Action not permitted
Modal body text goes here.
Modal Title
Modal Body
NCSC-2024-0290
Vulnerability from csaf_ncscnl - Published: 2024-07-12 11:43 - Updated: 2024-07-12 11:43Summary
Kwetsbaarheden verholpen in Juniper Junos OS en Junos OS Evolved
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Er zijn kwetsbaarheden gevonden en verholpen in Juniper Junos OS en Junos OS Evolved.
Interpretaties
De kwetsbaarheden stellen een kwaadwillende in staat aanvallen uit te voeren die kunnen leiden tot Denial-of-Service (DoS), toegang tot gevoelige informatie, uitvoeren van code met verhoogde gebruikersrechten en omzeilen van een beveiligingsmaatregel.
Oplossingen
Juniper heeft updates uitgebracht om de kwetsbaarheden te verhelpen in JunOS en JunOS Evolved. Zie de referenties voor meer informatie.
Kans
medium
Schade
high
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-121
Stack-based Buffer Overflow
CWE-122
Heap-based Buffer Overflow
CWE-20
Improper Input Validation
CWE-252
Unchecked Return Value
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-400
Uncontrolled Resource Consumption
CWE-401
Missing Release of Memory after Effective Lifetime
CWE-404
Improper Resource Shutdown or Release
CWE-416
Use After Free
CWE-447
Unimplemented or Unsupported Feature in UI
CWE-532
Insertion of Sensitive Information into Log File
CWE-703
Improper Check or Handling of Exceptional Conditions
CWE-754
Improper Check for Unusual or Exceptional Conditions
CWE-755
Improper Handling of Exceptional Conditions
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Er zijn kwetsbaarheden gevonden en verholpen in Juniper Junos OS en Junos OS Evolved.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden stellen een kwaadwillende in staat aanvallen uit te voeren die kunnen leiden tot Denial-of-Service (DoS), toegang tot gevoelige informatie, uitvoeren van code met verhoogde gebruikersrechten en omzeilen van een beveiligingsmaatregel.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Juniper heeft updates uitgebracht om de kwetsbaarheden te verhelpen in JunOS en JunOS Evolved. Zie de referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
},
{
"category": "general",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "general",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Unchecked Return Value",
"title": "CWE-252"
},
{
"category": "general",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Missing Release of Memory after Effective Lifetime",
"title": "CWE-401"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "general",
"text": "Unimplemented or Unsupported Feature in UI",
"title": "CWE-447"
},
{
"category": "general",
"text": "Insertion of Sensitive Information into Log File",
"title": "CWE-532"
},
{
"category": "general",
"text": "Improper Check or Handling of Exceptional Conditions",
"title": "CWE-703"
},
{
"category": "general",
"text": "Improper Check for Unusual or Exceptional Conditions",
"title": "CWE-754"
},
{
"category": "general",
"text": "Improper Handling of Exceptional Conditions",
"title": "CWE-755"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Source - first",
"url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39511"
},
{
"category": "external",
"summary": "Source - first",
"url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39514"
},
{
"category": "external",
"summary": "Source - first",
"url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39517"
},
{
"category": "external",
"summary": "Source - first",
"url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39518"
},
{
"category": "external",
"summary": "Source - first",
"url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39554"
},
{
"category": "external",
"summary": "Source - first",
"url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39555"
},
{
"category": "external",
"summary": "Source - first",
"url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39556"
},
{
"category": "external",
"summary": "Source - first",
"url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39558"
},
{
"category": "external",
"summary": "Source - first",
"url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39560"
},
{
"category": "external",
"summary": "Source - first",
"url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39561"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39511"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39514"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39517"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39518"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39528"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39530"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39532"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39533"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39536"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39539"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39540"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39541"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39542"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39543"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39545"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39549"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39550"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39551"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39552"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39554"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39555"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39556"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39558"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39560"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39561"
},
{
"category": "external",
"summary": "Source - cveprojectv5",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39511"
},
{
"category": "external",
"summary": "Source - cveprojectv5",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39514"
},
{
"category": "external",
"summary": "Source - cveprojectv5",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39517"
},
{
"category": "external",
"summary": "Source - cveprojectv5",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39518"
},
{
"category": "external",
"summary": "Source - cveprojectv5",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39528"
},
{
"category": "external",
"summary": "Source - cveprojectv5",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39530"
},
{
"category": "external",
"summary": "Source - cveprojectv5",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39532"
},
{
"category": "external",
"summary": "Source - cveprojectv5",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39533"
},
{
"category": "external",
"summary": "Source - cveprojectv5",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39536"
},
{
"category": "external",
"summary": "Source - cveprojectv5",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39539"
},
{
"category": "external",
"summary": "Source - cveprojectv5",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39540"
},
{
"category": "external",
"summary": "Source - cveprojectv5",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39541"
},
{
"category": "external",
"summary": "Source - cveprojectv5",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39542"
},
{
"category": "external",
"summary": "Source - cveprojectv5",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39543"
},
{
"category": "external",
"summary": "Source - cveprojectv5",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39545"
},
{
"category": "external",
"summary": "Source - cveprojectv5",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39549"
},
{
"category": "external",
"summary": "Source - cveprojectv5",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39550"
},
{
"category": "external",
"summary": "Source - cveprojectv5",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39551"
},
{
"category": "external",
"summary": "Source - cveprojectv5",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39552"
},
{
"category": "external",
"summary": "Source - cveprojectv5",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39554"
},
{
"category": "external",
"summary": "Source - cveprojectv5",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39555"
},
{
"category": "external",
"summary": "Source - cveprojectv5",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39556"
},
{
"category": "external",
"summary": "Source - cveprojectv5",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39558"
},
{
"category": "external",
"summary": "Source - cveprojectv5",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39560"
},
{
"category": "external",
"summary": "Source - cveprojectv5",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39561"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd",
"url": "https://supportportal.juniper.net/JSA75726"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd",
"url": "https://supportportal.juniper.net/JSA79175"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd",
"url": "https://supportportal.juniper.net/JSA82976"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd",
"url": "https://supportportal.juniper.net/JSA82980"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd",
"url": "https://supportportal.juniper.net/JSA82982"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd",
"url": "https://supportportal.juniper.net/JSA82987"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd",
"url": "https://supportportal.juniper.net/JSA82989"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd",
"url": "https://supportportal.juniper.net/JSA82992"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd",
"url": "https://supportportal.juniper.net/JSA82993"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd",
"url": "https://supportportal.juniper.net/JSA82996"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd",
"url": "https://supportportal.juniper.net/JSA82999"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd",
"url": "https://supportportal.juniper.net/JSA83000"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd",
"url": "https://supportportal.juniper.net/JSA83001"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd",
"url": "https://supportportal.juniper.net/JSA83002"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd",
"url": "https://supportportal.juniper.net/JSA83004"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd",
"url": "https://supportportal.juniper.net/JSA83007"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd",
"url": "https://supportportal.juniper.net/JSA83011"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd",
"url": "https://supportportal.juniper.net/JSA83012"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd",
"url": "https://supportportal.juniper.net/JSA83013"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd",
"url": "https://supportportal.juniper.net/JSA83014"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd",
"url": "https://supportportal.juniper.net/JSA83015"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd",
"url": "https://supportportal.juniper.net/JSA83016"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd",
"url": "https://supportportal.juniper.net/JSA83018"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd",
"url": "https://supportportal.juniper.net/JSA83020"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd",
"url": "https://supportportal.juniper.net/JSA83021"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
}
],
"title": "Kwetsbaarheden verholpen in Juniper Junos OS en Junos OS Evolved",
"tracking": {
"current_release_date": "2024-07-12T11:43:27.625950Z",
"id": "NCSC-2024-0290",
"initial_release_date": "2024-07-12T11:43:27.625950Z",
"revision_history": [
{
"date": "2024-07-12T11:43:27.625950Z",
"number": "0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "junos_os_evolved",
"product": {
"name": "junos_os_evolved",
"product_id": "CSAFPID-1468459",
"product_identification_helper": {
"cpe": "cpe:2.3:a:juniper_networks:junos_os_evolved:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos_os_evolved",
"product": {
"name": "junos_os_evolved",
"product_id": "CSAFPID-1499583",
"product_identification_helper": {
"cpe": "cpe:2.3:a:juniper_networks:junos_os_evolved:21.1-evo:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos_os_evolved",
"product": {
"name": "junos_os_evolved",
"product_id": "CSAFPID-1468740",
"product_identification_helper": {
"cpe": "cpe:2.3:a:juniper_networks:junos_os_evolved:21.2-evo:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos_os_evolved",
"product": {
"name": "junos_os_evolved",
"product_id": "CSAFPID-1468741",
"product_identification_helper": {
"cpe": "cpe:2.3:a:juniper_networks:junos_os_evolved:21.3-evo:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos_os_evolved",
"product": {
"name": "junos_os_evolved",
"product_id": "CSAFPID-1468460",
"product_identification_helper": {
"cpe": "cpe:2.3:a:juniper_networks:junos_os_evolved:21.4-evo:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos_os_evolved",
"product": {
"name": "junos_os_evolved",
"product_id": "CSAFPID-1468737",
"product_identification_helper": {
"cpe": "cpe:2.3:a:juniper_networks:junos_os_evolved:21.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos_os_evolved",
