Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.JUNIPER_JSA82988.NASL
HistoryAug 28, 2024 - 12:00 a.m.

Juniper Junos OS DoS (JSA82988)

2024-08-2800:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
2
juniper networks junos os
denial-of-service
use of externally-controlled format string vulnerability
packet forwarding engine
srx series
unauthenticated network-based attacker
cve-2024-39529
self-reported version number
nessus scanner

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS4

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/SC:N/VI:N/SI:N/VA:H/SA:L

AI Score

7.2

Confidence

Low

JSON

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA82988 advisory.

  • A Use of Externally-Controlled Format String vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). (CVE-2024-39529)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#TRUSTED ae0ac766e06bce266428ffb93aa44b0713d632275ccd4345cb451a18d6fa865655183576325428a638d2f65b17401678b83c519dc4c5ba0538d3748c29eb5f1b062fc6d0f7b67ff69df451ec24e78061d0a3ee58e43b6703265459db7aa4f3c40433c63bf6f298df198fc99375eca5269eec153385e9da1dc2f53e2cdcbae4bfc9f952c00327836df600e92a1ea780b6a155e6ccbcfbf6b9739e2cd8ca39b6ea114de8d2018edc59bbb3b84b76da15669efff8771a822bc4ed0fc0976c66360204ca011d0affbaee2452364c7adafaded60daa5ac9bde8b60560df68e279de81f3caba5435b764947ed79ea19c6d75648f5525bf24c19dbb95f8afbfaf496558cc69dd8a494689f9a6ef63b1dc674b58ba06870a692b39a0036f4a81b0dfbbc7c8294b17739bd76568ac03e6feb27b0f1d830bbadfc688fd154548bc603cec2999285e3a0d1b53d9e544e1ec9bd59f16b35ebbabe22560606aab0a132a93203ffb6012e5c60c1d19cea0ef2271fc8d9cbf09104fa7d9f728d80fc276166019b7b37f71115c3f19947640256e7c8da3cb428b5cd2f0efc3705b63b793be5b3762e043598c96e70539b90a28305f9adedec84e14470a61831281917210f7463c89a0e140fd4ba010483964daa4c3b2bea68533580d0a2d73f3e92d7a042fbe18ffaeadecbaa61ce05bb7d2dac59051417c80f518e030678d331c8db85a5807d326
#TRUST-RSA-SHA256 3491d439c20a45dfa985f107bf494031bf70dd9c9f7136e156e67d31ae30e3765faf037a1bb117922107284911097bffbfadb098ed8f7be064c7610e46d20289a2ea348cdce2030fd81d5d8198e14c58b3cd2cfe964a2aba1c941a4097e92789669d6e0fa9d1b544f1d6a0e01fe8d2d6c2deae02533a972a9b1a209c74c5c798a5d72c1e81a7cdadd1daa133af4a3bffeaf6997488bd8bfe09e55d6538b93f30004224c3dd5403230c9dfaff152880c468a2eeeecc84467fb49eba8728112a96c94191af085cca8592b8fd9d00f4b68deb58df34eb5fe2bd75a7efbf1598f238671b957169d58611836156212f13716668372c88e514e50c1f74bd7b83625c37323fd8844ec8402763f295b3cc2283470769b98522f8307b632907361bda1ff53979b2027afc80fc4ac56ee8e183e7ecc6b3929edad45176aa6e7d0d719bf5f81de9177e15e32d562ac098fca4053cfcd97d8c0ec0126ea8e3634612b1dbc005918c15734fdfa80402ab462f1a4b1ba0e65fb4305c699af654454c34ac9d97c3fc159d82bd755a696c6fe19288558af14cd5122a76db3c5cba505590a3de09eea6cc4622da8211923c24a081f74c66bbca2ec8c813530ae180bda96f7b8382f34533e346c7e8914e6118083fde7c7b9d5ffec26f0e560b1861f5acc7f4f6778fb44715ec83e8d7ee2eeb77bb34d1e0aea975940a7386afd724312c23f44d1560
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(206272);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/08/29");

  script_cve_id("CVE-2024-39529");
  script_xref(name:"JSA", value:"JSA82988");
  script_xref(name:"IAVA", value:"2024-A-0385");

  script_name(english:"Juniper Junos OS DoS (JSA82988)");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
  script_set_attribute(attribute:"description", value:
"The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA82988
advisory.

