cve-2024-39557
Vulnerability from cvelistv5
Published
2024-07-10 22:39
Modified
2024-08-02 04:26
Severity ?
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.1 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/R:A
Summary
Junos OS Evolved: MAC table changes cause a memory leak
References
sirt@juniper.nethttps://supportportal.juniper.net/JSA83017
Impacted products
Juniper NetworksJunos OS Evolved
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39557",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-12T20:01:39.694455Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-12T20:01:48.481Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:26:15.916Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://supportportal.juniper.net/JSA83017"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Junos OS Evolved",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "21.4R3-S8-EVO",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "22.2R3-S4-EVO",
              "status": "affected",
              "version": "22.2-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "22.3R3-S3-EVO",
              "status": "affected",
              "version": "22.3-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "22.4R3-EVO",
              "status": "affected",
              "version": "22.4-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "23.2R2-EVO",
              "status": "affected",
              "version": "23.2-EVO",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-07-10T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An Uncontrolled Resource Consumption vulnerability in the \n\nLayer 2 Address Learning Daemon (l2ald)\n\n of Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a memory leak, eventually exhausting all system memory, leading to a system crash and Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003eCertain MAC table updates cause a small amount of memory to leak.\u0026nbsp; Once memory utilization reaches its limit, the issue will result in a system crash and restart.\u003cbr\u003e\u003cbr\u003eTo identify the issue, execute the CLI command:\u003cbr\u003e \u003cbr\u003e\u003ctt\u003euser@device\u0026gt; show platform application-info allocations app l2ald-agent\u003cbr\u003eEVL Object Allocation Statistics:\u003cbr\u003e \u003cbr\u003e Node  \u0026nbsp; Application  \u0026nbsp; \u0026nbsp;  Context   Name  \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;  Live  \u0026nbsp;  Allocs  \u0026nbsp;  Fails  \u0026nbsp; \u0026nbsp;  Guids\u003cbr\u003e re0  \u0026nbsp;  l2ald-agent  \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;  net::juniper::rtnh::L2Rtinfo  \u0026nbsp; \u0026nbsp; \u0026nbsp;  1069096  1069302  \u0026nbsp; 0  \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;  1069302\u003cbr\u003e re0  \u0026nbsp;  l2ald-agent  \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;  net::juniper::rtnh::NHOpaqueTlv  \u0026nbsp; \u0026nbsp;  114  \u0026nbsp; \u0026nbsp; 195  \u0026nbsp; \u0026nbsp; \u0026nbsp; 0  \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;  195\u003c/tt\u003e\u003cbr\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Junos OS Evolved: \u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--darkreader-bg--wht);\"\u003eAll versions before 21.4R3-S8-EVO,\u003c/span\u003e\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 22.2-EVO before 22.2R3-S4-EVO, \u003c/li\u003e\u003cli\u003efrom 22.3-EVO\u0026nbsp;before 22.3R3-S3-EVO, \u003c/li\u003e\u003cli\u003efrom 22.4-EVO before 22.4R3-EVO, \u003c/li\u003e\u003cli\u003efrom 23.2-EVO before 23.2R2-EVO.\u003c/li\u003e\u003c/ul\u003e"
            }
          ],
          "value": "An Uncontrolled Resource Consumption vulnerability in the \n\nLayer 2 Address Learning Daemon (l2ald)\n\n of Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a memory leak, eventually exhausting all system memory, leading to a system crash and Denial of Service (DoS).\n\nCertain MAC table updates cause a small amount of memory to leak.\u00a0 Once memory utilization reaches its limit, the issue will result in a system crash and restart.\n\nTo identify the issue, execute the CLI command:\n \nuser@device\u003e show platform application-info allocations app l2ald-agent\nEVL Object Allocation Statistics:\n \n Node  \u00a0 Application  \u00a0 \u00a0  Context   Name  \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0  Live  \u00a0  Allocs  \u00a0  Fails  \u00a0 \u00a0  Guids\n re0  \u00a0  l2ald-agent  \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0  net::juniper::rtnh::L2Rtinfo  \u00a0 \u00a0 \u00a0  1069096  1069302  \u00a0 0  \u00a0 \u00a0 \u00a0 \u00a0  1069302\n re0  \u00a0  l2ald-agent  \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0  net::juniper::rtnh::NHOpaqueTlv  \u00a0 \u00a0  114  \u00a0 \u00a0 195  \u00a0 \u00a0 \u00a0 0  \u00a0 \u00a0 \u00a0 \u00a0  195\n\n\n\nThis issue affects Junos OS Evolved: \n\n\n  *  All versions before 21.4R3-S8-EVO,\n\n  *  from 22.2-EVO before 22.2R3-S4-EVO, \n  *  from 22.3-EVO\u00a0before 22.3R3-S3-EVO, \n  *  from 22.4-EVO before 22.4R3-EVO, \n  *  from 23.2-EVO before 23.2R2-EVO."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "AUTOMATIC",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "ADJACENT",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/R:A",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400 Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-10T22:39:48.575Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://supportportal.juniper.net/JSA83017"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The following software releases have been updated to resolve this specific issue: 21.4R3-S8-EVO, 22.2R3-S4-EVO, 22.3R3-S3-EVO, 22.4R3-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases."