"product": {
"name": "junos_os_evolved",
"product_id": "CSAFPID-1468742",
"product_identification_helper": {
"cpe": "cpe:2.3:a:juniper_networks:junos_os_evolved:22.1-evo:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos_os_evolved",
"product": {
"name": "junos_os_evolved",
"product_id": "CSAFPID-1468461",
"product_identification_helper": {
"cpe": "cpe:2.3:a:juniper_networks:junos_os_evolved:22.2-evo:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos_os_evolved",
"product": {
"name": "junos_os_evolved",
"product_id": "CSAFPID-1491757",
"product_identification_helper": {
"cpe": "cpe:2.3:a:juniper_networks:junos_os_evolved:22.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos_os_evolved",
"product": {
"name": "junos_os_evolved",
"product_id": "CSAFPID-1468462",
"product_identification_helper": {
"cpe": "cpe:2.3:a:juniper_networks:junos_os_evolved:22.3-evo:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos_os_evolved",
"product": {
"name": "junos_os_evolved",
"product_id": "CSAFPID-1491758",
"product_identification_helper": {
"cpe": "cpe:2.3:a:juniper_networks:junos_os_evolved:22.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos_os_evolved",
"product": {
"name": "junos_os_evolved",
"product_id": "CSAFPID-1468463",
"product_identification_helper": {
"cpe": "cpe:2.3:a:juniper_networks:junos_os_evolved:22.4-evo:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos_os_evolved",
"product": {
"name": "junos_os_evolved",
"product_id": "CSAFPID-1491759",
"product_identification_helper": {
"cpe": "cpe:2.3:a:juniper_networks:junos_os_evolved:22.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos_os_evolved",
"product": {
"name": "junos_os_evolved",
"product_id": "CSAFPID-1468464",
"product_identification_helper": {
"cpe": "cpe:2.3:a:juniper_networks:junos_os_evolved:23.2-evo:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos_os_evolved",
"product": {
"name": "junos_os_evolved",
"product_id": "CSAFPID-1491760",
"product_identification_helper": {
"cpe": "cpe:2.3:a:juniper_networks:junos_os_evolved:23.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos_os_evolved",
"product": {
"name": "junos_os_evolved",
"product_id": "CSAFPID-1468465",
"product_identification_helper": {
"cpe": "cpe:2.3:a:juniper_networks:junos_os_evolved:23.4-evo:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos_os_evolved",
"product": {
"name": "junos_os_evolved",
"product_id": "CSAFPID-1500292",
"product_identification_helper": {
"cpe": "cpe:2.3:a:juniper_networks:junos_os_evolved:23.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos_os_evolved",
"product": {
"name": "junos_os_evolved",
"product_id": "CSAFPID-1500294",
"product_identification_helper": {
"cpe": "cpe:2.3:a:juniper_networks:junos_os_evolved:24.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos_os",
"product": {
"name": "junos_os",
"product_id": "CSAFPID-1468728",
"product_identification_helper": {
"cpe": "cpe:2.3:a:juniper_networks:junos_os:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos_os",
"product": {
"name": "junos_os",
"product_id": "CSAFPID-1495028",
"product_identification_helper": {
"cpe": "cpe:2.3:a:juniper_networks:junos_os:20.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos_os",
"product": {
"name": "junos_os",
"product_id": "CSAFPID-1468729",
"product_identification_helper": {
"cpe": "cpe:2.3:a:juniper_networks:junos_os:21.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos_os",
"product": {
"name": "junos_os",
"product_id": "CSAFPID-1468730",
"product_identification_helper": {
"cpe": "cpe:2.3:a:juniper_networks:junos_os:21.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos_os",
"product": {
"name": "junos_os",
"product_id": "CSAFPID-1500289",
"product_identification_helper": {
"cpe": "cpe:2.3:a:juniper_networks:junos_os:21.2r1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos_os",
"product": {
"name": "junos_os",
"product_id": "CSAFPID-1499585",
"product_identification_helper": {
"cpe": "cpe:2.3:a:juniper_networks:junos_os:21.2r3-s5:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos_os",
"product": {
"name": "junos_os",
"product_id": "CSAFPID-1500290",
"product_identification_helper": {
"cpe": "cpe:2.3:a:juniper_networks:junos_os:21.2r3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos_os",
"product": {
"name": "junos_os",
"product_id": "CSAFPID-1468731",
"product_identification_helper": {
"cpe": "cpe:2.3:a:juniper_networks:junos_os:21.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos_os",
"product": {
"name": "junos_os",
"product_id": "CSAFPID-1468732",
"product_identification_helper": {
"cpe": "cpe:2.3:a:juniper_networks:junos_os:21.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos_os",
"product": {
"name": "junos_os",
"product_id": "CSAFPID-1500291",
"product_identification_helper": {
"cpe": "cpe:2.3:a:juniper_networks:junos_os:21.4r2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos_os",
"product": {
"name": "junos_os",
"product_id": "CSAFPID-1499586",
"product_identification_helper": {
"cpe": "cpe:2.3:a:juniper_networks:junos_os:21.4r3-s4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos_os",
"product": {
"name": "junos_os",
"product_id": "CSAFPID-1494853",
"product_identification_helper": {
"cpe": "cpe:2.3:a:juniper_networks:junos_os:21.4r3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos_os",
"product": {
"name": "junos_os",
"product_id": "CSAFPID-1468733",
"product_identification_helper": {
"cpe": "cpe:2.3:a:juniper_networks:junos_os:22.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos_os",
"product": {
"name": "junos_os",
"product_id": "CSAFPID-1500295",
"product_identification_helper": {
"cpe": "cpe:2.3:a:juniper_networks:junos_os:22.1r3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos_os",
"product": {
"name": "junos_os",
"product_id": "CSAFPID-1468734",
"product_identification_helper": {
"cpe": "cpe:2.3:a:juniper_networks:junos_os:22.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos_os",
"product": {
"name": "junos_os",
"product_id": "CSAFPID-1494854",
"product_identification_helper": {
"cpe": "cpe:2.3:a:juniper_networks:junos_os:22.2r2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos_os",
"product": {
"name": "junos_os",
"product_id": "CSAFPID-1499587",
"product_identification_helper": {
"cpe": "cpe:2.3:a:juniper_networks:junos_os:22.2r3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos_os",
"product": {
"name": "junos_os",
"product_id": "CSAFPID-1468735",
"product_identification_helper": {
"cpe": "cpe:2.3:a:juniper_networks:junos_os:22.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos_os",
"product": {
"name": "junos_os",
"product_id": "CSAFPID-1494855",
"product_identification_helper": {
"cpe": "cpe:2.3:a:juniper_networks:junos_os:22.3r1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos_os",
"product": {
"name": "junos_os",
"product_id": "CSAFPID-1499588",
"product_identification_helper": {
"cpe": "cpe:2.3:a:juniper_networks:junos_os:22.3r2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos_os",
"product": {
"name": "junos_os",
"product_id": "CSAFPID-1468739",
"product_identification_helper": {
"cpe": "cpe:2.3:a:juniper_networks:junos_os:22.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos_os",
"product": {
"name": "junos_os",
"product_id": "CSAFPID-1494857",
"product_identification_helper": {
"cpe": "cpe:2.3:a:juniper_networks:junos_os:22.4r1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos_os",
"product": {
"name": "junos_os",
"product_id": "CSAFPID-1500297",
"product_identification_helper": {
"cpe": "cpe:2.3:a:juniper_networks:junos_os:23.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos_os",
"product": {
"name": "junos_os",
"product_id": "CSAFPID-1482979",
"product_identification_helper": {
"cpe": "cpe:2.3:a:juniper_networks:junos_os:23.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos_os",
"product": {
"name": "junos_os",
"product_id": "CSAFPID-1499589",
"product_identification_helper": {
"cpe": "cpe:2.3:a:juniper_networks:junos_os:23.2r1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos_os",
"product": {
"name": "junos_os",
"product_id": "CSAFPID-1499584",
"product_identification_helper": {
"cpe": "cpe:2.3:a:juniper_networks:junos_os:23.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos_os",
"product": {
"name": "junos_os",
"product_id": "CSAFPID-1500293",
"product_identification_helper": {
"cpe": "cpe:2.3:a:juniper_networks:junos_os:24.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos_os_evolved",
"product": {
"name": "junos_os_evolved",
"product_id": "CSAFPID-1499958",
"product_identification_helper": {
"cpe": "cpe:2.3:o:juniper_networks:junos_os_evolved:*:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "juniper_networks"
},
{
"branches": [
{
"category": "product_name",
"name": "junos_os_evolved",
"product": {
"name": "junos_os_evolved",
"product_id": "CSAFPID-190806",
"product_identification_helper": {
"cpe": "cpe:2.3:h:juniper:junos_os_evolved:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos",
"product": {
"name": "junos",
"product_id": "CSAFPID-190799",
"product_identification_helper": {
"cpe": "cpe:2.3:h:juniper:junos:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos",
"product": {
"name": "junos",
"product_id": "CSAFPID-1500038",
"product_identification_helper": {
"cpe": "cpe:2.3:h:juniper:junos:20.4r3-s10:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos",
"product": {
"name": "junos",
"product_id": "CSAFPID-809978",
"product_identification_helper": {
"cpe": "cpe:2.3:h:juniper:junos:21.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos",
"product": {
"name": "junos",
"product_id": "CSAFPID-809979",
"product_identification_helper": {
"cpe": "cpe:2.3:h:juniper:junos:21.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos",
"product": {
"name": "junos",
"product_id": "CSAFPID-809980",
"product_identification_helper": {
"cpe": "cpe:2.3:h:juniper:junos:21.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos",
"product": {
"name": "junos",
"product_id": "CSAFPID-907487",
"product_identification_helper": {
"cpe": "cpe:2.3:h:juniper:junos:21.2r3-s5:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos",
"product": {
"name": "junos",
"product_id": "CSAFPID-809981",
"product_identification_helper": {
"cpe": "cpe:2.3:h:juniper:junos:21.2r3-s6:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos",
"product": {
"name": "junos",
"product_id": "CSAFPID-1499956",
"product_identification_helper": {
"cpe": "cpe:2.3:h:juniper:junos:21.2r3-s7:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos",
"product": {
"name": "junos",
"product_id": "CSAFPID-809982",
"product_identification_helper": {
"cpe": "cpe:2.3:h:juniper:junos:21.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos",
"product": {
"name": "junos",
"product_id": "CSAFPID-809983",
"product_identification_helper": {
"cpe": "cpe:2.3:h:juniper:junos:21.3r3-s4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos",
"product": {
"name": "junos",
"product_id": "CSAFPID-809984",
"product_identification_helper": {
"cpe": "cpe:2.3:h:juniper:junos:21.4r3-s4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos",
"product": {
"name": "junos",
"product_id": "CSAFPID-909039",
"product_identification_helper": {
"cpe": "cpe:2.3:h:juniper:junos:21.4r3-s5:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos",
"product": {
"name": "junos",
"product_id": "CSAFPID-1499957",
"product_identification_helper": {
"cpe": "cpe:2.3:h:juniper:junos:21.4r3-s6:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos",
"product": {
"name": "junos",
"product_id": "CSAFPID-909041",
"product_identification_helper": {
"cpe": "cpe:2.3:h:juniper:junos:22.1r3-s1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos",
"product": {
"name": "junos",
"product_id": "CSAFPID-809987",
"product_identification_helper": {
"cpe": "cpe:2.3:h:juniper:junos:22.1r3-s3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos",
"product": {
"name": "junos",
"product_id": "CSAFPID-909052",
"product_identification_helper": {
"cpe": "cpe:2.3:h:juniper:junos:22.1r3-s4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos",
"product": {
"name": "junos",
"product_id": "CSAFPID-1500040",
"product_identification_helper": {
"cpe": "cpe:2.3:h:juniper:junos:22.1r3-s5:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos",
"product": {
"name": "junos",
"product_id": "CSAFPID-1500751",
"product_identification_helper": {
"cpe": "cpe:2.3:h:juniper:junos:22.2r2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos",
"product": {
"name": "junos",
"product_id": "CSAFPID-1500753",
"product_identification_helper": {
"cpe": "cpe:2.3:h:juniper:junos:22.2r3-s0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos",
"product": {
"name": "junos",
"product_id": "CSAFPID-907489",
"product_identification_helper": {
"cpe": "cpe:2.3:h:juniper:junos:22.2r3-s1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos",
"product": {
"name": "junos",
"product_id": "CSAFPID-809989",
"product_identification_helper": {
"cpe": "cpe:2.3:h:juniper:junos:22.2r3-s2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos",
"product": {
"name": "junos",
"product_id": "CSAFPID-1499951",
"product_identification_helper": {
"cpe": "cpe:2.3:h:juniper:junos:22.2r3-s3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos",
