GSD-2024-30386
Vulnerability from gsd - Updated: 2024-04-03 05:02Details
A Use-After-Free vulnerability in the Layer 2 Address Learning Daemon (l2ald)
of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause l2ald to crash leading to a Denial-of-Service (DoS).
In an EVPN-VXLAN scenario, when
state updates are received and processed by the affected system, the correct order of some processing steps is not ensured, which can lead to an l2ald crash and restart. Whether the crash occurs depends on system internal timing which is outside the attackers control.
This issue affects:
Junos OS:
* All versions before 20.4R3-S8,
* 21.2 versions before 21.2R3-S6,
* 21.3 versions before 21.3R3-S5,
* 21.4 versions before 21.4R3-S4,
* 22.1 versions before 22.1R3-S3,
* 22.2 versions before 22.2R3-S1,
* 22.3 versions before 22.3R3,,
* 22.4 versions before 22.4R2;
Junos OS Evolved:
* All versions before 20.4R3-S8-EVO,
* 21.2-EVO versions before 21.2R3-S6-EVO,
* 21.3-EVO
versions before 21.3R3-S5-EVO,
* 21.4-EVO
versions before 21.4R3-S4-EVO,
* 22.1-EVO
versions before 22.1R3-S3-EVO,
* 22.2-EVO
versions before 22.2R3-S1-EVO,
* 22.3-EVO
versions before 22.3R3-EVO,
* 22.4-EVO
versions before 22.4R2-EVO.
Aliases
{
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2024-30386"
],
"details": "A Use-After-Free vulnerability in the\u00a0Layer 2 Address Learning Daemon (l2ald)\n\n of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause l2ald to crash leading to a Denial-of-Service (DoS).\n\nIn an EVPN-VXLAN scenario,\u00a0when \n\nstate updates are received and processed by the affected system, the correct order of some processing steps is not ensured, which can lead to an l2ald crash and restart. Whether the crash occurs depends on system internal timing which is outside the attackers control.\nThis issue affects:\n\nJunos OS:\u00a0\n\n\n\n * All versions before 20.4R3-S8,\n * 21.2 versions before 21.2R3-S6,\n * 21.3 versions before 21.3R3-S5,\n * 21.4 versions before 21.4R3-S4,\n * 22.1 versions before 22.1R3-S3,\n * 22.2 versions before 22.2R3-S1,\n * 22.3 versions before 22.3R3,,\n * 22.4 versions before 22.4R2;\n\n\n\n\nJunos OS Evolved:\u00a0\n\n\n\n * All versions before 20.4R3-S8-EVO,\n * 21.2-EVO versions before 21.2R3-S6-EVO,\u00a0\n * 21.3-EVO\n\n versions before 21.3R3-S5-EVO,\n * 21.4-EVO\n\n versions before 21.4R3-S4-EVO,\n * 22.1-EVO\n\n versions before 22.1R3-S3-EVO,\n * 22.2-EVO\n\n versions before 22.2R3-S1-EVO,\n * 22.3-EVO\n\n versions before 22.3R3-EVO,\n * 22.4-EVO\n\n versions before 22.4R2-EVO.\n\n\n\n\n",
"id": "GSD-2024-30386",
"modified": "2024-04-03T05:02:29.337871Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"ID": "CVE-2024-30386",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "0",
"version_value": "20.4R3-S8"
},
{
"version_affected": "\u003c",
"version_name": "21.2",
"version_value": "21.2R3-S6"
},
{
"version_affected": "\u003c",
"version_name": "21.3",
"version_value": "21.3R3-S5"
},
{
"version_affected": "\u003c",
"version_name": "21.4",
"version_value": "21.4R3-S4"
},
{
"version_affected": "\u003c",
"version_name": "22.1",
"version_value": "22.1R3-S3"
},
{
"version_affected": "\u003c",
"version_name": "22.2",
"version_value": "22.2R3-S1"
},
{
"version_affected": "\u003c",
"version_name": "22.3",
"version_value": "22.3R3"
},
{
"version_affected": "\u003c",
"version_name": "22.4",
"version_value": "22.4R2"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "0",
"version_value": "20.4R3-S8-EVO"
},
{
"version_affected": "\u003c",
"version_name": "21.2-EVO",
"version_value": "21.2R3-S6-EVO"
},
{
"version_affected": "\u003c",
"version_name": "21.3-EVO",
"version_value": "21.3R3-S5-EVO"
},
{
"version_affected": "\u003c",
"version_name": "21.4-EVO",
