cvelistv5 - CVE-2024-30386

CVE-2024-30386 (GCVE-0-2024-30386)

Vulnerability from cvelistv5 – Published: 2024-04-12 15:23 – Updated: 2024-08-02 01:32

Summary

A Use-After-Free vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause l2ald to crash leading to a Denial-of-Service (DoS). In an EVPN-VXLAN scenario, when state updates are received and processed by the affected system, the correct order of some processing steps is not ensured, which can lead to an l2ald crash and restart. Whether the crash occurs depends on system internal timing which is outside the attackers control. This issue affects: Junos OS: * All versions before 20.4R3-S8, * 21.2 versions before 21.2R3-S6, * 21.3 versions before 21.3R3-S5, * 21.4 versions before 21.4R3-S4, * 22.1 versions before 22.1R3-S3, * 22.2 versions before 22.2R3-S1, * 22.3 versions before 22.3R3,, * 22.4 versions before 22.4R2; Junos OS Evolved: * All versions before 20.4R3-S8-EVO, * 21.2-EVO versions before 21.2R3-S6-EVO, * 21.3-EVO versions before 21.3R3-S5-EVO, * 21.4-EVO versions before 21.4R3-S4-EVO, * 22.1-EVO versions before 22.1R3-S3-EVO, * 22.2-EVO versions before 22.2R3-S1-EVO, * 22.3-EVO versions before 22.3R3-EVO, * 22.4-EVO versions before 22.4R2-EVO.

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

7.1 (High)


                        
                          CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

CWE

CWE-416 - Use After Free
Denial-of-Service (DoS)

Assigner

juniper

References

URL

Tags

	http://supportportal.juniper.net/JSA79184	vendor-advisory
	https://www.first.org/cvss/calculator/4.0#CVSS:4.…	technical-description

Impacted products

Vendor

Product

Version

Juniper Networks

Junos OS

Affected: 0 , < 20.4R3-S8 (semver)
Affected: 21.2 , < 21.2R3-S6 (semver)
Affected: 21.3 , < 21.3R3-S5 (semver)
Affected: 21.4 , < 21.4R3-S4 (semver)
Affected: 22.1 , < 22.1R3-S3 (semver)
Affected: 22.2 , < 22.2R3-S1 (semver)
Affected: 22.3 , < 22.3R3 (semver)
Affected: 22.4 , < 22.4R2 (semver)