"product": {
"name": "junos",
"product_id": "CSAFPID-1500754",
"product_identification_helper": {
"cpe": "cpe:2.3:h:juniper:junos:22.3r2-s1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos",
"product": {
"name": "junos",
"product_id": "CSAFPID-909042",
"product_identification_helper": {
"cpe": "cpe:2.3:h:juniper:junos:22.3r2-s2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos",
"product": {
"name": "junos",
"product_id": "CSAFPID-907497",
"product_identification_helper": {
"cpe": "cpe:2.3:h:juniper:junos:22.3r2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos",
"product": {
"name": "junos",
"product_id": "CSAFPID-907490",
"product_identification_helper": {
"cpe": "cpe:2.3:h:juniper:junos:22.3r3-s0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos",
"product": {
"name": "junos",
"product_id": "CSAFPID-809991",
"product_identification_helper": {
"cpe": "cpe:2.3:h:juniper:junos:22.3r3-s1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos",
"product": {
"name": "junos",
"product_id": "CSAFPID-1499952",
"product_identification_helper": {
"cpe": "cpe:2.3:h:juniper:junos:22.3r3-s2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos",
"product": {
"name": "junos",
"product_id": "CSAFPID-1500755",
"product_identification_helper": {
"cpe": "cpe:2.3:h:juniper:junos:22.4r1-s2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos",
"product": {
"name": "junos",
"product_id": "CSAFPID-1500752",
"product_identification_helper": {
"cpe": "cpe:2.3:h:juniper:junos:22.4r1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos",
"product": {
"name": "junos",
"product_id": "CSAFPID-907492",
"product_identification_helper": {
"cpe": "cpe:2.3:h:juniper:junos:22.4r2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos",
"product": {
"name": "junos",
"product_id": "CSAFPID-1500039",
"product_identification_helper": {
"cpe": "cpe:2.3:h:juniper:junos:22.4r3-s0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos",
"product": {
"name": "junos",
"product_id": "CSAFPID-1499953",
"product_identification_helper": {
"cpe": "cpe:2.3:h:juniper:junos:22.4r3-s1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos",
"product": {
"name": "junos",
"product_id": "CSAFPID-907494",
"product_identification_helper": {
"cpe": "cpe:2.3:h:juniper:junos:23.2r1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos",
"product": {
"name": "junos",
"product_id": "CSAFPID-1499954",
"product_identification_helper": {
"cpe": "cpe:2.3:h:juniper:junos:23.4r1-s1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos",
"product": {
"name": "junos",
"product_id": "CSAFPID-1499955",
"product_identification_helper": {
"cpe": "cpe:2.3:h:juniper:junos:23.4r1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "junos_os",
"product": {
"name": "junos_os",
"product_id": "CSAFPID-176507",
"product_identification_helper": {
"cpe": "cpe:2.3:o:juniper:junos_os:*:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "juniper"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-39560",
"cwe": {
"id": "CWE-755",
"name": "Improper Handling of Exceptional Conditions"
},
"notes": [
{
"category": "other",
"text": "Improper Handling of Exceptional Conditions",
"title": "CWE-755"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1468728",
"CSAFPID-1468732",
"CSAFPID-1468733",
"CSAFPID-1468734",
"CSAFPID-1468735",
"CSAFPID-1468739",
"CSAFPID-1482979",
"CSAFPID-1468459",
"CSAFPID-1468742",
"CSAFPID-1468461",
"CSAFPID-1468462",
"CSAFPID-1468463",
"CSAFPID-1468464",
"CSAFPID-1500289"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-39560",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39560.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1468728",
"CSAFPID-1468732",
"CSAFPID-1468733",
"CSAFPID-1468734",
"CSAFPID-1468735",
"CSAFPID-1468739",
"CSAFPID-1482979",
"CSAFPID-1468459",
"CSAFPID-1468742",
"CSAFPID-1468461",
"CSAFPID-1468462",
"CSAFPID-1468463",
"CSAFPID-1468464",
"CSAFPID-1500289"
]
}
],
"title": "CVE-2024-39560"
},
{
"cve": "CVE-2024-39561",
"cwe": {
"id": "CWE-754",
"name": "Improper Check for Unusual or Exceptional Conditions"
},
"notes": [
{
"category": "other",
"text": "Improper Check for Unusual or Exceptional Conditions",
"title": "CWE-754"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1468728",
"CSAFPID-1468732",
"CSAFPID-1468733",
"CSAFPID-1468734",
"CSAFPID-1468735",
"CSAFPID-1468739",
"CSAFPID-1482979",
"CSAFPID-1499584"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-39561",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39561.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1468728",
"CSAFPID-1468732",
"CSAFPID-1468733",
"CSAFPID-1468734",
"CSAFPID-1468735",
"CSAFPID-1468739",
"CSAFPID-1482979",
"CSAFPID-1499584"
]
}
],
"title": "CVE-2024-39561"
},
{
"cve": "CVE-2024-39511",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1468728",
"CSAFPID-1468730",
"CSAFPID-1468732",
"CSAFPID-1468733",
"CSAFPID-1468734",
"CSAFPID-1468735",
"CSAFPID-1468739",
"CSAFPID-1482979"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-39511",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39511.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1468728",
"CSAFPID-1468730",
"CSAFPID-1468732",
"CSAFPID-1468733",
"CSAFPID-1468734",
"CSAFPID-1468735",
"CSAFPID-1468739",
"CSAFPID-1482979"
]
}
],
"title": "CVE-2024-39511"
},
{
"cve": "CVE-2024-39514",
"cwe": {
"id": "CWE-703",
"name": "Improper Check or Handling of Exceptional Conditions"
},
"notes": [
{
"category": "other",
"text": "Improper Check or Handling of Exceptional Conditions",
"title": "CWE-703"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1468728",
"CSAFPID-1468732",
"CSAFPID-1468733",
"CSAFPID-1468734",
"CSAFPID-1468735",
"CSAFPID-1468739",
"CSAFPID-1482979",
"CSAFPID-1468459",
"CSAFPID-1468460",
"CSAFPID-1468742",
"CSAFPID-1468461",
"CSAFPID-1468462",
"CSAFPID-1468463",
"CSAFPID-1468464"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-39514",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39514.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1468728",
"CSAFPID-1468732",
"CSAFPID-1468733",
"CSAFPID-1468734",
"CSAFPID-1468735",
"CSAFPID-1468739",
"CSAFPID-1482979",
"CSAFPID-1468459",
"CSAFPID-1468460",
"CSAFPID-1468742",
"CSAFPID-1468461",
"CSAFPID-1468462",
"CSAFPID-1468463",
"CSAFPID-1468464"
]
}
],
"title": "CVE-2024-39514"
},
{
"cve": "CVE-2024-39517",
"cwe": {
"id": "CWE-754",
"name": "Improper Check for Unusual or Exceptional Conditions"
},
"notes": [
{
"category": "other",
"text": "Improper Check for Unusual or Exceptional Conditions",
"title": "CWE-754"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1468728",
"CSAFPID-1468732",
"CSAFPID-1468733",
"CSAFPID-1468734",
"CSAFPID-1468735",
"CSAFPID-1468739",
"CSAFPID-1482979",
"CSAFPID-1499584",
"CSAFPID-1468459",
"CSAFPID-1468460",
"CSAFPID-1468742",
"CSAFPID-1468461",
"CSAFPID-1468462",
"CSAFPID-1468463",
"CSAFPID-1468464",
"CSAFPID-1468465"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-39517",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39517.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1468728",
"CSAFPID-1468732",
"CSAFPID-1468733",
"CSAFPID-1468734",
"CSAFPID-1468735",
"CSAFPID-1468739",
"CSAFPID-1482979",
"CSAFPID-1499584",
"CSAFPID-1468459",
"CSAFPID-1468460",
"CSAFPID-1468742",
"CSAFPID-1468461",
"CSAFPID-1468462",
"CSAFPID-1468463",
"CSAFPID-1468464",
"CSAFPID-1468465"
]
}
],
"title": "CVE-2024-39517"
},
{
"cve": "CVE-2024-39518",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1499585",
"CSAFPID-1499586",
"CSAFPID-1499587",
"CSAFPID-1499588",
"CSAFPID-1494857",
"CSAFPID-1499589"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-39518",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39518.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1499585",
"CSAFPID-1499586",
"CSAFPID-1499587",
"CSAFPID-1499588",
"CSAFPID-1494857",
"CSAFPID-1499589"
]
}
],
"title": "CVE-2024-39518"
},
{
"cve": "CVE-2024-39528",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1468728",
"CSAFPID-1468732",
"CSAFPID-1468734",
"CSAFPID-1468735",
"CSAFPID-1468739",
"CSAFPID-1482979",
"CSAFPID-1468459",
"CSAFPID-1468460",
"CSAFPID-1468461",
"CSAFPID-1468462",
"CSAFPID-1468463",
"CSAFPID-1468464"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-39528",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39528.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1468728",
"CSAFPID-1468732",
"CSAFPID-1468734",
"CSAFPID-1468735",
"CSAFPID-1468739",
"CSAFPID-1482979",
"CSAFPID-1468459",
"CSAFPID-1468460",
"CSAFPID-1468461",
"CSAFPID-1468462",
"CSAFPID-1468463",
"CSAFPID-1468464"
]
}
],
"title": "CVE-2024-39528"
},
{
"cve": "CVE-2024-39530",
"cwe": {
"id": "CWE-754",
"name": "Improper Check for Unusual or Exceptional Conditions"
},
"notes": [
{
"category": "other",
"text": "Improper Check for Unusual or Exceptional Conditions",
"title": "CWE-754"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1494853",
"CSAFPID-1500295",
"CSAFPID-1494854",
"CSAFPID-1494855",
"CSAFPID-1494857"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-39530",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39530.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1494853",
"CSAFPID-1500295",
"CSAFPID-1494854",
"CSAFPID-1494855",
"CSAFPID-1494857"
]
}
],
"title": "CVE-2024-39530"
},
{
"cve": "CVE-2024-39532",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"notes": [
{
"category": "other",
"text": "Insertion of Sensitive Information into Log File",
"title": "CWE-532"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1468728",
"CSAFPID-1500295",
"CSAFPID-1468734",
"CSAFPID-1468735",
"CSAFPID-1468459",
"CSAFPID-1468461",
"CSAFPID-1468462"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-39532",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39532.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1468728",
"CSAFPID-1500295",
"CSAFPID-1468734",
"CSAFPID-1468735",
"CSAFPID-1468459",
"CSAFPID-1468461",
"CSAFPID-1468462"
]
}
],
"title": "CVE-2024-39532"
},
{
"cve": "CVE-2024-39533",
"cwe": {
"id": "CWE-447",
"name": "Unimplemented or Unsupported Feature in UI"
},
"notes": [
{
"category": "other",
"text": "Unimplemented or Unsupported Feature in UI",
"title": "CWE-447"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1468728",
"CSAFPID-1468732",
"CSAFPID-1468733",
"CSAFPID-1468734",
"CSAFPID-1468735",
"CSAFPID-1468739",
"CSAFPID-1482979"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-39533",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39533.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1468728",
"CSAFPID-1468732",
"CSAFPID-1468733",
"CSAFPID-1468734",
"CSAFPID-1468735",
"CSAFPID-1468739",
"CSAFPID-1482979"
]
}
],
"title": "CVE-2024-39533"
},
{
"cve": "CVE-2024-39536",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"category": "other",
"text": "Missing Release of Memory after Effective Lifetime",
"title": "CWE-401"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1468728",
"CSAFPID-1468732",
"CSAFPID-1468733",
"CSAFPID-1468734",
"CSAFPID-1468735",
"CSAFPID-1468739",
"CSAFPID-1500297",
"CSAFPID-1468740",
"CSAFPID-1468460",
"CSAFPID-1468461",
"CSAFPID-1468462",
"CSAFPID-1468463",
"CSAFPID-1468464"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-39536",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39536.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1468728",
"CSAFPID-1468732",
"CSAFPID-1468733",
"CSAFPID-1468734",
"CSAFPID-1468735",
"CSAFPID-1468739",
"CSAFPID-1500297",
"CSAFPID-1468740",
"CSAFPID-1468460",
"CSAFPID-1468461",
"CSAFPID-1468462",
"CSAFPID-1468463",
"CSAFPID-1468464"
]
}
],
"title": "CVE-2024-39536"
},
{
"cve": "CVE-2024-39539",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"category": "other",
"text": "Missing Release of Memory after Effective Lifetime",
"title": "CWE-401"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1468728",
"CSAFPID-1468732",
"CSAFPID-1468733",
"CSAFPID-1468734",
"CSAFPID-1468735",
"CSAFPID-1468739",
"CSAFPID-1482979"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-39539",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39539.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1468728",
"CSAFPID-1468732",
"CSAFPID-1468733",
"CSAFPID-1468734",
"CSAFPID-1468735",
"CSAFPID-1468739",
"CSAFPID-1482979"
]
}
],
"title": "CVE-2024-39539"
},
{
"cve": "CVE-2024-39540",
"cwe": {
"id": "CWE-754",
"name": "Improper Check for Unusual or Exceptional Conditions"
},
"notes": [
{
"category": "other",
"text": "Improper Check for Unusual or Exceptional Conditions",
"title": "CWE-754"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1499585"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-39540",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39540.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1499585"
]
}
],
"title": "CVE-2024-39540"
},
{
"cve": "CVE-2024-39541",
"cwe": {
"id": "CWE-755",
"name": "Improper Handling of Exceptional Conditions"
},
"notes": [
{
"category": "other",
"text": "Improper Handling of Exceptional Conditions",
"title": "CWE-755"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1468739",
"CSAFPID-1482979",
"CSAFPID-1499584",
"CSAFPID-1468463",
"CSAFPID-1468464",
"CSAFPID-1468465"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-39541",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39541.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1468739",