"version_value": "21.4R3-S4-EVO"
},
{
"version_affected": "\u003c",
"version_name": "22.1-EVO",
"version_value": "22.1R3-S3-EVO"
},
{
"version_affected": "\u003c",
"version_name": "22.2-EVO",
"version_value": "22.2R3-S1-EVO"
},
{
"version_affected": "\u003c",
"version_name": "22.3-EVO",
"version_value": "22.3R3-EVO"
},
{
"version_affected": "\u003c",
"version_name": "22.4-EVO",
"version_value": "22.4R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(251, 251, 251);\"\u003eTo be exposed to this issue the device must be configured for EVPN-VXLAN. Refer to product documentation for how to configure EVPN-VXLAN as there are different configuration options.\u003c/span\u003e\n\n"
}
],
"value": "\nTo be exposed to this issue the device must be configured for EVPN-VXLAN. Refer to product documentation for how to configure EVPN-VXLAN as there are different configuration options.\n\n"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Use-After-Free vulnerability in the\u00a0Layer 2 Address Learning Daemon (l2ald)\n\n of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause l2ald to crash leading to a Denial-of-Service (DoS).\n\nIn an EVPN-VXLAN scenario,\u00a0when \n\nstate updates are received and processed by the affected system, the correct order of some processing steps is not ensured, which can lead to an l2ald crash and restart. Whether the crash occurs depends on system internal timing which is outside the attackers control.\nThis issue affects:\n\nJunos OS:\u00a0\n\n\n\n * All versions before 20.4R3-S8,\n * 21.2 versions before 21.2R3-S6,\n * 21.3 versions before 21.3R3-S5,\n * 21.4 versions before 21.4R3-S4,\n * 22.1 versions before 22.1R3-S3,\n * 22.2 versions before 22.2R3-S1,\n * 22.3 versions before 22.3R3,,\n * 22.4 versions before 22.4R2;\n\n\n\n\nJunos OS Evolved:\u00a0\n\n\n\n * All versions before 20.4R3-S8-EVO,\n * 21.2-EVO versions before 21.2R3-S6-EVO,\u00a0\n * 21.3-EVO\n\n versions before 21.3R3-S5-EVO,\n * 21.4-EVO\n\n versions before 21.4R3-S4-EVO,\n * 22.1-EVO\n\n versions before 22.1R3-S3-EVO,\n * 22.2-EVO\n\n versions before 22.2R3-S1-EVO,\n * 22.3-EVO\n\n versions before 22.3R3-EVO,\n * 22.4-EVO\n\n versions before 22.4R2-EVO.\n\n\n\n\n"
}
]
},
"exploit": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-416",
"lang": "eng",
"value": "CWE-416 Use After Free"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial-of-Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://supportportal.juniper.net/JSA79184",
"refsource": "MISC",
"url": "http://supportportal.juniper.net/JSA79184"
},
{
"name": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"refsource": "MISC",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
}
]
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue:\u003cbr\u003eJunos OS: 20.4R3-S8, 21.2R3-S6, 21.3R3-S5, 21.4R3-S4, 21.4R3-S5, 22.1R3-S3, 22.2R3-S1, 22.3R3, 22.3R3-S2, 22.4R2, 23.2R1, and all subsequent releases;\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eJunos OS Evolved: 20.4R3-S8-EVO, 21.2R3-S6-EVO, 21.3R3-S5-EVO, 21.4R3-S4-EVO, 22.1R3-S3-EVO, 22.2R3-S1-EVO, 22.3R3-EVO, 22.4R2-EVO, 23.2R1-EVO, and all subsequent releases.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue:\nJunos OS: 20.4R3-S8, 21.2R3-S6, 21.3R3-S5, 21.4R3-S4, 21.4R3-S5, 22.1R3-S3, 22.2R3-S1, 22.3R3, 22.3R3-S2, 22.4R2, 23.2R1, and all subsequent releases;\n\n\nJunos OS Evolved: 20.4R3-S8-EVO, 21.2R3-S6-EVO, 21.3R3-S5-EVO, 21.4R3-S4-EVO, 22.1R3-S3-EVO, 22.2R3-S1-EVO, 22.3R3-EVO, 22.4R2-EVO, 23.2R1-EVO, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA79184",
"defect": [
"1700170"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are no known workarounds for this issue.\u003c/p\u003e"
}
],
"value": "There are no known workarounds for this issue."