Juniper Networks

Junos OS Evolved

Affected: 0 , < 20.4R3-S8-EVO (semver)
Affected: 21.2-EVO , < 21.2R3-S6-EVO (semver)
Affected: 21.3-EVO , < 21.3R3-S5-EVO (semver)
Affected: 21.4-EVO , < 21.4R3-S4-EVO (semver)
Affected: 22.1-EVO , < 22.1R3-S3-EVO (semver)
Affected: 22.2-EVO , < 22.2R3-S1-EVO (semver)
Affected: 22.3-EVO , < 22.3R3-EVO (semver)
Affected: 22.4-EVO , < 22.4R2-EVO (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-30386",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-12T17:34:57.452134Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:39:00.999Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:32:07.240Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://supportportal.juniper.net/JSA79184"
          },
          {
            "tags": [
              "technical-description",
              "x_transferred"
            ],
            "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "20.4R3-S8",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "21.2R3-S6",
              "status": "affected",
              "version": "21.2",
              "versionType": "semver"
            },
            {
              "lessThan": "21.3R3-S5",
              "status": "affected",
              "version": "21.3",
              "versionType": "semver"
            },
            {
              "lessThan": "21.4R3-S4",
              "status": "affected",
              "version": "21.4",
              "versionType": "semver"
            },
            {
              "lessThan": "22.1R3-S3",
              "status": "affected",
              "version": "22.1",
              "versionType": "semver"
            },
            {
              "lessThan": "22.2R3-S1",
              "status": "affected",
              "version": "22.2",
              "versionType": "semver"
            },
            {
              "lessThan": "22.3R3",
              "status": "affected",
              "version": "22.3",
              "versionType": "semver"
            },
            {
              "lessThan": "22.4R2",
              "status": "affected",
              "version": "22.4",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Junos OS Evolved",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "20.4R3-S8-EVO",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "21.2R3-S6-EVO",
              "status": "affected",
              "version": "21.2-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "21.3R3-S5-EVO",
              "status": "affected",
              "version": "21.3-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "21.4R3-S4-EVO",
              "status": "affected",
              "version": "21.4-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "22.1R3-S3-EVO",
              "status": "affected",
              "version": "22.1-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "22.2R3-S1-EVO",
              "status": "affected",
              "version": "22.2-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "22.3R3-EVO",
              "status": "affected",
              "version": "22.3-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "22.4R2-EVO",
              "status": "affected",
              "version": "22.4-EVO",
              "versionType": "semver"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(251, 251, 251);\"\u003eTo be exposed to this issue the device must be configured for EVPN-VXLAN. Refer to product documentation for how to configure EVPN-VXLAN as there are different configuration options.\u003c/span\u003e"
            }
          ],
          "value": "To be exposed to this issue the device must be configured for EVPN-VXLAN. Refer to product documentation for how to configure EVPN-VXLAN as there are different configuration options."
        }
      ],
      "datePublic": "2024-04-10T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A Use-After-Free vulnerability in the\u0026nbsp;\u003cspan style=\"background-color: rgb(251, 251, 251);\"\u003eLayer 2 Address Learning Daemon (l2ald)\u003c/span\u003e\n\n of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause l2ald to crash leading to a Denial-of-Service (DoS).\u003cbr\u003e\u003cbr\u003eIn an EVPN-VXLAN scenario,\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ewhen \u003c/span\u003e\n\nstate updates are received and processed by the affected system, the correct order of some processing steps is not ensured, which can lead to an l2ald crash and restart. Whether the crash occurs depends on system internal timing which is outside the attackers control.\u003cbr\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJunos OS:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 20.4R3-S8,\u003c/li\u003e\u003cli\u003e21.2 versions before 21.2R3-S6,\u003c/li\u003e\u003cli\u003e21.3 versions before 21.3R3-S5,\u003c/li\u003e\u003cli\u003e21.4 versions before 21.4R3-S4,\u003c/li\u003e\u003cli\u003e22.1 versions before 22.1R3-S3,\u003c/li\u003e\u003cli\u003e22.2 versions before 22.2R3-S1,\u003c/li\u003e\u003cli\u003e22.3 versions before 22.3R3,,\u003c/li\u003e\u003cli\u003e22.4 versions before 22.4R2;\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eJunos OS Evolved:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 20.4R3-S8-EVO,\u003c/li\u003e\u003cli\u003e21.2-EVO versions before 21.2R3-S6-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003e21.3-EVO\n\n versions before 21.3R3-S5-EVO,\u003c/li\u003e\u003cli\u003e21.4-EVO\n\n versions before 21.4R3-S4-EVO,\u003c/li\u003e\u003cli\u003e22.1-EVO\n\n versions before 22.1R3-S3-EVO,\u003c/li\u003e\u003cli\u003e22.2-EVO\n\n versions before 22.2R3-S1-EVO,\u003c/li\u003e\u003cli\u003e22.3-EVO\n\n versions before 22.3R3-EVO,\u003c/li\u003e\u003cli\u003e22.4-EVO\n\n\u003cspan style=\"background-color: var(--wht);\"\u003e versions before 22.4R2-EVO.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
            }
          ],
          "value": "A Use-After-Free vulnerability in the\u00a0Layer 2 Address Learning Daemon (l2ald)\n\n of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause l2ald to crash leading to a Denial-of-Service (DoS).\n\nIn an EVPN-VXLAN scenario,\u00a0when \n\nstate updates are received and processed by the affected system, the correct order of some processing steps is not ensured, which can lead to an l2ald crash and restart. Whether the crash occurs depends on system internal timing which is outside the attackers control.\nThis issue affects:\n\nJunos OS:\u00a0\n\n\n\n  *  All versions before 20.4R3-S8,\n  *  21.2 versions before 21.2R3-S6,\n  *  21.3 versions before 21.3R3-S5,\n  *  21.4 versions before 21.4R3-S4,\n  *  22.1 versions before 22.1R3-S3,\n  *  22.2 versions before 22.2R3-S1,\n  *  22.3 versions before 22.3R3,,\n  *  22.4 versions before 22.4R2;\n\n\n\n\nJunos OS Evolved:\u00a0\n\n\n\n  *  All versions before 20.4R3-S8-EVO,\n  *  21.2-EVO versions before 21.2R3-S6-EVO,\u00a0\n  *  21.3-EVO\n\n versions before 21.3R3-S5-EVO,\n  *  21.4-EVO\n\n versions before 21.4R3-S4-EVO,\n  *  22.1-EVO\n\n versions before 22.1R3-S3-EVO,\n  *  22.2-EVO\n\n versions before 22.2R3-S1-EVO,\n  *  22.3-EVO\n\n versions before 22.3R3-EVO,\n  *  22.4-EVO\n\n versions before 22.4R2-EVO."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "ADJACENT",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416 Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "description": "Denial-of-Service (DoS)",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-16T20:15:40.526Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://supportportal.juniper.net/JSA79184"
        },
        {
          "tags": [
            "technical-description"
          ],
          "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The following software releases have been updated to resolve this specific issue:\u003cbr\u003eJunos OS: 20.4R3-S8, 21.2R3-S6, 21.3R3-S5, 21.4R3-S4, 21.4R3-S5, 22.1R3-S3, 22.2R3-S1, 22.3R3, 22.3R3-S2, 22.4R2, 23.2R1, and all subsequent releases;\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eJunos OS Evolved: 20.4R3-S8-EVO, 21.2R3-S6-EVO, 21.3R3-S5-EVO, 21.4R3-S4-EVO, 22.1R3-S3-EVO, 22.2R3-S1-EVO, 22.3R3-EVO, 22.4R2-EVO, 23.2R1-EVO, and all subsequent releases.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "The following software releases have been updated to resolve this specific issue:\nJunos OS: 20.4R3-S8, 21.2R3-S6, 21.3R3-S5, 21.4R3-S4, 21.4R3-S5, 22.1R3-S3, 22.2R3-S1, 22.3R3, 22.3R3-S2, 22.4R2, 23.2R1, and all subsequent releases;\n\n\nJunos OS Evolved: 20.4R3-S8-EVO, 21.2R3-S6-EVO, 21.3R3-S5-EVO, 21.4R3-S4-EVO, 22.1R3-S3-EVO, 22.2R3-S1-EVO, 22.3R3-EVO, 22.4R2-EVO, 23.2R1-EVO, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA79184",
        "defect": [
          "1700170"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Junos OS and Junos OS Evolved: In a EVPN-VXLAN scenario state changes on adjacent systems can cause an l2ald process crash",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThere are no known workarounds for this issue.\u003c/p\u003e"
            }
          ],
          "value": "There are no known workarounds for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2024-30386",
    "datePublished": "2024-04-12T15:23:24.249Z",
    "dateReserved": "2024-03-26T23:06:12.476Z",
    "dateUpdated": "2024-08-02T01:32:07.240Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A Use-After-Free vulnerability in the\\u00a0Layer 2 Address Learning Daemon (l2ald)\\n\\n of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause l2ald to crash leading to a Denial-of-Service (DoS).\\n\\nIn an EVPN-VXLAN scenario,\\u00a0when \\n\\nstate updates are received and processed by the affected system, the correct order of some processing steps is not ensured, which can lead to an l2ald crash and restart. Whether the crash occurs depends on system internal timing which is outside the attackers control.\\nThis issue affects:\\n\\nJunos OS:\\u00a0\\n\\n\\n\\n  *  All versions before 20.4R3-S8,\\n  *  21.2 versions before 21.2R3-S6,\\n  *  21.3 versions before 21.3R3-S5,\\n  *  21.4 versions before 21.4R3-S4,\\n  *  22.1 versions before 22.1R3-S3,\\n  *  22.2 versions before 22.2R3-S1,\\n  *  22.3 versions before 22.3R3,,\\n  *  22.4 versions before 22.4R2;\\n\\n\\n\\n\\nJunos OS Evolved:\\u00a0\\n\\n\\n\\n  *  All versions before 20.4R3-S8-EVO,\\n  *  21.2-EVO versions before 21.2R3-S6-EVO,\\u00a0\\n  *  21.3-EVO\\n\\n versions before 21.3R3-S5-EVO,\\n  *  21.4-EVO\\n\\n versions before 21.4R3-S4-EVO,\\n  *  22.1-EVO\\n\\n versions before 22.1R3-S3-EVO,\\n  *  22.2-EVO\\n\\n versions before 22.2R3-S1-EVO,\\n  *  22.3-EVO\\n\\n versions before 22.3R3-EVO,\\n  *  22.4-EVO\\n\\n versions before 22.4R2-EVO.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad de Use-After-Free en el daemon de aprendizaje de direcciones de capa 2 (l2ald) de Juniper Networks Junos OS y Junos OS Evolved permite que un atacante adyacente no autenticado provoque que l2ald falle, lo que provoca una denegaci\\u00f3n de servicio (DoS). En un escenario EVPN-VXLAN, cuando el sistema afectado recibe y procesa actualizaciones de estado, no se garantiza el orden correcto de algunos pasos de procesamiento, lo que puede provocar un bloqueo y reinicio de l2ald. Que se produzca el fallo depende de la sincronizaci\\u00f3n interna del sistema, que est\\u00e1 fuera del control de los atacantes. Este problema afecta a: Junos OS: * Todas las versiones anteriores a 20.4R3-S8, * Versiones 21.2 anteriores a 21.2R3-S6, * Versiones 21.3 anteriores a 21.3R3-S5, * Versiones 21.4 anteriores a 21.4R3-S4, * Versiones 22.1 anteriores a 22.1R3- S3, * 22.2 versiones anteriores a 22.2R3-S1, * 22.3 versiones anteriores a 22.3R3, * 22.4 versiones anteriores a 22.4R2; Junos OS Evolved: * Todas las versiones anteriores a 20.4R3-S8-EVO, * Versiones 21.2-EVO anteriores a 21.2R3-S6-EVO, * Versiones 21.3-EVO anteriores a 21.3R3-S5-EVO, * Versiones 21.4-EVO anteriores a 21.4R3- S4-EVO, *versiones 22.1-EVO anteriores a 22.1R3-S3-EVO, *versiones 22.2-EVO anteriores a 22.2R3-S1-EVO, *versiones 22.3-EVO anteriores a 22.3R3-EVO, *versiones 22.4-EVO anteriores a 22.4R2- EVO.\"}]",
      "id": "CVE-2024-30386",
      "lastModified": "2024-11-21T09:11:49.213",
      "metrics": "{\"cvssMetricV40\": [{\"source\": \"sirt@juniper.net\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"4.0\", \"vectorString\": \"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\", \"baseScore\": 7.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"ADJACENT\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"vulnerableSystemConfidentiality\": \"NONE\", \"vulnerableSystemIntegrity\": \"NONE\", \"vulnerableSystemAvailability\": \"HIGH\", \"subsequentSystemConfidentiality\": \"NONE\", \"subsequentSystemIntegrity\": \"NONE\", \"subsequentSystemAvailability\": \"LOW\", \"exploitMaturity\": \"NOT_DEFINED\", \"confidentialityRequirements\": \"NOT_DEFINED\", \"integrityRequirements\": \"NOT_DEFINED\", \"availabilityRequirements\": \"NOT_DEFINED\", \"modifiedAttackVector\": \"NOT_DEFINED\", \"modifiedAttackComplexity\": \"NOT_DEFINED\", \"modifiedAttackRequirements\": \"NOT_DEFINED\", \"modifiedPrivilegesRequired\": \"NOT_DEFINED\", \"modifiedUserInteraction\": \"NOT_DEFINED\", \"modifiedVulnerableSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedVulnerableSystemIntegrity\": \"NOT_DEFINED\", \"modifiedVulnerableSystemAvailability\": \"NOT_DEFINED\", \"modifiedSubsequentSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedSubsequentSystemIntegrity\": \"NOT_DEFINED\", \"modifiedSubsequentSystemAvailability\": \"NOT_DEFINED\", \"safety\": \"NOT_DEFINED\", \"automatable\": \"NOT_DEFINED\", \"recovery\": \"NOT_DEFINED\", \"valueDensity\": \"NOT_DEFINED\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\"}}], \"cvssMetricV31\": [{\"source\": \"sirt@juniper.net\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.6, \"impactScore\": 3.6}]}",
      "published": "2024-04-12T16:15:37.650",
      "references": "[{\"url\": \"http://supportportal.juniper.net/JSA79184\", \"source\": \"sirt@juniper.net\"}, {\"url\": \"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L\", \"source\": \"sirt@juniper.net\"}, {\"url\": \"http://supportportal.juniper.net/JSA79184\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "sirt@juniper.net",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"sirt@juniper.net\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-416\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-30386\",\"sourceIdentifier\":\"sirt@juniper.net\",\"published\":\"2024-04-12T16:15:37.650\",\"lastModified\":\"2025-02-06T20:36:32.980\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A Use-After-Free vulnerability in the\u00a0Layer 2 Address Learning Daemon (l2ald)\\n\\n of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause l2ald to crash leading to a Denial-of-Service (DoS).\\n\\nIn an EVPN-VXLAN scenario,\u00a0when \\n\\nstate updates are received and processed by the affected system, the correct order of some processing steps is not ensured, which can lead to an l2ald crash and restart. Whether the crash occurs depends on system internal timing which is outside the attackers control.\\nThis issue affects:\\n\\nJunos OS:\u00a0\\n\\n\\n\\n  *  All versions before 20.4R3-S8,\\n  *  21.2 versions before 21.2R3-S6,\\n  *  21.3 versions before 21.3R3-S5,\\n  *  21.4 versions before 21.4R3-S4,\\n  *  22.1 versions before 22.1R3-S3,\\n  *  22.2 versions before 22.2R3-S1,\\n  *  22.3 versions before 22.3R3,,\\n  *  22.4 versions before 22.4R2;\\n\\n\\n\\n\\nJunos OS Evolved:\u00a0\\n\\n\\n\\n  *  All versions before 20.4R3-S8-EVO,\\n  *  21.2-EVO versions before 21.2R3-S6-EVO,\u00a0\\n  *  21.3-EVO\\n\\n versions before 21.3R3-S5-EVO,\\n  *  21.4-EVO\\n\\n versions before 21.4R3-S4-EVO,\\n  *  22.1-EVO\\n\\n versions before 22.1R3-S3-EVO,\\n  *  22.2-EVO\\n\\n versions before 22.2R3-S1-EVO,\\n  *  22.3-EVO\\n\\n versions before 22.3R3-EVO,\\n  *  22.4-EVO\\n\\n versions before 22.4R2-EVO.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de Use-After-Free en el daemon de aprendizaje de direcciones de capa 2 (l2ald) de Juniper Networks Junos OS y Junos OS Evolved permite que un atacante adyacente no autenticado provoque que l2ald falle, lo que provoca una denegaci\u00f3n de servicio (DoS). En un escenario EVPN-VXLAN, cuando el sistema afectado recibe y procesa actualizaciones de estado, no se garantiza el orden correcto de algunos pasos de procesamiento, lo que puede provocar un bloqueo y reinicio de l2ald. Que se produzca el fallo depende de la sincronizaci\u00f3n interna del sistema, que est\u00e1 fuera del control de los atacantes. Este problema afecta a: Junos OS: * Todas las versiones anteriores a 20.4R3-S8, * Versiones 21.2 anteriores a 21.2R3-S6, * Versiones 21.3 anteriores a 21.3R3-S5, * Versiones 21.4 anteriores a 21.4R3-S4, * Versiones 22.1 anteriores a 22.1R3- S3, * 22.2 versiones anteriores a 22.2R3-S1, * 22.3 versiones anteriores a 22.3R3, * 22.4 versiones anteriores a 22.4R2; Junos OS Evolved: * Todas las versiones anteriores a 20.4R3-S8-EVO, * Versiones 21.2-EVO anteriores a 21.2R3-S6-EVO, * Versiones 21.3-EVO anteriores a 21.3R3-S5-EVO, * Versiones 21.4-EVO anteriores a 21.4R3- S4-EVO, *versiones 22.1-EVO anteriores a 22.1R3-S3-EVO, *versiones 22.2-EVO anteriores a 22.2R3-S1-EVO, *versiones 22.3-EVO anteriores a 22.3R3-EVO, *versiones 22.4-EVO anteriores a 22.4R2- EVO.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"LOW\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"20.4\",\"matchCriteriaId\":\"E3A96966-5060-4139-A124-D4E2C879FD6C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:20.4:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D361B23-A3C2-444B-BEB8-E231DA950567\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:20.4:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"20DDC6B7-BFC4-4F0B-8E68-442C23765BF2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:20.4:r1-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"037BA01C-3F5C-4503-A633-71765E9EF774\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:20.4:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"C54B047C-4B38-40C0-9855-067DCF7E48BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:20.4:r2-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"38984199-E332-4A9C-A4C0-78083D052E15\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:20.4:r2-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA6526FB-2941-4D18-9B2E-472AD5A62A53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:20.4:r3:*:*:*:*:*:*\",\"matchCriteriaId\":\"09876787-A40A-4340-9C12-8628C325353B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:20.4:r3-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"41615104-C17E-44DA-AB0D-6E2053BD4EF4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:20.4:r3-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"1981DE38-36B5-469D-917E-92717EE3ED53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:20.4:r3-s3:*:*:*:*:*:*\",\"matchCriteriaId\":\"AFA68ACD-AAE5-4577-B734-23AAF77BC85A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:20.4:r3-s4:*:*:*:*:*:*\",\"matchCriteriaId\":\"65948ABC-22BB-46D5-8545-0806EDB4B86E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:20.4:r3-s5:*:*:*:*:*:*\",\"matchCriteriaId\":\"283E41CB-9A90-4521-96DC-F31AA592CFD8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:20.4:r3-s6:*:*:*:*:*:*\",\"matchCriteriaId\":\"14EEA504-CBC5-4F6F-889A-D505EC4BB5B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:20.4:r3-s7:*:*:*:*:*:*\",\"matchCriteriaId\":\"977DEF80-0DB5-4828-97AC-09BB3111D585\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"216E7DDE-453D-481F-92E2-9F8466CDDA3F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.2:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"A52AF794-B36B-43A6-82E9-628658624B0A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.2:r1-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"3998DC76-F72F-4452-9150-652140B113EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.2:r1-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"36ED4552-2420-45F9-B6E4-6DA2B2B12870\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.2:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"C28A14E7-7EA0-4757-9764-E39A27CFDFA5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.2:r2-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A43752D-A4AF-4B4E-B95B-192E42883A5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.2:r2-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"42986538-E9D0-4C2E-B1C4-A763A4EE451B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.2:r3:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE22CA01-EA7E-4EE5-B59F-EE100688C1DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.2:r3-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"E596ABD9-6ECD-48DC-B770-87B7E62EA345\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.2:r3-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"71745D02-D226-44DC-91AD-678C85F5E6FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.2:r3-s3:*:*:*:*:*:*\",\"matchCriteriaId\":\"39E44B09-7310-428C-8144-AE9DB0484D1F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.2:r3-s4:*:*:*:*:*:*\",\"matchCriteriaId\":\"53938295-8999-4316-9DED-88E24D037852\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.2:r3-s5:*:*:*:*:*:*\",\"matchCriteriaId\":\"2307BF56-640F-49A8-B060-6ACB0F653A61\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.3:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E7D597D-F6B6-44C3-9EBC-4FA0686ACB5C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.3:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC78A4CB-D617-43FC-BB51-287D2D0C44ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.3:r1-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"30FF67F8-1E3C-47A8-8859-709B3614BA6E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.3:r1-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C7C507E-C85E-4BC6-A3B0-549516BAB524\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.3:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"6514CDE8-35DC-469F-89A3-078684D18F7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.3:r2-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"4624565D-8F59-44A8-B7A8-01AD579745E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.3:r2-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4BF8CD82-C338-4D9A-8C98-FCB3CEAA9227\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.3:r3:*:*:*:*:*:*\",\"matchCriteriaId\":\"57E08E70-1AF3-4BA5-9A09-06DFE9663ADE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.3:r3-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"255B6F20-D32F-42C1-829C-AE9C7923558A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.3:r3-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"90AE30DB-C448-4FE9-AC11-FF0F27CDA227\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.3:r3-s3:*:*:*:*:*:*\",\"matchCriteriaId\":\"93F324AE-65D3-4CFC-AEAB-898CE1BD05CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.3:r3-s4:*:*:*:*:*:*\",\"matchCriteriaId\":\"3CCBB2F4-F05B-4CC5-9B1B-ECCB798D0483\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.4:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"79ED3CE8-CC57-43AB-9A26-BBC87816062D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.4:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"4310D2D9-A8A6-48F8-9384-0A0692A1E1C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.4:r1-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9962B01C-C57C-4359-9532-676AB81CE8B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.4:r1-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"62178549-B679-4902-BFDB-2993803B7FCE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.4:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"9AD697DF-9738-4276-94ED-7B9380CD09F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.4:r2-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"09FF5818-0803-4646-A386-D7C645EE58A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.4:r2-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"2229FA59-EB24-49A2-85CE-F529A8DE6BA7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.4:r3:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CB280D8-C5D8-4B51-A879-496ACCDE4538\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.4:r3-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F3F54F1-75B3-400D-A735-2C27C8CEBE79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.4:r3-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"476A49E7-37E9-40F9-BF2D-9BBFFAA1DFFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.4:r3-s3:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A5B196A-2AF1-4AE5-9148-A75A572807BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.1:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D157211-535E-4B2D-B2FE-F697FAFDF65C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.1:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F96EBE9-2532-4E35-ABA5-CA68830476A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.1:r1-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4D936AE-FD74-4823-A824-2D9F24C25BFB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.1:r1-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"E117E493-F4E1-4568-88E3-F243C74A2662\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.1:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"01E3E308-FD9C-4686-8C35-8472A0E99F0D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.1:r2-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"3683A8F5-EE0E-4936-A005-DF7F6B75DED3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.1:r2-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B615DBA-8C53-41D4-B264-D3EED8578471\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.1:r3:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3124DD0-9E42-4896-9060-CB7DD07FC342\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.1:r3-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"44F6FD6C-03AF-4D2C-B411-A753DE12A2DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.1:r3-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"D49FFB60-BA71-4902-9404-E67162919ADC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"06156CD6-09D3-4A05-9C5E-BC64A70640F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.2:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"E949B21B-AD62-4022-9088-06313277479E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.2:r1-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D862E6F-0D01-4B25-8340-888C30F75A2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.2:r1-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F28F73E-8563-41B9-A313-BBAAD5B57A67\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.2:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"E37D4694-C80B-475E-AB5B-BB431F59C5E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.2:r2-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"5EC0D2D2-4922-4675-8A2C-57A08D7BE334\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.2:r2-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EC91F9D-DEDA-46B4-A39F-59A2CDB86C2E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.2:r3:*:*:*:*:*:*\",\"matchCriteriaId\":\"591AA3E6-62A2-4A1A-A04C-E808F71D8B6E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.3:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"CEB98E3F-B0A9-488F-ACFC-56B9485E7C9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.3:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"19519212-51DD-4448-B115-8A20A40192CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.3:r1-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"5CC9909E-AE9F-414D-99B1-83AA04D5297B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.3:r1-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"FDE9E767-4713-4EA2-8D00-1382975A4A15\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.3:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"59DDA54E-6845-47EB-AE3C-5EC6BD33DFA7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.3:r2-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"574730B0-56C8-4A03-867B-1737148ED9B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.3:r2-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"20EBC676-1B26-4A71-8326-0F892124290A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.4:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"1379EF30-AF04-4F98-8328-52A631F24737\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.4:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"28E42A41-7965-456B-B0AF-9D3229CE4D4C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.4:r1-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB1A77D6-D3AD-481B-979C-8F778530B175\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.4:r1-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A064B6B-A99B-4D8D-A62D-B00C7870BC30\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"20.4\",\"matchCriteriaId\":\"0F41A7DF-2B27-4E2E-ABFC-E0510A028199\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:20.4:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"247FB9DF-7EC0-4298-B27C-3235D141C1D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:20.4:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9C8866D-162F-4C9B-8167-2FBA25410368\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:20.4:r1-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"F85E5BC7-8607-4330-AA72-2273D32F8604\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:20.4:r1-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"878C81C9-A418-4A21-8FDB-2116A992679C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:20.4:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"7451A671-A3CC-4904-8D45-947B1D3783C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"0108AD20-EAE6-41D1-AE48-254C46B5388A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"44FBCA6F-EB05-4EE4-85FD-944BDAF7D81B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s3:*:*:*:*:*:*\",\"matchCriteriaId\":\"E554FD12-FE69-44D1-B2C9-4382F8CA4456\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:20.4:r3:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0C1D53E-70BE-4246-89ED-1074C8C70747\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"B39DDCF8-BB68-49F4-8AAF-AE25C9C13AC1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"B38A90A9-B739-49BE-8845-9ABF846CCC5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s3:*:*:*:*:*:*\",\"matchCriteriaId\":\"AAE56A7C-BA26-405F-A640-C43AF78B0A3B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s4:*:*:*:*:*:*\",\"matchCriteriaId\":\"683D8EED-9F26-41E7-B69C-FE198225A8F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s5:*:*:*:*:*:*\",\"matchCriteriaId\":\"8979C85C-87DD-42B1-9CCC-BC3F7007C600\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s6:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BDD5111-1BC2-456B-8A31-F2D252DF613C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s7:*:*:*:*:*:*\",\"matchCriteriaId\":\"89B9BF7C-525C-4819-B80D-9B5F240F9878\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:21.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"620B0CDD-5566-472E-B96A-31D2C12E3120\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:21.2:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"3EA3DC63-B290-4D15-BEF9-21DEF36CA2EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:21.2:r1-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E1E57AF-979B-4022-8AD6-B3558E06B718\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:21.2:r1-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"144730FB-7622-4B3D-9C47-D1B7A7FB7EB0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:21.2:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BA246F0-154E-4F44-A97B-690D22FA73DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:21.2:r2-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"25D6C07C-F96E-4523-BB54-7FEABFE1D1ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:21.2:r2-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B70C784-534B-4FAA-A5ED-3709656E2B97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:21.2:r3:*:*:*:*:*:*\",\"matchCriteriaId\":\"60448FFB-568E-4280-9261-ADD65244F31A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B770C52-7E3E-4B92-9138-85DEC56F3B22\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"E88AC378-461C-4EFA-A04B-5786FF21FE03\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s3:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B0AFB30-81DC-465C-9F63-D1B15EA4809A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s4:*:*:*:*:*:*\",\"matchCriteriaId\":\"2035F0AC-29E7-478A-A9D0-BAA3A88B3413\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s5:*:*:*:*:*:*\",\"matchCriteriaId\":\"C34ABD4B-B045-4046-9641-66E3B2082A25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:21.3:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"4EC38173-44AB-43D5-8C27-CB43AD5E0B2E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:21.3:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A4DD04A-DE52-46BE-8C34-8DB47F7500F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:21.3:r1-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"FEE0E145-8E1C-446E-90ED-237E3B9CAF47\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:21.3:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F26369D-21B2-4C6A-98C1-492692A61283\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:21.3:r2-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"24003819-1A6B-4BDF-B3DF-34751C137788\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:21.3:r2-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF8D332E-9133-45B9-BB07-B33C790F737A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:21.3:r3:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E2A4377-D044-4E43-B6CC-B753D7F6ABD4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:21.3:r3-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"8DAEC4F4-5748-4D36-A72B-4C62A0A30E38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:21.3:r3-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"C76DA7A5-9320-4E21-96A2-ACE70803A1CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:21.3:r3-s3:*:*:*:*:*:*\",\"matchCriteriaId\":\"703C73EB-2D63-4D4F-8129-239AE1E96B2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:21.3:r3-s4:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F67CE3C-3A06-487C-90DE-D5B3B1EC08A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:21.4:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E907193-075E-45BC-9257-9607DB790D71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:21.4:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B73A41D-3FF5-4E53-83FF-74DF58E0D6C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"CEDF46A8-FC3A-4779-B695-2CA11D045AEB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"39809219-9F87-4583-9DAD-9415DD320B36\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:21.4:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB299492-A919-4EBA-A62A-B3CF02FC0A95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"74ED0939-D5F8-4334-9838-40F29DE3597F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6937069-8C19-4B01-8415-ED7E9EAE2CE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:21.4:r3:*:*:*:*:*:*\",\"matchCriteriaId\":\"97DB6DD5-F5DD-4AE1-AF2F-8DB9E18FF882\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"21DF05B8-EF7E-422F-8831-06904160714C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"492FCE45-68A1-4378-85D4-C4034FE0D836\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s3:*:*:*:*:*:*\",\"matchCriteriaId\":\"522114CC-1505-4205-B4B8-797DE1BD833B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:22.1:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"C16434C0-21A7-4CE5-92E1-7D60A35EF5D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:22.1:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"750FE748-82E7-4419-A061-2DEA26E35309\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:22.1:r1-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"236E23E5-8B04-4081-9D97-7300DF284000\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:22.1:r1-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"5FC96EA7-90A7-4838-B95D-60DBC88C7BC7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:22.1:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"97541867-C52F-40BB-9AAE-7E87ED23D789\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:22.1:r2-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"85CF6664-E35A-4E9B-95C0-CDC91F7F331A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:22.1:r3:*:*:*:*:*:*\",\"matchCriteriaId\":\"E048A05D-882F-4B1C-BA32-3BBA3FEA31A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:22.1:r3-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"47E8D51D-1424-4B07-B036-E3E195F21AC2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:22.1:r3-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F3C82ED-5728-406F-ACF6-D7411B0AB6C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:22.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3CA3365-F9AF-40DF-8700-30AD4BC58E27\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:22.2:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D77A072D-350A-42F2-8324-7D3AC1711BF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:22.2:r1-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"83AE395C-A651-4568-88E3-3600544BF799\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:22.2:r1-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7FEFD0A-A969-4F53-8668-1231FD675D6F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:22.2:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3BE1FD4-DAD9-4357-A2E9-20E5826B0D5C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:22.2:r2-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"81CC3480-4B65-4588-8D46-FA80A8F6D143\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:22.2:r2-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7E76F5F-DB37-4B7F-9247-3CEB4EBD7696\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:22.2:r3:*:*:*:*:*:*\",\"matchCriteriaId\":\"C63DBEE5-B0C2-498F-A672-B6596C89B0A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:22.3:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE2EF84D-55A9-41DC-A324-69E1DC426D0B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:22.3:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"433631CA-3AC4-4D66-9B46-AEA4209347F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:22.3:r1-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E4CD8AD-277A-4FC5-A102-3E151060C216\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:22.3:r1-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4BC09BAC-83E7-48CE-B571-ED49277B2987\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:22.3:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA4481D2-F693-48A5-8DBC-E86430987A25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:22.3:r2-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"136CA584-2475-4A14-9771-F367180201D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:22.3:r2-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4546776C-A657-42E3-9A36-47F9F59A88AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:22.4:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A33C425-921F-4795-B834-608C8F1597E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:22.4:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"93887799-F62C-4A4A-BCF5-004D0B4D4154\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"62C473D2-2612-4480-82D8-8A24D0687BBD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"7FB4C5CA-A709-4B13-A9E0-372098A72AD3\"}]}]}],\"references\":[{\"url\":\"http://supportportal.juniper.net/JSA79184\",\"source\":\"sirt@juniper.net\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L\",\"source\":\"sirt@juniper.net\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"http://supportportal.juniper.net/JSA79184\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://supportportal.juniper.net/JSA79184\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L\", \"tags\": [\"technical-description\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T01:32:07.240Z\"}}, {\"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-30386\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-04-12T17:34:57.452134Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-23T16:44:57.767Z\"}, \"title\": \"CISA ADP Vulnrichment\"}], \"cna\": {\"title\": \"Junos OS and Junos OS Evolved: In a EVPN-VXLAN scenario state changes on adjacent systems can cause an l2ald process crash\", \"source\": {\"defect\": [\"1700170\"], \"advisory\": \"JSA79184\", \"discovery\": \"INTERNAL\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"ADJACENT_NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 7.1, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"ADJACENT\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"LOW\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Juniper Networks\", \"product\": \"Junos OS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"20.4R3-S8\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"21.2\", \"lessThan\": \"21.2R3-S6\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"21.3\", \"lessThan\": \"21.3R3-S5\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"21.4\", \"lessThan\": \"21.4R3-S4\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"22.1\", \"lessThan\": \"22.1R3-S3\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"22.2\", \"lessThan\": \"22.2R3-S1\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"22.3\", \"lessThan\": \"22.3R3\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"22.4\", \"lessThan\": \"22.4R2\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Juniper Networks\", \"product\": \"Junos OS Evolved\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"20.4R3-S8-EVO\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"21.2-EVO\", \"lessThan\": \"21.2R3-S6-EVO\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"21.3-EVO\", \"lessThan\": \"21.3R3-S5-EVO\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"21.4-EVO\", \"lessThan\": \"21.4R3-S4-EVO\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"22.1-EVO\", \"lessThan\": \"22.1R3-S3-EVO\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"22.2-EVO\", \"lessThan\": \"22.2R3-S1-EVO\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"22.3-EVO\", \"lessThan\": \"22.3R3-EVO\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"22.4-EVO\", \"lessThan\": \"22.4R2-EVO\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\", \"base64\": false}]}], \"solutions\": [{\"lang\": \"en\", \"value\": \"The following software releases have been updated to resolve this specific issue:\\nJunos OS: 20.4R3-S8, 21.2R3-S6, 21.3R3-S5, 21.4R3-S4, 21.4R3-S5, 22.1R3-S3, 22.2R3-S1, 22.3R3, 22.3R3-S2, 22.4R2, 23.2R1, and all subsequent releases;\\n\\n\\nJunos OS Evolved: 20.4R3-S8-EVO, 21.2R3-S6-EVO, 21.3R3-S5-EVO, 21.4R3-S4-EVO, 22.1R3-S3-EVO, 22.2R3-S1-EVO, 22.3R3-EVO, 22.4R2-EVO, 23.2R1-EVO, and all subsequent releases.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"The following software releases have been updated to resolve this specific issue:\u003cbr\u003eJunos OS: 20.4R3-S8, 21.2R3-S6, 21.3R3-S5, 21.4R3-S4, 21.4R3-S5, 22.1R3-S3, 22.2R3-S1, 22.3R3, 22.3R3-S2, 22.4R2, 23.2R1, and all subsequent releases;\u003cbr\u003e\\n\\n\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eJunos OS Evolved: 20.4R3-S8-EVO, 21.2R3-S6-EVO, 21.3R3-S5-EVO, 21.4R3-S4-EVO, 22.1R3-S3-EVO, 22.2R3-S1-EVO, 22.3R3-EVO, 22.4R2-EVO, 23.2R1-EVO, and all subsequent releases.\u003c/span\u003e\u003cbr\u003e\", \"base64\": false}]}], \"datePublic\": \"2024-04-10T16:00:00.000Z\", \"references\": [{\"url\": \"http://supportportal.juniper.net/JSA79184\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L\", \"tags\": [\"technical-description\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"There are no known workarounds for this issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eThere are no known workarounds for this issue.\u003c/p\u003e\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A Use-After-Free vulnerability in the\\u00a0Layer 2 Address Learning Daemon (l2ald)\\n\\n of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause l2ald to crash leading to a Denial-of-Service (DoS).\\n\\nIn an EVPN-VXLAN scenario,\\u00a0when \\n\\nstate updates are received and processed by the affected system, the correct order of some processing steps is not ensured, which can lead to an l2ald crash and restart. Whether the crash occurs depends on system internal timing which is outside the attackers control.\\nThis issue affects:\\n\\nJunos OS:\\u00a0\\n\\n\\n\\n  *  All versions before 20.4R3-S8,\\n  *  21.2 versions before 21.2R3-S6,\\n  *  21.3 versions before 21.3R3-S5,\\n  *  21.4 versions before 21.4R3-S4,\\n  *  22.1 versions before 22.1R3-S3,\\n  *  22.2 versions before 22.2R3-S1,\\n  *  22.3 versions before 22.3R3,,\\n  *  22.4 versions before 22.4R2;\\n\\n\\n\\n\\nJunos OS Evolved:\\u00a0\\n\\n\\n\\n  *  All versions before 20.4R3-S8-EVO,\\n  *  21.2-EVO versions before 21.2R3-S6-EVO,\\u00a0\\n  *  21.3-EVO\\n\\n versions before 21.3R3-S5-EVO,\\n  *  21.4-EVO\\n\\n versions before 21.4R3-S4-EVO,\\n  *  22.1-EVO\\n\\n versions before 22.1R3-S3-EVO,\\n  *  22.2-EVO\\n\\n versions before 22.2R3-S1-EVO,\\n  *  22.3-EVO\\n\\n versions before 22.3R3-EVO,\\n  *  22.4-EVO\\n\\n versions before 22.4R2-EVO.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"A Use-After-Free vulnerability in the\u0026nbsp;\u003cspan style=\\\"background-color: rgb(251, 251, 251);\\\"\u003eLayer 2 Address Learning Daemon (l2ald)\u003c/span\u003e\\n\\n of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause l2ald to crash leading to a Denial-of-Service (DoS).\u003cbr\u003e\u003cbr\u003eIn an EVPN-VXLAN scenario,\u0026nbsp;\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003ewhen \u003c/span\u003e\\n\\nstate updates are received and processed by the affected system, the correct order of some processing steps is not ensured, which can lead to an l2ald crash and restart. Whether the crash occurs depends on system internal timing which is outside the attackers control.\u003cbr\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJunos OS:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 20.4R3-S8,\u003c/li\u003e\u003cli\u003e21.2 versions before 21.2R3-S6,\u003c/li\u003e\u003cli\u003e21.3 versions before 21.3R3-S5,\u003c/li\u003e\u003cli\u003e21.4 versions before 21.4R3-S4,\u003c/li\u003e\u003cli\u003e22.1 versions before 22.1R3-S3,\u003c/li\u003e\u003cli\u003e22.2 versions before 22.2R3-S1,\u003c/li\u003e\u003cli\u003e22.3 versions before 22.3R3,,\u003c/li\u003e\u003cli\u003e22.4 versions before 22.4R2;\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eJunos OS Evolved:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 20.4R3-S8-EVO,\u003c/li\u003e\u003cli\u003e21.2-EVO versions before 21.2R3-S6-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003e21.3-EVO\\n\\n versions before 21.3R3-S5-EVO,\u003c/li\u003e\u003cli\u003e21.4-EVO\\n\\n versions before 21.4R3-S4-EVO,\u003c/li\u003e\u003cli\u003e22.1-EVO\\n\\n versions before 22.1R3-S3-EVO,\u003c/li\u003e\u003cli\u003e22.2-EVO\\n\\n versions before 22.2R3-S1-EVO,\u003c/li\u003e\u003cli\u003e22.3-EVO\\n\\n versions before 22.3R3-EVO,\u003c/li\u003e\u003cli\u003e22.4-EVO\\n\\n\u003cspan style=\\\"background-color: var(--wht);\\\"\u003e versions before 22.4R2-EVO.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-416\", \"description\": \"CWE-416 Use After Free\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"description\": \"Denial-of-Service (DoS)\"}]}], \"configurations\": [{\"lang\": \"en\", \"value\": \"To be exposed to this issue the device must be configured for EVPN-VXLAN. Refer to product documentation for how to configure EVPN-VXLAN as there are different configuration options.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(251, 251, 251);\\\"\u003eTo be exposed to this issue the device must be configured for EVPN-VXLAN. Refer to product documentation for how to configure EVPN-VXLAN as there are different configuration options.\u003c/span\u003e\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"8cbe9d5a-a066-4c94-8978-4b15efeae968\", \"shortName\": \"juniper\", \"dateUpdated\": \"2024-05-16T20:15:40.526Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-30386\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-02T01:32:07.240Z\", \"dateReserved\": \"2024-03-26T23:06:12.476Z\", \"assignerOrgId\": \"8cbe9d5a-a066-4c94-8978-4b15efeae968\", \"datePublished\": \"2024-04-12T15:23:24.249Z\", \"assignerShortName\": \"juniper\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