"CSAFPID-1482979",
"CSAFPID-1499584",
"CSAFPID-1468463",
"CSAFPID-1468464",
"CSAFPID-1468465"
]
}
],
"title": "CVE-2024-39541"
},
{
"cve": "CVE-2024-39542",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1468728",
"CSAFPID-1468732",
"CSAFPID-1468734",
"CSAFPID-1468459",
"CSAFPID-1468737"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-39542",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39542.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1468728",
"CSAFPID-1468732",
"CSAFPID-1468734",
"CSAFPID-1468459",
"CSAFPID-1468737"
]
}
],
"title": "CVE-2024-39542"
},
{
"cve": "CVE-2024-39543",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "other",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1468728",
"CSAFPID-1468732",
"CSAFPID-1468734",
"CSAFPID-1468735",
"CSAFPID-1468739",
"CSAFPID-1482979",
"CSAFPID-1499584",
"CSAFPID-1468459",
"CSAFPID-1468737",
"CSAFPID-1491757",
"CSAFPID-1491758",
"CSAFPID-1491759",
"CSAFPID-1491760",
"CSAFPID-1500292"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-39543",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39543.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1468728",
"CSAFPID-1468732",
"CSAFPID-1468734",
"CSAFPID-1468735",
"CSAFPID-1468739",
"CSAFPID-1482979",
"CSAFPID-1499584",
"CSAFPID-1468459",
"CSAFPID-1468737",
"CSAFPID-1491757",
"CSAFPID-1491758",
"CSAFPID-1491759",
"CSAFPID-1491760",
"CSAFPID-1500292"
]
}
],
"title": "CVE-2024-39543"
},
{
"cve": "CVE-2024-39545",
"cwe": {
"id": "CWE-754",
"name": "Improper Check for Unusual or Exceptional Conditions"
},
"notes": [
{
"category": "other",
"text": "Improper Check for Unusual or Exceptional Conditions",
"title": "CWE-754"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1468728",
"CSAFPID-1468732",
"CSAFPID-1468733",
"CSAFPID-1468734",
"CSAFPID-1468735",
"CSAFPID-1468739"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-39545",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39545.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1468728",
"CSAFPID-1468732",
"CSAFPID-1468733",
"CSAFPID-1468734",
"CSAFPID-1468735",
"CSAFPID-1468739"
]
}
],
"title": "CVE-2024-39545"
},
{
"cve": "CVE-2024-39549",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"category": "other",
"text": "Missing Release of Memory after Effective Lifetime",
"title": "CWE-401"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1468728",
"CSAFPID-1468732",
"CSAFPID-1468734",
"CSAFPID-1468735",
"CSAFPID-1468739",
"CSAFPID-1482979",
"CSAFPID-1499584",
"CSAFPID-1500293",
"CSAFPID-1468459",
"CSAFPID-1468737",
"CSAFPID-1491757",
"CSAFPID-1491758",
"CSAFPID-1491759",
"CSAFPID-1491760",
"CSAFPID-1500292",
"CSAFPID-1500294"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-39549",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39549.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1468728",
"CSAFPID-1468732",
"CSAFPID-1468734",
"CSAFPID-1468735",
"CSAFPID-1468739",
"CSAFPID-1482979",
"CSAFPID-1499584",
"CSAFPID-1500293",
"CSAFPID-1468459",
"CSAFPID-1468737",
"CSAFPID-1491757",
"CSAFPID-1491758",
"CSAFPID-1491759",
"CSAFPID-1491760",
"CSAFPID-1500292",
"CSAFPID-1500294"
]
}
],
"title": "CVE-2024-39549"
},
{
"cve": "CVE-2024-39550",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"category": "other",
"text": "Missing Release of Memory after Effective Lifetime",
"title": "CWE-401"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1500290",
"CSAFPID-1500291",
"CSAFPID-1468733",
"CSAFPID-1468734",
"CSAFPID-1468735",
"CSAFPID-1468739",
"CSAFPID-1482979",
"CSAFPID-1499584"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-39550",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39550.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1500290",
"CSAFPID-1500291",
"CSAFPID-1468733",
"CSAFPID-1468734",
"CSAFPID-1468735",
"CSAFPID-1468739",
"CSAFPID-1482979",
"CSAFPID-1499584"
]
}
],
"title": "CVE-2024-39550"
},
{
"cve": "CVE-2024-39551",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1495028",
"CSAFPID-1468730",
"CSAFPID-1468731",
"CSAFPID-1468732",
"CSAFPID-1468733",
"CSAFPID-1468734",
"CSAFPID-1468735",
"CSAFPID-1468739",
"CSAFPID-1482979"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-39551",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39551.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1495028",
"CSAFPID-1468730",
"CSAFPID-1468731",
"CSAFPID-1468732",
"CSAFPID-1468733",
"CSAFPID-1468734",
"CSAFPID-1468735",
"CSAFPID-1468739",
"CSAFPID-1482979"
]
}
],
"title": "CVE-2024-39551"
},
{
"cve": "CVE-2024-39552",
"cwe": {
"id": "CWE-755",
"name": "Improper Handling of Exceptional Conditions"
},
"notes": [
{
"category": "other",
"text": "Improper Handling of Exceptional Conditions",
"title": "CWE-755"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1468728",
"CSAFPID-1468730",
"CSAFPID-1468731",
"CSAFPID-1468732",
"CSAFPID-1468733",
"CSAFPID-1468734",
"CSAFPID-1468735",
"CSAFPID-1468739",
"CSAFPID-1482979",
"CSAFPID-1468459",
"CSAFPID-1468741",
"CSAFPID-1468460",
"CSAFPID-1468742",
"CSAFPID-1468461",
"CSAFPID-1468462",
"CSAFPID-1468463",
"CSAFPID-1468464",
"CSAFPID-1468465"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-39552",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39552.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1468728",
"CSAFPID-1468730",
"CSAFPID-1468731",
"CSAFPID-1468732",
"CSAFPID-1468733",
"CSAFPID-1468734",
"CSAFPID-1468735",
"CSAFPID-1468739",
"CSAFPID-1482979",
"CSAFPID-1468459",
"CSAFPID-1468741",
"CSAFPID-1468460",
"CSAFPID-1468742",
"CSAFPID-1468461",
"CSAFPID-1468462",
"CSAFPID-1468463",
"CSAFPID-1468464",
"CSAFPID-1468465"
]
}
],
"title": "CVE-2024-39552"
},
{
"cve": "CVE-2024-39554",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1468729",
"CSAFPID-1468730",
"CSAFPID-1468732",
"CSAFPID-1468733",
"CSAFPID-1468734",
"CSAFPID-1468735",
"CSAFPID-1468739",
"CSAFPID-1482979",
"CSAFPID-1499583",
"CSAFPID-1468740",
"CSAFPID-1468460",
"CSAFPID-1468742",
"CSAFPID-1468461",
"CSAFPID-1468462",
"CSAFPID-1468463",
"CSAFPID-1468464"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-39554",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39554.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1468729",
"CSAFPID-1468730",
"CSAFPID-1468732",
"CSAFPID-1468733",
"CSAFPID-1468734",
"CSAFPID-1468735",
"CSAFPID-1468739",
"CSAFPID-1482979",
"CSAFPID-1499583",
"CSAFPID-1468740",
"CSAFPID-1468460",
"CSAFPID-1468742",
"CSAFPID-1468461",
"CSAFPID-1468462",
"CSAFPID-1468463",
"CSAFPID-1468464"
]
}
],
"title": "CVE-2024-39554"
},
{
"cve": "CVE-2024-39555",
"cwe": {
"id": "CWE-755",
"name": "Improper Handling of Exceptional Conditions"
},
"notes": [
{
"category": "other",
"text": "Improper Handling of Exceptional Conditions",
"title": "CWE-755"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1468728",
"CSAFPID-1468734",
"CSAFPID-1468735",
"CSAFPID-1468739",
"CSAFPID-1482979",
"CSAFPID-1499584",
"CSAFPID-1468459",
"CSAFPID-1468461",
"CSAFPID-1468462",
"CSAFPID-1468463",
"CSAFPID-1468464",
"CSAFPID-1468465"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-39555",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39555.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1468728",
"CSAFPID-1468734",
"CSAFPID-1468735",
"CSAFPID-1468739",
"CSAFPID-1482979",
"CSAFPID-1499584",
"CSAFPID-1468459",
"CSAFPID-1468461",
"CSAFPID-1468462",
"CSAFPID-1468463",
"CSAFPID-1468464",
"CSAFPID-1468465"
]
}
],
"title": "CVE-2024-39555"
},
{
"cve": "CVE-2024-39556",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1468728",
"CSAFPID-1468733",
"CSAFPID-1468734",
"CSAFPID-1468735",
"CSAFPID-1468739",
"CSAFPID-1482979",
"CSAFPID-1499584",
"CSAFPID-1468459",
"CSAFPID-1468742",
"CSAFPID-1468461",
"CSAFPID-1468462",
"CSAFPID-1468463",
"CSAFPID-1468464",
"CSAFPID-1468465"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-39556",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39556.json"
}
],
"title": "CVE-2024-39556"
},
{
"cve": "CVE-2024-39558",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"notes": [
{
"category": "other",
"text": "Unchecked Return Value",
"title": "CWE-252"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1468728",
"CSAFPID-1468730",
"CSAFPID-1468732",
"CSAFPID-1468733",
"CSAFPID-1468734",
"CSAFPID-1468735",
"CSAFPID-1468739",
"CSAFPID-1468459",
"CSAFPID-1468740",
"CSAFPID-1468460",
"CSAFPID-1468742",
"CSAFPID-1468461",
"CSAFPID-1468462",
"CSAFPID-1468463"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-39558",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39558.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1468728",
"CSAFPID-1468730",
"CSAFPID-1468732",
"CSAFPID-1468733",
"CSAFPID-1468734",
"CSAFPID-1468735",
"CSAFPID-1468739",
"CSAFPID-1468459",
"CSAFPID-1468740",
"CSAFPID-1468460",
"CSAFPID-1468742",
"CSAFPID-1468461",
"CSAFPID-1468462",
"CSAFPID-1468463"
]
}
],
"title": "CVE-2024-39558"
}
]
}
CVE-2024-39511 (GCVE-0-2024-39511)
Vulnerability from cvelistv5 – Published: 2024-07-10 22:58 – Updated: 2024-08-02 04:26
VLAI?
EPSS
Title
Junos OS: The 802.1X Authentication Daemon crashes on running a specific command
Summary
An Improper Input Validation vulnerability in the 802.1X Authentication (dot1x) Daemon of Juniper Networks Junos OS allows a local, low-privileged attacker with access to the CLI to cause a Denial of Service (DoS).
On running a specific operational dot1x command, the dot1x daemon crashes. An attacker can cause a sustained DoS condition by running this command repeatedly.
When the crash occurs, the authentication status of any 802.1x clients is cleared, and any authorized dot1x port becomes unauthorized. The client cannot re-authenticate until the dot1x daemon restarts.
This issue affects Junos OS:
* All versions before 20.4R3-S10;
* 21.2 versions before 21.2R3-S7;
* 21.4 versions before 21.4R3-S6;
* 22.1 versions before 22.1R3-S5;
* 22.2 versions before 22.2R3-S3;
* 22.3 versions before 22.3R3-S2;
* 22.4 versions before 22.4R3-S1;
* 23.2 versions before 23.2R2.
Severity ?
5.5 (Medium)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
0 , < 20.4R3-S10
(semver)
Affected: 21.2 , < 21.2R3-S7 (semver) Affected: 21.4 , < 21.4R3-S6 (semver) Affected: 22.1 , < 22.1R3-S5 (semver) Affected: 22.2 , < 22.2R3-S3 (semver) Affected: 22.3 , < 22.3R3-S2 (semver) Affected: 22.4 , < 22.4R3-S1 (semver) Affected: 23.2 , < 23.2R2 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39511",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T13:41:20.299537Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T13:41:37.291Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA82976"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S10",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.2R3-S7",
"status": "affected",
"version": "21.2",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S6",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S5",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S3",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S2",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S1",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2",
"status": "affected",
"version": "23.2",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-07-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Input Validation vulnerability in the 802.1X Authentication (dot1x) Daemon of Juniper Networks Junos OS allows a local, low-privileged attacker with access to the CLI to cause a Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003eOn running a specific operational dot1x command, the dot1x daemon crashes. An attacker can cause a sustained DoS condition by running this command repeatedly.\u003cbr\u003e\u003cbr\u003eWhen the crash occurs, the authentication status of any 802.1x clients is cleared, and any authorized dot1x port becomes unauthorized. The client cannot re-authenticate until the dot1x daemon restarts.\u003cbr\u003e\u003cbr\u003eThis issue affects Junos OS:\u003cbr\u003e\u003cul\u003e\u003cli\u003eAll versions before 20.4R3-S10;\u003c/li\u003e\u003cli\u003e21.2 versions before 21.2R3-S7;\u003c/li\u003e\u003cli\u003e21.4 versions before 21.4R3-S6;\u003c/li\u003e\u003cli\u003e22.1 versions before 22.1R3-S5;\u003c/li\u003e\u003cli\u003e22.2 versions before 22.2R3-S3;\u003c/li\u003e\u003cli\u003e22.3 versions before 22.3R3-S2;\u003c/li\u003e\u003cli\u003e22.4 versions before 22.4R3-S1;\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R2.\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "An Improper Input Validation vulnerability in the 802.1X Authentication (dot1x) Daemon of Juniper Networks Junos OS allows a local, low-privileged attacker with access to the CLI to cause a Denial of Service (DoS).\n\nOn running a specific operational dot1x command, the dot1x daemon crashes. An attacker can cause a sustained DoS condition by running this command repeatedly.\n\nWhen the crash occurs, the authentication status of any 802.1x clients is cleared, and any authorized dot1x port becomes unauthorized. The client cannot re-authenticate until the dot1x daemon restarts.\n\nThis issue affects Junos OS:\n * All versions before 20.4R3-S10;\n * 21.2 versions before 21.2R3-S7;\n * 21.4 versions before 21.4R3-S6;\n * 22.1 versions before 22.1R3-S5;\n * 22.2 versions before 22.2R3-S3;\n * 22.3 versions before 22.3R3-S2;\n * 22.4 versions before 22.4R3-S1;\n * 23.2 versions before 23.2R2."
