How severe is CVE-2024-39561?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.8 out of 10.

What type of vulnerability is CVE-2024-39561?

This is classified as CWE-754, which is a common weakness in software security.

CVE-2024-39561

MEDIUM Year: 2024

CVSS v3 Score

5.8

Medium

Weakness Type

CWE-754

View all →

Vulnerability Description

An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on SRX4600 and SRX5000 Series allows an attacker to send TCP packets with SYN/FIN or SYN/RST flags, bypassing the expected blocking of these packets. A TCP packet with SYN/FIN or SYN/RST should be dropped in flowd. However, when no-syn-check and Express Path are enabled, these TCP packets are unexpectedly transferred to the downstream network. This issue affects Junos OS on SRX4600 and SRX5000 Series: * All versions before 21.2R3-S8, * from 21.4 before 21.4R3-S7, * from 22.1 before 22.1R3-S6, * from 22.2 before 22.2R3-S4, * from 22.3 before 22.3R3-S3, * from 22.4 before 22.4R3-S2, * from 23.2 before 23.2R2, * from 23.4 before 23.4R1-S1, 23.4R2.

CVE-2021-0225

MEDIUM

CVSS:5.8(Medium)

An Improper Check for Unusual or Exceptional Conditions in Juniper Networks Junos OS Evolved may cause the stateless firewall filter configuration which uses the action 'policer' in certain combinatio...

CWE-7542021

CVE-2024-47507

MEDIUM

CVSS:5.8(Medium)

An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based at...

CWE-7542024

CVE-2021-33139

MEDIUM

CVSS:5.7(Medium)

Improper conditions check in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.100 may allow an authenticated user to potentially enable denial of...

CWE-7542021

CVE-2018-7287

MEDIUM

CVSS:5.9(Medium)

An issue was discovered in res_http_websocket.c in Asterisk 15.x through 15.2.1. If the HTTP server is enabled (default is disabled), WebSocket payloads of size 0 are mishandled (with a busy loop).

CWE-7542018

CVE-2018-7803

MEDIUM

CVSS:5.9(Medium)

A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex TriStation Emulator V1.2.0, which could cause the emulator to crash when sending a specially crafted pac...

CWE-7542018

CVE-2021-27568

MEDIUM

CVSS:5.9(Medium)

An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. An exception is thrown from a function, but it is not caught, as demonstrated by NumberFormatExceptio...

CWE-7542021

CVE-2024-39561

Vulnerability Description

Related Vulnerabilities

CVE-2021-0225

CVE-2024-47507

CVE-2021-33139

CVE-2018-7287

CVE-2018-7803

CVE-2021-27568