cve-2024-39536
Vulnerability from cvelistv5
Published
2024-07-11 16:13
Modified
2024-08-02 04:26
Summary
Junos OS and Junos OS Evolved: Flaps of BFD sessions with authentication cause a ppmd memory leak
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:juniper:junos_os:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "junos_os",
            "vendor": "juniper",
            "versions": [
              {
                "lessThan": "21.2R3-S8",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              },
              {
                "lessThan": "21.4R3-S7",
                "status": "affected",
                "version": "21.4",
                "versionType": "semver"
              },
              {
                "lessThan": "22.1R3-S4",
                "status": "affected",
                "version": "22.1",
                "versionType": "semver"
              },
              {
                "lessThan": "22.2R3-S4",
                "status": "affected",
                "version": "22.2",
                "versionType": "semver"
              },
              {
                "lessThan": "22.3R3",
                "status": "affected",
                "version": "22.3",
                "versionType": "semver"
              },
              {
                "lessThan": "22.4R2-S2",
                "status": "affected",
                "version": "22.4",
                "versionType": "semver"
              },
              {
                "lessThan": "22.4R3",
                "status": "affected",
                "version": "22.4",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "junos_os_evolved",
            "vendor": "juniper",
            "versions": [
              {
                "lessThan": "21.2R3-S8-EVO",
                "status": "affected",
                "version": "21.2-EVO",
                "versionType": "semver"
              },
              {
                "lessThan": "21.4R3-S7-EVO",
                "status": "affected",
                "version": "21.4-EVO",
                "versionType": "semver"
              },
              {
                "lessThan": "22.2R3-S4-EVO",
                "status": "affected",
                "version": "22.2-EVO",
                "versionType": "semver"
              },
              {
                "lessThan": "22.3R3-EVO",
                "status": "affected",
                "version": "22.3-EVO",
                "versionType": "semver"
              },
              {
                "lessThan": "22.4R3-EVO",
                "status": "affected",
                "version": "22.4-EVO",
                "versionType": "semver"
              },
              {
                "lessThan": "23.2R1-EVO",
                "status": "affected",
                "version": "23.2-EVO",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39536",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-16T18:38:58.684082Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-16T19:01:50.918Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:26:15.613Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://supportportal.juniper.net/JSA82996"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "21.2R3-S8",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "21.4R3-S7",
              "status": "affected",
              "version": "21.4",
              "versionType": "semver"
            },
            {
              "lessThan": "22.1R3-S4",
              "status": "affected",
              "version": "22.1",
              "versionType": "semver"
            },
            {
              "lessThan": "22.2R3-S4",
              "status": "affected",
              "version": "22.2",
              "versionType": "semver"
            },
            {
              "lessThan": "22.3R3",
              "status": "affected",
              "version": "22.3",
              "versionType": "semver"
            },
            {
              "lessThan": "22.4R2-S2, 22.4R3",
              "status": "affected",
              "version": "22.4",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Junos OS Evolved",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "21.2R3-S8-EVO",
              "status": "affected",
              "version": "21.2-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "21.4R3-S7-EVO",
              "status": "affected",
              "version": "21.4-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "22.2R3-S4-EVO",
              "status": "affected",
              "version": "22.2-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "22.3R3-EVO",
              "status": "affected",
              "version": "22.3-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "22.4R3-EVO",
              "status": "affected",
              "version": "22.4-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "23.2R1-EVO",
              "status": "affected",
              "version": "23.2-EVO",
              "versionType": "semver"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "To be exposed to this issue, BFD with authentication like in the following examples needs to be \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003econfigured\u003c/span\u003e:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ protocols \u0026lt;protocol\u0026gt; ... bfd-liveness-detection\u0026nbsp;authentication ]\u003cbr\u003e[ routing-options ... bfd-liveness-detection authentication ]\u003c/tt\u003e"
            }
          ],
          "value": "To be exposed to this issue, BFD with authentication like in the following examples needs to be \n\nconfigured:\n\n[ protocols \u003cprotocol\u003e ... bfd-liveness-detection\u00a0authentication ]\n[ routing-options ... bfd-liveness-detection authentication ]"
