cve-2024-39517
Vulnerability from cvelistv5
Published
2024-07-10 23:06
Modified
2024-08-02 04:26
Severity ?
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.1 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
7.1 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
EPSS score ?
Summary
Junos OS and Junos OS Evolved: Upon processing specific L2 traffic, rpd can hang in devices with EVPN/VXLAN configured
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Juniper Networks | Junos OS | |
| Juniper Networks | Junos OS Evolved |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39517",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T13:08:45.672820Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T13:09:04.536Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.885Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA79175"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S7",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S5",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S3",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S3",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S2",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R1-S1",
"status": "affected",
"version": "23.4",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S8-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S7-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S5-EVO",
"status": "affected",
"version": "22.1-EVO",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S3-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S3-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S2-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
},
{
"lessThan": "23.2R2-EVO",
"status": "affected",
"version": "23.2-EVO",
"versionType": "semver"
},
{
"lessThan": "23.4R1-S1-EVO, 23.4R2-EVO",
"status": "affected",
"version": "23.4-EVO",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eEVPN is configured on the device:\u003cbr\u003e\u003c/p\u003e\u003ctt\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp; \u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e[protocols evpn]\u003c/span\u003e\u003c/tt\u003e\u003cp\u003eTo be exposed to this issue the device needs be configured for VXLAN with either of the following statements:\u003cbr\u003e\u003c/p\u003e\u003ctt\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp; [vlans \u0026lt;vlan\u0026gt; vxlan]\u003cbr\u003e\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp; [routing-instances \u0026lt;routing-instance\u0026gt; vxlan]\u003c/span\u003e\u003c/tt\u003e"
}
],
"value": "EVPN is configured on the device:\n\n\n\u00a0 [protocols evpn]To be exposed to this issue the device needs be configured for VXLAN with either of the following statements:\n\n\n\u00a0 [vlans \u003cvlan\u003e vxlan]\n\u00a0 [routing-instances \u003crouting-instance\u003e vxlan]"
}
],
"datePublic": "2024-07-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the\u0026nbsp;Layer 2 Address Learning Daemon (l2ald) on Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003eIn an \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEVPN/VXLAN\u003c/span\u003e scenario, when a high amount specific Layer 2 packets are processed by the device, it can cause the Routing Protocol Daemon (rpd) to utilize all CPU resources which causes the device to hang. A manual restart of the rpd is required to restore services.\u003cbr\u003e\u003cbr\u003eThis issue affects both IPv4 and IPv6 implementations.\u003cbr\u003e\u003cp\u003eThis issue affects\u003cbr\u003eJunos OS:\u003cbr\u003eAll versions earlier than\u0026nbsp;21.4R3-S7;\u003cbr\u003e22.1\u0026nbsp;versions earlier than 22.1R3-S5;\u003cbr\u003e22.2 versions earlier than\u0026nbsp;22.2R3-S3;\u003cbr\u003e22.3 versions earlier than\u0026nbsp;22.3R3-S3;\u003cbr\u003e22.4 versions earlier than\u0026nbsp;22.4R3-S2;\u003cbr\u003e23.2 versions earlier than\u0026nbsp;23.2R2;\u003cbr\u003e23.4 versions earlier than\u0026nbsp;23.4R1-S1.\u003c/p\u003eJunos OS Evolved:\u003cbr\u003eAll versions earlier than\u0026nbsp;21.4R3-S7-EVO;\u003cbr\u003e22.1-EVO versions earlier than\u0026nbsp;22.1R3-S5-EVO;\u003cbr\u003e22.2-EVO versions earlier than\u0026nbsp;22.2R3-S3-EVO;\u003cbr\u003e22.3-EVO versions earlier than 22.3R3-S3-EVO;\u003cbr\u003e22.4-EVO versions earlier than\u0026nbsp;22.4R3-S2-EVO;\u003cbr\u003e23.2-EVO versions earlier than\u0026nbsp;23.2R2-EVO;\u003cbr\u003e23.4-EVO versions earlier than\u0026nbsp;23.4R1-S1-EVO, 23.4R2-EVO."