  - A Use of Externally-Controlled Format String vulnerability in the Packet Forwarding Engine (PFE) of
    Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a
    Denial-of-Service (DoS). (CVE-2024-39529)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  # https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX-Series-If-DNS-traceoptions-are-configured-in-a-DGA-or-tunnel-detection-scenario-specific-DNS-traffic-leads-to-a-PFE-crash-CVE-2024-39529
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f9500093");
  script_set_attribute(attribute:"solution", value:
"Apply the relevant Junos software release referenced in Juniper advisory JSA82988");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-39529");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/07/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/07/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/08/28");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:juniper:junos");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Junos Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("junos_version.nasl");
  script_require_keys("Host/Juniper/JUNOS/Version", "Host/Juniper/model");

  exit(0);
}

include('junos.inc');
include('junos_kb_cmd_func.inc');

var ver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version');
var model = get_kb_item_or_exit('Host/Juniper/model');
check_model(model:model, flags:SRX_SERIES, exit_on_fail:TRUE);

var vuln_ranges = [
  { 'min_ver':'0.0', 'fixed_ver':'21.4R3-S6' },
  { 'min_ver':'22.2', 'fixed_ver':'22.2R3-S3' },
  { 'min_ver':'22.3', 'fixed_ver':'22.3R3-S3' },
  { 'min_ver':'22.4', 'fixed_ver':'22.4R3' },
  { 'min_ver':'23.2', 'fixed_ver':'23.2R2' }
];

var override = TRUE;
var buf = junos_command_kb_item(cmd:'show configuration | display set');
if (buf)
{
  # Configuration details from the advisory
  # =======================================
  # To be exposed to this issue at least one of DGA or tunnel detection needs to be configured:
  #
  #   [ services security-metadata-streaming policy <name> dns detections dga ]
  #   [ services security-metadata-streaming policy <name> dns detections tunneling ]
  #
  # and DNS traceoptions have to be configured:
  #
  #   [ services dns-filtering traceoptions ... ]

  var conf1 = junos_check_config(buf:buf, pattern:"^set services security-metadata-streaming policy .* dns detections dga");
  var conf2 = junos_check_config(buf:buf, pattern:"^set services security-metadata-streaming policy .* dns detections tunneling");
  var conf3 = junos_check_config(buf:buf, pattern:"^set services dns-filtering traceoptions");

  if (!(conf1 || conf2) || !conf3)
    audit(AUDIT_OS_CONF_NOT_VULN, 'Junos OS');
  override = FALSE;
}

var fix = junos_compare_range(target_version:ver, vuln_ranges:vuln_ranges);
if (empty_or_null(fix)) audit(AUDIT_INST_VER_NOT_VULN, 'Junos OS', ver);
junos_report(ver:ver, fix:fix, override:override, severity:SECURITY_HOLE);

Related

cve 1
vulnrichment 1
nvd 1
cvelist 1
cve
cve
CVE-2024-39529
2024-07-11 16:15:04
vulnrichment
vulnrichment
CVE-2024-39529 Junos OS: SRX Series: If DNS traceoptions are configured in a DGA or tunnel detection scenario specific DNS traffic leads to a PFE crash
2024-07-11 16:03:26
nvd
nvd
CVE-2024-39529
2024-07-11 16:15:04
cvelist
cvelist
CVE-2024-39529 Junos OS: SRX Series: If DNS traceoptions are configured in a DGA or tunnel detection scenario specific DNS traffic leads to a PFE crash
2024-07-11 16:03:26

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS4

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/SC:N/VI:N/SI:N/VA:H/SA:L

AI Score

7.2

Confidence

Low

JSON
Related for JUNIPER_JSA82988.NASL
cve1vulnrichment1nvd1cvelist1