        }
      ],
      "datePublic": "2024-07-10T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A Missing Release of Memory after Effective Lifetime vulnerability in the Periodic Packet Management Daemon (ppmd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDenial-of-Service (DoS)\u003c/span\u003e.\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWhen a\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eBFD session configured with authentication \u003c/span\u003eflaps,\u0026nbsp;\u003c/span\u003eppmd memory can leak. Whether the leak happens depends on a\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003erace condition which is outside the attackers control. This issue only affects BFD operating in distributed aka delegated (which is the default behavior) or inline mode.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWhether the leak occurs can be monitored with the following CLI command:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u0026gt; show ppm request-queue\u003cbr\u003e\u003c/p\u003e\u003ctt\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eFPC \u0026nbsp; \u0026nbsp; Pending-request\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003efpc0\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;2\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003erequest-total-pending: 2\u003c/span\u003e\n\n\u003cbr\u003e\u003c/span\u003e\u003c/tt\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ewhere a continuously increasing number of pending requests is indicative of the leak.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJunos OS:\u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.2R3-S8,\u003c/li\u003e\u003cli\u003e21.4 versions before 21.4R3-S7,\u003c/li\u003e\u003cli\u003e22.1 versions before 22.1R3-S4,\u003c/li\u003e\u003cli\u003e22.2 versions before 22.2R3-S4, \u003c/li\u003e\u003cli\u003e22.3 versions before 22.3R3,\u003c/li\u003e\u003cli\u003e22.4 versions before 22.4R2-S2, 22.4R3.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003eJunos OS Evolved:\u003cbr\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.2R3-S8-EVO,\u003c/li\u003e\u003cli\u003e21.4-EVO versions before 21.4R3-S7-EVO,\u003c/li\u003e\u003cli\u003e22.2-EVO versions before 22.2R3-S4-EVO,\u003c/li\u003e\u003cli\u003e22.3-EVO versions before 22.3R3-EVO,\u003c/li\u003e\u003cli\u003e22.4-EVO versions before 22.4R3-EVO.\u003c/li\u003e\u003c/ul\u003e"
            }
          ],
          "value": "A Missing Release of Memory after Effective Lifetime vulnerability in the Periodic Packet Management Daemon (ppmd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a \n\nDenial-of-Service (DoS).\n\n\nWhen a\u00a0BFD session configured with authentication flaps,\u00a0ppmd memory can leak. Whether the leak happens depends on a\u00a0race condition which is outside the attackers control. This issue only affects BFD operating in distributed aka delegated (which is the default behavior) or inline mode.\n\n\n\nWhether the leak occurs can be monitored with the following CLI command:\n\n\u003e show ppm request-queue\n\n\nFPC \u00a0 \u00a0 Pending-request\nfpc0\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a02\nrequest-total-pending: 2\n\n\nwhere a continuously increasing number of pending requests is indicative of the leak.\u00a0\n\n\n\n\n\n\n\n\nThis issue affects:\n\nJunos OS:\n\n\n  *  All versions before 21.2R3-S8,\n  *  21.4 versions before 21.4R3-S7,\n  *  22.1 versions before 22.1R3-S4,\n  *  22.2 versions before 22.2R3-S4, \n  *  22.3 versions before 22.3R3,\n  *  22.4 versions before 22.4R2-S2, 22.4R3.\n\n\n\nJunos OS Evolved:\n  *  All versions before 21.2R3-S8-EVO,\n  *  21.4-EVO versions before 21.4R3-S7-EVO,\n  *  22.2-EVO versions before 22.2R3-S4-EVO,\n  *  22.3-EVO versions before 22.3R3-EVO,\n  *  22.4-EVO versions before 22.4R3-EVO."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "ADJACENT",
            "baseScore": 6,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-401",
              "description": "CWE-401 Missing Release of Memory after Effective Lifetime",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "description": "Denial-of-Service (DoS)",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-12T14:42:59.790Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://supportportal.juniper.net/JSA82996"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The following software releases have been updated to resolve this specific issue:\u003cbr\u003eJunos OS: 21.2R3-S8, 21.4R3-S7, 22.1R3-S4, 22.2R3-S4, 22.3R3, 22.4R2-S2, 22.4R3, 23.2R1, and all subsequent releases;\u003cbr\u003eJunos OS Evolved:\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e21.2R3-S8-EVO, 21.4R3-S7-EVO, 22.2R3-S4-EVO, 22.3R3-EVO, 22.4R3-EVO, 23.2R1-EVO,\u0026nbsp;and all subsequent releases.\u003c/span\u003e"
            }
          ],
          "value": "The following software releases have been updated to resolve this specific issue:\nJunos OS: 21.2R3-S8, 21.4R3-S7, 22.1R3-S4, 22.2R3-S4, 22.3R3, 22.4R2-S2, 22.4R3, 23.2R1, and all subsequent releases;\nJunos OS Evolved:\u00a021.2R3-S8-EVO, 21.4R3-S7-EVO, 22.2R3-S4-EVO, 22.3R3-EVO, 22.4R3-EVO, 23.2R1-EVO,\u00a0and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA82996",
        "defect": [
          "1480648"
        ],
        "discovery": "USER"
      },
      "title": "Junos OS and Junos OS Evolved: Flaps of BFD sessions with authentication cause a ppmd memory leak",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "There are no known workarounds for this issue."
