cve-2024-21618
Vulnerability from cvelistv5
Published
2024-04-12 14:55
Modified
2024-08-01 22:27
Severity ?
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.1 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
7.1 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
EPSS score ?
Summary
Junos OS and Junos OS Evolved: When LLDP is enabled and a malformed LLDP packet is received, l2cpd crashes
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Juniper Networks | Junos OS | |
Juniper Networks | Junos OS Evolved |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-21618", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-11T13:59:35.301594Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-11T13:59:57.501Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T22:27:35.779Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://supportportal.juniper.net/JSA75759" }, { "tags": [ "technical-description", "x_transferred" ], "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Junos OS", "vendor": "Juniper Networks", "versions": [ { "lessThan": "21.4R3-S4", "status": "affected", "version": "21.4", "versionType": "semver" }, { "lessThan": "22.1R3-S4", "status": "affected", "version": "22.1", "versionType": "semver" }, { "lessThan": "22.2R3-S2", "status": "affected", "version": "22.2", "versionType": "semver" }, { "lessThan": "22.3R2-S2, 22.3R3-S1", "status": "affected", "version": "22.3", "versionType": "semver" }, { "lessThan": "22.4R3", "status": "affected", "version": "22.4", "versionType": "semver" }, { "lessThan": "23.2R2", "status": "affected", "version": "23.2", "versionType": "semver" }, { "lessThan": "21.4R1", "status": "unaffected", "version": "0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "Junos OS Evolved", "vendor": "Juniper Networks", "versions": [ { "lessThan": "21.4R3-S5-EVO", "status": "affected", "version": "21.4-EVO", "versionType": "semver" }, { "lessThan": "22.1R3-S4-EVO", "status": "affected", "version": "22.1-EVO", "versionType": "semver" }, { "lessThan": "22.2R3-S2-EVO", "status": "affected", "version": "22.2-EVO", "versionType": "semver" }, { "lessThan": "22.3R2-S2-EVO, 22.3R3-S1-EVO", "status": "affected", "version": "22.3-EVO", "versionType": "semver" }, { "lessThan": "22.4R3-EVO", "status": "affected", "version": "22.4-EVO", "versionType": "semver" }, { "lessThan": "23.2R2-EVO", "status": "affected", "version": "23.2-EVO", "versionType": "semver" }, { "lessThan": "21.4R1-EVO", "status": "unaffected", "version": "0", "versionType": "semver" } ] } ], "configurations": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eThis vulnerability is only exploitable on interfaces with LLDP enabled.\u003c/p\u003e\u003ctt\u003e\u0026nbsp; [protocols lldp interface]\u003c/tt\u003e" } ], "value": "This vulnerability is only exploitable on interfaces with LLDP enabled.\n\n\u00a0 [protocols lldp interface]" } ], "datePublic": "2024-04-10T17:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "An Access of Memory Location After End of Buffer vulnerability in the Layer-2 Control Protocols Daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003eOn all Junos OS and Junos OS Evolved platforms, when LLDP is enabled on a specific interface, and a malformed LLDP packet is received, l2cpd crashes and restarts. The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP. Also, if any services depend on LLDP state (like PoE or VoIP device recognition), then these will also be affected.\u003cbr\u003e\u003cbr\u003eThis issue affects:\u003cbr\u003e\u003cbr\u003eJunos OS:\u003cbr\u003e\u003cul\u003e\u003cli\u003efrom 21.4 before 21.4R3-S4,\u0026nbsp;\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 22.1 before 22.1R3-S4,\u0026nbsp;\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S2,\u0026nbsp;\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 22.3 before 22.3R2-S2, 22.3R3-S1,\u0026nbsp;\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3,\u0026nbsp;\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2.