}
],
"exploits": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T22:58:06.058Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA82976"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: 20.4R3-S10, 21.2R3-S7, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3-S1, 23.2R2, 23.4R1, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue: 20.4R3-S10, 21.2R3-S7, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3-S1, 23.2R2, 23.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA82976",
"defect": [
"1776503"
],
"discovery": "USER"
},
"title": "Junos OS: The 802.1X Authentication Daemon crashes on running a specific command",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-39511",
"datePublished": "2024-07-10T22:58:06.058Z",
"dateReserved": "2024-06-25T15:12:53.237Z",
"dateUpdated": "2024-08-02T04:26:15.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39541 (GCVE-0-2024-39541)
Vulnerability from cvelistv5 – Published: 2024-07-11 16:17 – Updated: 2024-08-02 04:26
VLAI?
EPSS
Title
Junos OS and Junos OS Evolved: Inconsistent information in the TE database can lead to an rpd crash
Summary
An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).
When conflicting information (IP or ISO addresses) about a node is added to the Traffic Engineering (TE) database and then a subsequent operation attempts to process these, rpd will crash and restart.
This issue affects:
Junos OS:
* 22.4 versions before 22.4R3-S1,
* 23.2 versions before 23.2R2,
* 23.4 versions before 23.4R1-S1, 23.4R2,
This issue does not affect Junos OS versions earlier than 22.4R1.
Junos OS Evolved:
* 22.4-EVO versions before 22.4R3-S2-EVO,
* 23.2-EVO versions before 23.2R2-EVO,
* 23.4-EVO versions before 23.4R1-S1-EVO, 23.4R2-EVO,
This issue does not affect Junos OS Evolved versions earlier than
before 22.4R1.
Severity ?
CWE
- CWE-755 - Improper Handling of Exceptional Conditions
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
22.4 , < 22.4R3-S1
(semver)
Affected: 23.2 , < 23.2R2 (semver) Affected: 23.4 , < 23.4R1-S1, 23.4R2 (semver) Unaffected: 0 , < 22.4R1 (semver) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39541",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T16:55:27.263492Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T15:51:43.084Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.778Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA83001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "22.4R3-S1",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R1-S1, 23.4R2",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "22.4R1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "22.4R3-S2-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
},
{
"lessThan": "23.2R2-EVO",
"status": "affected",
"version": "23.2-EVO",
"versionType": "semver"
},
{
"lessThan": "23.4R1-S1-EVO, 23.4R2-EVO",
"status": "affected",
"version": "23.4-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "To be exposed to this issue traffic engineering per:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ protocols source-packet-routing traffic-engineering database ]\u003cbr\u003e\u003c/tt\u003e\u003cbr\u003e\u003ctt\u003eand either OSPF or ISIS TE per:\u003c/tt\u003e\u003cbr\u003e\u003ctt\u003e\u003c/tt\u003e\u003cbr\u003e\u003ctt\u003e[ protocols ospf traffic-engineering ]\u003c/tt\u003e\u003cbr\u003e\u003ctt\u003eor\u003cbr\u003e\u003c/tt\u003e\u003ctt\u003e[ protocols isis traffic-engineering ]\u003cbr\u003e\u003cbr\u003e\u003c/tt\u003e\u003ctt\u003e\u003ctt\u003ehave to be configured.\u003c/tt\u003e\u003c/tt\u003e\u003ctt\u003e\u003c/tt\u003e"
}
],
"value": "To be exposed to this issue traffic engineering per:\n\n[ protocols source-packet-routing traffic-engineering database ]\n\nand either OSPF or ISIS TE per:\n\n[ protocols ospf traffic-engineering ]\nor\n[ protocols isis traffic-engineering ]\n\nhave to be configured."
}
],
"datePublic": "2024-07-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDenial-of-Service (DoS).\u003cbr\u003e\u003cbr\u003eWhen conflicting information (IP or ISO addresses) about a node is added to the Traffic Engineering (TE) database and then a subsequent operation attempts to process these, rpd will crash and restart.\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJunos OS:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e22.4 versions before 22.4R3-S1,\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R2,\u0026nbsp;\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R1-S1, 23.4R2,\u0026nbsp;\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eThis issue does not affect Junos OS versions earlier than 22.4R1.\u003c/p\u003e\u003cp\u003eJunos OS Evolved:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e22.4-EVO versions before 22.4R3-S2-EVO,\u003c/li\u003e\u003cli\u003e23.2-EVO versions before 23.2R2-EVO,\u003c/li\u003e\u003cli\u003e23.4-EVO versions before 23.4R1-S1-EVO, 23.4R2-EVO,\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\n\nThis issue does not affect Junos OS Evolved versions earlier than \n\nbefore 22.4R1.\u003c/p\u003e"
}
],
"value": "An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).\n\nWhen conflicting information (IP or ISO addresses) about a node is added to the Traffic Engineering (TE) database and then a subsequent operation attempts to process these, rpd will crash and restart.\n\nThis issue affects:\n\nJunos OS:\n\n\n\n * 22.4 versions before 22.4R3-S1,\n * 23.2 versions before 23.2R2,\u00a0\n * 23.4 versions before 23.4R1-S1, 23.4R2,\u00a0\n\n\n\n\nThis issue does not affect Junos OS versions earlier than 22.4R1.\n\nJunos OS Evolved:\n\n\n\n * 22.4-EVO versions before 22.4R3-S2-EVO,\n * 23.2-EVO versions before 23.2R2-EVO,\n * 23.4-EVO versions before 23.4R1-S1-EVO, 23.4R2-EVO,\n\n\n\n\n\n\nThis issue does not affect Junos OS Evolved versions earlier than \n\nbefore 22.4R1."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755 Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T16:17:20.730Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA83001"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue:\u003cbr\u003eJunos OS: 22.4R3-S1, 23.2R2, 23.4R1-S1, 23.4R2, 24.2R1, and all subsequent releases;\u003cbr\u003e\n\nJunos OS Evolved: 22.4R3-S2-EVO, 23.2R2-EVO, 23.4R1-S1-EVO, 23.4R2-EVO, 24.2R1-EVO, and all subsequent releases.\n\n\u003cbr\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue:\nJunos OS: 22.4R3-S1, 23.2R2, 23.4R1-S1, 23.4R2, 24.2R1, and all subsequent releases;\n\n\nJunos OS Evolved: 22.4R3-S2-EVO, 23.2R2-EVO, 23.4R1-S1-EVO, 23.4R2-EVO, 24.2R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA83001",
"defect": [
"1759082"
],
"discovery": "INTERNAL"
},
"title": "Junos OS and Junos OS Evolved: Inconsistent information in the TE database can lead to an rpd crash",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-39541",
"datePublished": "2024-07-11T16:17:20.730Z",
"dateReserved": "2024-06-25T15:12:53.244Z",
"dateUpdated": "2024-08-02T04:26:15.778Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39540 (GCVE-0-2024-39540)
Vulnerability from cvelistv5 – Published: 2024-07-11 16:16 – Updated: 2024-08-02 04:26
VLAI?
EPSS
Title
Junos OS: SRX Series, and MX Series with SPC3: Specific valid TCP traffic can cause a pfe crash
Summary
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on SRX Series, and MX Series with SPC3 allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).
When an affected device receives specific valid TCP traffic, the pfe crashes and restarts leading to a momentary but complete service outage.
This issue affects Junos OS:
21.2 releases from 21.2R3-S5 before 21.2R3-S6.
This issue does not affect earlier or later releases.
Severity ?
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
21.2R3-S5 , < 21.2R3-S6
(semver)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:juniper:junos:21.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.2r3-s6",
"status": "affected",
"version": "21.2",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39540",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T18:48:08.891704Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T18:52:47.153Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:16.011Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA83000"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"SRX Series",
"MX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S6",
"status": "affected",
"version": "21.2R3-S5",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-07-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on SRX Series, and MX Series with SPC3 allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\u003cbr\u003e\u003cbr\u003eWhen an affected device receives specific valid TCP traffic, the pfe crashes and restarts leading to a momentary but complete service outage.\u003cbr\u003e\u003cbr\u003e\u003cp\u003eThis issue affects Junos OS:\u003c/p\u003e\u003cp\u003e21.2 releases from 21.2R3-S5 before 21.2R3-S6.\u003c/p\u003e\u003cp\u003eThis issue does not affect earlier or later releases.\u003c/p\u003e"
}
],
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on SRX Series, and MX Series with SPC3 allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\n\nWhen an affected device receives specific valid TCP traffic, the pfe crashes and restarts leading to a momentary but complete service outage.\n\nThis issue affects Junos OS:\n\n21.2 releases from 21.2R3-S5 before 21.2R3-S6.\n\nThis issue does not affect earlier or later releases."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T16:16:37.977Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA83000"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: 21.2R3-S6."
}
],
"value": "The following software releases have been updated to resolve this specific issue: 21.2R3-S6."
}
],
"source": {
"advisory": "JSA83000",
"defect": [
"1733627"
],
"discovery": "USER"
},
"title": "Junos OS: SRX Series, and MX Series with SPC3: Specific valid TCP traffic can cause a pfe crash",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-39540",
"datePublished": "2024-07-11T16:16:37.977Z",
"dateReserved": "2024-06-25T15:12:53.244Z",
"dateUpdated": "2024-08-02T04:26:16.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39536 (GCVE-0-2024-39536)
Vulnerability from cvelistv5 – Published: 2024-07-11 16:13 – Updated: 2024-08-02 04:26
VLAI?
EPSS
Title
Junos OS and Junos OS Evolved: Flaps of BFD sessions with authentication cause a ppmd memory leak
Summary
A Missing Release of Memory after Effective Lifetime vulnerability in the Periodic Packet Management Daemon (ppmd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a
Denial-of-Service (DoS).
When a BFD session configured with authentication flaps, ppmd memory can leak. Whether the leak happens depends on a race condition which is outside the attackers control. This issue only affects BFD operating in distributed aka delegated (which is the default behavior) or inline mode.
Whether the leak occurs can be monitored with the following CLI command:
> show ppm request-queue
FPC Pending-request
fpc0 2
request-total-pending: 2
where a continuously increasing number of pending requests is indicative of the leak.
This issue affects:
Junos OS:
* All versions before 21.2R3-S8,
* 21.4 versions before 21.4R3-S7,
* 22.1 versions before 22.1R3-S4,
* 22.2 versions before 22.2R3-S4,
* 22.3 versions before 22.3R3,
* 22.4 versions before 22.4R2-S2, 22.4R3.
Junos OS Evolved:
* All versions before 21.2R3-S8-EVO,
* 21.4-EVO versions before 21.4R3-S7-EVO,
* 22.2-EVO versions before 22.2R3-S4-EVO,
* 22.3-EVO versions before 22.3R3-EVO,
* 22.4-EVO versions before 22.4R3-EVO.
Severity ?