WID-SEC-W-2024-0855

Vulnerability from csaf_certbund - Published: 2024-04-10 22:00 - Updated: 2024-04-10 22:00

Summary

Juniper Produkte: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

JUNOS ist das "Juniper Network Operating System", das in Juniper Appliances verwendet wird. Die Juniper MX-Serie ist eine Produktfamilie von Routern. Bei den Switches der Juniper EX-Serie handelt es sich um Access- und Aggregations-/Core-Layer-Switches. SRX Series Services Gateways ist ein Next-Generation Anti-Threat Firewall von Juniper. Die Switches der QFX-Serie von Juniper sichern und automatisieren Netzwerke in Rechenzentren.

Angriff

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Juniper Produkten ausnutzen um Denial of Service Zustände zu verursachen, Informationen offenzulegen und Sicherheitsmechanismen zu umgehen.

Betroffene Betriebssysteme

- Juniper Appliance

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "JUNOS ist das \"Juniper Network Operating System\", das in Juniper Appliances verwendet wird.\r\nDie Juniper MX-Serie ist eine Produktfamilie von Routern.\r\nBei den Switches der Juniper EX-Serie handelt es sich um Access- und Aggregations-/Core-Layer-Switches.\r\nSRX Series Services Gateways ist ein Next-Generation Anti-Threat Firewall von Juniper.\r\nDie Switches der QFX-Serie von Juniper sichern und automatisieren Netzwerke in Rechenzentren.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Juniper Produkten ausnutzen um Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen und Sicherheitsmechanismen zu umgehen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Juniper Appliance",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0855 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0855.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0855 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0855"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin vom 2024-04-10",
        "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-Evolved-Packets-which-are-not-destined-to-the-device-can-reach-the-RE-CVE-2024-21590?language=en_US"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin vom 2024-04-10",
        "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-MX-Series-with-MPC10-MPC11-LC9600-and-MX304-A-specific-MPLS-packet-will-cause-a-PFE-crash-CVE-2024-21593?language=en_US"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin vom 2024-04-10",
        "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-malformed-BGP-tunnel-encapsulation-attribute-will-lead-to-an-rpd-crash-CVE-2024-21598?language=en_US"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin vom 2024-04-10",
        "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-SRX-300-Series-Specific-link-local-traffic-causes-a-control-plane-overload-CVE-2024-21605?language=en_US"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin vom 2024-04-10",
        "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-MX-Series-with-SPC3-and-SRX-Series-If-specific-IPsec-parameters-are-negotiated-iked-will-crash-due-to-a-memory-leak-CVE-2024-21609?language=en_US"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin vom 2024-04-10",
        "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-MX-Series-In-a-scaled-subscriber-scenario-if-CoS-information-is-gathered-mgd-processes-gets-stuck-CVE-2024-21610?language=en_US"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin vom 2024-04-10",
        "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-low-privileged-user-can-access-confidential-information-CVE-2024-21615?language=en_US"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin vom 2024-04-10",
        "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-When-LLDP-is-enabled-and-a-malformed-LLDP-packet-is-received-l2cpd-crashes-CVE-2024-21618?language=en_US"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin vom 2024-04-10",
        "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-QFX5000-Series-and-EX-Series-Specific-malformed-LACP-packets-will-cause-flaps-CVE-2024-30388?language=en_US"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin vom 2024-04-10",
        "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-SRX-Branch-Series-When-DNS-proxy-is-configured-and-specific-DNS-queries-are-received-resolver-s-performance-is-degraded-CVE-2022-2795?language=en_US"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin vom 2024-04-10",
        "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-MX-Series-with-SPC3-and-MS-MPC-MIC-When-URL-filtering-is-enabled-and-a-specific-URL-request-is-received-a-flowd-crash-occurs-CVE-2024-30392?language=en_US"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin vom 2024-04-10",
        "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-A-specific-EVPN-type-5-route-causes-rpd-crash-CVE-2024-30394?language=en_US"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin vom 2024-04-10",
        "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-malformed-BGP-tunnel-encapsulation-attribute-will-lead-to-an-rpd-crash-CVE-2024-30395?language=en_US"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin vom 2024-04-10",
        "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Higher-CPU-consumption-on-routing-engine-leads-to-Denial-of-Service-DoS-CVE-2024-30409?language=en_US"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin vom 2024-04-10",
        "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-EX4300-Series-Loopback-filter-not-blocking-traffic-despite-having-discard-term-CVE-2024-30410?language=en_US"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin vom 2024-04-10",
        "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-Evolved-libslax-Multiple-vulnerabilities-in-libslax-resolved?language=en_US"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin vom 2024-04-10",
        "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-Evolved-ACX-Series-with-Paragon-Active-Assurance-Test-Agent-A-local-high-privileged-attacker-can-recover-other-administrators-credentials-CVE-2024-30406?language=en_US"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin vom 2024-04-10",
        "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-SRX-5000-Series-with-SPC2-Processing-of-specific-crafted-packets-when-ALG-is-enabled-causes-a-transit-traffic-Denial-of-Service-CVE-2024-30405?language=en_US"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin vom 2024-04-10",
        "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-MX-Series-bbe-smgd-process-crash-upon-execution-of-specific-CLI-commands-CVE-2024-30378?language=en_US"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin vom 2024-04-10",
        "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-MX-Series-and-EX9200-15C-Stack-based-buffer-overflow-in-aftman-CVE-2024-30401?language=en_US"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin vom 2024-04-10",
        "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-l2cpd-crash-upon-receipt-of-a-specific-TLV-CVE-2024-30380?language=en_US"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin vom 2024-04-10",
        "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Paragon-Active-Assurance-probe-serviced-exposes-internal-objects-to-local-users-CVE-2024-30381?language=en_US"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin vom 2024-04-10",
        "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Junos-OS-and-Junos-OS-Evolved-RPD-crash-when-CoS-based-forwarding-CBF-policy-is-configured-CVE-2024-30382?language=en_US"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin vom 2024-04-10",
        "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-SRX4600-Series-A-high-amount-of-specific-traffic-causes-packet-drops-and-an-eventual-PFE-crash-CVE-2024-30398?language=en_US"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin vom 2024-04-10",
        "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-An-invalid-certificate-causes-a-Denial-of-Service-in-the-Internet-Key-Exchange-IKE-process-CVE-2024-30397?language=en_US"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin vom 2024-04-10",
        "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-The-l2ald-crashes-on-receiving-telemetry-messages-from-a-specific-subscription-CVE-2024-30402?language=en_US"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin vom 2024-04-10",
        "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-Evolved-When-MAC-learning-happens-and-an-interface-gets-flapped-the-PFE-crashes-CVE-2024-30403?language=en_US"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin vom 2024-04-10",
        "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-Evolved-Connection-limits-is-not-being-enforced-while-the-resp-rate-limit-is-being-enforced-CVE-2024-30390?language=en_US"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin vom 2024-04-10",
        "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-a-EVPN-VXLAN-scenario-state-changes-on-adjacent-systems-can-cause-an-l2ald-process-crash-CVE-2024-30386?language=en_US"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin vom 2024-04-10",
        "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-EX4300-Series-Firewall-filter-not-blocking-egress-traffic-CVE-2024-30389?language=en_US"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin vom 2024-04-10",
        "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-EX4300-Series-If-a-specific-CLI-command-is-issued-PFE-crashes-will-occur-CVE-2024-30384?language=en_US"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin vom 2024-04-10",
        "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-ACX5448-ACX710-Due-to-the-interface-flaps-the-PFE-process-can-crash-CVE-2024-30387?language=en_US"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin vom 2024-04-10",
        "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-MX-Series-with-SPC3-and-SRX-Series-When-IPsec-authentication-is-configured-with-hmac-sha-384-and-hmac-sha-512-no-authentication-of-traffic-is-performed-CVE-2024-30391?language=en_US"
      }
    ],
    "source_lang": "en-US",
    "title": "Juniper Produkte: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-04-10T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:07:36.683+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2024-0855",
      "initial_release_date": "2024-04-10T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-04-10T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Juniper EX Series",
            "product": {
              "name": "Juniper EX Series",
              "product_id": "T019811",
              "product_identification_helper": {
                "cpe": "cpe:/h:juniper:ex:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Evolved",
                "product": {
                  "name": "Juniper JUNOS Evolved",
                  "product_id": "T018886",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:juniper:junos:evolved"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Juniper JUNOS",
                "product": {
                  "name": "Juniper JUNOS",
                  "product_id": "T032362",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:juniper:junos:-"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "JUNOS"
          },
          {
            "category": "product_name",
            "name": "Juniper MX Series",
            "product": {
              "name": "Juniper MX Series",
              "product_id": "918766",
              "product_identification_helper": {
                "cpe": "cpe:/h:juniper:mx:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Juniper QFX Series",
            "product": {
              "name": "Juniper QFX Series",
              "product_id": "T019810",
              "product_identification_helper": {
                "cpe": "cpe:/h:juniper:qfx:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Juniper SRX Series",
            "product": {
              "name": "Juniper SRX Series",
              "product_id": "T032363",
              "product_identification_helper": {
                "cpe": "cpe:/h:juniper:srx_service_gateways:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Juniper"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-21590",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T019810",
          "T018886",
          "T019811",
          "918766",
          "T032362",
          "T032363"
        ]
      },
      "release_date": "2024-04-10T22:00:00.000+00:00",
      "title": "CVE-2024-21590"
    },
    {
      "cve": "CVE-2024-21593",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T019810",
          "T018886",
          "T019811",
          "918766",
          "T032362",
          "T032363"
        ]
      },
      "release_date": "2024-04-10T22:00:00.000+00:00",
      "title": "CVE-2024-21593"
    },
    {
      "cve": "CVE-2024-21598",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T019810",
          "T018886",
          "T019811",
          "918766",
          "T032362",
          "T032363"
        ]
      },
      "release_date": "2024-04-10T22:00:00.000+00:00",
      "title": "CVE-2024-21598"
    },
    {
      "cve": "CVE-2024-21605",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T019810",
          "T018886",
          "T019811",
          "918766",
          "T032362",
          "T032363"
        ]
      },
      "release_date": "2024-04-10T22:00:00.000+00:00",
      "title": "CVE-2024-21605"
    },
    {
      "cve": "CVE-2024-21609",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T019810",
          "T018886",
          "T019811",
          "918766",
          "T032362",
          "T032363"
        ]
      },
      "release_date": "2024-04-10T22:00:00.000+00:00",
      "title": "CVE-2024-21609"
    },
    {
      "cve": "CVE-2024-21610",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T019810",
          "T018886",
          "T019811",
          "918766",
          "T032362",
          "T032363"
        ]
      },
      "release_date": "2024-04-10T22:00:00.000+00:00",
      "title": "CVE-2024-21610"
    },
    {
      "cve": "CVE-2024-21615",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T019810",
          "T018886",
          "T019811",
          "918766",
          "T032362",
          "T032363"
        ]
      },
      "release_date": "2024-04-10T22:00:00.000+00:00",
      "title": "CVE-2024-21615"
    },
    {
      "cve": "CVE-2024-21618",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T019810",
          "T018886",
          "T019811",
          "918766",
          "T032362",
          "T032363"
        ]
      },
      "release_date": "2024-04-10T22:00:00.000+00:00",
      "title": "CVE-2024-21618"
    },
    {
      "cve": "CVE-2024-30378",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T019810",
          "T018886",
          "T019811",
          "918766",
          "T032362",
          "T032363"
        ]
      },
      "release_date": "2024-04-10T22:00:00.000+00:00",
      "title": "CVE-2024-30378"
    },
    {
      "cve": "CVE-2024-30380",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T019810",
          "T018886",
          "T019811",
          "918766",
          "T032362",
          "T032363"
        ]
      },
      "release_date": "2024-04-10T22:00:00.000+00:00",
      "title": "CVE-2024-30380"
    },
    {
      "cve": "CVE-2024-30381",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T019810",
          "T018886",
          "T019811",
          "918766",
          "T032362",
          "T032363"
        ]
      },
      "release_date": "2024-04-10T22:00:00.000+00:00",
      "title": "CVE-2024-30381"
    },
    {
      "cve": "CVE-2024-30382",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T019810",
          "T018886",
          "T019811",
          "918766",
          "T032362",
          "T032363"
        ]
      },
      "release_date": "2024-04-10T22:00:00.000+00:00",
      "title": "CVE-2024-30382"
    },
    {
      "cve": "CVE-2024-30384",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T019810",
          "T018886",
          "T019811",
          "918766",
          "T032362",
          "T032363"
        ]
      },
      "release_date": "2024-04-10T22:00:00.000+00:00",
      "title": "CVE-2024-30384"
    },
    {
      "cve": "CVE-2024-30386",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T019810",
          "T018886",
          "T019811",
          "918766",
          "T032362",
          "T032363"
        ]
      },
      "release_date": "2024-04-10T22:00:00.000+00:00",
      "title": "CVE-2024-30386"
    },
    {
      "cve": "CVE-2024-30387",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T019810",
          "T018886",
          "T019811",
          "918766",
          "T032362",
          "T032363"
        ]
      },
      "release_date": "2024-04-10T22:00:00.000+00:00",
      "title": "CVE-2024-30387"
    },
    {
      "cve": "CVE-2024-30388",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T019810",
          "T018886",
          "T019811",
          "918766",
          "T032362",
          "T032363"
        ]
      },
      "release_date": "2024-04-10T22:00:00.000+00:00",
      "title": "CVE-2024-30388"
    },
    {
      "cve": "CVE-2024-30389",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T019810",
          "T018886",
          "T019811",
          "918766",
          "T032362",
          "T032363"
        ]
      },
      "release_date": "2024-04-10T22:00:00.000+00:00",
      "title": "CVE-2024-30389"
    },
    {
      "cve": "CVE-2024-30390",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T019810",
          "T018886",
          "T019811",
          "918766",
          "T032362",
          "T032363"
        ]
      },
      "release_date": "2024-04-10T22:00:00.000+00:00",
      "title": "CVE-2024-30390"
    },
    {
      "cve": "CVE-2024-30391",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T019810",
          "T018886",
          "T019811",
          "918766",
          "T032362",
          "T032363"
        ]
      },
      "release_date": "2024-04-10T22:00:00.000+00:00",
      "title": "CVE-2024-30391"
    },
    {
      "cve": "CVE-2024-30392",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T019810",
          "T018886",
          "T019811",
          "918766",
          "T032362",
          "T032363"
        ]
      },
      "release_date": "2024-04-10T22:00:00.000+00:00",
      "title": "CVE-2024-30392"
    },
    {
      "cve": "CVE-2024-30394",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T019810",
          "T018886",
          "T019811",
          "918766",
          "T032362",
          "T032363"
        ]
      },
      "release_date": "2024-04-10T22:00:00.000+00:00",
      "title": "CVE-2024-30394"
    },
    {
      "cve": "CVE-2024-30395",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T019810",
          "T018886",
          "T019811",
          "918766",
          "T032362",
          "T032363"
        ]
      },
      "release_date": "2024-04-10T22:00:00.000+00:00",
      "title": "CVE-2024-30395"
    },
    {
      "cve": "CVE-2024-30397",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T019810",
          "T018886",
          "T019811",
          "918766",
          "T032362",
          "T032363"
        ]
      },
      "release_date": "2024-04-10T22:00:00.000+00:00",
      "title": "CVE-2024-30397"
    },
    {
      "cve": "CVE-2024-30398",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T019810",
          "T018886",
          "T019811",
          "918766",
          "T032362",
          "T032363"
        ]
      },
      "release_date": "2024-04-10T22:00:00.000+00:00",
      "title": "CVE-2024-30398"
    },
    {
      "cve": "CVE-2024-30401",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T019810",
          "T018886",
          "T019811",
          "918766",
          "T032362",
          "T032363"
        ]
      },
      "release_date": "2024-04-10T22:00:00.000+00:00",
      "title": "CVE-2024-30401"
    },
    {
      "cve": "CVE-2024-30402",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T019810",
          "T018886",
          "T019811",
          "918766",
          "T032362",
          "T032363"
        ]
      },
      "release_date": "2024-04-10T22:00:00.000+00:00",
      "title": "CVE-2024-30402"
    },
    {
      "cve": "CVE-2024-30403",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T019810",
          "T018886",
          "T019811",
          "918766",
          "T032362",
          "T032363"
        ]
      },
      "release_date": "2024-04-10T22:00:00.000+00:00",
      "title": "CVE-2024-30403"
    },
    {
      "cve": "CVE-2024-30405",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T019810",
          "T018886",
          "T019811",
          "918766",
          "T032362",
          "T032363"
        ]
      },
      "release_date": "2024-04-10T22:00:00.000+00:00",
      "title": "CVE-2024-30405"
    },
    {
      "cve": "CVE-2024-30406",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T019810",
          "T018886",
          "T019811",
          "918766",
          "T032362",
          "T032363"
        ]
      },
      "release_date": "2024-04-10T22:00:00.000+00:00",
      "title": "CVE-2024-30406"
    },
    {
      "cve": "CVE-2024-30407",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T019810",
          "T018886",
          "T019811",
          "918766",
          "T032362",
          "T032363"
        ]
      },
      "release_date": "2024-04-10T22:00:00.000+00:00",
      "title": "CVE-2024-30407"
    },
    {
      "cve": "CVE-2024-30409",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T019810",
          "T018886",
          "T019811",
          "918766",
          "T032362",
          "T032363"
        ]
      },
      "release_date": "2024-04-10T22:00:00.000+00:00",
      "title": "CVE-2024-30409"
    },
    {
      "cve": "CVE-2024-30410",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T019810",
          "T018886",
          "T019811",
          "918766",
          "T032362",
          "T032363"
        ]
      },
      "release_date": "2024-04-10T22:00:00.000+00:00",
      "title": "CVE-2024-30410"
    }
  ]
}

