CVE-2024-39562

{"id": "CVE-2024-39562", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "sirt@juniper.net", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "sirt@juniper.net", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 8.7, "automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "NONE", "vulnerableSystemIntegrity": "NONE", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "HIGH", "subsequentSystemConfidentiality": "NONE", "vulnerableSystemConfidentiality": "NONE", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-07-10T23:15:13.670", "references": [{"url": "https://supportportal.juniper.net/JSA75724", "source": "sirt@juniper.net"}, {"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "source": "sirt@juniper.net"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "sirt@juniper.net", "description": [{"lang": "en", "value": "CWE-772"}]}], "descriptions": [{"lang": "en", "value": "A Missing Release of Resource after Effective Lifetime vulnerability the xinetd process, responsible for spawning SSH daemon (sshd) instances, of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to cause a Denial of Service (DoS) by blocking SSH access for legitimate users. Continued receipt of these connections will create a sustained Denial of Service (DoS) condition.\n\nThe issue is triggered when a high rate of concurrent SSH requests are received and terminated in a specific way, causing xinetd to crash, and leaving defunct sshd processes. Successful exploitation of this vulnerability blocks both SSH access as well as services which rely upon SSH, such as SFTP, and\u00a0Netconf over SSH.\n\nOnce the system is in this state, legitimate users will be unable to SSH to the device until service is manually restored.\u00a0 See WORKAROUND section below.\n\nAdministrators can monitor an increase in defunct sshd processes by utilizing the CLI command:\n\n\u00a0 > show system processes | match sshd\n\u00a0 root \u00a0 25219 30901 0 Jul16 ? \u00a0 \u00a0 \u00a0 00:00:00 [sshd] <defunct>\n\nThis issue affects Juniper Networks Junos OS Evolved:\n * All versions prior to 21.4R3-S7-EVO\n * 22.3-EVO versions prior to 22.3R2-S2-EVO, 22.3R3-S2-EVO;\n * 22.4-EVO versions prior to 22.4R3-EVO;\n * 23.2-EVO versions prior to 23.2R2-EVO.\n\n\n\nThis issue does not affect Juniper Networks Junos OS Evolved 22.1-EVO nor 22.2-EVO."}, {"lang": "es", "value": "Una versi\u00f3n faltante de recurso despu\u00e9s de una vulnerabilidad de duraci\u00f3n efectiva El proceso xinetd, responsable de generar instancias de demonio SSH (sshd), de Juniper Networks Junos OS Evolved permite que un atacante basado en red no autenticado provoque una denegaci\u00f3n de servicio (DoS) al bloquear el acceso SSH para usuarios leg\u00edtimos. La recepci\u00f3n continua de estas conexiones crear\u00e1 una condici\u00f3n sostenida de Denegaci\u00f3n de Servicio (DoS). El problema se desencadena cuando se recibe y finaliza de una manera espec\u00edfica una alta tasa de solicitudes SSH simult\u00e1neas, lo que provoca que xinetd falle y deje procesos sshd inactivos. La explotaci\u00f3n exitosa de esta vulnerabilidad bloquea tanto el acceso SSH como los servicios que dependen de SSH, como SFTP y Netconf sobre SSH. Una vez que el sistema est\u00e9 en este estado, los usuarios leg\u00edtimos no podr\u00e1n conectarse mediante SSH al dispositivo hasta que el servicio se restablezca manualmente. Consulte la secci\u00f3n WORKAROUND a continuaci\u00f3n. Los administradores pueden monitorear un aumento en los procesos sshd inactivos utilizando el comando CLI: &gt; mostrar procesos del sistema | coincide con sshd root 25219 30901 0 16 de julio? 00:00:00 [sshd] Este problema afecta a Juniper Networks Junos OS Evolved: * Todas las versiones anteriores a 21.4R3-S7-EVO * Versiones 22.3-EVO anteriores a 22.3R2-S2-EVO, 22.3R3-S2- EVO; * Versiones 22.4-EVO anteriores a 22.4R3-EVO; * Versiones 23.2-EVO anteriores a 23.2R2-EVO. Este problema no afecta a Juniper Networks Junos OS Evolved 22.1-EVO ni 22.2-EVO."}], "lastModified": "2024-07-11T13:05:54.930", "sourceIdentifier": "sirt@juniper.net"}