CVE-2024-39540 - Vulnerability Details

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on SRX Series, and MX Series with SPC3 allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). When an affected device receives specific valid TCP traffic, the pfe crashes and restarts leading to a momentary but complete service outage. This issue affects Junos OS: 21.2 releases from 21.2R3-S5 before 21.2R3-S6. This issue does not affect earlier or later releases.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact Low

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Juniper	Csrx Junos Mx240 Mx480 Mx960 Srx100 Srx110 Srx1400 Srx1500 Srx1600 Srx210 Srx220 Srx2300 Srx240 Srx240h2 Srx240m Srx300 Srx320 Srx340 Srx3400 Srx345 Srx3600 Srx380 Srx4000 Srx4100 Srx4200 Srx4300 Srx4600 Srx4700 Srx5000 Srx5400 Srx550 Srx550 Hm Srx550m Srx5600 Srx5800 Srx650 Vsrx

Configuration 1 [-]

AND

cpe:2.3:o:juniper:junos:21.2:r3-s5:*:*:*:*:*:*

OR	cpe:2.3:h:juniper:csrx:-:::::::*
	cpe:2.3:h:juniper:mx240:-:::::::*
	cpe:2.3:h:juniper:mx480:-:::::::*
	cpe:2.3:h:juniper:mx960:-:::::::*
	cpe:2.3:h:juniper:srx100:-:::::::*
	cpe:2.3:h:juniper:srx110:-:::::::*
	cpe:2.3:h:juniper:srx1400:-:::::::*
	cpe:2.3:h:juniper:srx1500:-:::::::*
	cpe:2.3:h:juniper:srx1600:-:::::::*
	cpe:2.3:h:juniper:srx210:-:::::::*
	cpe:2.3:h:juniper:srx220:-:::::::*
	cpe:2.3:h:juniper:srx2300:-:::::::*
	cpe:2.3:h:juniper:srx240:-:::::::*
	cpe:2.3:h:juniper:srx240h2:-:::::::*
	cpe:2.3:h:juniper:srx240m:-:::::::*
	cpe:2.3:h:juniper:srx300:-:::::::*
	cpe:2.3:h:juniper:srx320:-:::::::*
	cpe:2.3:h:juniper:srx340:-:::::::*
	cpe:2.3:h:juniper:srx3400:-:::::::*
	cpe:2.3:h:juniper:srx345:-:::::::*
	cpe:2.3:h:juniper:srx3600:-:::::::*
	cpe:2.3:h:juniper:srx380:-:::::::*
	cpe:2.3:h:juniper:srx4000:-:::::::*
	cpe:2.3:h:juniper:srx4100:-:::::::*
	cpe:2.3:h:juniper:srx4200:-:::::::*
	cpe:2.3:h:juniper:srx4300:-:::::::*
	cpe:2.3:h:juniper:srx4600:-:::::::*
	cpe:2.3:h:juniper:srx4700:-:::::::*
	cpe:2.3:h:juniper:srx5000:-:::::::*
	cpe:2.3:h:juniper:srx5400:-:::::::*
	cpe:2.3:h:juniper:srx550:-:::::::*
	cpe:2.3:h:juniper:srx550_hm:-:::::::*
	cpe:2.3:h:juniper:srx550m:-:::::::*
	cpe:2.3:h:juniper:srx5600:-:::::::*
	cpe:2.3:h:juniper:srx5800:-:::::::*
	cpe:2.3:h:juniper:srx650:-:::::::*
	cpe:2.3:h:juniper:vsrx:-:::::::*

No data.