CWE
- CWE-401 - Missing Release of Memory after Effective Lifetime
- Denial-of-Service (DoS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
0 , < 21.2R3-S8
(semver)
Affected: 21.4 , < 21.4R3-S7 (semver) Affected: 22.1 , < 22.1R3-S4 (semver) Affected: 22.2 , < 22.2R3-S4 (semver) Affected: 22.3 , < 22.3R3 (semver) Affected: 22.4 , < 22.4R2-S2, 22.4R3 (semver) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:juniper:junos_os:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos_os",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.2R3-S8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S7",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S4",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S4",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R2-S2",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "22.4R3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos_os_evolved",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.2R3-S8-EVO",
"status": "affected",
"version": "21.2-EVO",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S7-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S4-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R3-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R3-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
},
{
"lessThan": "23.2R1-EVO",
"status": "affected",
"version": "23.2-EVO",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39536",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T18:38:58.684082Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T19:01:50.918Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.613Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA82996"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S7",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S4",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S4",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R2-S2, 22.4R3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S8-EVO",
"status": "affected",
"version": "21.2-EVO",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S7-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S4-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R3-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R3-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
},
{
"lessThan": "23.2R1-EVO",
"status": "affected",
"version": "23.2-EVO",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "To be exposed to this issue, BFD with authentication like in the following examples needs to be \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003econfigured\u003c/span\u003e:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ protocols \u0026lt;protocol\u0026gt; ... bfd-liveness-detection\u0026nbsp;authentication ]\u003cbr\u003e[ routing-options ... bfd-liveness-detection authentication ]\u003c/tt\u003e"
}
],
"value": "To be exposed to this issue, BFD with authentication like in the following examples needs to be \n\nconfigured:\n\n[ protocols \u003cprotocol\u003e ... bfd-liveness-detection\u00a0authentication ]\n[ routing-options ... bfd-liveness-detection authentication ]"
}
],
"datePublic": "2024-07-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Missing Release of Memory after Effective Lifetime vulnerability in the Periodic Packet Management Daemon (ppmd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDenial-of-Service (DoS)\u003c/span\u003e.\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWhen a\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eBFD session configured with authentication \u003c/span\u003eflaps,\u0026nbsp;\u003c/span\u003eppmd memory can leak. Whether the leak happens depends on a\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003erace condition which is outside the attackers control. This issue only affects BFD operating in distributed aka delegated (which is the default behavior) or inline mode.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWhether the leak occurs can be monitored with the following CLI command:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u0026gt; show ppm request-queue\u003cbr\u003e\u003c/p\u003e\u003ctt\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eFPC \u0026nbsp; \u0026nbsp; Pending-request\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003efpc0\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;2\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003erequest-total-pending: 2\u003c/span\u003e\n\n\u003cbr\u003e\u003c/span\u003e\u003c/tt\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ewhere a continuously increasing number of pending requests is indicative of the leak.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJunos OS:\u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.2R3-S8,\u003c/li\u003e\u003cli\u003e21.4 versions before 21.4R3-S7,\u003c/li\u003e\u003cli\u003e22.1 versions before 22.1R3-S4,\u003c/li\u003e\u003cli\u003e22.2 versions before 22.2R3-S4, \u003c/li\u003e\u003cli\u003e22.3 versions before 22.3R3,\u003c/li\u003e\u003cli\u003e22.4 versions before 22.4R2-S2, 22.4R3.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003eJunos OS Evolved:\u003cbr\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.2R3-S8-EVO,\u003c/li\u003e\u003cli\u003e21.4-EVO versions before 21.4R3-S7-EVO,\u003c/li\u003e\u003cli\u003e22.2-EVO versions before 22.2R3-S4-EVO,\u003c/li\u003e\u003cli\u003e22.3-EVO versions before 22.3R3-EVO,\u003c/li\u003e\u003cli\u003e22.4-EVO versions before 22.4R3-EVO.\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "A Missing Release of Memory after Effective Lifetime vulnerability in the Periodic Packet Management Daemon (ppmd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a \n\nDenial-of-Service (DoS).\n\n\nWhen a\u00a0BFD session configured with authentication flaps,\u00a0ppmd memory can leak. Whether the leak happens depends on a\u00a0race condition which is outside the attackers control. This issue only affects BFD operating in distributed aka delegated (which is the default behavior) or inline mode.\n\n\n\nWhether the leak occurs can be monitored with the following CLI command:\n\n\u003e show ppm request-queue\n\n\nFPC \u00a0 \u00a0 Pending-request\nfpc0\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a02\nrequest-total-pending: 2\n\n\nwhere a continuously increasing number of pending requests is indicative of the leak.\u00a0\n\n\n\n\n\n\n\n\nThis issue affects:\n\nJunos OS:\n\n\n * All versions before 21.2R3-S8,\n * 21.4 versions before 21.4R3-S7,\n * 22.1 versions before 22.1R3-S4,\n * 22.2 versions before 22.2R3-S4, \n * 22.3 versions before 22.3R3,\n * 22.4 versions before 22.4R2-S2, 22.4R3.\n\n\n\nJunos OS Evolved:\n * All versions before 21.2R3-S8-EVO,\n * 21.4-EVO versions before 21.4R3-S7-EVO,\n * 22.2-EVO versions before 22.2R3-S4-EVO,\n * 22.3-EVO versions before 22.3R3-EVO,\n * 22.4-EVO versions before 22.4R3-EVO."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial-of-Service (DoS)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T14:42:59.790Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA82996"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue:\u003cbr\u003eJunos OS: 21.2R3-S8, 21.4R3-S7, 22.1R3-S4, 22.2R3-S4, 22.3R3, 22.4R2-S2, 22.4R3, 23.2R1, and all subsequent releases;\u003cbr\u003eJunos OS Evolved:\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e21.2R3-S8-EVO, 21.4R3-S7-EVO, 22.2R3-S4-EVO, 22.3R3-EVO, 22.4R3-EVO, 23.2R1-EVO,\u0026nbsp;and all subsequent releases.\u003c/span\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue:\nJunos OS: 21.2R3-S8, 21.4R3-S7, 22.1R3-S4, 22.2R3-S4, 22.3R3, 22.4R2-S2, 22.4R3, 23.2R1, and all subsequent releases;\nJunos OS Evolved:\u00a021.2R3-S8-EVO, 21.4R3-S7-EVO, 22.2R3-S4-EVO, 22.3R3-EVO, 22.4R3-EVO, 23.2R1-EVO,\u00a0and all subsequent releases."
}
],
"source": {
"advisory": "JSA82996",
"defect": [
"1480648"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: Flaps of BFD sessions with authentication cause a ppmd memory leak",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-39536",
"datePublished": "2024-07-11T16:13:24.485Z",
"dateReserved": "2024-06-25T15:12:53.241Z",
"dateUpdated": "2024-08-02T04:26:15.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39542 (GCVE-0-2024-39542)
Vulnerability from cvelistv5 – Published: 2024-07-11 16:17 – Updated: 2024-08-02 04:26
VLAI?
EPSS
Title
Junos OS and Junos OS Evolved: A malformed CFM packet or specific transit traffic leads to FPC crash
Summary
An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series with MPC10/11 or LC9600, MX304, and Junos OS Evolved on ACX Series and PTX Series allows an unauthenticated, network based attacker to cause a Denial-of-Service (DoS).
This issue can occur in two scenarios:
1. If a device, which is configured with SFLOW and ECMP, receives specific valid transit traffic, which is subject to sampling, the packetio process crashes, which in turn leads to an evo-aftman crash and causes the FPC to stop working until it is restarted. (This scenario is only applicable to PTX but not to ACX or MX.)
2. If a device receives a malformed CFM packet on an interface configured with CFM, the packetio process crashes, which in turn leads to an evo-aftman crash and causes the FPC to stop working until it is restarted. Please note that the CVSS score is for the formally more severe issue 1.
The CVSS score for scenario 2. is: 6.5 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
This issue affects Junos OS:
* All versions before 21.2R3-S4,
* 21.4 versions before 21.4R2,
* 22.2 versions before 22.2R3-S2;
Junos OS Evolved:
* All versions before 21.2R3-S8-EVO,
* 21.4 versions before 21.4R2-EVO.
Severity ?
CWE
- 1286 Improper Validation of Syntactic Correctness of Input
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
0 , < 21.2R3-S4
(semver)
Affected: 21.4 , < 21.4R2 (semver) Affected: 22.2 , < 22.2R2-S1, 22.2R3 (semver) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:juniper:junos_os:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "junos_os",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.2r3-s4",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4r2",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.2r2-s1",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.2r3",
"status": "affected",
"version": "22.2",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "junos_os_evolved",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.2r3-s8-evo",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4r2-evo",
"status": "affected",
"version": "21.4",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39542",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T19:31:17.419444Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1286",
"description": "CWE-1286 Improper Validation of Syntactic Correctness of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T16:32:48.675Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.909Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA83002"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"MX Series with MPC10 MPC11 or LC9600",
"MX304"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S4",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R2",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.2R2-S1, 22.2R3",
"status": "affected",
"version": "22.2",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"PTX Series",
"ACX Series"
],
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S8-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R2-EVO",
"status": "affected",
"version": "21.4",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "To be exposed to this issue at least one of CFM or sampling needs to be configured:\u003cbr\u003e\u003cbr\u003e1. CFM:\u003cbr\u003e\u003cbr\u003e\u0026nbsp; [\u0026nbsp; protocols oam\u0026nbsp;ethernet\u0026nbsp;connectivity-fault-management\u0026nbsp;maintenance-domain \u0026lt;md_name\u0026gt;\u0026nbsp;maintenance-association \u0026lt;ma_name\u0026gt;\u0026nbsp;mep \u0026lt;number\u0026gt;\u0026nbsp;interface \u0026lt;interface\u0026gt; ]\u003cbr\u003eOR\u003cbr\u003e\u0026nbsp; [\u0026nbsp; protocols oam ethernet connectivity-fault-management maintenance-domain \u0026lt;md_name\u0026gt; interface \u0026lt;interface\u0026gt;\u0026nbsp;/ vlan \u0026lt;vlan\u0026gt; ]\u003cbr\u003e\u003cbr\u003e2. ECMP, sampling\u003cbr\u003e\u003cbr\u003e\u0026nbsp; [ \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eprotocols sflow interfaces \u0026lt;interface\u0026gt;\u003c/span\u003e\n\n ]"
}
],
"value": "To be exposed to this issue at least one of CFM or sampling needs to be configured:\n\n1. CFM:\n\n\u00a0 [\u00a0 protocols oam\u00a0ethernet\u00a0connectivity-fault-management\u00a0maintenance-domain \u003cmd_name\u003e\u00a0maintenance-association \u003cma_name\u003e\u00a0mep \u003cnumber\u003e\u00a0interface \u003cinterface\u003e ]\nOR\n\u00a0 [\u00a0 protocols oam ethernet connectivity-fault-management maintenance-domain \u003cmd_name\u003e interface \u003cinterface\u003e\u00a0/ vlan \u003cvlan\u003e ]\n\n2. ECMP, sampling\n\n\u00a0 [ \n\nprotocols sflow interfaces \u003cinterface\u003e\n\n ]"
}
],
"datePublic": "2024-07-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series with MPC10/11 or \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eLC9600\u003c/span\u003e, MX304, and Junos OS Evolved on ACX Series and PTX Series allows an unauthenticated, network based attacker to cause a Denial-of-Service (DoS).\u003cbr\u003e\u003cbr\u003eThis issue can occur in two scenarios:\u003cbr\u003e\u003cbr\u003e1. If a device, which is configured with SFLOW and ECMP, receives specific valid transit traffic, which is subject to sampling, the packetio process crashes, which in turn leads to an evo-aftman crash and causes the FPC to stop working until it is restarted. (This scenario is only applicable to PTX but not to ACX or MX.)\u003cbr\u003e\u003cbr\u003e2. If a device receives a malformed CFM packet on an interface configured with CFM, the packetio process crashes, which in turn leads to an evo-aftman crash and causes the FPC to stop working until it is restarted.\u0026nbsp;\u003cp\u003ePlease note that the CVSS score is for the formally more severe issue 1.\u003c/p\u003e\u003cp\u003eThe CVSS score for scenario 2. is: 6.5 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Junos OS:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003e21.2R3-S4,\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e21.4 versions before 21.4R2,\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e22.2 versions before 22.2R3-S2;\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eJunos OS Evolved:\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003e21.2R3-S8-EVO,\u003c/span\u003e\u003c/li\u003e\u003cli\u003e21.4 versions before 21.4R2-EVO\u003cspan style=\"background-color: var(--wht);\"\u003e.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series with MPC10/11 or LC9600, MX304, and Junos OS Evolved on ACX Series and PTX Series allows an unauthenticated, network based attacker to cause a Denial-of-Service (DoS).\n\nThis issue can occur in two scenarios:\n\n1. If a device, which is configured with SFLOW and ECMP, receives specific valid transit traffic, which is subject to sampling, the packetio process crashes, which in turn leads to an evo-aftman crash and causes the FPC to stop working until it is restarted. (This scenario is only applicable to PTX but not to ACX or MX.)\n\n2. If a device receives a malformed CFM packet on an interface configured with CFM, the packetio process crashes, which in turn leads to an evo-aftman crash and causes the FPC to stop working until it is restarted.\u00a0Please note that the CVSS score is for the formally more severe issue 1.\n\nThe CVSS score for scenario 2. is: 6.5 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n\n\n\nThis issue affects Junos OS:\n\n\n\n * All versions before\u00a021.2R3-S4,\n * 21.4 versions before 21.4R2,\n * 22.2 versions before 22.2R3-S2;\u00a0\n\n\n\n\nJunos OS Evolved:\n\n\n\n\n * All versions before\u00a021.2R3-S8-EVO,\n * 21.4 versions before 21.4R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e"
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "1286 Improper Validation of Syntactic Correctness of Input",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T16:17:56.613Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA83002"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue:\u003cbr\u003eJunos OS: 21.2R3-S4, 21.4R2, 22.2R2-S1, 22.2R3, 22.3R1, and all subsequent releases.\u003cbr\u003eJunos OS Evolved: 21.2R3-S8-EVO, 21.4R2-EVO, 22.2R1-EVO, and all subsequent releases.\n\u003cbr\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue:\nJunos OS: 21.2R3-S4, 21.4R2, 22.2R2-S1, 22.2R3, 22.3R1, and all subsequent releases.\nJunos OS Evolved: 21.2R3-S8-EVO, 21.4R2-EVO, 22.2R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA83002",
"defect": [
"1654270"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: A malformed CFM packet or specific transit traffic leads to FPC crash",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-av217"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-39542",
"datePublished": "2024-07-11T16:17:56.613Z",
"dateReserved": "2024-06-25T15:12:53.244Z",
"dateUpdated": "2024-08-02T04:26:15.909Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39533 (GCVE-0-2024-39533)
Vulnerability from cvelistv5 – Published: 2024-07-11 16:08 – Updated: 2024-08-02 04:26
VLAI?
