What is the severity of CVE-2024-39551?

CVE-2024-39551 has been rated as a medium severity vulnerability.

How do I fix CVE-2024-39551?

To mitigate CVE-2024-39551, upgrade your Junos OS to the latest patched version that is beyond the affected versions.

Who is affected by CVE-2024-39551?

CVE-2024-39551 affects Juniper Networks Junos OS running on SRX and MX Series devices with specific hardware configurations.

What is the impact of CVE-2024-39551?

CVE-2024-39551 can lead to uncontrolled resource consumption and potential traffic loss.

Is CVE-2024-39551 exploitable remotely?

Yes, CVE-2024-39551 can be exploited by an unauthenticated network-based attacker.

Vulnerability/
CVE-2024-39551

high

8.7

CWE

400

11/7/2024

12/7/2024

CVE-2024-39551: Junos OS: SRX Series and MX Series with SPC3 and MS-MPC/MIC: Receipt of specific packets in H.323 ALG causes traffic drop

First published: Thu Jul 11 2024(Updated: )

An Uncontrolled Resource Consumption vulnerability in the H.323 ALG (Application Layer Gateway) of Juniper Networks Junos OS on SRX Series and MX Series with SPC3 and MS-MPC/MIC, allows an unauthenticated network-based attacker to send specific packets causing traffic loss leading to Denial of Service (DoS). Continued receipt and processing of these specific packets will sustain the Denial of Service condition. The memory usage can be monitored using the below command. user@host> show usp memory segment sha data objcache jsf This issue affects SRX Series and MX Series with SPC3 and MS-MPC/MIC: * 20.4 before 20.4R3-S10, * 21.2 before 21.2R3-S6, * 21.3 before 21.3R3-S5, * 21.4 before 21.4R3-S6, * 22.1 before 22.1R3-S4, * 22.2 before 22.2R3-S2, * 22.3 before 22.3R3-S1, * 22.4 before 22.4R3, * 23.2 before 23.2R2.

Credit: sirt@juniper.net

Affected Software	Affected Version	How to fix
Juniper Junos	<20.4R3-S10<21.2R3-S6<21.3R3-S5<21.4R3-S6<22.1R3-S4<22.2R3-S2<22.3R3-S1<22.4R3<23.2R2

Remedy

The following software releases have been updated to resolve this specific issue: Junos OS: 20.4R3-S10, 21.2R3-S6, 21.3R3-S5, 21.4R3-S6, 22.1R3-S4, 22.2R3-S2, 22.3R3-S1, 22.4R3, 23.2R2, 23.4R1, and all subsequent releases.

Never miss a vulnerability like this again

Reference Links

https://supportportal.juniper.net/JSA83013

Frequently Asked Questions

What is the severity of CVE-2024-39551?
CVE-2024-39551 has been rated as a medium severity vulnerability.
How do I fix CVE-2024-39551?
To mitigate CVE-2024-39551, upgrade your Junos OS to the latest patched version that is beyond the affected versions.
Who is affected by CVE-2024-39551?
CVE-2024-39551 affects Juniper Networks Junos OS running on SRX and MX Series devices with specific hardware configurations.
What is the impact of CVE-2024-39551?
CVE-2024-39551 can lead to uncontrolled resource consumption and potential traffic loss.
Is CVE-2024-39551 exploitable remotely?
Yes, CVE-2024-39551 can be exploited by an unauthenticated network-based attacker.

agent/weakness
agent/title
agent/references
agent/type
agent/remedy
agent/first-publish-date
agent/severity
agent/author
agent/event
agent/description
collector/nvd-api
source/NVD
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/softwarecombine
agent/tags
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/juniper networks
canonical/juniper junos

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.