}
],
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the\u00a0Layer 2 Address Learning Daemon (l2ald) on Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause Denial of Service (DoS).\n\nIn an EVPN/VXLAN scenario, when a high amount specific Layer 2 packets are processed by the device, it can cause the Routing Protocol Daemon (rpd) to utilize all CPU resources which causes the device to hang. A manual restart of the rpd is required to restore services.\n\nThis issue affects both IPv4 and IPv6 implementations.\nThis issue affects\nJunos OS:\nAll versions earlier than\u00a021.4R3-S7;\n22.1\u00a0versions earlier than 22.1R3-S5;\n22.2 versions earlier than\u00a022.2R3-S3;\n22.3 versions earlier than\u00a022.3R3-S3;\n22.4 versions earlier than\u00a022.4R3-S2;\n23.2 versions earlier than\u00a023.2R2;\n23.4 versions earlier than\u00a023.4R1-S1.\n\nJunos OS Evolved:\nAll versions earlier than\u00a021.4R3-S7-EVO;\n22.1-EVO versions earlier than\u00a022.1R3-S5-EVO;\n22.2-EVO versions earlier than\u00a022.2R3-S3-EVO;\n22.3-EVO versions earlier than 22.3R3-S3-EVO;\n22.4-EVO versions earlier than\u00a022.4R3-S2-EVO;\n23.2-EVO versions earlier than\u00a023.2R2-EVO;\n23.4-EVO versions earlier than\u00a023.4R1-S1-EVO, 23.4R2-EVO."
}
],
"exploits": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T23:06:40.329Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA79175"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue:\u0026nbsp;\u003cbr\u003e\nJunos OS:\u0026nbsp;21.4R3-S7,\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e22.1R3-S5, 22.2R3-S3, 22.3R3-S3, 22.4R3-S2, 23.2R2, 23.4R1-S1, 23.4R2, 24.2R1, and all subsequent releases.\u003cbr\u003e\u003c/span\u003eJunos OS Evolved:\u0026nbsp;21.4R3-S7-EVO,\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e22.1R3-S5-EVO, 22.2R3-S3-EVO, 22.3R3-S3-EVO,\u0026nbsp;22.4R3-S2-EVO,\u0026nbsp;23.2R2-EVO, 23.4R1-S1-EVO, 23.4R2-EVO, 24.2R1-EVO, and all subsequent releases.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue:\u00a0\n\nJunos OS:\u00a021.4R3-S7,\u00a022.1R3-S5, 22.2R3-S3, 22.3R3-S3, 22.4R3-S2, 23.2R2, 23.4R1-S1, 23.4R2, 24.2R1, and all subsequent releases.\nJunos OS Evolved:\u00a021.4R3-S7-EVO,\u00a022.1R3-S5-EVO, 22.2R3-S3-EVO, 22.3R3-S3-EVO,\u00a022.4R3-S2-EVO,\u00a023.2R2-EVO, 23.4R1-S1-EVO, 23.4R2-EVO, 24.2R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA79175",
"defect": [
"1783346"
],
"discovery": "INTERNAL"
},
"title": "Junos OS and Junos OS Evolved: Upon processing specific L2 traffic, rpd can hang in devices with EVPN/VXLAN configured",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-39517",
"datePublished": "2024-07-10T23:06:40.329Z",
"dateReserved": "2024-06-25T15:12:53.239Z",
"dateUpdated": "2024-08-02T04:26:15.885Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-39517\",\"sourceIdentifier\":\"sirt@juniper.net\",\"published\":\"2024-07-10T23:15:11.127\",\"lastModified\":\"2024-07-11T13:05:54.930\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An Improper Check for Unusual or Exceptional Conditions vulnerability in the\u00a0Layer 2 Address Learning Daemon (l2ald) on Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause Denial of Service (DoS).\\n\\nIn an EVPN/VXLAN scenario, when a high amount specific Layer 2 packets are processed by the device, it can cause the Routing Protocol Daemon (rpd) to utilize all CPU resources which causes the device to hang. A manual restart of the rpd is required to restore services.