CVE-2024-30405

Name: CVE-2024-30405
Creator: NVD / NIST
Published: 2024-04-12T15:15:25.133+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.7/10EPSS 0.63%

Last modified Jun 17, 2026

CVE-2024-30405 is a high-severity vulnerability rated 8.7/10 on the CVSS scale. An Incorrect Calculation of Buffer Size vulnerability in Juniper Networks Junos OS SRX 5000 Series devices using SPC2 line cards while ALGs are enabled allows an attacker sending specific crafted packets to cause a transit traffic Denial of Service (DoS). Continued receipt and processing of these specific packets will sustain the Denial of Service condition. This issue affects: Juniper Networks Junos OS SRX 5000 Series with SPC2 with ALGs enabled. * All versions earlier than 21.2R3-S7; * 21.4 versions earlier than 21.4R3-S6; * 22.1 versions earlier than 22.1R3-S5; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R2.. EPSS estimates a 0.63% chance of exploitation in the next 30 days.

Description

An Incorrect Calculation of Buffer Size vulnerability in Juniper Networks Junos OS SRX 5000 Series devices using SPC2 line cards while ALGs are enabled allows an attacker sending specific crafted packets to cause a transit traffic Denial of Service (DoS). Continued receipt and processing of these specific packets will sustain the Denial of Service condition. This issue affects: Juniper Networks Junos OS SRX 5000 Series with SPC2 with ALGs enabled. * All versions earlier than 21.2R3-S7; * 21.4 versions earlier than 21.4R3-S6; * 22.1 versions earlier than 22.1R3-S5; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R2.

Metrics

CVSS 3.1

7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS 4.0

8.7/10

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS Probability

0.63%

45.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Juniper	Junos	< 21.2
Juniper	Junos	21.2
Juniper	Junos	21.4
Juniper	Junos	22.1
Juniper	Junos	22.2
Juniper	Junos	22.3
Juniper	Junos	22.4
Juniper	Junos	23.2

References

https://supportportal.juniper.net/JSA79105Vendor Advisory
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:LNot Applicable
https://supportportal.juniper.net/JSA79105Vendor Advisory
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:LNot Applicable

Timeline

Published: Apr 12, 2024
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2024-30405?

How severe is CVE-2024-30405?

CVE-2024-30405 has a CVSS score of 8.7/10 (HIGH severity). The EPSS model estimates a 0.63% probability of exploitation in the next 30 days.

How do I fix CVE-2024-30405?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2024-30405?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST