Lucene search
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.JUNIPER_JSA75757.NASLHistoryApr 18, 2024 - 12:00 a.m.
Juniper Junos OS Vulnerability (JSA75757)
2024-04-1800:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
5
juniper networks junos os
packet forwarding engine
denial of service
sip alg
nat ip allocation
cve-2024-21616
mx series
srx series
vulnerability
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.2 High
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.0%
The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA75757 advisory.
- An Improper Validation of Syntactic Correctness of Input vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On all Junos OS MX Series and SRX Series platforms, when SIP ALG is enabled, and a specific SIP packet is received and processed, NAT IP allocation fails for genuine traffic, which causes Denial of Service (DoS). Continuous receipt of this specific SIP ALG packet will cause a sustained DoS condition.
NAT IP usage can be monitored by running the following command. user@srx> show security nat resource-usage source-pool <source_pool_name> Pool name: source_pool_name … Address Factor-index Port-range Used Avail Total Usage X.X.X.X 0 Single Ports 50258 52342 62464 96% <<<<< - Alg Ports 0 2048 2048 0% This issue affects: Juniper Networks Junos OS on MX Series and SRX Series * All versions earlier than 21.2R3-S6; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R2-S2, 22.4R3; * 23.2 versions earlier than 23.2R1-S1, 23.2R2. (CVE-2024-21616)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(193487);
script_version("1.0");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/18");
script_cve_id("CVE-2024-21616");
script_xref(name:"JSA", value:"JSA75757");
script_name(english:"Juniper Junos OS Vulnerability (JSA75757)");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
script_set_attribute(attribute:"description", value:
"The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA75757
advisory.
- An Improper Validation of Syntactic Correctness of Input vulnerability in Packet Forwarding Engine (PFE)
of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service
(DoS). On all Junos OS MX Series and SRX Series platforms, when SIP ALG is enabled, and a specific SIP
packet is received and processed, NAT IP allocation fails for genuine traffic, which causes Denial of
Service (DoS). Continuous receipt of this specific SIP ALG packet will cause a sustained DoS condition.
NAT IP usage can be monitored by running the following command. user@srx> show security nat resource-usage
source-pool <source_pool_name> Pool name: source_pool_name .. Address Factor-index Port-range Used Avail
Total Usage X.X.X.X 0 Single Ports 50258 52342 62464 96% <<<<< - Alg Ports 0 2048 2048 0% This issue
affects: Juniper Networks Junos OS on MX Series and SRX Series * All versions earlier than 21.2R3-S6; *
21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than
22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S1; * 22.4 versions
earlier than 22.4R2-S2, 22.4R3; * 23.2 versions earlier than 23.2R1-S1, 23.2R2. (CVE-2024-21616)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
# https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Processing-of-a-specific-SIP-packet-causes-NAT-IP-allocation-to-fail-CVE-2024-21616
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e07c18f1");
script_set_attribute(attribute:"solution", value:
"Apply the relevant Junos software release referenced in Juniper advisory JSA75757");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-21616");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2024/01/10");
script_set_attribute(attribute:"patch_publication_date", value:"2024/01/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/04/18");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/o:juniper:junos");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Junos Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("junos_version.nasl");
script_require_keys("Host/Juniper/JUNOS/Version", "Host/Juniper/model");
exit(0);
}
include('junos.inc');
var model = get_kb_item_or_exit('Host/Juniper/model');
if (model !~ "^(MX|SRX)")
{
audit(AUDIT_DEVICE_NOT_VULN, model);
}
var ver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version');
var vuln_ranges = [
{'min_ver':'0.0', 'fixed_ver':'21.2R3-S6', 'model':'^(MX|SRX)'},
{'min_ver':'21.3', 'fixed_ver':'21.3R3-S5', 'model':'^(MX|SRX)'},
{'min_ver':'21.4', 'fixed_ver':'21.4R3-S5', 'model':'^(MX|SRX)'},
{'min_ver':'22.1', 'fixed_ver':'22.1R3-S4', 'model':'^(MX|SRX)'},
{'min_ver':'22.2', 'fixed_ver':'22.2R3-S3', 'model':'^(MX|SRX)'},
{'min_ver':'22.3', 'fixed_ver':'22.3R3-S1', 'model':'^(MX|SRX)'},
{'min_ver':'22.4', 'fixed_ver':'22.4R2-S2', 'model':'^(MX|SRX)', 'fixed_display':'22.4R2-S2, 22.4R3'},
{'min_ver':'23.2', 'fixed_ver':'23.2R1-S1', 'model':'^(MX|SRX)', 'fixed_display':'23.2R1-S1, 23.2R2'}
];
var fix = junos_compare_range(target_version:ver, vuln_ranges:vuln_ranges);
if (empty_or_null(fix)) audit(AUDIT_INST_VER_NOT_VULN, 'Junos OS', ver);
var report = get_report(ver:ver, fix:fix);
security_report_v4(severity:SECURITY_HOLE, port:0, extra:report);
Related
cvelist
cvelist
cve
cve
CVE-2024-21616
2024-01-12 01:15:50
nvd
nvd
CVE-2024-21616
2024-01-12 01:15:50
prion
prion
Input validation
2024-01-12 01:15:00
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.2 High
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.0%
Related for JUNIPER_JSA75757.NASL