EPSS
Title
Junos OS: QFX5000 Series and EX4600 Series: Output firewall filter is not applied if certain match criteria are used
Summary
An Unimplemented or Unsupported Feature in the UI vulnerability in Juniper Networks Junos OS on QFX5000 Series and EX4600 Series allows an unauthenticated, network-based attacker to cause a minor integrity impact to downstream networks.If one or more of the following match conditions
ip-source-address
ip-destination-address
arp-type
which are not supported for this type of filter, are used in an ethernet switching filter, and then this filter is applied as an output filter, the configuration can be committed but the filter will not be in effect.
This issue affects Junos OS on QFX5000 Series and EX4600 Series:
* All version before 21.2R3-S7,
* 21.4 versions before 21.4R3-S6,
* 22.1 versions before 22.1R3-S5,
* 22.2 versions before 22.2R3-S3,
* 22.3 versions before 22.3R3-S2,
* 22.4 versions before 22.4R3,
* 23.2 versions before 23.2R2.
Please note that the implemented fix ensures these unsupported match conditions cannot be committed anymore.
Severity ?
5.8 (Medium)
CWE
- CWE-447 - Unimplemented or Unsupported Feature in UI
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
0 , < 21.2R3-S7
(semver)
Affected: 21.4 , < 21.4R3-S6 (semver) Affected: 22.1 , < 22.1R3-S5 (semver) Affected: 22.2 , < 22.2R3-S3 (semver) Affected: 22.3 , < 22.3R3-S2 (semver) Affected: 22.4 , < 22.4R3 (semver) Affected: 23.2 , < 23.2R2 (semver) |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:juniper:junos_os:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "junos_os",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.2r3-s7",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "21.4r3-s6",
"status": "affected",
"version": "21.4",
"versionType": "custom"
},
{
"lessThan": "221r3--s5",
"status": "affected",
"version": "22.1",
"versionType": "custom"
},
{
"lessThan": "22.2r3-s2",
"status": "affected",
"version": "22.2",
"versionType": "custom"
},
{
"lessThan": "22.3r3-s2",
"status": "affected",
"version": "22.3",
"versionType": "custom"
},
{
"lessThan": "22.4r3",
"status": "affected",
"version": "22.4",
"versionType": "custom"
},
{
"lessThan": "23.2r2",
"status": "affected",
"version": "23.2",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39533",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T17:43:31.828045Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T16:44:06.065Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.170Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA82993"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"QFX5000 Series",
"EX4600 Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S7",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S6",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S5",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S3",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S2",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2",
"status": "affected",
"version": "23.2",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following shows an example of such an affected filter:\u003cbr\u003e\u003ctt\u003e[ firewall family ethernet-switching filter \u0026lt;filter\u0026gt; term \u0026lt;term\u0026gt; from \n\nip-source-address\n\n ... ]\u003cbr\u003e[ interfaces \u0026lt;interface\u0026gt; unit \u0026lt;unit\u0026gt; family ethernet-switching filter output \u0026lt;filter\u0026gt; ]\u003c/tt\u003e"
}
],
"value": "The following shows an example of such an affected filter:\n[ firewall family ethernet-switching filter \u003cfilter\u003e term \u003cterm\u003e from \n\nip-source-address\n\n ... ]\n[ interfaces \u003cinterface\u003e unit \u003cunit\u003e family ethernet-switching filter output \u003cfilter\u003e ]"
}
],
"datePublic": "2024-07-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Unimplemented or Unsupported Feature in the UI vulnerability in Juniper Networks Junos OS on QFX5000 Series and EX4600 Series allows an unauthenticated, network-based attacker to cause a minor integrity impact to downstream networks.\u003cp\u003eIf one or more of the following match conditions\u003c/p\u003e\u003ctt\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eip-source-address\u003cbr\u003e\u003c/span\u003e\u003c/tt\u003e\u003ctt\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eip-destination-address\u003cbr\u003e\u003c/span\u003e\u003c/tt\u003e\u003ctt\u003e\u003cspan style=\"background-color: var(--wht);\"\u003earp-type\u003c/span\u003e\u003c/tt\u003e\n\n\u003cp\u003ewhich are not supported for this type of filter, are used in an \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eethernet switching \u003c/span\u003efilter,\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eand then this filter is applied as an output filter, the configuration can be committed but the filter will not be in effect.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Junos OS on QFX5000 Series and EX4600 Series:\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll version before 21.2R3-S7,\u0026nbsp;\u003c/li\u003e\u003cli\u003e21.4 versions before 21.4R3-S6,\u003c/li\u003e\u003cli\u003e22.1 versions before 22.1R3-S5,\u003c/li\u003e\u003cli\u003e22.2 versions before 22.2R3-S3,\u003c/li\u003e\u003cli\u003e22.3 versions before 22.3R3-S2,\u0026nbsp;\u003c/li\u003e\u003cli\u003e22.4 versions before 22.4R3,\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R2.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease note that the implemented fix ensures these unsupported match conditions cannot be committed anymore.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "An Unimplemented or Unsupported Feature in the UI vulnerability in Juniper Networks Junos OS on QFX5000 Series and EX4600 Series allows an unauthenticated, network-based attacker to cause a minor integrity impact to downstream networks.If one or more of the following match conditions\n\nip-source-address\nip-destination-address\narp-type\n\nwhich are not supported for this type of filter, are used in an ethernet switching filter,\u00a0and then this filter is applied as an output filter, the configuration can be committed but the filter will not be in effect.\n\n\n\n\nThis issue affects Junos OS on QFX5000 Series and EX4600 Series:\n\n * All version before 21.2R3-S7,\u00a0\n * 21.4 versions before 21.4R3-S6,\n * 22.1 versions before 22.1R3-S5,\n * 22.2 versions before 22.2R3-S3,\n * 22.3 versions before 22.3R3-S2,\u00a0\n * 22.4 versions before 22.4R3,\n * 23.2 versions before 23.2R2.\n\n\n\nPlease note that the implemented fix ensures these unsupported match conditions cannot be committed anymore."
}
],
"exploits": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-447",
"description": "CWE-447 Unimplemented or Unsupported Feature in UI",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T16:08:29.431Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA82993"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: 21.2R3-S7, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3, 23.2R2, 23.4R1, and all subsequent releases.\u003cbr\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue: 21.2R3-S7, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3, 23.2R2, 23.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA82993",
"defect": [
"1761884"
],
"discovery": "USER"
},
"title": "Junos OS: QFX5000 Series and EX4600 Series: Output firewall filter is not applied if certain match criteria are used",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-39533",
"datePublished": "2024-07-11T16:08:29.431Z",
"dateReserved": "2024-06-25T15:12:53.241Z",
"dateUpdated": "2024-08-02T04:26:15.170Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39556 (GCVE-0-2024-39556)
Vulnerability from cvelistv5 – Published: 2024-07-10 22:38 – Updated: 2024-08-02 04:26
VLAI?
EPSS
Title
Junos OS and Junos OS Evolved: Loading a malicious certificate from the CLI may result in a stack-based overflow
Summary
A Stack-Based Buffer Overflow vulnerability in Juniper Networks Junos OS and Juniper Networks Junos OS Evolved may allow a local, low-privileged attacker with access to the CLI the ability to load a malicious certificate file, leading to a limited Denial of Service (DoS) or privileged code execution.
By exploiting the 'set security certificates' command with a crafted certificate file, a malicious attacker with access to the CLI could cause a crash of the command management daemon (mgd), limited to the local user's command interpreter, or potentially trigger a stack-based buffer overflow.
This issue affects:
Junos OS:
* All versions before 21.4R3-S7,
* from 22.1 before 22.1R3-S6,
* from 22.2 before 22.2R3-S4,
* from 22.3 before 22.3R3-S3,
* from 22.4 before 22.4R3-S2,
* from 23.2 before 23.2R2,
* from 23.4 before 23.4R1-S1, 23.4R2;
Junos OS Evolved:
* All versions before 21.4R3-S7-EVO,
* from 22.1-EVO before 22.1R3-S6-EVO,
* from 22.2-EVO before 22.2R3-S4-EVO,
* from 22.3-EVO before 22.3R3-S3-EVO,
* from 22.4-EVO before 22.4R3-S2-EVO,
* from 23.2-EVO before 23.2R2-EVO,
* from 23.4-EVO before 23.4R1-S1-EVO, 23.4R2-EVO.
Severity ?