\\n\\nThis issue affects both IPv4 and IPv6 implementations.\\nThis issue affects\\nJunos OS:\\nAll versions earlier than\u00a021.4R3-S7;\\n22.1\u00a0versions earlier than 22.1R3-S5;\\n22.2 versions earlier than\u00a022.2R3-S3;\\n22.3 versions earlier than\u00a022.3R3-S3;\\n22.4 versions earlier than\u00a022.4R3-S2;\\n23.2 versions earlier than\u00a023.2R2;\\n23.4 versions earlier than\u00a023.4R1-S1.\\n\\nJunos OS Evolved:\\nAll versions earlier than\u00a021.4R3-S7-EVO;\\n22.1-EVO versions earlier than\u00a022.1R3-S5-EVO;\\n22.2-EVO versions earlier than\u00a022.2R3-S3-EVO;\\n22.3-EVO versions earlier than 22.3R3-S3-EVO;\\n22.4-EVO versions earlier than\u00a022.4R3-S2-EVO;\\n23.2-EVO versions earlier than\u00a023.2R2-EVO;\\n23.4-EVO versions earlier than\u00a023.4R1-S1-EVO, 23.4R2-EVO.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de comprobaci\u00f3n inadecuada de las condiciones inusuales o excepcionales en el daemon de aprendizaje de direcciones de capa 2 (l2ald) en Juniper Networks Junos OS y Junos OS Evolved permite que un atacante adyacente no autenticado provoque una denegaci\u00f3n de servicio (DoS). En un escenario EVPN/VXLAN, cuando el dispositivo procesa una gran cantidad de paquetes espec\u00edficos de Capa 2, puede provocar que el daemon de protocolo de enrutamiento (rpd) utilice todos los recursos de la CPU, lo que provoca que el dispositivo se cuelgue. Es necesario reiniciar manualmente el rpd para restaurar los servicios. Este problema afecta tanto a las implementaciones de IPv4 como a las de IPv6. Este problema afecta a Junos OS: todas las versiones anteriores a 21.4R3-S7; Versiones 22.1 anteriores a 22.1R3-S5; Versiones 22.2 anteriores a 22.2R3-S3; Versiones 22.3 anteriores a 22.3R3-S3; Versiones 22.4 anteriores a 22.4R3-S2; Versiones 23.2 anteriores a 23.2R2; Versiones 23.4 anteriores a 23.4R1-S1. Junos OS Evolved: todas las versiones anteriores a 21.4R3-S7-EVO; Versiones 22.1-EVO anteriores a 22.1R3-S5-EVO; Versiones 22.2-EVO anteriores a 22.2R3-S3-EVO; Versiones 22.3-EVO anteriores a 22.3R3-S3-EVO; Versiones 22.4-EVO anteriores a 22.4R3-S2-EVO; Versiones 23.2-EVO anteriores a 23.2R2-EVO; Versiones 23.4-EVO anteriores a 23.4R1-S1-EVO, 23.4R2-EVO.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"attackVector\":\"ADJACENT\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnerableSystemConfidentiality\":\"NONE\",\"vulnerableSystemIntegrity\":\"NONE\",\"vulnerableSystemAvailability\":\"HIGH\",\"subsequentSystemConfidentiality\":\"NONE\",\"subsequentSystemIntegrity\":\"NONE\",\"subsequentSystemAvailability\":\"LOW\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirements\":\"NOT_DEFINED\",\"integrityRequirements\":\"NOT_DEFINED\",\"availabilityRequirements\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnerableSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedVulnerableSystemIntegrity\":\"NOT_DEFINED\",\"modifiedVulnerableSystemAvailability\":\"NOT_DEFINED\",\"modifiedSubsequentSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedSubsequentSystemIntegrity\":\"NOT_DEFINED\",\"modifiedSubsequentSystemAvailability\":\"NOT_DEFINED\",\"safety\":\"NOT_DEFINED\",\"automatable\":\"NOT_DEFINED\",\"recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\"}}],\"cvssMetricV31\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-754\"}]}],\"references\":[{\"url\":\"https://supportportal.juniper.net/JSA79175\",\"source\":\"sirt@juniper.net\"}]}}"
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.