How severe is CVE-2024-39559?

This vulnerability has a severity rating of HIGH with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2024-39559?

This is classified as CWE-754, which is a common weakness in software security.

CVE-2024-39559 - HIGH Severity | CVSS 5.9

Vulnerability Description

An Improper Check for Unusual or Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS Evolved may allow a network-based unauthenticated attacker to crash the device (vmcore) by sending a specific TCP packet over an established TCP session with MD5 authentication enabled, destined to an accessible port on the device, resulting in a Denial of Service (DoS). The receipt of this packet must occur within a specific timing window outside the attacker's control (i.e., race condition). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue only affects dual RE systems with Nonstop Active Routing (NSR) enabled. Exploitation can only occur over TCP sessions with MD5 authentication enabled (e.g., BGP with MD5 authentication). This issue affects Junos OS Evolved: * All versions before 21.2R3-S8-EVO, * from 21.4-EVO before 21.4R3-S6-EVO, * from 22.1-EVO before 22.1R3-S4-EVO, * from 22.2-EVO before 22.2R3-S4-EVO, * from 22.3-EVO before 22.3R3-S3-EVO, * from 22.4-EVO before 22.4R2-S2-EVO, 22.4R3-EVO.

Related Vulnerabilities

CVE-2018-7287

MEDIUM

CVSS:5.9(Medium)

An issue was discovered in res_http_websocket.c in Asterisk 15.x through 15.2.1. If the HTTP server is enabled (default is disabled), WebSocket payloads of size 0 are mishandled (with a busy loop).

CWE-7542018

CVE-2018-7803

MEDIUM

CVSS:5.9(Medium)

A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex TriStation Emulator V1.2.0, which could cause the emulator to crash when sending a specially crafted pac...

CWE-7542018

CVE-2021-27568

MEDIUM

CVSS:5.9(Medium)

An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. An exception is thrown from a function, but it is not caught, as demonstrated by NumberFormatExceptio...

CWE-7542021

CVE-2022-24323

MEDIUM

CVSS:5.9(Medium)

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software, when an...

CWE-7542022

CVE-2023-52534

MEDIUM

CVSS:5.9(Medium)

In ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges needed

CWE-7542023

CVE-2024-50602

MEDIUM

CVSS:5.9(Medium)

An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.

CWE-7542024