GSD-2024-30386

Vulnerability from gsd - Updated: 2024-04-03 05:02

Details

Aliases

CVE-2024-30386

JSON

To clipboard

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2024-30386"
      ],
      "details": "A Use-After-Free vulnerability in the\u00a0Layer 2 Address Learning Daemon (l2ald)\n\n of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause l2ald to crash leading to a Denial-of-Service (DoS).\n\nIn an EVPN-VXLAN scenario,\u00a0when \n\nstate updates are received and processed by the affected system, the correct order of some processing steps is not ensured, which can lead to an l2ald crash and restart. Whether the crash occurs depends on system internal timing which is outside the attackers control.\nThis issue affects:\n\nJunos OS:\u00a0\n\n\n\n  *  All versions before 20.4R3-S8,\n  *  21.2 versions before 21.2R3-S6,\n  *  21.3 versions before 21.3R3-S5,\n  *  21.4 versions before 21.4R3-S4,\n  *  22.1 versions before 22.1R3-S3,\n  *  22.2 versions before 22.2R3-S1,\n  *  22.3 versions before 22.3R3,,\n  *  22.4 versions before 22.4R2;\n\n\n\n\nJunos OS Evolved:\u00a0\n\n\n\n  *  All versions before 20.4R3-S8-EVO,\n  *  21.2-EVO versions before 21.2R3-S6-EVO,\u00a0\n  *  21.3-EVO\n\n versions before 21.3R3-S5-EVO,\n  *  21.4-EVO\n\n versions before 21.4R3-S4-EVO,\n  *  22.1-EVO\n\n versions before 22.1R3-S3-EVO,\n  *  22.2-EVO\n\n versions before 22.2R3-S1-EVO,\n  *  22.3-EVO\n\n versions before 22.3R3-EVO,\n  *  22.4-EVO\n\n versions before 22.4R2-EVO.\n\n\n\n\n",
      "id": "GSD-2024-30386",
      "modified": "2024-04-03T05:02:29.337871Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "sirt@juniper.net",
        "ID": "CVE-2024-30386",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Junos OS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "0",
                          "version_value": "20.4R3-S8"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "21.2",
                          "version_value": "21.2R3-S6"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "21.3",
                          "version_value": "21.3R3-S5"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "21.4",
                          "version_value": "21.4R3-S4"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "22.1",
                          "version_value": "22.1R3-S3"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "22.2",
                          "version_value": "22.2R3-S1"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "22.3",
                          "version_value": "22.3R3"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "22.4",
                          "version_value": "22.4R2"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Junos OS Evolved",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "0",
                          "version_value": "20.4R3-S8-EVO"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "21.2-EVO",
                          "version_value": "21.2R3-S6-EVO"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "21.3-EVO",
                          "version_value": "21.3R3-S5-EVO"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "21.4-EVO",
                          "version_value": "21.4R3-S4-EVO"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "22.1-EVO",
                          "version_value": "22.1R3-S3-EVO"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "22.2-EVO",
                          "version_value": "22.2R3-S1-EVO"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "22.3-EVO",
                          "version_value": "22.3R3-EVO"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "22.4-EVO",
                          "version_value": "22.4R2-EVO"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Juniper Networks"
            }
          ]
        }
      },
      "configuration": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(251, 251, 251);\"\u003eTo be exposed to this issue the device must be configured for EVPN-VXLAN. Refer to product documentation for how to configure EVPN-VXLAN as there are different configuration options.\u003c/span\u003e\n\n"
            }
          ],
          "value": "\nTo be exposed to this issue the device must be configured for EVPN-VXLAN. Refer to product documentation for how to configure EVPN-VXLAN as there are different configuration options.\n\n"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A Use-After-Free vulnerability in the\u00a0Layer 2 Address Learning Daemon (l2ald)\n\n of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause l2ald to crash leading to a Denial-of-Service (DoS).\n\nIn an EVPN-VXLAN scenario,\u00a0when \n\nstate updates are received and processed by the affected system, the correct order of some processing steps is not ensured, which can lead to an l2ald crash and restart. Whether the crash occurs depends on system internal timing which is outside the attackers control.\nThis issue affects:\n\nJunos OS:\u00a0\n\n\n\n  *  All versions before 20.4R3-S8,\n  *  21.2 versions before 21.2R3-S6,\n  *  21.3 versions before 21.3R3-S5,\n  *  21.4 versions before 21.4R3-S4,\n  *  22.1 versions before 22.1R3-S3,\n  *  22.2 versions before 22.2R3-S1,\n  *  22.3 versions before 22.3R3,,\n  *  22.4 versions before 22.4R2;\n\n\n\n\nJunos OS Evolved:\u00a0\n\n\n\n  *  All versions before 20.4R3-S8-EVO,\n  *  21.2-EVO versions before 21.2R3-S6-EVO,\u00a0\n  *  21.3-EVO\n\n versions before 21.3R3-S5-EVO,\n  *  21.4-EVO\n\n versions before 21.4R3-S4-EVO,\n  *  22.1-EVO\n\n versions before 22.1R3-S3-EVO,\n  *  22.2-EVO\n\n versions before 22.2R3-S1-EVO,\n  *  22.3-EVO\n\n versions before 22.3R3-EVO,\n  *  22.4-EVO\n\n versions before 22.4R2-EVO.\n\n\n\n\n"
          }
        ]
      },
      "exploit": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-416",
                "lang": "eng",
                "value": "CWE-416 Use After Free"
              }
            ]
          },
          {
            "description": [
              {
                "lang": "eng",
                "value": "Denial-of-Service (DoS)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://supportportal.juniper.net/JSA79184",
            "refsource": "MISC",
            "url": "http://supportportal.juniper.net/JSA79184"
          },
          {
            "name": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "refsource": "MISC",
            "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
          }
        ]
      },
      "solution": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The following software releases have been updated to resolve this specific issue:\u003cbr\u003eJunos OS: 20.4R3-S8, 21.2R3-S6, 21.3R3-S5, 21.4R3-S4, 21.4R3-S5, 22.1R3-S3, 22.2R3-S1, 22.3R3, 22.3R3-S2, 22.4R2, 23.2R1, and all subsequent releases;\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eJunos OS Evolved: 20.4R3-S8-EVO, 21.2R3-S6-EVO, 21.3R3-S5-EVO, 21.4R3-S4-EVO, 22.1R3-S3-EVO, 22.2R3-S1-EVO, 22.3R3-EVO, 22.4R2-EVO, 23.2R1-EVO, and all subsequent releases.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "The following software releases have been updated to resolve this specific issue:\nJunos OS: 20.4R3-S8, 21.2R3-S6, 21.3R3-S5, 21.4R3-S4, 21.4R3-S5, 22.1R3-S3, 22.2R3-S1, 22.3R3, 22.3R3-S2, 22.4R2, 23.2R1, and all subsequent releases;\n\n\nJunos OS Evolved: 20.4R3-S8-EVO, 21.2R3-S6-EVO, 21.3R3-S5-EVO, 21.4R3-S4-EVO, 22.1R3-S3-EVO, 22.2R3-S1-EVO, 22.3R3-EVO, 22.4R2-EVO, 23.2R1-EVO, and all subsequent releases.\n"
        }
      ],
      "source": {
        "advisory": "JSA79184",
        "defect": [
          "1700170"
        ],
        "discovery": "INTERNAL"
      },
      "work_around": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThere are no known workarounds for this issue.\u003c/p\u003e"
            }
          ],
          "value": "There are no known workarounds for this issue."
        }
      ]
    },
    "nvd.nist.gov": {
      "cve": {
        "descriptions": [
          {
            "lang": "en",
            "value": "A Use-After-Free vulnerability in the\u00a0Layer 2 Address Learning Daemon (l2ald)\n\n of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause l2ald to crash leading to a Denial-of-Service (DoS).\n\nIn an EVPN-VXLAN scenario,\u00a0when \n\nstate updates are received and processed by the affected system, the correct order of some processing steps is not ensured, which can lead to an l2ald crash and restart. Whether the crash occurs depends on system internal timing which is outside the attackers control.\nThis issue affects:\n\nJunos OS:\u00a0\n\n\n\n  *  All versions before 20.4R3-S8,\n  *  21.2 versions before 21.2R3-S6,\n  *  21.3 versions before 21.3R3-S5,\n  *  21.4 versions before 21.4R3-S4,\n  *  22.1 versions before 22.1R3-S3,\n  *  22.2 versions before 22.2R3-S1,\n  *  22.3 versions before 22.3R3,,\n  *  22.4 versions before 22.4R2;\n\n\n\n\nJunos OS Evolved:\u00a0\n\n\n\n  *  All versions before 20.4R3-S8-EVO,\n  *  21.2-EVO versions before 21.2R3-S6-EVO,\u00a0\n  *  21.3-EVO\n\n versions before 21.3R3-S5-EVO,\n  *  21.4-EVO\n\n versions before 21.4R3-S4-EVO,\n  *  22.1-EVO\n\n versions before 22.1R3-S3-EVO,\n  *  22.2-EVO\n\n versions before 22.2R3-S1-EVO,\n  *  22.3-EVO\n\n versions before 22.3R3-EVO,\n  *  22.4-EVO\n\n versions before 22.4R2-EVO.\n\n\n\n\n"
          },
          {
            "lang": "es",
            "value": "Una vulnerabilidad de Use-After-Free en el daemon de aprendizaje de direcciones de capa 2 (l2ald) de Juniper Networks Junos OS y Junos OS Evolved permite que un atacante adyacente no autenticado provoque que l2ald falle, lo que provoca una denegaci\u00f3n de servicio (DoS). En un escenario EVPN-VXLAN, cuando el sistema afectado recibe y procesa actualizaciones de estado, no se garantiza el orden correcto de algunos pasos de procesamiento, lo que puede provocar un bloqueo y reinicio de l2ald. Que se produzca el fallo depende de la sincronizaci\u00f3n interna del sistema, que est\u00e1 fuera del control de los atacantes. Este problema afecta a: Junos OS: * Todas las versiones anteriores a 20.4R3-S8, * Versiones 21.2 anteriores a 21.2R3-S6, * Versiones 21.3 anteriores a 21.3R3-S5, * Versiones 21.4 anteriores a 21.4R3-S4, * Versiones 22.1 anteriores a 22.1R3- S3, * 22.2 versiones anteriores a 22.2R3-S1, * 22.3 versiones anteriores a 22.3R3, * 22.4 versiones anteriores a 22.4R2; Junos OS Evolved: * Todas las versiones anteriores a 20.4R3-S8-EVO, * Versiones 21.2-EVO anteriores a 21.2R3-S6-EVO, * Versiones 21.3-EVO anteriores a 21.3R3-S5-EVO, * Versiones 21.4-EVO anteriores a 21.4R3- S4-EVO, *versiones 22.1-EVO anteriores a 22.1R3-S3-EVO, *versiones 22.2-EVO anteriores a 22.2R3-S1-EVO, *versiones 22.3-EVO anteriores a 22.3R3-EVO, *versiones 22.4-EVO anteriores a 22.4R2- EVO."
          }
        ],
        "id": "CVE-2024-30386",
        "lastModified": "2024-04-15T13:15:51.577",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 1.6,
              "impactScore": 3.6,
              "source": "sirt@juniper.net",
              "type": "Primary"
            }
          ]
        },
        "published": "2024-04-12T16:15:37.650",
        "references": [
          {
            "source": "sirt@juniper.net",
            "url": "http://supportportal.juniper.net/JSA79184"
          },
          {
            "source": "sirt@juniper.net",
            "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
          }
        ],
        "sourceIdentifier": "sirt@juniper.net",
        "vulnStatus": "Awaiting Analysis",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-416"
              }
            ],
            "source": "sirt@juniper.net",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}