            }
          ],
          "value": "There are no known workarounds for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2024-39536",
    "datePublished": "2024-07-11T16:13:24.485Z",
    "dateReserved": "2024-06-25T15:12:53.241Z",
    "dateUpdated": "2024-08-02T04:26:15.613Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-39536\",\"sourceIdentifier\":\"sirt@juniper.net\",\"published\":\"2024-07-11T17:15:11.190\",\"lastModified\":\"2024-07-12T15:15:11.040\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A Missing Release of Memory after Effective Lifetime vulnerability in the Periodic Packet Management Daemon (ppmd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a \\n\\nDenial-of-Service (DoS).\\n\\n\\nWhen a\u00a0BFD session configured with authentication flaps,\u00a0ppmd memory can leak. Whether the leak happens depends on a\u00a0race condition which is outside the attackers control. This issue only affects BFD operating in distributed aka delegated (which is the default behavior) or inline mode.\\n\\n\\n\\nWhether the leak occurs can be monitored with the following CLI command:\\n\\n\u003e show ppm request-queue\\n\\n\\nFPC \u00a0 \u00a0 Pending-request\\nfpc0\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a02\\nrequest-total-pending: 2\\n\\n\\nwhere a continuously increasing number of pending requests is indicative of the leak.\u00a0\\n\\n\\n\\n\\n\\n\\n\\n\\nThis issue affects:\\n\\nJunos OS:\\n\\n\\n  *  All versions before 21.2R3-S8,\\n  *  21.4 versions before 21.4R3-S7,\\n  *  22.1 versions before 22.1R3-S4,\\n  *  22.2 versions before 22.2R3-S4, \\n  *  22.3 versions before 22.3R3,\\n  *  22.4 versions before 22.4R2-S2, 22.4R3.\\n\\n\\n\\nJunos OS Evolved:\\n  *  All versions before 21.2R3-S8-EVO,\\n  *  21.4-EVO versions before 21.4R3-S7-EVO,\\n  *  22.2-EVO versions before 22.2R3-S4-EVO,\\n  *  22.3-EVO versions before 22.3R3-EVO,\\n  *  22.4-EVO versions before 22.4R3-EVO.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de liberaci\u00f3n de memoria faltante despu\u00e9s de la vida \u00fatil efectiva en Periodic Packet Management Daemon (ppmd) de Juniper Networks Junos OS y Junos OS Evolved permite que un atacante adyacente no autenticado provoque una denegaci\u00f3n de servicio (DoS). Cuando una sesi\u00f3n BFD se configura con solapas de autenticaci\u00f3n, la memoria ppmd puede perderse. Que se produzca la fuga depende de una condici\u00f3n de ejecuci\u00f3n que est\u00e1 fuera del control de los atacantes. Este problema solo afecta a BFD que opera en modo distribuido, tambi\u00e9n conocido como delegado (que es el comportamiento predeterminado) o en l\u00ednea. Si se produce la fuga se puede monitorear con el siguiente comando CLI: \u0026gt; show ppm request-queue FPC Pending-request fpc0 2 request-total-pending: 2 donde un n\u00famero continuamente creciente de solicitudes pendientes es indicativo de la fuga. Este problema afecta a: Junos OS: * Todas las versiones anteriores a 21.2R3-S8, * Versiones 21.4 anteriores a 21.4R3-S7, * Versiones 22.1 anteriores a 22.1R3-S4, * Versiones 22.2 anteriores a 22.2R3-S4, * Versiones 22.3 anteriores a 22.3R3, * Versiones 22.4 anteriores a 22.4R2-S2, 22.4R3, * Versiones 23.1 anteriores a 23.1R2. Junos OS Evolved: * Todas las versiones anteriores a 21.2R3-S8-EVO, * Versiones 21.4-EVO anteriores a 21.4R3-S7-EVO, * Versiones 22.2-EVO anteriores a 22.2R3-S4-EVO, * Versiones 22.3-EVO anteriores a 22.3R3- EVO, *versiones 22.4-EVO anteriores a 22.4R3-EVO, *versiones 23.2-EVO anteriores a 23.2R1-EVO.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"attackVector\":\"ADJACENT\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnerableSystemConfidentiality\":\"NONE\",\"vulnerableSystemIntegrity\":\"NONE\",\"vulnerableSystemAvailability\":\"HIGH\",\"subsequentSystemConfidentiality\":\"NONE\",\"subsequentSystemIntegrity\":\"NONE\",\"subsequentSystemAvailability\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirements\":\"NOT_DEFINED\",\"integrityRequirements\":\"NOT_DEFINED\",\"availabilityRequirements\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnerableSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedVulnerableSystemIntegrity\":\"NOT_DEFINED\",\"modifiedVulnerableSystemAvailability\":\"NOT_DEFINED\",\"modifiedSubsequentSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedSubsequentSystemIntegrity\":\"NOT_DEFINED\",\"modifiedSubsequentSystemAvailability\":\"NOT_DEFINED\",\"safety\":\"NOT_DEFINED\",\"automatable\":\"NOT_DEFINED\",\"recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\",\"baseScore\":6.0,\"baseSeverity\":\"MEDIUM\"}}],\"cvssMetricV31\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":1.6,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-401\"}]}],\"references\":[{\"url\":\"https://supportportal.juniper.net/JSA82996\",\"source\":\"sirt@juniper.net\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.