cve-2024-47505
Vulnerability from cvelistv5
Published
2024-10-11 15:35
Modified
2024-10-11 17:18
Severity ?
EPSS score ?
Summary
Junos OS Evolved: Specific low privileged CLI commands and SNMP GET requests can trigger a resource leak #1
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Juniper Networks | Junos OS Evolved |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-47505", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-11T17:18:29.393200Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-11T17:18:42.218Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Junos OS Evolved", "vendor": "Juniper Networks", "versions": [ { "lessThan": "21.4R3-S7-EVO", "status": "affected", "version": "21.4", "versionType": "semver" }, { "lessThan": "22.1R3-S6-EVO", "status": "affected", "version": "22.1", "versionType": "semver" }, { "lessThan": "22.2R3-EVO", "status": "affected", "version": "22.2", "versionType": "semver" }, { "lessThan": "22.3R3-EVO", "status": "affected", "version": "22.3", "versionType": "semver" }, { "lessThan": "22.4R2-EVO", "status": "affected", "version": "22.4", "versionType": "semver" } ] } ], "configurations": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "For this issue to be exploitable from the CLI there is no minimal configuration required. For this issue to be exploited via SNMP minimal SNMP configuration \u003cspan style=\"background-color: rgb(251, 251, 251);\"\u003ewith at least read access is required:\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ snmp community \u0026lt;name\u0026gt; ]\u003c/tt\u003e\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(251, 251, 251);\"\u003eor\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ snmp v3 ... ]\u003c/tt\u003e\n\n\u003cbr\u003e" } ], "value": "For this issue to be exploitable from the CLI there is no minimal configuration required. For this issue to be exploited via SNMP minimal SNMP configuration with at least read access is required:\n\n[ snmp community \u003cname\u003e ]\n\nor\n\n[ snmp v3 ... ]" } ], "datePublic": "2024-10-09T16:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "An Allocation of Resources Without Limits or Throttling\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003evulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an authenticated, network-based attacker to cause an FPC crash leading to a Denial of Service (DoS).\u003c/span\u003e\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eWhen specific SNMP GET operations or specific low-priviledged CLI commands are executed, a GUID resource leak will occur, eventually leading to exhaustion and resulting in FPCs to hang. Affected FPCs need to be manually restarted to recover.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eGUID exhaustion will trigger a syslog message like one of the following:\u003c/span\u003e\u003c/p\u003e\u003ccode\u003eevo-pfemand[\u0026lt;pid\u0026gt;]: get_next_guid: Ran out of Guid Space ...\u003c/code\u003e\u003cbr\u003e\u003ccode\u003eevo-aftmand-zx[\u0026lt;pid\u0026gt;]: get_next_guid: Ran out of Guid Space ...\u003c/code\u003e\u003cp\u003e\u003cbr\u003eThe leak can be monitored by running the following command and taking note of the values in the rightmost column labeled Guids:\u003c/p\u003e\n\n\n\n\u003ctt\u003e\u003cspan style=\"background-color: rgb(251, 251, 251);\"\u003euser@host\u0026gt; show platform application-info allocations app evo-pfemand/evo-pfemand\u003cbr\u003e\u003c/span\u003e\u003c/tt\u003e\n\n\u003cbr\u003eIn case one or more of these values are constantly increasing the leak is happening.\u003cbr\u003e\u003cbr\u003e\u003cp\u003eThis issue affects Junos OS Evolved:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.4R3-S7-EVO,\u003c/li\u003e\u003cli\u003e22.1 versions before 22.1R3-S6-EVO,\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e22.2 versions before 22.2R3-EVO,\u0026nbsp;\u003c/span\u003e\u003cbr\u003e\u003c/li\u003e\u003cli\u003e22.3 versions before 22.3R3-EVO,\u003c/li\u003e\u003cli\u003e22.4 versions before 22.4R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003ePlease note that this issue is similar to, but different from\u0026nbsp;CVE-2024-47508 and CVE-2024-47509.