            }
          ],
          "value": "The following software releases have been updated to resolve this specific issue: 21.4R3-S8-EVO, 22.2R3-S4-EVO, 22.3R3-S3-EVO, 22.4R3-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA83017",
        "defect": [
          "1756208"
        ],
        "discovery": "USER"
      },
      "title": "Junos OS Evolved: MAC table changes cause a memory leak",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "There are no known workarounds for this issue."
            }
          ],
          "value": "There are no known workarounds for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2024-39557",
    "datePublished": "2024-07-10T22:39:48.575Z",
    "dateReserved": "2024-06-25T15:12:53.247Z",
    "dateUpdated": "2024-08-02T04:26:15.916Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-39557\",\"sourceIdentifier\":\"sirt@juniper.net\",\"published\":\"2024-07-10T23:15:12.370\",\"lastModified\":\"2024-07-11T13:05:54.930\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An Uncontrolled Resource Consumption vulnerability in the \\n\\nLayer 2 Address Learning Daemon (l2ald)\\n\\n of Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a memory leak, eventually exhausting all system memory, leading to a system crash and Denial of Service (DoS).\\n\\nCertain MAC table updates cause a small amount of memory to leak.\u00a0 Once memory utilization reaches its limit, the issue will result in a system crash and restart.\\n\\nTo identify the issue, execute the CLI command:\\n \\nuser@device\u003e show platform application-info allocations app l2ald-agent\\nEVL Object Allocation Statistics:\\n \\n Node  \u00a0 Application  \u00a0 \u00a0  Context   Name  \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0  Live  \u00a0  Allocs  \u00a0  Fails  \u00a0 \u00a0  Guids\\n re0  \u00a0  l2ald-agent  \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0  net::juniper::rtnh::L2Rtinfo  \u00a0 \u00a0 \u00a0  1069096  1069302  \u00a0 0  \u00a0 \u00a0 \u00a0 \u00a0  1069302\\n re0  \u00a0  l2ald-agent  \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0  net::juniper::rtnh::NHOpaqueTlv  \u00a0 \u00a0  114  \u00a0 \u00a0 195  \u00a0 \u00a0 \u00a0 0  \u00a0 \u00a0 \u00a0 \u00a0  195\\n\\n\\n\\nThis issue affects Junos OS Evolved: \\n\\n\\n  *  All versions before 21.4R3-S8-EVO,\\n\\n  *  from 22.2-EVO before 22.2R3-S4-EVO, \\n  *  from 22.3-EVO\u00a0before 22.3R3-S3-EVO, \\n  *  from 22.4-EVO before 22.4R3-EVO, \\n  *  from 23.2-EVO before 23.2R2-EVO.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de consumo de recursos no controlado en el daemon de aprendizaje de direcciones de capa 2 (l2ald) de Juniper Networks Junos OS Evolved permite que un atacante adyacente no autenticado provoque una p\u00e9rdida de memoria, lo que eventualmente agota toda la memoria del sistema, lo que provoca un fallo del sistema y denegaci\u00f3n de servicio (DoS). ). Ciertas actualizaciones de la tabla MAC provocan la p\u00e9rdida de una peque\u00f1a cantidad de memoria. Una vez que la utilizaci\u00f3n de la memoria alcance su l\u00edmite, el problema provocar\u00e1 un bloqueo del sistema y un reinicio. Para identificar el problema, ejecute el comando CLI: usuario@dispositivo\u0026gt; show platform application-info asignaciones app l2ald-agent EVL Estad\u00edsticas de asignaci\u00f3n de objetos: Nodo Aplicaci\u00f3n Contexto Nombre Live Allocs falla Gu\u00edas re0 l2ald-agent net::juniper::rtnh:: L2Rtinfo 1069096 1069302 0 1069302 re0 l2ald-agent net::juniper::rtnh::NHOpaqueTlv 114 195 0 195 Este problema afecta a Junos OS Evolved: * Todas las versiones anteriores a 21.4R3-S8-EVO, * desde 22.2-EVO anteriores a 22.2R3- S4-EVO, * desde 22.3-EVO antes de 22.3R3-S3-EVO, * desde 22.4-EVO antes de 22.4R3-EVO, * desde 23.2-EVO antes de 23.2R2-EVO.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:A/V:X/RE:X/U:X\",\"attackVector\":\"ADJACENT\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnerableSystemConfidentiality\":\"NONE\",\"vulnerableSystemIntegrity\":\"NONE\",\"vulnerableSystemAvailability\":\"HIGH\",\"subsequentSystemConfidentiality\":\"NONE\",\"subsequentSystemIntegrity\":\"NONE\",\"subsequentSystemAvailability\":\"LOW\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirements\":\"NOT_DEFINED\",\"integrityRequirements\":\"NOT_DEFINED\",\"availabilityRequirements\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnerableSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedVulnerableSystemIntegrity\":\"NOT_DEFINED\",\"modifiedVulnerableSystemAvailability\":\"NOT_DEFINED\",\"modifiedSubsequentSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedSubsequentSystemIntegrity\":\"NOT_DEFINED\",\"modifiedSubsequentSystemAvailability\":\"NOT_DEFINED\",\"safety\":\"NOT_DEFINED\",\"automatable\":\"NOT_DEFINED\",\"recovery\":\"AUTOMATIC\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\"}}],\"cvssMetricV31\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"references\":[{\"url\":\"https://supportportal.juniper.net/JSA83017\",\"source\":\"sirt@juniper.net\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.