\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e Junos OS Evolved:\u003cbr\u003e\u003cul\u003e\u003cli\u003efrom 21.4-EVO before 21.4R3-S5-EVO,\u0026nbsp;\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 22.1-EVO before 22.1R3-S4-EVO,\u0026nbsp;\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 22.2-EVO before 22.2R3-S2-EVO,\u0026nbsp;\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 22.3-EVO before 22.3R2-S2-EVO, 22.3R3-S1-EVO,\u0026nbsp;\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 22.4-EVO before 22.4R3-EVO,\u0026nbsp;\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 23.2-EVO before 23.2R2-EVO.\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003eThis issue does not affect:\u003cbr\u003e\u003cul\u003e\u003cli\u003eJunos OS versions prior to 21.4R1;\u003cbr\u003e\u003c/li\u003e\u003cli\u003eJunos OS Evolved versions prior to 21.4R1-EVO.\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e" } ], "value": "An Access of Memory Location After End of Buffer vulnerability in the Layer-2 Control Protocols Daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause Denial of Service (DoS).\n\nOn all Junos OS and Junos OS Evolved platforms, when LLDP is enabled on a specific interface, and a malformed LLDP packet is received, l2cpd crashes and restarts. The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP. Also, if any services depend on LLDP state (like PoE or VoIP device recognition), then these will also be affected.\n\nThis issue affects:\n\nJunos OS:\n * from 21.4 before 21.4R3-S4,\u00a0\n\n * from 22.1 before 22.1R3-S4,\u00a0\n\n * from 22.2 before 22.2R3-S2,\u00a0\n\n * from 22.3 before 22.3R2-S2, 22.3R3-S1,\u00a0\n\n * from 22.4 before 22.4R3,\u00a0\n\n * from 23.2 before 23.2R2.\n\n\n\n\n Junos OS Evolved:\n * from 21.4-EVO before 21.4R3-S5-EVO,\u00a0\n\n * from 22.1-EVO before 22.1R3-S4-EVO,\u00a0\n\n * from 22.2-EVO before 22.2R3-S2-EVO,\u00a0\n\n * from 22.3-EVO before 22.3R2-S2-EVO, 22.3R3-S1-EVO,\u00a0\n\n * from 22.4-EVO before 22.4R3-EVO,\u00a0\n\n * from 23.2-EVO before 23.2R2-EVO.\n\n\n\n\nThis issue does not affect:\n * Junos OS versions prior to 21.4R1;\n\n * Junos OS Evolved versions prior to 21.4R1-EVO." } ], "exploits": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e" } ], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] }, { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "baseScore": 7.1, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-788", "description": "CWE-788: Access of Memory Location After End of Buffer", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "description": "Denial of Service (DoS)", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-16T20:12:38.203Z", "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://supportportal.juniper.net/JSA75759" }, { "tags": [ "technical-description" ], "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue:\u003c/p\u003e\u003cp\u003eJunos OS: 21.4R3-S4, 22.1R3-S4, 22.2R3-S2, 22.3R2-S2, 22.3R3-S1, 22.4R3, 23.2R2, 23.4R1 and all subsequent releases.\u003c/p\u003e\u003cp\u003eJunos OS Evolved: 21.4R3-S5-EVO, 22.1R3-S4-EVO, 22.2R3-S2-EVO, 22.3R2-S2-EVO, 22.3R3-S1-EVO, 22.4R3-EVO, 23.2R2-EVO, 23.4R1-EVO and all subsequent releases.\u003c/p\u003e" } ], "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 21.4R3-S4, 22.1R3-S4, 22.2R3-S2, 22.3R2-S2, 22.3R3-S1, 22.4R3, 23.2R2, 23.4R1 and all subsequent releases.\n\nJunos OS Evolved: 21.4R3-S5-EVO, 22.1R3-S4-EVO, 22.2R3-S2-EVO, 22.3R2-S2-EVO, 22.3R3-S1-EVO, 22.4R3-EVO, 23.2R2-EVO, 23.4R1-EVO and all subsequent releases." } ], "source": { "advisory": "JSA75759", "defect": [ "1747039" ], "discovery": "USER" }, "timeline": [ { "lang": "en", "time": "2024-04-10T17:00:00.000Z", "value": "Initial Publication" } ], "title": "Junos OS and Junos OS Evolved: When LLDP is enabled and a malformed LLDP packet is received, l2cpd crashes", "workarounds": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eThere are no available workarounds for this issue.