\u003cp\u003e\u003c/p\u003e" } ], "value": "An Allocation of Resources Without Limits or Throttling\u00a0vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an authenticated, network-based attacker to cause an FPC crash leading to a Denial of Service (DoS).When specific SNMP GET operations or specific low-priviledged CLI commands are executed, a GUID resource leak will occur, eventually leading to exhaustion and resulting in FPCs to hang. Affected FPCs need to be manually restarted to recover.\n\nGUID exhaustion will trigger a syslog message like one of the following:\n\nevo-pfemand[\u003cpid\u003e]: get_next_guid: Ran out of Guid Space ...\nevo-aftmand-zx[\u003cpid\u003e]: get_next_guid: Ran out of Guid Space ...\nThe leak can be monitored by running the following command and taking note of the values in the rightmost column labeled Guids:\n\n\n\n\n\nuser@host\u003e show platform application-info allocations app evo-pfemand/evo-pfemand\n\n\n\nIn case one or more of these values are constantly increasing the leak is happening.\n\nThis issue affects Junos OS Evolved:\n\n\n\n * All versions before 21.4R3-S7-EVO,\n * 22.1 versions before 22.1R3-S6-EVO,\n * 22.2 versions before 22.2R3-EVO,\u00a0\n\n * 22.3 versions before 22.3R3-EVO,\n * 22.4 versions before 22.4R2-EVO.\n\n\n\nPlease note that this issue is similar to, but different from\u00a0CVE-2024-47508 and CVE-2024-47509." } ], "exploits": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." } ], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] }, { "cvssV4_0": { "Automatable": "YES", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 7.1, "baseSeverity": "HIGH", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/RE:M", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-11T15:35:24.753Z", "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://supportportal.juniper.net/" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "The following software releases have been updated to resolve this specific issue: 21.4R3-S7-EVO, 22.1R3-S6-EVO, 22.2R3-EVO, 22.3R3-EVO, 22.4R2-EVO, 23.2R1-EVO, and all subsequent releases." } ], "value": "The following software releases have been updated to resolve this specific issue: 21.4R3-S7-EVO, 22.1R3-S6-EVO, 22.2R3-EVO, 22.3R3-EVO, 22.4R2-EVO, 23.2R1-EVO, and all subsequent releases." } ], "source": { "advisory": "JSA88136", "defect": [ "1713163" ], "discovery": "INTERNAL" }, "title": "Junos OS Evolved: Specific low privileged CLI commands and SNMP GET requests can trigger a resource leak #1", "workarounds": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "There are no known workarounds for this issue.\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(251, 251, 251);\"\u003eTo reduce the risk of exploitation of this issue, use access lists or firewall filters to limit access to only trusted networks, hosts and users.\u003c/span\u003e\n\n\u003cbr\u003e" } ], "value": "There are no known workarounds for this issue.\n\n\nTo reduce the risk of exploitation of this issue, use access lists or firewall filters to limit access to only trusted networks, hosts and users." } ], "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "cveId": "CVE-2024-47505", "datePublished": "2024-10-11T15:35:24.753Z", "dateReserved": "2024-09-25T15:26:52.610Z", "dateUpdated": "2024-10-11T17:18:42.218Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2024-47505\",\"sourceIdentifier\":\"sirt@juniper.net\",\"published\":\"2024-10-11T16:15:12.210\",\"lastModified\":\"2024-10-15T12:58:51.050\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An Allocation of Resources Without Limits or Throttling\u00a0vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an authenticated, network-based attacker to cause an FPC crash leading to a Denial of Service (DoS).When specific SNMP GET operations or specific low-priviledged CLI commands are executed, a GUID resource leak will occur, eventually leading to exhaustion and resulting in FPCs to hang. Affected FPCs need to be manually restarted to recover.