References

Link	Providers
https://supportportal.juniper.net/JSA83000

History

Fri, 11 Apr 2025 15:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Juniper csrx Juniper mx240 Juniper mx480 Juniper mx960 Juniper srx100 Juniper srx110 Juniper srx1400 Juniper srx1500 Juniper srx1600 Juniper srx210 Juniper srx220 Juniper srx2300 Juniper srx240 Juniper srx240h2 Juniper srx240m Juniper srx300 Juniper srx320 Juniper srx340 Juniper srx3400 Juniper srx345 Juniper srx3600 Juniper srx380 Juniper srx4000 Juniper srx4100 Juniper srx4200 Juniper srx4300 Juniper srx4600 Juniper srx4700 Juniper srx5000 Juniper srx5400 Juniper srx550 Juniper srx550 Hm Juniper srx550m Juniper srx5600 Juniper srx5800 Juniper srx650 Juniper vsrx
CPEs		cpe:2.3:h:juniper:csrx:-:::::::* cpe:2.3:h:juniper:mx240:-:::::::* cpe:2.3:h:juniper:mx480:-:::::::* cpe:2.3:h:juniper:mx960:-:::::::* cpe:2.3:h:juniper:srx100:-:::::::* cpe:2.3:h:juniper:srx110:-:::::::* cpe:2.3:h:juniper:srx1400:-:::::::* cpe:2.3:h:juniper:srx1500:-:::::::* cpe:2.3:h:juniper:srx1600:-:::::::* cpe:2.3:h:juniper:srx210:-:::::::* cpe:2.3:h:juniper:srx220:-:::::::* cpe:2.3:h:juniper:srx2300:-:::::::* cpe:2.3:h:juniper:srx240:-:::::::* cpe:2.3:h:juniper:srx240h2:-:::::::* cpe:2.3:h:juniper:srx240m:-:::::::* cpe:2.3:h:juniper:srx300:-:::::::* cpe:2.3:h:juniper:srx320:-:::::::* cpe:2.3:h:juniper:srx3400:-:::::::* cpe:2.3:h:juniper:srx340:-:::::::* cpe:2.3:h:juniper:srx345:-:::::::* cpe:2.3:h:juniper:srx3600:-:::::::* cpe:2.3:h:juniper:srx380:-:::::::* cpe:2.3:h:juniper:srx4000:-:::::::* cpe:2.3:h:juniper:srx4100:-:::::::* cpe:2.3:h:juniper:srx4200:-:::::::* cpe:2.3:h:juniper:srx4300:-:::::::* cpe:2.3:h:juniper:srx4600:-:::::::* cpe:2.3:h:juniper:srx4700:-:::::::* cpe:2.3:h:juniper:srx5000:-:::::::* cpe:2.3:h:juniper:srx5400:-:::::::* cpe:2.3:h:juniper:srx550:-:::::::* cpe:2.3:h:juniper:srx550_hm:-:::::::* cpe:2.3:h:juniper:srx550m:-:::::::* cpe:2.3:h:juniper:srx5600:-:::::::* cpe:2.3:h:juniper:srx5800:-:::::::* cpe:2.3:h:juniper:srx650:-:::::::* cpe:2.3:h:juniper:vsrx:-:::::::* cpe:2.3:o:juniper:junos:21.2:r3-s5::::::
Vendors & Products		Juniper csrx Juniper mx240 Juniper mx480 Juniper mx960 Juniper srx100 Juniper srx110 Juniper srx1400 Juniper srx1500 Juniper srx1600 Juniper srx210 Juniper srx220 Juniper srx2300 Juniper srx240 Juniper srx240h2 Juniper srx240m Juniper srx300 Juniper srx320 Juniper srx340 Juniper srx3400 Juniper srx345 Juniper srx3600 Juniper srx380 Juniper srx4000 Juniper srx4100 Juniper srx4200 Juniper srx4300 Juniper srx4600 Juniper srx4700 Juniper srx5000 Juniper srx5400 Juniper srx550 Juniper srx550 Hm Juniper srx550m Juniper srx5600 Juniper srx5800 Juniper srx650 Juniper vsrx

MITRE

Status: PUBLISHED

Assigner: juniper

Published: 2024-07-11T16:16:37.977Z

Updated: 2024-08-02T04:26:16.011Z

Reserved: 2024-06-25T15:12:53.244Z

Link: CVE-2024-39540

Vulnrichment

Updated: 2024-07-11T18:52:32.947Z

NVD

Status : Analyzed

Published: 2024-07-11T17:15:12.883

Modified: 2025-04-11T14:50:12.097

Link: CVE-2024-39540

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact Low

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact Low

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object