CERTFR-2024-AVI-0297

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Juniper. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Cloud Native Router versions antérieures à 23.4
cRPD versions antérieures à 23.4R1
Paragon Active Assurance versions antérieures à 4.2.1
Paragon Active Assurance versions antérieures à 4.3.0
Junos OS gamme EX4300 versions antérieures à 20.4R3-S10, 21.2R3-S7 et 21.4R3-S6
Junos OS gammes QFX5000 Series, EX4400 Series, EX4100 Series et EX4650 Series versions antérieures à 20.4R3-S8, 21.2R3-S6, 21.3R3-S5, 21.4R3-S4, 22.1R3-S3, 22.2R3-S1, 22.3R2-S2, 22.3R3, 22.4R2-S1, 22.4R3 et 23.2R1
Junos OS gammes SRX Branch Series versions antérieures à 21.1R3-S5, 21.2R3-S5, 21.3R3-S4, 21.4R3-S3, 22.1R3-S2, 22.2R2-S2, 22.2R3, 22.3R2-S1, 22.3R3, 22.4R1-S2, 22.4R2 et 23.2R1
Junos OS gammes MX Series avec SPC3 et MS-MPC versions antérieures à 21.2R3-S6, 21.3R3-S5, 21.4R3-S5, 22.1R3-S3, 22.2R3-S1, 22.3R2-S2, 22.3R3, 22.4R2-S1, 22.4R3 et 23.2R1
Junos OS gamme SRX 5000 Series avec SPC2 versions antérieures à 21.2R3-S7, 21.4, 22.1, 22.2, 22.3, 22.4 et 23.2
Junos OS gammes MX Series versions antérieures à 20.4R3-S5, 21.1, 21.2R3-S1, 21.3, 21.4R3, 22.1R2, 22.2R2 et 22.3
Junos OS gamme EX9200-15C versions antérieures à 21.2R3-S1, 21.4R3, 22.1R2 et 22.2R2
Junos OS gammes SRX4600 versions antérieures à 21.2R3-S7, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3, 23.2R1-S2, 23.2R2 et 23.4R1
Junos OS gammes ACX5448 et ACX710 versions antérieures à 20.4R3-S9, 21.2R3-S5, 21.3R3-S5, 21.4R3-S4, 22.1R3-S2, 22.2R3-S2, 22.3R2-S2, 22.3R3, 22.4R2 et 23.2R1
Junos OS versions antérieures à 20.4R3-S9, 21.1R3, 21.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S2, 22.3R3-S2, 22.4R3 et 23.4R2
Junos OS Evolved versions antérieures à 20.4R3-S9-EVO, 21.2R3-S7-EVO, 21.3R3-S5-EVO, 21.4R3-S6-EVO, 22.1R3-S4-EVO, 22.2R3-S2-EVO, 22.3R3-S2-EVO, 22.4R3-EVO, 23.2R2-EVO et 23.4R1-EVO

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA79102 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79106 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79181 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79186 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79089 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79173 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79104 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79094 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79183 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79176 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79179 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79187 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79109 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79171 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79188 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79099 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79184 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79110 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79174 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79095 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79100 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79107 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79092 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79185 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79108 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79091 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79180 du 10 avril 2024	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eCloud Native Router versions ant\u00e9rieures \u00e0 23.4\u003c/li\u003e \u003cli\u003ecRPD versions ant\u00e9rieures \u00e0 23.4R1\u003c/li\u003e \u003cli\u003eParagon Active Assurance versions ant\u00e9rieures \u00e0 4.2.1\u003c/li\u003e \u003cli\u003eParagon Active Assurance versions ant\u00e9rieures \u00e0 4.3.0\u003c/li\u003e \u003cli\u003eJunos OS gamme EX4300 versions ant\u00e9rieures \u00e0 20.4R3-S10, 21.2R3-S7 et 21.4R3-S6\u003c/li\u003e \u003cli\u003eJunos OS gammes QFX5000 Series, EX4400 Series, EX4100 Series et EX4650 Series versions ant\u00e9rieures \u00e0 20.4R3-S8, 21.2R3-S6, 21.3R3-S5, 21.4R3-S4, 22.1R3-S3, 22.2R3-S1, 22.3R2-S2, 22.3R3, 22.4R2-S1, 22.4R3 et 23.2R1\u003c/li\u003e \u003cli\u003eJunos OS gammes SRX Branch Series versions ant\u00e9rieures \u00e0 21.1R3-S5, 21.2R3-S5, 21.3R3-S4, 21.4R3-S3, 22.1R3-S2, 22.2R2-S2, 22.2R3, 22.3R2-S1, 22.3R3, 22.4R1-S2, 22.4R2 et 23.2R1\u003c/li\u003e \u003cli\u003eJunos OS gammes MX Series avec SPC3 et MS-MPC versions ant\u00e9rieures \u00e0 21.2R3-S6, 21.3R3-S5, 21.4R3-S5, 22.1R3-S3, 22.2R3-S1, 22.3R2-S2, 22.3R3, 22.4R2-S1, 22.4R3 et 23.2R1\u003c/li\u003e \u003cli\u003eJunos OS gamme SRX 5000 Series avec SPC2 versions ant\u00e9rieures \u00e0 21.2R3-S7, 21.4, 22.1, 22.2, 22.3, 22.4 et 23.2\u003c/li\u003e \u003cli\u003eJunos OS gammes\u00a0MX Series versions ant\u00e9rieures \u00e0 20.4R3-S5, 21.1, 21.2R3-S1, 21.3, 21.4R3, 22.1R2, 22.2R2 et 22.3\u003c/li\u003e \u003cli\u003eJunos OS gamme EX9200-15C versions ant\u00e9rieures \u00e0 21.2R3-S1, 21.4R3, 22.1R2 et 22.2R2\u003c/li\u003e \u003cli\u003eJunos OS gammes\u00a0SRX4600 versions ant\u00e9rieures \u00e0 21.2R3-S7,\u00a021.4R3-S6,\u00a022.1R3-S5,\u00a022.2R3-S3,\u00a022.3R3-S2,\u00a022.4R3,\u00a023.2R1-S2, 23.2R2 et 23.4R1\u003c/li\u003e \u003cli\u003eJunos OS gammes\u00a0ACX5448 et ACX710 versions ant\u00e9rieures \u00e0 20.4R3-S9, 21.2R3-S5, 21.3R3-S5, 21.4R3-S4, 22.1R3-S2, 22.2R3-S2, 22.3R2-S2, 22.3R3, 22.4R2 et 23.2R1\u003c/li\u003e \u003cli\u003eJunos OS versions ant\u00e9rieures \u00e0 20.4R3-S9, 21.1R3, 21.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S2, 22.3R3-S2, 22.4R3 et 23.4R2\u003c/li\u003e \u003cli\u003e \u003cdiv\u003e \u003cdiv\u003e \u003cp\u003eJunos OS Evolved versions ant\u00e9rieures \u00e0 20.4R3-S9-EVO, 21.2R3-S7-EVO, 21.3R3-S5-EVO, 21.4R3-S6-EVO, 22.1R3-S4-EVO, 22.2R3-S2-EVO, 22.3R3-S2-EVO, 22.4R3-EVO, 23.2R2-EVO et 23.4R1-EVO\u003c/p\u003e \u003c/div\u003e \u003c/div\u003e \u003c/li\u003e \u003c/ul\u003e ",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-0216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
    },
    {
      "name": "CVE-2023-40217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40217"
    },
    {
      "name": "CVE-2023-0401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
    },
    {
      "name": "CVE-2021-37600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37600"
    },
    {
      "name": "CVE-2024-30381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30381"
    },
    {
      "name": "CVE-2023-46218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46218"
    },
    {
      "name": "CVE-2020-1747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1747"
    },
    {
      "name": "CVE-2024-30401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30401"
    },
    {
      "name": "CVE-2021-28831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28831"
    },
    {
      "name": "CVE-2024-30409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30409"
    },
    {
      "name": "CVE-2023-38546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
    },
    {
      "name": "CVE-2020-14343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14343"
    },
    {
      "name": "CVE-2022-4304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
    },
    {
      "name": "CVE-2022-48554",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48554"
    },
    {
      "name": "CVE-2023-39975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39975"
    },
    {
      "name": "CVE-2024-30410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30410"
    },
    {
      "name": "CVE-2018-7738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7738"
    },
    {
      "name": "CVE-2022-48522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48522"
    },
    {
      "name": "CVE-2020-8285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8285"
    },
    {
      "name": "CVE-2021-28957",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28957"
    },
    {
      "name": "CVE-2024-30380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30380"
    },
    {
      "name": "CVE-2023-41913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41913"
    },
    {
      "name": "CVE-2024-30392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30392"
    },
    {
      "name": "CVE-2023-0215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
    },
    {
      "name": "CVE-2021-23240",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23240"
    },
    {
      "name": "CVE-2023-0286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
    },
    {
      "name": "CVE-2011-1676",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1676"
    },
    {
      "name": "CVE-2020-8037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8037"
    },
    {
      "name": "CVE-2023-4807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
    },
    {
      "name": "CVE-2020-19190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-19190"
    },
    {
      "name": "CVE-2024-30391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30391"
    },
    {
      "name": "CVE-2020-8286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8286"
    },
    {
      "name": "CVE-2023-2253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2253"
    },
    {
      "name": "CVE-2023-44487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
    },
    {
      "name": "CVE-2024-30389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30389"
    },
    {
      "name": "CVE-2023-29491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29491"
    },
    {
      "name": "CVE-2023-3592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3592"
    },
    {
      "name": "CVE-2020-19187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-19187"
    },
    {
      "name": "CVE-2023-0466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0466"
    },
    {
      "name": "CVE-2019-9923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9923"
    },
    {
      "name": "CVE-2021-39534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39534"
    },
    {
      "name": "CVE-2023-5981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5981"
    },
    {
      "name": "CVE-2023-27043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
    },
    {
      "name": "CVE-2023-0217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
    },
    {
      "name": "CVE-2024-30398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30398"
    },
    {
      "name": "CVE-2021-22947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22947"
    },
    {
      "name": "CVE-2018-1000120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000120"
    },
    {
      "name": "CVE-2023-48795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
    },
    {
      "name": "CVE-2019-17041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17041"
    },
    {
      "name": "CVE-2020-19188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-19188"
    },
    {
      "name": "CVE-2020-19186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-19186"
    },
    {
      "name": "CVE-2021-22946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22946"
    },
    {
      "name": "CVE-2020-25659",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25659"
    },
    {
      "name": "CVE-2021-39531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39531"
    },
    {
      "name": "CVE-2020-8284",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8284"
    },
    {
      "name": "CVE-2023-23915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23915"
    },
    {
      "name": "CVE-2011-1675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1675"
    },
    {
      "name": "CVE-2023-28366",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28366"
    },
    {
      "name": "CVE-2024-30378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30378"
    },
    {
      "name": "CVE-2023-23931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23931"
    },
    {
      "name": "CVE-2021-34434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34434"
    },
    {
      "name": "CVE-2016-10009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10009"
    },
    {
      "name": "CVE-2023-1428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1428"
    },
    {
      "name": "CVE-2023-3978",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3978"
    },
    {
      "name": "CVE-2024-30402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30402"
    },
    {
      "name": "CVE-2018-1000215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000215"
    },
    {
      "name": "CVE-2023-23914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23914"
    },
    {
      "name": "CVE-2019-17042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17042"
    },
    {
      "name": "CVE-2024-30403",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30403"
    },
    {
      "name": "CVE-2021-36159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-36159"
    },
    {
      "name": "CVE-2018-1000654",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000654"
    },
    {
      "name": "CVE-2023-5156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5156"
    },
    {
      "name": "CVE-2022-2795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2795"
    },
    {
      "name": "CVE-2021-30139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30139"
    },
    {
      "name": "CVE-2024-30384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30384"
    },
    {
      "name": "CVE-2023-2603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2603"
    },
    {
      "name": "CVE-2024-30387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30387"
    },
    {
      "name": "CVE-2017-18018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-18018"
    },
    {
      "name": "CVE-2024-30406",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30406"
    },
    {
      "name": "CVE-2023-43804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
    },
    {
      "name": "CVE-2022-4450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
    },
    {
      "name": "CVE-2023-32732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32732"
    },
    {
      "name": "CVE-2024-30394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30394"
    },
    {
      "name": "CVE-2023-2650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
    },
    {
      "name": "CVE-2022-3996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3996"
    },
    {
      "name": "CVE-2024-30407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30407"
    },
    {
      "name": "CVE-2020-36242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36242"
    },
    {
      "name": "CVE-2023-4785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4785"
    },
    {
      "name": "CVE-2020-22916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-22916"
    },
    {
      "name": "CVE-2023-38408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38408"
    },
    {
      "name": "CVE-2020-27350",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27350"
    },
    {
      "name": "CVE-2023-36054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36054"
    },
    {
      "name": "CVE-2021-39533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39533"
    },
    {
      "name": "CVE-2024-30390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30390"
    },
    {
      "name": "CVE-2020-19185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-19185"
    },
    {
      "name": "CVE-2023-0809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0809"
    },
    {
      "name": "CVE-2021-20193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20193"
    },
    {
      "name": "CVE-2023-4806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4806"
    },
    {
      "name": "CVE-2016-2781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2781"
    },
    {
      "name": "CVE-2020-19189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-19189"
    },
    {
      "name": "CVE-2023-32731",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32731"
    },
    {
      "name": "CVE-2023-49083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-49083"
    },
    {
      "name": "CVE-2024-30388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30388"
    },
    {
      "name": "CVE-2019-18276",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-18276"
    },
    {
      "name": "CVE-2024-30386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30386"
    },
    {
      "name": "CVE-2021-33560",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33560"
    },
    {
      "name": "CVE-2011-1677",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1677"
    },
    {
      "name": "CVE-2018-20225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20225"
    },
    {
      "name": "CVE-2020-28928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28928"
    },
    {
      "name": "CVE-2021-41039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41039"
    },
    {
      "name": "CVE-2024-30382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30382"
    },
    {
      "name": "CVE-2018-20482",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20482"
    },
    {
      "name": "CVE-2021-40528",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-40528"
    },
    {
      "name": "CVE-2023-32681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
    },
    {
      "name": "CVE-2023-3446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
    },
    {
      "name": "CVE-2020-28493",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28493"
    },
    {
      "name": "CVE-2020-27783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27783"
    },
    {
      "name": "CVE-2018-1000122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000122"
    },
    {
      "name": "CVE-2011-1089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1089"
    },
    {
      "name": "CVE-2024-30405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30405"
    },
    {
      "name": "CVE-2024-30397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30397"
    },
    {
      "name": "CVE-2023-38545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38545"
    },
    {
      "name": "CVE-2024-30395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30395"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0297",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-04-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Juniper. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code arbitraire \u00e0\ndistance et un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79102 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-Evolved-libslax-Multiple-vulnerabilities-in-libslax-resolved?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79106 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Juniper-Cloud-Native-Router-Multiple-vulnerabilities-resolved-in-23-4-release?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79181 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-Evolved-When-MAC-learning-happens-and-an-interface-gets-flapped-the-PFE-crashes-CVE-2024-30403?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79186 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-EX4300-Series-If-a-specific-CLI-command-is-issued-PFE-crashes-will-occur-CVE-2024-30384?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79089 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-QFX5000-Series-and-EX-Series-Specific-malformed-LACP-packets-will-cause-flaps-CVE-2024-30388?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79173 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Paragon-Active-Assurance-probe-serviced-exposes-internal-objects-to-local-users-CVE-2024-30381?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79104 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-Evolved-ACX-Series-with-Paragon-Active-Assurance-Test-Agent-A-local-high-privileged-attacker-can-recover-other-administrators-credentials-CVE-2024-30406?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79094 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-A-specific-EVPN-type-5-route-causes-rpd-crash-CVE-2024-30394?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79183 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-Evolved-Connection-limits-is-not-being-enforced-while-the-resp-rate-limit-is-being-enforced-CVE-2024-30390?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79176 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-SRX4600-Series-A-high-amount-of-specific-traffic-causes-packet-drops-and-an-eventual-PFE-crash-CVE-2024-30398?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79179 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-An-invalid-certificate-causes-a-Denial-of-Service-in-the-Internet-Key-Exchange-IKE-process-CVE-2024-30397?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79187 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-ACX5448-ACX710-Due-to-the-interface-flaps-the-PFE-process-can-crash-CVE-2024-30387?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79109 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-MX-Series-bbe-smgd-process-crash-upon-execution-of-specific-CLI-commands-CVE-2024-30378?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79171 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-l2cpd-crash-upon-receipt-of-a-specific-TLV-CVE-2024-30380?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79188 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-MX-Series-with-SPC3-and-SRX-Series-When-IPsec-authentication-is-configured-with-hmac-sha-384-and-hmac-sha-512-no-authentication-of-traffic-is-performed-CVE-2024-30391?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79099 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Higher-CPU-consumption-on-routing-engine-leads-to-Denial-of-Service-DoS-CVE-2024-30409?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79184 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-a-EVPN-VXLAN-scenario-state-changes-on-adjacent-systems-can-cause-an-l2ald-process-crash-CVE-2024-30386?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79110 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-MX-Series-and-EX9200-15C-Stack-based-buffer-overflow-in-aftman-CVE-2024-30401?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79174 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Junos-OS-and-Junos-OS-Evolved-RPD-crash-when-CoS-based-forwarding-CBF-policy-is-configured-CVE-2024-30382?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79095 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-malformed-BGP-tunnel-encapsulation-attribute-will-lead-to-an-rpd-crash-CVE-2024-30395?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79100 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-EX4300-Series-Loopback-filter-not-blocking-traffic-despite-having-discard-term-CVE-2024-30410?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79107 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-cRPD-Multiple-vulnerabilities-resolved-in-23-4R1-release?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79092 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-MX-Series-with-SPC3-and-MS-MPC-MIC-When-URL-filtering-is-enabled-and-a-specific-URL-request-is-received-a-flowd-crash-occurs-CVE-2024-30392?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79185 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-EX4300-Series-Firewall-filter-not-blocking-egress-traffic-CVE-2024-30389?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79108 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Multiple-cURL-vulnerabilities-resolved?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79091 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-SRX-Branch-Series-When-DNS-proxy-is-configured-and-specific-DNS-queries-are-received-resolver-s-performance-is-degraded-CVE-2022-2795?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79180 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-The-l2ald-crashes-on-receiving-telemetry-messages-from-a-specific-subscription-CVE-2024-30402?language=en_US"
    }
  ]
}