\\n\\nGUID exhaustion will trigger a syslog message like one of the following:\\n\\nevo-pfemand[\u003cpid\u003e]: get_next_guid: Ran out of Guid Space ...\\nevo-aftmand-zx[\u003cpid\u003e]: get_next_guid: Ran out of Guid Space ...\\nThe leak can be monitored by running the following command and taking note of the values in the rightmost column labeled Guids:\\n\\n\\n\\n\\n\\nuser@host\u003e show platform application-info allocations app evo-pfemand/evo-pfemand\\n\\n\\n\\nIn case one or more of these values are constantly increasing the leak is happening.\\n\\nThis issue affects Junos OS Evolved:\\n\\n\\n\\n * All versions before 21.4R3-S7-EVO,\\n * 22.1 versions before 22.1R3-S6-EVO,\\n * 22.2 versions before 22.2R3-EVO,\u00a0\\n\\n * 22.3 versions before 22.3R3-EVO,\\n * 22.4 versions before 22.4R2-EVO.\\n\\n\\n\\nPlease note that this issue is similar to, but different from\u00a0CVE-2024-47508 and CVE-2024-47509.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de asignaci\u00f3n de recursos sin l\u00edmites ni limitaci\u00f3n en el daemon de administraci\u00f3n PFE (evo-pfemand) de Juniper Networks Junos OS Evolved permite que un atacante autenticado basado en la red provoque un bloqueo de FPC que genere una denegaci\u00f3n de servicio (DoS). Cuando se ejecutan operaciones GET de SNMP espec\u00edficas o comandos CLI con privilegios bajos espec\u00edficos, se produce una p\u00e9rdida de recursos GUID que, con el tiempo, provoca el agotamiento y hace que los FPC se bloqueen. Los FPC afectados deben reiniciarse manualmente para recuperarse. El agotamiento de GUID activar\u00e1 un mensaje de syslog como uno de los siguientes: evo-pfemand[]: get_next_guid: Ran out of Guid Space ... evo-aftmand-zx[]: get_next_guid: Ran out of Guid Space ... La p\u00e9rdida se puede monitorear ejecutando el siguiente comando y tomando nota de los valores en la columna m\u00e1s a la derecha etiquetada como Guids: user@host\u0026gt; show platform application-info assignments app evo-pfemand/evo-pfemand En caso de que uno o m\u00e1s de estos valores aumenten constantemente, se est\u00e1 produciendo la p\u00e9rdida. Este problema afecta a Junos OS Evolved: * Todas las versiones anteriores a 21.4R3-S7-EVO, * Versiones 22.1 anteriores a 22.1R3-S6-EVO, * Versiones 22.2 anteriores a 22.2R3-EVO, * Versiones 22.3 anteriores a 22.3R3-EVO, * Versiones 22.4 anteriores a 22.4R2-EVO. Tenga en cuenta que este problema es similar a CVE-2024-47508 y CVE-2024-47509, pero diferente.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:M/U:X\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnerableSystemConfidentiality\":\"NONE\",\"vulnerableSystemIntegrity\":\"NONE\",\"vulnerableSystemAvailability\":\"HIGH\",\"subsequentSystemConfidentiality\":\"NONE\",\"subsequentSystemIntegrity\":\"NONE\",\"subsequentSystemAvailability\":\"LOW\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirements\":\"NOT_DEFINED\",\"integrityRequirements\":\"NOT_DEFINED\",\"availabilityRequirements\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnerableSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedVulnerableSystemIntegrity\":\"NOT_DEFINED\",\"modifiedVulnerableSystemAvailability\":\"NOT_DEFINED\",\"modifiedSubsequentSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedSubsequentSystemIntegrity\":\"NOT_DEFINED\",\"modifiedSubsequentSystemAvailability\":\"NOT_DEFINED\",\"safety\":\"NOT_DEFINED\",\"automatable\":\"YES\",\"recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"MODERATE\",\"providerUrgency\":\"NOT_DEFINED\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\"}}],\"cvssMetricV31\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"references\":[{\"url\":\"https://supportportal.juniper.net/\",\"source\":\"sirt@juniper.net\"}]}}" } }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.