cve/2024/CVE-2024-21616.md

### [CVE-2024-21616](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21616)
![](https://img.shields.io/static/v1?label=Product&message=Junos%20OS&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%2021.2R3-S6%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-1286%3A%20Improper%20Validation%20of%20Syntactic%20Correctness%20of%20Input&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Denial%20of%20Service%20(DoS)&color=brighgreen)

### Description

An Improper Validation of Syntactic Correctness of Input vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS).On all Junos OS MX Series and SRX Series platforms, when SIP ALG is enabled, and a specific SIP packet is received and processed, NAT IP allocation fails for genuine traffic, which causes Denial of Service (DoS). Continuous receipt of this specific SIP ALG packet will cause a sustained DoS condition.NAT IP usage can be monitored by running the following command.user@srx> show security nat resource-usage source-pool <source_pool_name>Pool name: source_pool_name..Address Factor-index Port-range Used Avail Total UsageX.X.X.X0 Single Ports 50258 52342 62464 96% <<<<<- Alg Ports 0 2048 2048 0%This issue affects:Juniper Networks Junos OS on MX Series and SRX Series  *  All versions earlier than 21.2R3-S6;  *  21.3 versions earlier than 21.3R3-S5;  *  21.4 versions earlier than 21.4R3-S5;  *  22.1 versions earlier than 22.1R3-S4;  *  22.2 versions earlier than 22.2R3-S3;  *  22.3 versions earlier than 22.3R3-S1;  *  22.4 versions earlier than 22.4R2-S2, 22.4R3;  *  23.2 versions earlier than 23.2R1-S1, 23.2R2.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/HuzaifaPatel/houdini
Update CVE sources 2024-08-06 19:19 2024-08-06 19:19:10 +00:00			`### [CVE-2024-21616](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21616)`
			`![](https://img.shields.io/static/v1?label=Product&message=Junos%20OS&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=0%3C%2021.2R3-S6%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-1286%3A%20Improper%20Validation%20of%20Syntactic%20Correctness%20of%20Input&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=Denial%20of%20Service%20(DoS)&color=brighgreen)`

			`### Description`

			An Improper Validation of Syntactic Correctness of Input vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS).On all Junos OS MX Series and SRX Series platforms, when SIP ALG is enabled, and a specific SIP packet is received and processed, NAT IP allocation fails for genuine traffic, which causes Denial of Service (DoS). Continuous receipt of this specific SIP ALG packet will cause a sustained DoS condition.NAT IP usage can be monitored by running the following command.user@srx> show security nat resource-usage source-pool <source_pool_name>Pool name: source_pool_name..Address Factor-index Port-range Used Avail Total UsageX.X.X.X0 Single Ports 50258 52342 62464 96% <<<<<- Alg Ports 0 2048 2048 0%This issue affects:Juniper Networks Junos OS on MX Series and SRX Series * All versions earlier than 21.2R3-S6; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R2-S2, 22.4R3; * 23.2 versions earlier than 23.2R1-S1, 23.2R2.

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/HuzaifaPatel/houdini`