CERTFR-2024-AVI-0297

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Cloud Native Router versions antérieures à 23.4
cRPD versions antérieures à 23.4R1
Paragon Active Assurance versions antérieures à 4.2.1
Paragon Active Assurance versions antérieures à 4.3.0
Junos OS gamme EX4300 versions antérieures à 20.4R3-S10, 21.2R3-S7 et 21.4R3-S6
Junos OS gammes QFX5000 Series, EX4400 Series, EX4100 Series et EX4650 Series versions antérieures à 20.4R3-S8, 21.2R3-S6, 21.3R3-S5, 21.4R3-S4, 22.1R3-S3, 22.2R3-S1, 22.3R2-S2, 22.3R3, 22.4R2-S1, 22.4R3 et 23.2R1
Junos OS gammes SRX Branch Series versions antérieures à 21.1R3-S5, 21.2R3-S5, 21.3R3-S4, 21.4R3-S3, 22.1R3-S2, 22.2R2-S2, 22.2R3, 22.3R2-S1, 22.3R3, 22.4R1-S2, 22.4R2 et 23.2R1
Junos OS gammes MX Series avec SPC3 et MS-MPC versions antérieures à 21.2R3-S6, 21.3R3-S5, 21.4R3-S5, 22.1R3-S3, 22.2R3-S1, 22.3R2-S2, 22.3R3, 22.4R2-S1, 22.4R3 et 23.2R1
Junos OS gamme SRX 5000 Series avec SPC2 versions antérieures à 21.2R3-S7, 21.4, 22.1, 22.2, 22.3, 22.4 et 23.2
Junos OS gammes MX Series versions antérieures à 20.4R3-S5, 21.1, 21.2R3-S1, 21.3, 21.4R3, 22.1R2, 22.2R2 et 22.3
Junos OS gamme EX9200-15C versions antérieures à 21.2R3-S1, 21.4R3, 22.1R2 et 22.2R2
Junos OS gammes SRX4600 versions antérieures à 21.2R3-S7, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3, 23.2R1-S2, 23.2R2 et 23.4R1
Junos OS gammes ACX5448 et ACX710 versions antérieures à 20.4R3-S9, 21.2R3-S5, 21.3R3-S5, 21.4R3-S4, 22.1R3-S2, 22.2R3-S2, 22.3R2-S2, 22.3R3, 22.4R2 et 23.2R1
Junos OS versions antérieures à 20.4R3-S9, 21.1R3, 21.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S2, 22.3R3-S2, 22.4R3 et 23.4R2
Junos OS Evolved versions antérieures à 20.4R3-S9-EVO, 21.2R3-S7-EVO, 21.3R3-S5-EVO, 21.4R3-S6-EVO, 22.1R3-S4-EVO, 22.2R3-S2-EVO, 22.3R3-S2-EVO, 22.4R3-EVO, 23.2R2-EVO et 23.4R1-EVO

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA79102 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79106 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79181 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79186 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79089 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79173 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79104 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79094 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79183 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79176 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79179 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79187 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79109 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79171 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79188 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79099 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79184 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79110 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79174 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79095 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79100 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79107 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79092 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79185 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79108 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79091 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité Juniper JSA79180 du 10 avril 2024	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eCloud Native Router versions ant\u00e9rieures \u00e0 23.4\u003c/li\u003e \u003cli\u003ecRPD versions ant\u00e9rieures \u00e0 23.4R1\u003c/li\u003e \u003cli\u003eParagon Active Assurance versions ant\u00e9rieures \u00e0 4.2.1\u003c/li\u003e \u003cli\u003eParagon Active Assurance versions ant\u00e9rieures \u00e0 4.3.0\u003c/li\u003e \u003cli\u003eJunos OS gamme EX4300 versions ant\u00e9rieures \u00e0 20.4R3-S10, 21.2R3-S7 et 21.4R3-S6\u003c/li\u003e \u003cli\u003eJunos OS gammes QFX5000 Series, EX4400 Series, EX4100 Series et EX4650 Series versions ant\u00e9rieures \u00e0 20.4R3-S8, 21.2R3-S6, 21.3R3-S5, 21.4R3-S4, 22.1R3-S3, 22.2R3-S1, 22.3R2-S2, 22.3R3, 22.4R2-S1, 22.4R3 et 23.2R1\u003c/li\u003e \u003cli\u003eJunos OS gammes SRX Branch Series versions ant\u00e9rieures \u00e0 21.1R3-S5, 21.2R3-S5, 21.3R3-S4, 21.4R3-S3, 22.1R3-S2, 22.2R2-S2, 22.2R3, 22.3R2-S1, 22.3R3, 22.4R1-S2, 22.4R2 et 23.2R1\u003c/li\u003e \u003cli\u003eJunos OS gammes MX Series avec SPC3 et MS-MPC versions ant\u00e9rieures \u00e0 21.2R3-S6, 21.3R3-S5, 21.4R3-S5, 22.1R3-S3, 22.2R3-S1, 22.3R2-S2, 22.3R3, 22.4R2-S1, 22.4R3 et 23.2R1\u003c/li\u003e \u003cli\u003eJunos OS gamme SRX 5000 Series avec SPC2 versions ant\u00e9rieures \u00e0 21.2R3-S7, 21.4, 22.1, 22.2, 22.3, 22.4 et 23.2\u003c/li\u003e \u003cli\u003eJunos OS gammes\u00a0MX Series versions ant\u00e9rieures \u00e0 20.4R3-S5, 21.1, 21.2R3-S1, 21.3, 21.4R3, 22.1R2, 22.2R2 et 22.3\u003c/li\u003e \u003cli\u003eJunos OS gamme EX9200-15C versions ant\u00e9rieures \u00e0 21.2R3-S1, 21.4R3, 22.1R2 et 22.2R2\u003c/li\u003e \u003cli\u003eJunos OS gammes\u00a0SRX4600 versions ant\u00e9rieures \u00e0 21.2R3-S7,\u00a021.4R3-S6,\u00a022.1R3-S5,\u00a022.2R3-S3,\u00a022.3R3-S2,\u00a022.4R3,\u00a023.2R1-S2, 23.2R2 et 23.4R1\u003c/li\u003e \u003cli\u003eJunos OS gammes\u00a0ACX5448 et ACX710 versions ant\u00e9rieures \u00e0 20.4R3-S9, 21.2R3-S5, 21.3R3-S5, 21.4R3-S4, 22.1R3-S2, 22.2R3-S2, 22.3R2-S2, 22.3R3, 22.4R2 et 23.2R1\u003c/li\u003e \u003cli\u003eJunos OS versions ant\u00e9rieures \u00e0 20.4R3-S9, 21.1R3, 21.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S2, 22.3R3-S2, 22.4R3 et 23.4R2\u003c/li\u003e \u003cli\u003e \u003cdiv\u003e \u003cdiv\u003e \u003cp\u003eJunos OS Evolved versions ant\u00e9rieures \u00e0 20.4R3-S9-EVO, 21.2R3-S7-EVO, 21.3R3-S5-EVO, 21.4R3-S6-EVO, 22.1R3-S4-EVO, 22.2R3-S2-EVO, 22.3R3-S2-EVO, 22.4R3-EVO, 23.2R2-EVO et 23.4R1-EVO\u003c/p\u003e \u003c/div\u003e \u003c/div\u003e \u003c/li\u003e \u003c/ul\u003e ",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-0216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
    },
    {
      "name": "CVE-2023-40217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40217"
    },
    {
      "name": "CVE-2023-0401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
    },
    {
      "name": "CVE-2021-37600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37600"
    },
    {
      "name": "CVE-2024-30381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30381"
    },
    {
      "name": "CVE-2023-46218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46218"
    },
    {
      "name": "CVE-2020-1747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1747"
    },
    {
      "name": "CVE-2024-30401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30401"
    },
    {
      "name": "CVE-2021-28831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28831"
    },
    {
      "name": "CVE-2024-30409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30409"
    },
    {
      "name": "CVE-2023-38546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
    },
    {
      "name": "CVE-2020-14343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14343"
    },
    {
      "name": "CVE-2022-4304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
    },
    {
      "name": "CVE-2022-48554",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48554"
    },
    {
      "name": "CVE-2023-39975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39975"
    },
    {
      "name": "CVE-2024-30410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30410"
    },
    {
      "name": "CVE-2018-7738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7738"
    },
    {
      "name": "CVE-2022-48522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48522"
    },
    {
      "name": "CVE-2020-8285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8285"
    },
    {
      "name": "CVE-2021-28957",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28957"
    },
    {
      "name": "CVE-2024-30380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30380"
    },
    {
      "name": "CVE-2023-41913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41913"
    },
    {
      "name": "CVE-2024-30392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30392"
    },
    {
      "name": "CVE-2023-0215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
    },
    {
      "name": "CVE-2021-23240",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23240"
    },
    {
      "name": "CVE-2023-0286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
    },
    {
      "name": "CVE-2011-1676",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1676"
    },
    {
      "name": "CVE-2020-8037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8037"
    },
    {
      "name": "CVE-2023-4807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
    },
    {
      "name": "CVE-2020-19190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-19190"
    },
    {
      "name": "CVE-2024-30391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30391"
    },
    {
      "name": "CVE-2020-8286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8286"
    },
    {
      "name": "CVE-2023-2253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2253"
    },
    {
      "name": "CVE-2023-44487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
    },
    {
      "name": "CVE-2024-30389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30389"
    },
    {
      "name": "CVE-2023-29491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29491"
    },
    {
      "name": "CVE-2023-3592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3592"
    },
    {
      "name": "CVE-2020-19187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-19187"
    },
    {
      "name": "CVE-2023-0466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0466"
    },
    {
      "name": "CVE-2019-9923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9923"
    },
    {
      "name": "CVE-2021-39534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39534"
    },
    {
      "name": "CVE-2023-5981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5981"
    },
    {
      "name": "CVE-2023-27043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
    },
    {
      "name": "CVE-2023-0217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
    },
    {
      "name": "CVE-2024-30398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30398"
    },
    {
      "name": "CVE-2021-22947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22947"
    },
    {
      "name": "CVE-2018-1000120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000120"
    },
    {
      "name": "CVE-2023-48795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
    },
    {
      "name": "CVE-2019-17041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17041"
    },
    {
      "name": "CVE-2020-19188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-19188"
    },
    {
      "name": "CVE-2020-19186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-19186"
    },
    {
      "name": "CVE-2021-22946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22946"
    },
    {
      "name": "CVE-2020-25659",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25659"
    },
    {
      "name": "CVE-2021-39531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39531"
    },
    {
      "name": "CVE-2020-8284",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8284"
    },
    {
      "name": "CVE-2023-23915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23915"
    },
    {
      "name": "CVE-2011-1675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1675"
    },
    {
      "name": "CVE-2023-28366",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28366"
    },
    {
      "name": "CVE-2024-30378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30378"
    },
    {
      "name": "CVE-2023-23931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23931"
    },
    {
      "name": "CVE-2021-34434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34434"
    },
    {
      "name": "CVE-2016-10009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10009"
    },
    {
      "name": "CVE-2023-1428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1428"
    },
    {
      "name": "CVE-2023-3978",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3978"
    },
    {
      "name": "CVE-2024-30402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30402"
    },
    {
      "name": "CVE-2018-1000215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000215"
    },
    {
      "name": "CVE-2023-23914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23914"
    },
    {
      "name": "CVE-2019-17042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17042"
    },
    {
      "name": "CVE-2024-30403",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30403"
    },
    {
      "name": "CVE-2021-36159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-36159"
    },
    {
      "name": "CVE-2018-1000654",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000654"
    },
    {
      "name": "CVE-2023-5156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5156"
    },
    {
      "name": "CVE-2022-2795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2795"
    },
    {
      "name": "CVE-2021-30139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30139"
    },
    {
      "name": "CVE-2024-30384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30384"
    },
    {
      "name": "CVE-2023-2603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2603"
    },
    {
      "name": "CVE-2024-30387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30387"
    },
    {
      "name": "CVE-2017-18018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-18018"
    },
    {
      "name": "CVE-2024-30406",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30406"
    },
    {
      "name": "CVE-2023-43804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
    },
    {
      "name": "CVE-2022-4450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
    },
    {
      "name": "CVE-2023-32732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32732"
    },
    {
      "name": "CVE-2024-30394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30394"
    },
    {
      "name": "CVE-2023-2650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
    },
    {
      "name": "CVE-2022-3996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3996"
    },
    {
      "name": "CVE-2024-30407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30407"
    },
    {
      "name": "CVE-2020-36242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36242"
    },
    {
      "name": "CVE-2023-4785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4785"
    },
    {
      "name": "CVE-2020-22916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-22916"
    },
    {
      "name": "CVE-2023-38408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38408"
    },
    {
      "name": "CVE-2020-27350",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27350"
    },
    {
      "name": "CVE-2023-36054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36054"
    },
    {
      "name": "CVE-2021-39533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39533"
    },
    {
      "name": "CVE-2024-30390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30390"
    },
    {
      "name": "CVE-2020-19185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-19185"
    },
    {
      "name": "CVE-2023-0809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0809"
    },
    {
      "name": "CVE-2021-20193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20193"
    },
    {
      "name": "CVE-2023-4806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4806"
    },
    {
      "name": "CVE-2016-2781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2781"
    },
    {
      "name": "CVE-2020-19189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-19189"
    },
    {
      "name": "CVE-2023-32731",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32731"
    },
    {
      "name": "CVE-2023-49083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-49083"
    },
    {
      "name": "CVE-2024-30388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30388"
    },
    {
      "name": "CVE-2019-18276",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-18276"
    },
    {
      "name": "CVE-2024-30386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30386"
    },
    {
      "name": "CVE-2021-33560",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33560"
    },
    {
      "name": "CVE-2011-1677",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1677"
    },
    {
      "name": "CVE-2018-20225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20225"
    },
    {
      "name": "CVE-2020-28928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28928"
    },
    {
      "name": "CVE-2021-41039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41039"
    },
    {
      "name": "CVE-2024-30382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30382"
    },
    {
      "name": "CVE-2018-20482",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20482"
    },
    {
      "name": "CVE-2021-40528",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-40528"
    },
    {
      "name": "CVE-2023-32681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
    },
    {
      "name": "CVE-2023-3446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
    },
    {
      "name": "CVE-2020-28493",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28493"
    },
    {
      "name": "CVE-2020-27783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27783"
    },
    {
      "name": "CVE-2018-1000122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000122"
    },
    {
      "name": "CVE-2011-1089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1089"
    },
    {
      "name": "CVE-2024-30405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30405"
    },
    {
      "name": "CVE-2024-30397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30397"
    },
    {
      "name": "CVE-2023-38545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38545"
    },
    {
      "name": "CVE-2024-30395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30395"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0297",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-04-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Juniper. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code arbitraire \u00e0\ndistance et un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79102 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-Evolved-libslax-Multiple-vulnerabilities-in-libslax-resolved?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79106 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Juniper-Cloud-Native-Router-Multiple-vulnerabilities-resolved-in-23-4-release?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79181 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-Evolved-When-MAC-learning-happens-and-an-interface-gets-flapped-the-PFE-crashes-CVE-2024-30403?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79186 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-EX4300-Series-If-a-specific-CLI-command-is-issued-PFE-crashes-will-occur-CVE-2024-30384?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79089 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-QFX5000-Series-and-EX-Series-Specific-malformed-LACP-packets-will-cause-flaps-CVE-2024-30388?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79173 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Paragon-Active-Assurance-probe-serviced-exposes-internal-objects-to-local-users-CVE-2024-30381?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79104 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-Evolved-ACX-Series-with-Paragon-Active-Assurance-Test-Agent-A-local-high-privileged-attacker-can-recover-other-administrators-credentials-CVE-2024-30406?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79094 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-A-specific-EVPN-type-5-route-causes-rpd-crash-CVE-2024-30394?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79183 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-Evolved-Connection-limits-is-not-being-enforced-while-the-resp-rate-limit-is-being-enforced-CVE-2024-30390?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79176 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-SRX4600-Series-A-high-amount-of-specific-traffic-causes-packet-drops-and-an-eventual-PFE-crash-CVE-2024-30398?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79179 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-An-invalid-certificate-causes-a-Denial-of-Service-in-the-Internet-Key-Exchange-IKE-process-CVE-2024-30397?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79187 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-ACX5448-ACX710-Due-to-the-interface-flaps-the-PFE-process-can-crash-CVE-2024-30387?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79109 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-MX-Series-bbe-smgd-process-crash-upon-execution-of-specific-CLI-commands-CVE-2024-30378?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79171 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-l2cpd-crash-upon-receipt-of-a-specific-TLV-CVE-2024-30380?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79188 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-MX-Series-with-SPC3-and-SRX-Series-When-IPsec-authentication-is-configured-with-hmac-sha-384-and-hmac-sha-512-no-authentication-of-traffic-is-performed-CVE-2024-30391?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79099 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Higher-CPU-consumption-on-routing-engine-leads-to-Denial-of-Service-DoS-CVE-2024-30409?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79184 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-a-EVPN-VXLAN-scenario-state-changes-on-adjacent-systems-can-cause-an-l2ald-process-crash-CVE-2024-30386?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79110 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-MX-Series-and-EX9200-15C-Stack-based-buffer-overflow-in-aftman-CVE-2024-30401?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79174 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Junos-OS-and-Junos-OS-Evolved-RPD-crash-when-CoS-based-forwarding-CBF-policy-is-configured-CVE-2024-30382?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79095 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-malformed-BGP-tunnel-encapsulation-attribute-will-lead-to-an-rpd-crash-CVE-2024-30395?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79100 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-EX4300-Series-Loopback-filter-not-blocking-traffic-despite-having-discard-term-CVE-2024-30410?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79107 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-cRPD-Multiple-vulnerabilities-resolved-in-23-4R1-release?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79092 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-MX-Series-with-SPC3-and-MS-MPC-MIC-When-URL-filtering-is-enabled-and-a-specific-URL-request-is-received-a-flowd-crash-occurs-CVE-2024-30392?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79185 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-EX4300-Series-Firewall-filter-not-blocking-egress-traffic-CVE-2024-30389?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79108 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Multiple-cURL-vulnerabilities-resolved?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79091 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-SRX-Branch-Series-When-DNS-proxy-is-configured-and-specific-DNS-queries-are-received-resolver-s-performance-is-degraded-CVE-2022-2795?language=en_US"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA79180 du 10 avril 2024",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-The-l2ald-crashes-on-receiving-telemetry-messages-from-a-specific-subscription-CVE-2024-30402?language=en_US"
    }
  ]
}

GHSA-R4G7-RP4J-9CV7

Vulnerability from github – Published: 2024-04-12 18:33 – Updated: 2025-02-06 21:32

Details

A Use-After-Free vulnerability in the Layer 2 Address Learning Daemon (l2ald)

of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause l2ald to crash leading to a Denial-of-Service (DoS).