}
]
},
"nvd.nist.gov": {
"cve": {
"descriptions": [
{
"lang": "en",
"value": "A Use-After-Free vulnerability in the\u00a0Layer 2 Address Learning Daemon (l2ald)\n\n of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause l2ald to crash leading to a Denial-of-Service (DoS).\n\nIn an EVPN-VXLAN scenario,\u00a0when \n\nstate updates are received and processed by the affected system, the correct order of some processing steps is not ensured, which can lead to an l2ald crash and restart. Whether the crash occurs depends on system internal timing which is outside the attackers control.\nThis issue affects:\n\nJunos OS:\u00a0\n\n\n\n * All versions before 20.4R3-S8,\n * 21.2 versions before 21.2R3-S6,\n * 21.3 versions before 21.3R3-S5,\n * 21.4 versions before 21.4R3-S4,\n * 22.1 versions before 22.1R3-S3,\n * 22.2 versions before 22.2R3-S1,\n * 22.3 versions before 22.3R3,,\n * 22.4 versions before 22.4R2;\n\n\n\n\nJunos OS Evolved:\u00a0\n\n\n\n * All versions before 20.4R3-S8-EVO,\n * 21.2-EVO versions before 21.2R3-S6-EVO,\u00a0\n * 21.3-EVO\n\n versions before 21.3R3-S5-EVO,\n * 21.4-EVO\n\n versions before 21.4R3-S4-EVO,\n * 22.1-EVO\n\n versions before 22.1R3-S3-EVO,\n * 22.2-EVO\n\n versions before 22.2R3-S1-EVO,\n * 22.3-EVO\n\n versions before 22.3R3-EVO,\n * 22.4-EVO\n\n versions before 22.4R2-EVO.\n\n\n\n\n"
},
{
"lang": "es",
"value": "Una vulnerabilidad de Use-After-Free en el daemon de aprendizaje de direcciones de capa 2 (l2ald) de Juniper Networks Junos OS y Junos OS Evolved permite que un atacante adyacente no autenticado provoque que l2ald falle, lo que provoca una denegaci\u00f3n de servicio (DoS). En un escenario EVPN-VXLAN, cuando el sistema afectado recibe y procesa actualizaciones de estado, no se garantiza el orden correcto de algunos pasos de procesamiento, lo que puede provocar un bloqueo y reinicio de l2ald. Que se produzca el fallo depende de la sincronizaci\u00f3n interna del sistema, que est\u00e1 fuera del control de los atacantes. Este problema afecta a: Junos OS: * Todas las versiones anteriores a 20.4R3-S8, * Versiones 21.2 anteriores a 21.2R3-S6, * Versiones 21.3 anteriores a 21.3R3-S5, * Versiones 21.4 anteriores a 21.4R3-S4, * Versiones 22.1 anteriores a 22.1R3- S3, * 22.2 versiones anteriores a 22.2R3-S1, * 22.3 versiones anteriores a 22.3R3, * 22.4 versiones anteriores a 22.4R2; Junos OS Evolved: * Todas las versiones anteriores a 20.4R3-S8-EVO, * Versiones 21.2-EVO anteriores a 21.2R3-S6-EVO, * Versiones 21.3-EVO anteriores a 21.3R3-S5-EVO, * Versiones 21.4-EVO anteriores a 21.4R3- S4-EVO, *versiones 22.1-EVO anteriores a 22.1R3-S3-EVO, *versiones 22.2-EVO anteriores a 22.2R3-S1-EVO, *versiones 22.3-EVO anteriores a 22.3R3-EVO, *versiones 22.4-EVO anteriores a 22.4R2- EVO."
}
],
"id": "CVE-2024-30386",
"lastModified": "2024-04-15T13:15:51.577",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "sirt@juniper.net",
"type": "Primary"
}
]
},
"published": "2024-04-12T16:15:37.650",
"references": [
{
"source": "sirt@juniper.net",
"url": "http://supportportal.juniper.net/JSA79184"
},
{
"source": "sirt@juniper.net",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "sirt@juniper.net",
"type": "Secondary"
}
]
}
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…