\u003c/p\u003e\u003cp\u003e\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u003c/p\u003e\u003cp\u003eBut if LLDP and its services are not required, customers can disable LLDP.\u003c/p\u003e" } ], "value": "There are no available workarounds for this issue.\n\n\u200b\u200b\u200b\u200b\u200b\u200b\u200b\n\nBut if LLDP and its services are not required, customers can disable LLDP." } ], "x_generator": { "engine": "Vulnogram 0.1.0-av217" } } }, "cveMetadata": { "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "cveId": "CVE-2024-21618", "datePublished": "2024-04-12T14:55:52.241Z", "dateReserved": "2023-12-27T19:38:25.710Z", "dateUpdated": "2024-08-01T22:27:35.779Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2024-21618\",\"sourceIdentifier\":\"sirt@juniper.net\",\"published\":\"2024-04-12T15:15:24.350\",\"lastModified\":\"2024-05-16T21:16:01.847\",\"vulnStatus\":\"Awaiting Analysis\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"An Access of Memory Location After End of Buffer vulnerability in the Layer-2 Control Protocols Daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause Denial of Service (DoS).\\n\\nOn all Junos OS and Junos OS Evolved platforms, when LLDP is enabled on a specific interface, and a malformed LLDP packet is received, l2cpd crashes and restarts. The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP. Also, if any services depend on LLDP state (like PoE or VoIP device recognition), then these will also be affected.\\n\\nThis issue affects:\\n\\nJunos OS:\\n * from 21.4 before 21.4R3-S4,\u00a0\\n\\n * from 22.1 before 22.1R3-S4,\u00a0\\n\\n * from 22.2 before 22.2R3-S2,\u00a0\\n\\n * from 22.3 before 22.3R2-S2, 22.3R3-S1,\u00a0\\n\\n * from 22.4 before 22.4R3,\u00a0\\n\\n * from 23.2 before 23.2R2.\\n\\n\\n\\n\\n Junos OS Evolved:\\n * from 21.4-EVO before 21.4R3-S5-EVO,\u00a0\\n\\n * from 22.1-EVO before 22.1R3-S4-EVO,\u00a0\\n\\n * from 22.2-EVO before 22.2R3-S2-EVO,\u00a0\\n\\n * from 22.3-EVO before 22.3R2-S2-EVO, 22.3R3-S1-EVO,\u00a0\\n\\n * from 22.4-EVO before 22.4R3-EVO,\u00a0\\n\\n * from 23.2-EVO before 23.2R2-EVO.\\n\\n\\n\\n\\nThis issue does not affect:\\n * Junos OS versions prior to 21.4R1;\\n\\n * Junos OS Evolved versions prior to 21.4R1-EVO.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de acceso a la ubicaci\u00f3n de la memoria despu\u00e9s del fin del b\u00fafer en el daemon de protocolos de control de capa 2 (l2cpd) de Juniper Networks Junos OS y Junos OS Evolved permite que un atacante adyacente no autenticado provoque una denegaci\u00f3n de servicio (DoS). En todas las plataformas Junos OS y Junos OS Evolved, cuando LLDP est\u00e1 habilitado en una interfaz espec\u00edfica y se recibe un paquete LLDP con formato incorrecto, l2cpd falla y se reinicia. El impacto del fallo de l2cpd es la reinicializaci\u00f3n de los protocolos STP (RSTP, MSTP o VSTP) y MVRP y ERP. Adem\u00e1s, si alg\u00fan servicio depende del estado de LLDP (como PoE o reconocimiento de dispositivo VoIP), tambi\u00e9n se ver\u00e1 afectado. Este problema afecta a: Junos OS: * desde 21.4 anterior a 21.4R3-S4, * desde 22.1 anterior a 22.1R3-S4, * desde 22.2 anterior a 22.2R3-S2, * desde 22.3 anterior a 22.3R2-S2, 22.3R3-S1, * desde 22.4 antes de 22.4R3, * de 23.2 antes de 23.2R2. Junos OS Evolved: * desde 21.4-EVO antes de 21.4R3-S5-EVO, * desde 22.1-EVO antes de 22.1R3-S4-EVO, * desde 22.2-EVO antes de 22.2R3-S2-EVO, * desde 22.3-EVO antes de 22.3 R2-S2-EVO, 22.3R3-S1-EVO, *de 22.4-EVO antes de 22.4R3-EVO, *de 23.2-EVO antes de 23.2R2-EVO. Este problema no afecta: * Versiones de Junos OS anteriores a 21.4R1; * Versiones de Junos OS Evolved anteriores a 21.4R1-EVO.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-788\"}]}],\"references\":[{\"url\":\"https://supportportal.juniper.net/JSA75759\",\"source\":\"sirt@juniper.net\"},{\"url\":\"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L\",\"source\":\"sirt@juniper.net\"}]}}" } }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.