CVE-2024-39540
📋 TL;DR
An unauthenticated attacker can cause a denial-of-service by sending specific valid TCP traffic to affected Juniper devices, triggering a Packet Forwarding Engine crash and restart. This affects Juniper SRX Series and MX Series with SPC3 running specific Junos OS 21.2 releases. The vulnerability results in momentary but complete service outages.
💻 Affected Systems
- Juniper SRX Series
- Juniper MX Series with SPC3
📦 What is this software?
Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →⚠️ Risk & Real-World Impact
Worst Case
Complete network outage for all traffic passing through affected devices, potentially disrupting critical services until PFE restarts.
Likely Case
Intermittent service disruptions as PFE crashes and restarts when attackers send crafted TCP traffic.
If Mitigated
Minimal impact if devices are patched or workarounds are implemented to block malicious traffic.
🎯 Exploit Status
Vulnerability is triggered by specific valid TCP traffic patterns. No public exploit code is known at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Junos OS 21.2R3-S6 or later
Vendor Advisory: https://supportportal.juniper.net/JSA83000
Restart Required: Yes
Instructions:
1. Download Junos OS 21.2R3-S6 or later from Juniper support portal. 2. Upload to device. 3. Install using 'request system software add' command. 4. Reboot device to complete installation.
🔧 Temporary Workarounds
TCP Traffic Filtering
allImplement firewall rules or ACLs to block suspicious TCP traffic patterns that might trigger the vulnerability.
set security policies from-zone untrust to-zone trust policy block-tcp match source-address any
set security policies from-zone untrust to-zone trust policy block-tcp match destination-address any
set security policies from-zone untrust to-zone trust policy block-tcp match application junos-tcp
set security policies from-zone untrust to-zone trust policy block-tcp then deny
🧯 If You Can't Patch
- Implement strict network segmentation to limit exposure to untrusted networks.
- Deploy intrusion prevention systems to detect and block malicious TCP traffic patterns.
🔍 How to Verify
Check if Vulnerable:
Check Junos OS version with 'show version' command. If version is 21.2R3-S5 or between 21.2R3-S5 and 21.2R3-S6, device is vulnerable.Check Version:
show version | match JunosVerify Fix Applied:
After patching, verify version is 21.2R3-S6 or later using 'show version' command and monitor PFE stability.📡 Detection & Monitoring
Log Indicators:
- PFE crash messages in system logs
- Unexpected PFE restarts
- High CPU/memory usage before crash
Network Indicators:
- Unusual TCP traffic patterns to device interfaces
- Increased TCP retransmissions or resets
SIEM Query:
source="juniper-firewall" AND ("PFE crash" OR "Packet Forwarding Engine restart")