =22.4-r2-s1 | |
| Junos OS Evolved | =22.4-r2-s2 | |
| Junos OS Evolved | =23.2 | |
| Junos OS Evolved | =23.2-r1 | |
| Junos OS Evolved | =23.2-r1-s1 | |
| Junos OS Evolved | =23.2-r1-s2 | |
| Any of | ||
| Juniper SRX5400 | ||
| Juniper SRX5600 | ||
| Juniper SRX5800 |
Remedy
The following software releases have been updated to resolve this specific issue: 21.2R3-S7, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3, 23.2R2, 23.4R1, and all subsequent releases.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-30405?
CVE-2024-30405 has a high severity rating due to its potential to cause a Denial of Service (DoS) condition.
How do I fix CVE-2024-30405?
To remediate CVE-2024-30405, update your Junos OS SRX 5000 Series devices to the latest patched version.
Which devices are affected by CVE-2024-30405?
CVE-2024-30405 affects Juniper Networks Junos OS SRX 5000 Series devices that use SPC2 line cards with ALGs enabled.
What impact does CVE-2024-30405 have on network availability?
CVE-2024-30405 can lead to transit traffic Denial of Service (DoS), disrupting network availability.
How can attackers exploit CVE-2024-30405?
Attackers can exploit CVE-2024-30405 by sending specifically crafted packets to trigger the buffer size calculation issue.
- agent/weakness
- agent/title
- agent/type
- agent/first-publish-date
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/author
- agent/remedy
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/severity
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/event
- collector/nvd-api
- source/NVD
- vendor/juniper networks
- canonical/junos os srx 5000 series
- vendor/juniper
- canonical/junos os evolved
- version/junos os evolved/21.2
- version/junos os evolved/21.2-r1
- version/junos os evolved/21.2-r1-s1
- version/junos os evolved/21.2-r1-s2
- version/junos os evolved/21.2-r2
- version/junos os evolved/21.2-r2-s1
- version/junos os evolved/21.2-r2-s2
- version/junos os evolved/21.2-r3
- version/junos os evolved/21.2-r3-s1
- version/junos os evolved/21.2-r3-s2
- version/junos os evolved/21.2-r3-s3
- version/junos os evolved/21.2-r3-s4
- version/junos os evolved/21.2-r3-s5
- version/junos os evolved/21.2-r3-s6
- version/junos os evolved/21.4
- version/junos os evolved/21.4-r1
- version/junos os evolved/21.4-r1-s1
- version/junos os evolved/21.4-r1-s2
- version/junos os evolved/21.4-r2
- version/junos os evolved/21.4-r2-s1
- version/junos os evolved/21.4-r2-s2
- version/junos os evolved/21.4-r3
- version/junos os evolved/21.4-r3-s1
- version/junos os evolved/21.4-r3-s2
- version/junos os evolved/21.4-r3-s3
- version/junos os evolved/21.4-r3-s4
- version/junos os evolved/21.4-r3-s5
- version/junos os evolved/22.1
- version/junos os evolved/22.1-r1
- version/junos os evolved/22.1-r1-s1
- version/junos os evolved/22.1-r1-s2
- version/junos os evolved/22.1-r2
- version/junos os evolved/22.1-r2-s1
- version/junos os evolved/22.1-r2-s2
- version/junos os evolved/22.1-r3
- version/junos os evolved/22.1-r3-s1
- version/junos os evolved/22.1-r3-s2
- version/junos os evolved/22.1-r3-s3
- version/junos os evolved/22.1-r3-s4
- version/junos os evolved/22.2
- version/junos os evolved/22.2-r1
- version/junos os evolved/22.2-r1-s1
- version/junos os evolved/22.2-r1-s2
- version/junos os evolved/22.2-r2
- version/junos os evolved/22.2-r2-s1
- version/junos os evolved/22.2-r2-s2
- version/junos os evolved/22.2-r3
- version/junos os evolved/22.2-r3-s1
- version/junos os evolved/22.2-r3-s2
- version/junos os evolved/22.3
- version/junos os evolved/22.3-r1
- version/junos os evolved/22.3-r1-s1
- version/junos os evolved/22.3-r1-s2
- version/junos os evolved/22.3-r2
- version/junos os evolved/22.3-r2-s1
- version/junos os evolved/22.3-r2-s2
- version/junos os evolved/22.3-r3
- version/junos os evolved/22.3-r3-s1
- version/junos os evolved/22.4
- version/junos os evolved/22.4-r1
- version/junos os evolved/22.4-r1-s1
- version/junos os evolved/22.4-r1-s2
- version/junos os evolved/22.4-r2
- version/junos os evolved/22.4-r2-s1
- version/junos os evolved/22.4-r2-s2
- version/junos os evolved/23.2
- version/junos os evolved/23.2-r1
- version/junos os evolved/23.2-r1-s1
- version/junos os evolved/23.2-r1-s2
- canonical/juniper srx5400
- canonical/juniper srx5600
- canonical/juniper srx5800