In an EVPN-VXLAN scenario, when

state updates are received and processed by the affected system, the correct order of some processing steps is not ensured, which can lead to an l2ald crash and restart. Whether the crash occurs depends on system internal timing which is outside the attackers control. This issue affects:

Junos OS:

All versions before 20.4R3-S8,
21.2 versions before 21.2R3-S6,
21.3 versions before 21.3R3-S5,
21.4 versions before 21.4R3-S4,
22.1 versions before 22.1R3-S3,
22.2 versions before 22.2R3-S1,
22.3 versions before 22.3R3,,
22.4 versions before 22.4R2;

Junos OS Evolved:

All versions before 20.4R3-S8-EVO,
21.2-EVO versions before 21.2R3-S6-EVO,
21.3-EVO

versions before 21.3R3-S5-EVO, * 21.4-EVO

versions before 21.4R3-S4-EVO, * 22.1-EVO

versions before 22.1R3-S3-EVO, * 22.2-EVO

versions before 22.2R3-S1-EVO, * 22.3-EVO

versions before 22.3R3-EVO, * 22.4-EVO

versions before 22.4R2-EVO.

Severity ?

5.3 (Medium)


                  
                    CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

7.1 (High)


                  
                    CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-30386"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-12T16:15:37Z",
    "severity": "MODERATE"
  },
  "details": "A Use-After-Free vulnerability in the\u00a0Layer 2 Address Learning Daemon (l2ald)\n\n of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause l2ald to crash leading to a Denial-of-Service (DoS).\n\nIn an EVPN-VXLAN scenario,\u00a0when \n\nstate updates are received and processed by the affected system, the correct order of some processing steps is not ensured, which can lead to an l2ald crash and restart. Whether the crash occurs depends on system internal timing which is outside the attackers control.\nThis issue affects:\n\nJunos OS:\u00a0\n\n\n\n  *  All versions before 20.4R3-S8,\n  *  21.2 versions before 21.2R3-S6,\n  *  21.3 versions before 21.3R3-S5,\n  *  21.4 versions before 21.4R3-S4,\n  *  22.1 versions before 22.1R3-S3,\n  *  22.2 versions before 22.2R3-S1,\n  *  22.3 versions before 22.3R3,,\n  *  22.4 versions before 22.4R2;\n\n\n\n\nJunos OS Evolved:\u00a0\n\n\n\n  *  All versions before 20.4R3-S8-EVO,\n  *  21.2-EVO versions before 21.2R3-S6-EVO,\u00a0\n  *  21.3-EVO\n\n versions before 21.3R3-S5-EVO,\n  *  21.4-EVO\n\n versions before 21.4R3-S4-EVO,\n  *  22.1-EVO\n\n versions before 22.1R3-S3-EVO,\n  *  22.2-EVO\n\n versions before 22.2R3-S1-EVO,\n  *  22.3-EVO\n\n versions before 22.3R3-EVO,\n  *  22.4-EVO\n\n versions before 22.4R2-EVO.",
  "id": "GHSA-r4g7-rp4j-9cv7",
  "modified": "2025-02-06T21:32:04Z",
  "published": "2024-04-12T18:33:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30386"
    },
    {
      "type": "WEB",
      "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"
    },
    {
      "type": "WEB",
      "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
    },
    {
      "type": "WEB",
      "url": "http://supportportal.juniper.net/JSA79184"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

FKIE_CVE-2024-30386

Vulnerability from fkie_nvd - Published: 2024-04-12 16:15 - Updated: 2025-02-06 20:36

Severity ?

5.3 (Medium) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
sirt@juniper.net	http://supportportal.juniper.net/JSA79184	Vendor Advisory
sirt@juniper.net	https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L	Issue Tracking
af854a3a-2127-422b-91ae-364da2661108	http://supportportal.juniper.net/JSA79184	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L	Issue Tracking

Impacted products

Vendor	Product	Version
juniper	junos	*
juniper	junos	20.4
juniper	junos	20.4
juniper	junos	20.4
juniper	junos	20.4
juniper	junos	20.4
juniper	junos	20.4
juniper	junos	20.4
juniper	junos	20.4
juniper	junos	20.4
juniper	junos	20.4
juniper	junos	20.4
juniper	junos	20.4
juniper	junos	20.4
juniper	junos	20.4
juniper	junos	21.2
juniper	junos	21.2
juniper	junos	21.2
juniper	junos	21.2
juniper	junos	21.2
juniper	junos	21.2
juniper	junos	21.2
juniper	junos	21.2
juniper	junos	21.2
juniper	junos	21.2
juniper	junos	21.2
juniper	junos	21.2
juniper	junos	21.2
juniper	junos	21.3
juniper	junos	21.3
juniper	junos	21.3
juniper	junos	21.3
juniper	junos	21.3
juniper	junos	21.3
juniper	junos	21.3
juniper	junos	21.3
juniper	junos	21.3
juniper	junos	21.3
juniper	junos	21.3
juniper	junos	21.3
juniper	junos	21.4
juniper	junos	21.4
juniper	junos	21.4
juniper	junos	21.4
juniper	junos	21.4
juniper	junos	21.4
juniper	junos	21.4
juniper	junos	21.4
juniper	junos	21.4
juniper	junos	21.4
juniper	junos	21.4
juniper	junos	22.1
juniper	junos	22.1
juniper	junos	22.1
juniper	junos	22.1
juniper	junos	22.1
juniper	junos	22.1
juniper	junos	22.1
juniper	junos	22.1
juniper	junos	22.1
juniper	junos	22.1
juniper	junos	22.2
juniper	junos	22.2
juniper	junos	22.2
juniper	junos	22.2
juniper	junos	22.2
juniper	junos	22.2
juniper	junos	22.2
juniper	junos	22.2
juniper	junos	22.3
juniper	junos	22.3
juniper	junos	22.3
juniper	junos	22.3
juniper	junos	22.3
juniper	junos	22.3
juniper	junos	22.3
juniper	junos	22.4
juniper	junos	22.4
juniper	junos	22.4
juniper	junos	22.4
juniper	junos_os_evolved	*
juniper	junos_os_evolved	20.4
juniper	junos_os_evolved	20.4
juniper	junos_os_evolved	20.4
juniper	junos_os_evolved	20.4
juniper	junos_os_evolved	20.4
juniper	junos_os_evolved	20.4
juniper	junos_os_evolved	20.4
juniper	junos_os_evolved	20.4
juniper	junos_os_evolved	20.4
juniper	junos_os_evolved	20.4
juniper	junos_os_evolved	20.4
juniper	junos_os_evolved	20.4
juniper	junos_os_evolved	20.4
juniper	junos_os_evolved	20.4
juniper	junos_os_evolved	20.4
juniper	junos_os_evolved	20.4
juniper	junos_os_evolved	21.2
juniper	junos_os_evolved	21.2
juniper	junos_os_evolved	21.2
juniper	junos_os_evolved	21.2
juniper	junos_os_evolved	21.2
juniper	junos_os_evolved	21.2
juniper	junos_os_evolved	21.2
juniper	junos_os_evolved	21.2
juniper	junos_os_evolved	21.2
juniper	junos_os_evolved	21.2
juniper	junos_os_evolved	21.2
juniper	junos_os_evolved	21.2
juniper	junos_os_evolved	21.2
juniper	junos_os_evolved	21.3
juniper	junos_os_evolved	21.3
juniper	junos_os_evolved	21.3
juniper	junos_os_evolved	21.3
juniper	junos_os_evolved	21.3
juniper	junos_os_evolved	21.3
juniper	junos_os_evolved	21.3
juniper	junos_os_evolved	21.3
juniper	junos_os_evolved	21.3
juniper	junos_os_evolved	21.3
juniper	junos_os_evolved	21.3
juniper	junos_os_evolved	21.4
juniper	junos_os_evolved	21.4
juniper	junos_os_evolved	21.4
juniper	junos_os_evolved	21.4
juniper	junos_os_evolved	21.4
juniper	junos_os_evolved	21.4
juniper	junos_os_evolved	21.4
juniper	junos_os_evolved	21.4
juniper	junos_os_evolved	21.4
juniper	junos_os_evolved	21.4
juniper	junos_os_evolved	21.4
juniper	junos_os_evolved	22.1
juniper	junos_os_evolved	22.1
juniper	junos_os_evolved	22.1
juniper	junos_os_evolved	22.1
juniper	junos_os_evolved	22.1
juniper	junos_os_evolved	22.1
juniper	junos_os_evolved	22.1
juniper	junos_os_evolved	22.1
juniper	junos_os_evolved	22.1
juniper	junos_os_evolved	22.2
juniper	junos_os_evolved	22.2
juniper	junos_os_evolved	22.2
juniper	junos_os_evolved	22.2
juniper	junos_os_evolved	22.2
juniper	junos_os_evolved	22.2
juniper	junos_os_evolved	22.2
juniper	junos_os_evolved	22.2
juniper	junos_os_evolved	22.3
juniper	junos_os_evolved	22.3
juniper	junos_os_evolved	22.3
juniper	junos_os_evolved	22.3
juniper	junos_os_evolved	22.3
juniper	junos_os_evolved	22.3
juniper	junos_os_evolved	22.3
juniper	junos_os_evolved	22.4
juniper	junos_os_evolved	22.4
juniper	junos_os_evolved	22.4
juniper	junos_os_evolved	22.4

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3A96966-5060-4139-A124-D4E2C879FD6C",
              "versionEndExcluding": "20.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:20.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "3D361B23-A3C2-444B-BEB8-E231DA950567",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:20.4:r1:*:*:*:*:*:*",
              "matchCriteriaId": "20DDC6B7-BFC4-4F0B-8E68-442C23765BF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:20.4:r1-s1:*:*:*:*:*:*",
              "matchCriteriaId": "037BA01C-3F5C-4503-A633-71765E9EF774",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:20.4:r2:*:*:*:*:*:*",
              "matchCriteriaId": "C54B047C-4B38-40C0-9855-067DCF7E48BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:20.4:r2-s1:*:*:*:*:*:*",
              "matchCriteriaId": "38984199-E332-4A9C-A4C0-78083D052E15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:20.4:r2-s2:*:*:*:*:*:*",
              "matchCriteriaId": "AA6526FB-2941-4D18-9B2E-472AD5A62A53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:20.4:r3:*:*:*:*:*:*",
              "matchCriteriaId": "09876787-A40A-4340-9C12-8628C325353B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s1:*:*:*:*:*:*",
              "matchCriteriaId": "41615104-C17E-44DA-AB0D-6E2053BD4EF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s2:*:*:*:*:*:*",
              "matchCriteriaId": "1981DE38-36B5-469D-917E-92717EE3ED53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s3:*:*:*:*:*:*",
              "matchCriteriaId": "AFA68ACD-AAE5-4577-B734-23AAF77BC85A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s4:*:*:*:*:*:*",
              "matchCriteriaId": "65948ABC-22BB-46D5-8545-0806EDB4B86E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s5:*:*:*:*:*:*",
              "matchCriteriaId": "283E41CB-9A90-4521-96DC-F31AA592CFD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s6:*:*:*:*:*:*",
              "matchCriteriaId": "14EEA504-CBC5-4F6F-889A-D505EC4BB5B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s7:*:*:*:*:*:*",
              "matchCriteriaId": "977DEF80-0DB5-4828-97AC-09BB3111D585",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "216E7DDE-453D-481F-92E2-9F8466CDDA3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.2:r1:*:*:*:*:*:*",
              "matchCriteriaId": "A52AF794-B36B-43A6-82E9-628658624B0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.2:r1-s1:*:*:*:*:*:*",
              "matchCriteriaId": "3998DC76-F72F-4452-9150-652140B113EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.2:r1-s2:*:*:*:*:*:*",
              "matchCriteriaId": "36ED4552-2420-45F9-B6E4-6DA2B2B12870",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.2:r2:*:*:*:*:*:*",
              "matchCriteriaId": "C28A14E7-7EA0-4757-9764-E39A27CFDFA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.2:r2-s1:*:*:*:*:*:*",
              "matchCriteriaId": "4A43752D-A4AF-4B4E-B95B-192E42883A5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.2:r2-s2:*:*:*:*:*:*",
              "matchCriteriaId": "42986538-E9D0-4C2E-B1C4-A763A4EE451B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.2:r3:*:*:*:*:*:*",
              "matchCriteriaId": "DE22CA01-EA7E-4EE5-B59F-EE100688C1DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s1:*:*:*:*:*:*",
              "matchCriteriaId": "E596ABD9-6ECD-48DC-B770-87B7E62EA345",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s2:*:*:*:*:*:*",
              "matchCriteriaId": "71745D02-D226-44DC-91AD-678C85F5E6FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s3:*:*:*:*:*:*",
              "matchCriteriaId": "39E44B09-7310-428C-8144-AE9DB0484D1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s4:*:*:*:*:*:*",
              "matchCriteriaId": "53938295-8999-4316-9DED-88E24D037852",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s5:*:*:*:*:*:*",
              "matchCriteriaId": "2307BF56-640F-49A8-B060-6ACB0F653A61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "2E7D597D-F6B6-44C3-9EBC-4FA0686ACB5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.3:r1:*:*:*:*:*:*",
              "matchCriteriaId": "CC78A4CB-D617-43FC-BB51-287D2D0C44ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.3:r1-s1:*:*:*:*:*:*",
              "matchCriteriaId": "30FF67F8-1E3C-47A8-8859-709B3614BA6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.3:r1-s2:*:*:*:*:*:*",
              "matchCriteriaId": "0C7C507E-C85E-4BC6-A3B0-549516BAB524",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.3:r2:*:*:*:*:*:*",
              "matchCriteriaId": "6514CDE8-35DC-469F-89A3-078684D18F7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.3:r2-s1:*:*:*:*:*:*",
              "matchCriteriaId": "4624565D-8F59-44A8-B7A8-01AD579745E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.3:r2-s2:*:*:*:*:*:*",
              "matchCriteriaId": "4BF8CD82-C338-4D9A-8C98-FCB3CEAA9227",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.3:r3:*:*:*:*:*:*",
              "matchCriteriaId": "57E08E70-1AF3-4BA5-9A09-06DFE9663ADE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.3:r3-s1:*:*:*:*:*:*",
              "matchCriteriaId": "255B6F20-D32F-42C1-829C-AE9C7923558A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.3:r3-s2:*:*:*:*:*:*",
              "matchCriteriaId": "90AE30DB-C448-4FE9-AC11-FF0F27CDA227",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.3:r3-s3:*:*:*:*:*:*",
              "matchCriteriaId": "93F324AE-65D3-4CFC-AEAB-898CE1BD05CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.3:r3-s4:*:*:*:*:*:*",
              "matchCriteriaId": "3CCBB2F4-F05B-4CC5-9B1B-ECCB798D0483",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "79ED3CE8-CC57-43AB-9A26-BBC87816062D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.4:r1:*:*:*:*:*:*",
              "matchCriteriaId": "4310D2D9-A8A6-48F8-9384-0A0692A1E1C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s1:*:*:*:*:*:*",
              "matchCriteriaId": "9962B01C-C57C-4359-9532-676AB81CE8B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s2:*:*:*:*:*:*",
              "matchCriteriaId": "62178549-B679-4902-BFDB-2993803B7FCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.4:r2:*:*:*:*:*:*",
              "matchCriteriaId": "9AD697DF-9738-4276-94ED-7B9380CD09F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.4:r2-s1:*:*:*:*:*:*",
              "matchCriteriaId": "09FF5818-0803-4646-A386-D7C645EE58A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.4:r2-s2:*:*:*:*:*:*",
              "matchCriteriaId": "2229FA59-EB24-49A2-85CE-F529A8DE6BA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.4:r3:*:*:*:*:*:*",
              "matchCriteriaId": "0CB280D8-C5D8-4B51-A879-496ACCDE4538",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s1:*:*:*:*:*:*",
              "matchCriteriaId": "5F3F54F1-75B3-400D-A735-2C27C8CEBE79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s2:*:*:*:*:*:*",
              "matchCriteriaId": "476A49E7-37E9-40F9-BF2D-9BBFFAA1DFFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s3:*:*:*:*:*:*",
              "matchCriteriaId": "0A5B196A-2AF1-4AE5-9148-A75A572807BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "9D157211-535E-4B2D-B2FE-F697FAFDF65C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.1:r1:*:*:*:*:*:*",
              "matchCriteriaId": "3F96EBE9-2532-4E35-ABA5-CA68830476A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.1:r1-s1:*:*:*:*:*:*",
              "matchCriteriaId": "B4D936AE-FD74-4823-A824-2D9F24C25BFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.1:r1-s2:*:*:*:*:*:*",
              "matchCriteriaId": "E117E493-F4E1-4568-88E3-F243C74A2662",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.1:r2:*:*:*:*:*:*",
              "matchCriteriaId": "01E3E308-FD9C-4686-8C35-8472A0E99F0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.1:r2-s1:*:*:*:*:*:*",
              "matchCriteriaId": "3683A8F5-EE0E-4936-A005-DF7F6B75DED3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.1:r2-s2:*:*:*:*:*:*",
              "matchCriteriaId": "1B615DBA-8C53-41D4-B264-D3EED8578471",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.1:r3:*:*:*:*:*:*",
              "matchCriteriaId": "B3124DD0-9E42-4896-9060-CB7DD07FC342",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.1:r3-s1:*:*:*:*:*:*",
              "matchCriteriaId": "44F6FD6C-03AF-4D2C-B411-A753DE12A2DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.1:r3-s2:*:*:*:*:*:*",
              "matchCriteriaId": "D49FFB60-BA71-4902-9404-E67162919ADC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "06156CD6-09D3-4A05-9C5E-BC64A70640F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.2:r1:*:*:*:*:*:*",
              "matchCriteriaId": "E949B21B-AD62-4022-9088-06313277479E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.2:r1-s1:*:*:*:*:*:*",
              "matchCriteriaId": "8D862E6F-0D01-4B25-8340-888C30F75A2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.2:r1-s2:*:*:*:*:*:*",
              "matchCriteriaId": "2F28F73E-8563-41B9-A313-BBAAD5B57A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.2:r2:*:*:*:*:*:*",
              "matchCriteriaId": "E37D4694-C80B-475E-AB5B-BB431F59C5E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.2:r2-s1:*:*:*:*:*:*",
              "matchCriteriaId": "5EC0D2D2-4922-4675-8A2C-57A08D7BE334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.2:r2-s2:*:*:*:*:*:*",
              "matchCriteriaId": "9EC91F9D-DEDA-46B4-A39F-59A2CDB86C2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.2:r3:*:*:*:*:*:*",
              "matchCriteriaId": "591AA3E6-62A2-4A1A-A04C-E808F71D8B6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "CEB98E3F-B0A9-488F-ACFC-56B9485E7C9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.3:r1:*:*:*:*:*:*",
              "matchCriteriaId": "19519212-51DD-4448-B115-8A20A40192CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.3:r1-s1:*:*:*:*:*:*",
              "matchCriteriaId": "5CC9909E-AE9F-414D-99B1-83AA04D5297B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.3:r1-s2:*:*:*:*:*:*",
              "matchCriteriaId": "FDE9E767-4713-4EA2-8D00-1382975A4A15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.3:r2:*:*:*:*:*:*",
              "matchCriteriaId": "59DDA54E-6845-47EB-AE3C-5EC6BD33DFA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.3:r2-s1:*:*:*:*:*:*",
              "matchCriteriaId": "574730B0-56C8-4A03-867B-1737148ED9B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.3:r2-s2:*:*:*:*:*:*",
              "matchCriteriaId": "20EBC676-1B26-4A71-8326-0F892124290A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1379EF30-AF04-4F98-8328-52A631F24737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.4:r1:*:*:*:*:*:*",
              "matchCriteriaId": "28E42A41-7965-456B-B0AF-9D3229CE4D4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.4:r1-s1:*:*:*:*:*:*",
              "matchCriteriaId": "CB1A77D6-D3AD-481B-979C-8F778530B175",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.4:r1-s2:*:*:*:*:*:*",
              "matchCriteriaId": "3A064B6B-A99B-4D8D-A62D-B00C7870BC30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F41A7DF-2B27-4E2E-ABFC-E0510A028199",
              "versionEndExcluding": "20.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "247FB9DF-7EC0-4298-B27C-3235D141C1D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1:*:*:*:*:*:*",
              "matchCriteriaId": "C9C8866D-162F-4C9B-8167-2FBA25410368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1-s1:*:*:*:*:*:*",
              "matchCriteriaId": "F85E5BC7-8607-4330-AA72-2273D32F8604",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1-s2:*:*:*:*:*:*",
              "matchCriteriaId": "878C81C9-A418-4A21-8FDB-2116A992679C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2:*:*:*:*:*:*",
              "matchCriteriaId": "7451A671-A3CC-4904-8D45-947B1D3783C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s1:*:*:*:*:*:*",
              "matchCriteriaId": "0108AD20-EAE6-41D1-AE48-254C46B5388A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s2:*:*:*:*:*:*",
              "matchCriteriaId": "44FBCA6F-EB05-4EE4-85FD-944BDAF7D81B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s3:*:*:*:*:*:*",
              "matchCriteriaId": "E554FD12-FE69-44D1-B2C9-4382F8CA4456",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3:*:*:*:*:*:*",
              "matchCriteriaId": "E0C1D53E-70BE-4246-89ED-1074C8C70747",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s1:*:*:*:*:*:*",
              "matchCriteriaId": "B39DDCF8-BB68-49F4-8AAF-AE25C9C13AC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s2:*:*:*:*:*:*",
              "matchCriteriaId": "B38A90A9-B739-49BE-8845-9ABF846CCC5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s3:*:*:*:*:*:*",
              "matchCriteriaId": "AAE56A7C-BA26-405F-A640-C43AF78B0A3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s4:*:*:*:*:*:*",
              "matchCriteriaId": "683D8EED-9F26-41E7-B69C-FE198225A8F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s5:*:*:*:*:*:*",
              "matchCriteriaId": "8979C85C-87DD-42B1-9CCC-BC3F7007C600",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s6:*:*:*:*:*:*",
              "matchCriteriaId": "5BDD5111-1BC2-456B-8A31-F2D252DF613C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s7:*:*:*:*:*:*",
              "matchCriteriaId": "89B9BF7C-525C-4819-B80D-9B5F240F9878",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "620B0CDD-5566-472E-B96A-31D2C12E3120",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r1:*:*:*:*:*:*",
              "matchCriteriaId": "3EA3DC63-B290-4D15-BEF9-21DEF36CA2EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r1-s1:*:*:*:*:*:*",
              "matchCriteriaId": "7E1E57AF-979B-4022-8AD6-B3558E06B718",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r1-s2:*:*:*:*:*:*",
              "matchCriteriaId": "144730FB-7622-4B3D-9C47-D1B7A7FB7EB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r2:*:*:*:*:*:*",
              "matchCriteriaId": "7BA246F0-154E-4F44-A97B-690D22FA73DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r2-s1:*:*:*:*:*:*",
              "matchCriteriaId": "25D6C07C-F96E-4523-BB54-7FEABFE1D1ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r2-s2:*:*:*:*:*:*",
              "matchCriteriaId": "2B70C784-534B-4FAA-A5ED-3709656E2B97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3:*:*:*:*:*:*",
              "matchCriteriaId": "60448FFB-568E-4280-9261-ADD65244F31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s1:*:*:*:*:*:*",
              "matchCriteriaId": "2B770C52-7E3E-4B92-9138-85DEC56F3B22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s2:*:*:*:*:*:*",
              "matchCriteriaId": "E88AC378-461C-4EFA-A04B-5786FF21FE03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s3:*:*:*:*:*:*",
              "matchCriteriaId": "3B0AFB30-81DC-465C-9F63-D1B15EA4809A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s4:*:*:*:*:*:*",
              "matchCriteriaId": "2035F0AC-29E7-478A-A9D0-BAA3A88B3413",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s5:*:*:*:*:*:*",
              "matchCriteriaId": "C34ABD4B-B045-4046-9641-66E3B2082A25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "4EC38173-44AB-43D5-8C27-CB43AD5E0B2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r1:*:*:*:*:*:*",
              "matchCriteriaId": "5A4DD04A-DE52-46BE-8C34-8DB47F7500F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r1-s1:*:*:*:*:*:*",
              "matchCriteriaId": "FEE0E145-8E1C-446E-90ED-237E3B9CAF47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r2:*:*:*:*:*:*",
              "matchCriteriaId": "0F26369D-21B2-4C6A-98C1-492692A61283",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r2-s1:*:*:*:*:*:*",
              "matchCriteriaId": "24003819-1A6B-4BDF-B3DF-34751C137788",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r2-s2:*:*:*:*:*:*",
              "matchCriteriaId": "BF8D332E-9133-45B9-BB07-B33C790F737A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r3:*:*:*:*:*:*",
              "matchCriteriaId": "3E2A4377-D044-4E43-B6CC-B753D7F6ABD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r3-s1:*:*:*:*:*:*",
              "matchCriteriaId": "8DAEC4F4-5748-4D36-A72B-4C62A0A30E38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r3-s2:*:*:*:*:*:*",
              "matchCriteriaId": "C76DA7A5-9320-4E21-96A2-ACE70803A1CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r3-s3:*:*:*:*:*:*",
              "matchCriteriaId": "703C73EB-2D63-4D4F-8129-239AE1E96B2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r3-s4:*:*:*:*:*:*",
              "matchCriteriaId": "8F67CE3C-3A06-487C-90DE-D5B3B1EC08A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "2E907193-075E-45BC-9257-9607DB790D71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1:*:*:*:*:*:*",
              "matchCriteriaId": "8B73A41D-3FF5-4E53-83FF-74DF58E0D6C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s1:*:*:*:*:*:*",
              "matchCriteriaId": "CEDF46A8-FC3A-4779-B695-2CA11D045AEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s2:*:*:*:*:*:*",
              "matchCriteriaId": "39809219-9F87-4583-9DAD-9415DD320B36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r2:*:*:*:*:*:*",
              "matchCriteriaId": "DB299492-A919-4EBA-A62A-B3CF02FC0A95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s1:*:*:*:*:*:*",
              "matchCriteriaId": "74ED0939-D5F8-4334-9838-40F29DE3597F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s2:*:*:*:*:*:*",
              "matchCriteriaId": "C6937069-8C19-4B01-8415-ED7E9EAE2CE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3:*:*:*:*:*:*",
              "matchCriteriaId": "97DB6DD5-F5DD-4AE1-AF2F-8DB9E18FF882",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s1:*:*:*:*:*:*",
              "matchCriteriaId": "21DF05B8-EF7E-422F-8831-06904160714C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s2:*:*:*:*:*:*",
              "matchCriteriaId": "492FCE45-68A1-4378-85D4-C4034FE0D836",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s3:*:*:*:*:*:*",
              "matchCriteriaId": "522114CC-1505-4205-B4B8-797DE1BD833B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "C16434C0-21A7-4CE5-92E1-7D60A35EF5D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r1:*:*:*:*:*:*",
              "matchCriteriaId": "750FE748-82E7-4419-A061-2DEA26E35309",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r1-s1:*:*:*:*:*:*",
              "matchCriteriaId": "236E23E5-8B04-4081-9D97-7300DF284000",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r1-s2:*:*:*:*:*:*",
              "matchCriteriaId": "5FC96EA7-90A7-4838-B95D-60DBC88C7BC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r2:*:*:*:*:*:*",
              "matchCriteriaId": "97541867-C52F-40BB-9AAE-7E87ED23D789",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r2-s1:*:*:*:*:*:*",
              "matchCriteriaId": "85CF6664-E35A-4E9B-95C0-CDC91F7F331A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r3:*:*:*:*:*:*",
              "matchCriteriaId": "E048A05D-882F-4B1C-BA32-3BBA3FEA31A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r3-s1:*:*:*:*:*:*",
              "matchCriteriaId": "47E8D51D-1424-4B07-B036-E3E195F21AC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r3-s2:*:*:*:*:*:*",
              "matchCriteriaId": "6F3C82ED-5728-406F-ACF6-D7411B0AB6C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "A3CA3365-F9AF-40DF-8700-30AD4BC58E27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r1:*:*:*:*:*:*",
              "matchCriteriaId": "D77A072D-350A-42F2-8324-7D3AC1711BF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r1-s1:*:*:*:*:*:*",
              "matchCriteriaId": "83AE395C-A651-4568-88E3-3600544BF799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r1-s2:*:*:*:*:*:*",
              "matchCriteriaId": "C7FEFD0A-A969-4F53-8668-1231FD675D6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BE1FD4-DAD9-4357-A2E9-20E5826B0D5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r2-s1:*:*:*:*:*:*",
              "matchCriteriaId": "81CC3480-4B65-4588-8D46-FA80A8F6D143",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r2-s2:*:*:*:*:*:*",
              "matchCriteriaId": "F7E76F5F-DB37-4B7F-9247-3CEB4EBD7696",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r3:*:*:*:*:*:*",
              "matchCriteriaId": "C63DBEE5-B0C2-498F-A672-B6596C89B0A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "BE2EF84D-55A9-41DC-A324-69E1DC426D0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r1:*:*:*:*:*:*",
              "matchCriteriaId": "433631CA-3AC4-4D66-9B46-AEA4209347F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r1-s1:*:*:*:*:*:*",
              "matchCriteriaId": "6E4CD8AD-277A-4FC5-A102-3E151060C216",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r1-s2:*:*:*:*:*:*",
              "matchCriteriaId": "4BC09BAC-83E7-48CE-B571-ED49277B2987",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r2:*:*:*:*:*:*",
              "matchCriteriaId": "FA4481D2-F693-48A5-8DBC-E86430987A25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r2-s1:*:*:*:*:*:*",
              "matchCriteriaId": "136CA584-2475-4A14-9771-F367180201D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r2-s2:*:*:*:*:*:*",
              "matchCriteriaId": "4546776C-A657-42E3-9A36-47F9F59A88AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "0A33C425-921F-4795-B834-608C8F1597E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:r1:*:*:*:*:*:*",
              "matchCriteriaId": "93887799-F62C-4A4A-BCF5-004D0B4D4154",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s1:*:*:*:*:*:*",
              "matchCriteriaId": "62C473D2-2612-4480-82D8-8A24D0687BBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s2:*:*:*:*:*:*",
              "matchCriteriaId": "7FB4C5CA-A709-4B13-A9E0-372098A72AD3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A Use-After-Free vulnerability in the\u00a0Layer 2 Address Learning Daemon (l2ald)\n\n of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause l2ald to crash leading to a Denial-of-Service (DoS).\n\nIn an EVPN-VXLAN scenario,\u00a0when \n\nstate updates are received and processed by the affected system, the correct order of some processing steps is not ensured, which can lead to an l2ald crash and restart. Whether the crash occurs depends on system internal timing which is outside the attackers control.\nThis issue affects:\n\nJunos OS:\u00a0\n\n\n\n  *  All versions before 20.4R3-S8,\n  *  21.2 versions before 21.2R3-S6,\n  *  21.3 versions before 21.3R3-S5,\n  *  21.4 versions before 21.4R3-S4,\n  *  22.1 versions before 22.1R3-S3,\n  *  22.2 versions before 22.2R3-S1,\n  *  22.3 versions before 22.3R3,,\n  *  22.4 versions before 22.4R2;\n\n\n\n\nJunos OS Evolved:\u00a0\n\n\n\n  *  All versions before 20.4R3-S8-EVO,\n  *  21.2-EVO versions before 21.2R3-S6-EVO,\u00a0\n  *  21.3-EVO\n\n versions before 21.3R3-S5-EVO,\n  *  21.4-EVO\n\n versions before 21.4R3-S4-EVO,\n  *  22.1-EVO\n\n versions before 22.1R3-S3-EVO,\n  *  22.2-EVO\n\n versions before 22.2R3-S1-EVO,\n  *  22.3-EVO\n\n versions before 22.3R3-EVO,\n  *  22.4-EVO\n\n versions before 22.4R2-EVO."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de Use-After-Free en el daemon de aprendizaje de direcciones de capa 2 (l2ald) de Juniper Networks Junos OS y Junos OS Evolved permite que un atacante adyacente no autenticado provoque que l2ald falle, lo que provoca una denegaci\u00f3n de servicio (DoS). En un escenario EVPN-VXLAN, cuando el sistema afectado recibe y procesa actualizaciones de estado, no se garantiza el orden correcto de algunos pasos de procesamiento, lo que puede provocar un bloqueo y reinicio de l2ald. Que se produzca el fallo depende de la sincronizaci\u00f3n interna del sistema, que est\u00e1 fuera del control de los atacantes. Este problema afecta a: Junos OS: * Todas las versiones anteriores a 20.4R3-S8, * Versiones 21.2 anteriores a 21.2R3-S6, * Versiones 21.3 anteriores a 21.3R3-S5, * Versiones 21.4 anteriores a 21.4R3-S4, * Versiones 22.1 anteriores a 22.1R3- S3, * 22.2 versiones anteriores a 22.2R3-S1, * 22.3 versiones anteriores a 22.3R3, * 22.4 versiones anteriores a 22.4R2; Junos OS Evolved: * Todas las versiones anteriores a 20.4R3-S8-EVO, * Versiones 21.2-EVO anteriores a 21.2R3-S6-EVO, * Versiones 21.3-EVO anteriores a 21.3R3-S5-EVO, * Versiones 21.4-EVO anteriores a 21.4R3- S4-EVO, *versiones 22.1-EVO anteriores a 22.1R3-S3-EVO, *versiones 22.2-EVO anteriores a 22.2R3-S1-EVO, *versiones 22.3-EVO anteriores a 22.3R3-EVO, *versiones 22.4-EVO anteriores a 22.4R2- EVO."
    }
  ],
  "id": "CVE-2024-30386",
  "lastModified": "2025-02-06T20:36:32.980",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "sirt@juniper.net",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "ADJACENT",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "LOW",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "HIGH",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "NONE",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "sirt@juniper.net",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-04-12T16:15:37.650",
  "references": [
    {
      "source": "sirt@juniper.net",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://supportportal.juniper.net/JSA79184"
    },
    {
      "source": "sirt@juniper.net",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://supportportal.juniper.net/JSA79184"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"
    }
  ],
  "sourceIdentifier": "sirt@juniper.net",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "sirt@juniper.net",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-30386 (GCVE-0-2024-30386)

WID-SEC-W-2024-0855

GSD-2024-30386

CERTFR-2024-AVI-0297

Solution

CERTFR-2024-AVI-0297

Solution

GHSA-R4G7-RP4J-9CV7

FKIE_CVE-2024-30386

Tags

Sightings

Nomenclature