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
0 , < 21.4R3-S7
(semver)
Affected: 22.1 , < 22.1R3-S6 (semver) Affected: 22.2 , < 22.2R3-S4 (semver) Affected: 22.3 , < 22.3R3-S3 (semver) Affected: 22.4 , < 22.4R3-S2 (semver) Affected: 23.2 , < 23.2R2 (semver) Affected: 23.4 , < 23.4R1-S1, 23.4R2 (semver) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "junos_os_evolved",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.4r3-s7-evo",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "22.1r3-s6-evo",
"status": "affected",
"version": "22.1-evo",
"versionType": "semver"
},
{
"lessThan": "22.2r3-s4-evo",
"status": "affected",
"version": "22.2-evo",
"versionType": "semver"
},
{
"lessThan": "22.3r3-s3-evo",
"status": "affected",
"version": "22.3-evo",
"versionType": "semver"
},
{
"lessThan": "22.4r3-s3-evo",
"status": "affected",
"version": "22.4-evo",
"versionType": "semver"
},
{
"lessThan": "23.2r2-evo",
"status": "affected",
"version": "23.2-evo",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:juniper:junos_os:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "junos_os",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.4r3-s7",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "22.1r3-s6",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2r3-s4",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3r3-s3",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4r3-s2",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2r2",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4r1-s1",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "23.4r2",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "23.4r1-s1-evo",
"status": "affected",
"version": "23.4-evo",
"versionType": "semver"
},
{
"lessThan": "23.4r2-evo",
"status": "affected",
"version": "23.4-evo",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39556",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-12T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-13T03:55:17.897Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA83016"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.4R3-S7",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S6",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S4",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S3",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S2",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R1-S1, 23.4R2",
"status": "affected",
"version": "23.4",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.4R3-S7-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S6-EVO",
"status": "affected",
"version": "22.1-EVO",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S4-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S3-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S2-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
},
{
"lessThan": "23.2R2-EVO",
"status": "affected",
"version": "23.2-EVO",
"versionType": "semver"
},
{
"lessThan": "23.4R1-S1-EVO, 23.4R2-EVO",
"status": "affected",
"version": "23.4-EVO",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-07-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Stack-Based Buffer Overflow vulnerability in Juniper Networks Junos OS and Juniper Networks Junos OS Evolved may allow a local, low-privileged attacker with access to the CLI the ability to load a malicious certificate file, leading to a limited Denial of Service (DoS) or privileged code execution.\u003cbr\u003e\u003cbr\u003eBy exploiting the \u0027set security certificates\u0027 command with a crafted certificate file, a malicious attacker with access to the CLI could cause a crash of the command management daemon (mgd), limited to the local user\u0027s command interpreter, or potentially trigger a stack-based buffer overflow.\n\n\u003cbr\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003e\u0026nbsp;Junos OS: \u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.4R3-S7, \u003c/li\u003e\u003cli\u003efrom 22.1 before 22.1R3-S6, \u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S4, \u003c/li\u003e\u003cli\u003efrom 22.3 before 22.3R3-S3, \u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3-S2, \u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2, \u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R1-S1, 23.4R2;\u0026nbsp;\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eJunos OS Evolved: \u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.4R3-S7-EVO, \u003c/li\u003e\u003cli\u003efrom 22.1-EVO before 22.1R3-S6-EVO, \u003c/li\u003e\u003cli\u003efrom 22.2-EVO before 22.2R3-S4-EVO, \u003c/li\u003e\u003cli\u003efrom 22.3-EVO before 22.3R3-S3-EVO, \u003c/li\u003e\u003cli\u003efrom 22.4-EVO before 22.4R3-S2-EVO, \u003c/li\u003e\u003cli\u003efrom 23.2-EVO before 23.2R2-EVO, \u003c/li\u003e\u003cli\u003efrom 23.4-EVO before 23.4R1-S1-EVO, 23.4R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "A Stack-Based Buffer Overflow vulnerability in Juniper Networks Junos OS and Juniper Networks Junos OS Evolved may allow a local, low-privileged attacker with access to the CLI the ability to load a malicious certificate file, leading to a limited Denial of Service (DoS) or privileged code execution.\n\nBy exploiting the \u0027set security certificates\u0027 command with a crafted certificate file, a malicious attacker with access to the CLI could cause a crash of the command management daemon (mgd), limited to the local user\u0027s command interpreter, or potentially trigger a stack-based buffer overflow.\n\n\nThis issue affects:\n\n\u00a0Junos OS: \n\n\n * All versions before 21.4R3-S7, \n * from 22.1 before 22.1R3-S6, \n * from 22.2 before 22.2R3-S4, \n * from 22.3 before 22.3R3-S3, \n * from 22.4 before 22.4R3-S2, \n * from 23.2 before 23.2R2, \n * from 23.4 before 23.4R1-S1, 23.4R2;\u00a0\n\n\n\n\nJunos OS Evolved: \n\n\n * All versions before 21.4R3-S7-EVO, \n * from 22.1-EVO before 22.1R3-S6-EVO, \n * from 22.2-EVO before 22.2R3-S4-EVO, \n * from 22.3-EVO before 22.3R3-S3-EVO, \n * from 22.4-EVO before 22.4R3-S2-EVO, \n * from 23.2-EVO before 23.2R2-EVO, \n * from 23.4-EVO before 23.4R1-S1-EVO, 23.4R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T22:38:44.894Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA83016"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: \u003cbr\u003eJunos OS: 21.2R3-S8, 21.4R3-S7, 22.1R3-S6, 22.2R3-S4, 22.3R3-S3, 22.4R3-S2, 23.2R2, 23.4R1-S1, 23.4R2, 24.2R1, and all subsequent releases.\u003cbr\u003e\nJunos OS Evolved:\u0026nbsp;21.2R3-S8-EVO, 21.4R3-S7-EVO, 22.1R3-S6-EVO, 22.2R3-S4-EVO, 22.3R3-S3-EVO, 22.4R3-S2-EVO, 23.2R2-EVO, 23.4R1-S1-EVO, 23.4R2-EVO, 24.2R1-EVO, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue: \nJunos OS: 21.2R3-S8, 21.4R3-S7, 22.1R3-S6, 22.2R3-S4, 22.3R3-S3, 22.4R3-S2, 23.2R2, 23.4R1-S1, 23.4R2, 24.2R1, and all subsequent releases.\n\nJunos OS Evolved:\u00a021.2R3-S8-EVO, 21.4R3-S7-EVO, 22.1R3-S6-EVO, 22.2R3-S4-EVO, 22.3R3-S3-EVO, 22.4R3-S2-EVO, 23.2R2-EVO, 23.4R1-S1-EVO, 23.4R2-EVO, 24.2R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA83016",
"defect": [
"1780283"
],
"discovery": "INTERNAL"
},
"title": "Junos OS and Junos OS Evolved: Loading a malicious certificate from the CLI may result in a stack-based overflow",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-39556",
"datePublished": "2024-07-10T22:38:44.894Z",
"dateReserved": "2024-06-25T15:12:53.247Z",
"dateUpdated": "2024-08-02T04:26:15.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39561 (GCVE-0-2024-39561)
Vulnerability from cvelistv5 – Published: 2024-07-10 22:46 – Updated: 2024-08-02 04:26
VLAI?
EPSS
Title
Junos OS: SRX4600, SRX5000 Series: TCP packets with SYN/FIN or SYN/RST are transferred after enabling no-syn-check with Express Path
Summary
An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on
SRX4600 and SRX5000 Series
allows an attacker to send TCP packets with
SYN/FIN or SYN/RST
flags, bypassing the expected blocking of these packets.
A TCP packet with SYN/FIN or SYN/RST should be dropped in flowd. However, when no-syn-check and Express Path are enabled, these TCP packets are unexpectedly transferred to the downstream network.
This issue affects Junos OS on SRX4600 and SRX5000 Series:
* All versions before 21.2R3-S8,
* from 21.4 before 21.4R3-S7,
* from 22.1 before 22.1R3-S6,
* from 22.2 before 22.2R3-S4,
* from 22.3 before 22.3R3-S3,
* from 22.4 before 22.4R3-S2,
* from 23.2 before 23.2R2,
* from 23.4 before 23.4R1-S1, 23.4R2.
Severity ?
5.8 (Medium)
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
0 , < 21.2R3-S8
(semver)
Affected: 21.4 , < 21.4R3-S7 (semver) Affected: 22.1 , < 22.1R3-S6 (semver) Affected: 22.2 , < 22.2R3-S4 (semver) Affected: 22.3 , < 22.3R3-S3 (semver) Affected: 22.4 , < 22.4R3-S2 (semver) Affected: 23.2 , < 23.2R2 (semver) Affected: 23.4 , < 23.4R1-S1, 23.4R2 (semver) |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.2r3-s8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:juniper:junos:21.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.4r3-s7",
"status": "affected",
"version": "21.4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:juniper:junos:22.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos",
"vendor": "juniper",
"versions": [
{
"lessThan": "22.2r3-s4",
"status": "affected",
"version": "22.2",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:juniper:junos:22.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos",
"vendor": "juniper",
"versions": [
{
"lessThan": "22.3r3-s3",
"status": "affected",
"version": "22.3",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:juniper:junos:22.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos",
"vendor": "juniper",
"versions": [
{
"lessThan": "22.4r3-s2",
"status": "affected",
"version": "22.4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:juniper:junos:23.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos",
"vendor": "juniper",
"versions": [
{
"lessThan": "23.2r2",
"status": "affected",
"version": "23.2",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39561",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T13:23:34.650518Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T13:35:23.147Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.914Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA83021"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"SRX4600",
"SRX5000 Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S7",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S6",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S4",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S3",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S2",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R1-S1, 23.4R2",
"status": "affected",
"version": "23.4",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue only affects systems with both no-syn-check and Express Path enabled:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[set security flow tcp-session no-syn-check]\u003cbr\u003e\u003cbr\u003e[set security forwarding-options services-offload enable]\u003c/tt\u003e\u003cbr\u003e(This can also be enabled per security policy)\u003cbr\u003e\u003cbr\u003e\u003cb\u003eNote:\u003c/b\u003e\u0026nbsp;Automated Express Path is enabled by default starting with Junos OS 21.2R1."
}
],
"value": "This issue only affects systems with both no-syn-check and Express Path enabled:\n\n[set security flow tcp-session no-syn-check]\n\n[set security forwarding-options services-offload enable]\n(This can also be enabled per security policy)\n\nNote:\u00a0Automated Express Path is enabled by default starting with Junos OS 21.2R1."
}
],
"datePublic": "2024-07-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cbr\u003e\n\u003cbr\u003eAn Improper Check for Unusual or Exceptional Conditions vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on \n\nSRX4600 and SRX5000 Series\n\n allows an attacker to send TCP packets with \n\nSYN/FIN or SYN/RST\n\n flags, bypassing the expected blocking of these packets.\u003cbr\u003e\u003cbr\u003eA TCP packet with SYN/FIN or SYN/RST should be dropped in flowd. However, when no-syn-check and Express Path\u0026nbsp;are enabled, these TCP packets are unexpectedly transferred to the downstream network.\u003cbr\u003e\u003cbr\u003e\u003cp\u003eThis issue affects Junos OS on SRX4600 and SRX5000 Series: \u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.2R3-S8, \u003c/li\u003e\u003cli\u003efrom 21.4 before 21.4R3-S7, \u003c/li\u003e\u003cli\u003efrom 22.1 before 22.1R3-S6, \u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S4, \u003c/li\u003e\u003cli\u003efrom 22.3 before 22.3R3-S3, \u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3-S2, \u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2, \u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R1-S1, 23.4R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on \n\nSRX4600 and SRX5000 Series\n\n allows an attacker to send TCP packets with \n\nSYN/FIN or SYN/RST\n\n flags, bypassing the expected blocking of these packets.\n\nA TCP packet with SYN/FIN or SYN/RST should be dropped in flowd. However, when no-syn-check and Express Path\u00a0are enabled, these TCP packets are unexpectedly transferred to the downstream network.\n\nThis issue affects Junos OS on SRX4600 and SRX5000 Series: \n\n\n * All versions before 21.2R3-S8, \n * from 21.4 before 21.4R3-S7, \n * from 22.1 before 22.1R3-S6, \n * from 22.2 before 22.2R3-S4, \n * from 22.3 before 22.3R3-S3, \n * from 22.4 before 22.4R3-S2, \n * from 23.2 before 23.2R2, \n * from 23.4 before 23.4R1-S1, 23.4R2."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T15:35:11.923Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA83021"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: 21.2R3-S8, 21.4R3-S7, 22.1R3-S6, 22.2R3-S4, 22.3R3-S3, 22.4R3-S2, 23.2R2, 23.4R1-S1, 23.4R2, 24.2R1, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue: 21.2R3-S8, 21.4R3-S7, 22.1R3-S6, 22.2R3-S4, 22.3R3-S3, 22.4R3-S2, 23.2R2, 23.4R1-S1, 23.4R2, 24.2R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA83021",
"defect": [
"1776940"
],
"discovery": "USER"
},
"title": "Junos OS: SRX4600, SRX5000 Series: TCP packets with SYN/FIN or SYN/RST are transferred after enabling no-syn-check with Express Path",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue can be mitigated by disabling Express Path:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[set security forwarding-options services-offload disable]\u003c/tt\u003e\u003cbr\u003e"
}
],
"value": "This issue can be mitigated by disabling Express Path:\n\n[set security forwarding-options services-offload disable]"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-39561",
"datePublished": "2024-07-10T22:46:34.024Z",
"dateReserved": "2024-06-25T15:12:53.248Z",
"dateUpdated": "2024-08-02T04:26:15.914Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39558 (GCVE-0-2024-39558)
Vulnerability from cvelistv5 – Published: 2024-07-10 22:40 – Updated: 2024-08-13 20:36
VLAI?
EPSS
Title
Junos OS and Junos OS Evolved: Receipt of specific PIM packet causes rpd crash when PIM is configured along with MoFRR
Summary
An Unchecked Return Value vulnerability in the Routing Protocol Daemon (rpd) on Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows a logically adjacent, unauthenticated attacker sending a specific PIM packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS), when PIM is configured with Multicast-only Fast Reroute (MoFRR). Continued receipt and processing of this packet may create a sustained Denial of Service (DoS) condition.
This issue is observed on Junos and Junos Evolved platforms where PIM is configured along with MoFRR. MoFRR tries to select the active path, but due to an internal timing issue, rpd is unable to select the forwarding next-hop towards the source, resulting in an rpd crash.
This issue affects:
Junos OS:
* All versions before 20.4R3-S10,
* from 21.2 before 21.2R3-S7,
* from 21.4 before 21.4R3-S6,
* from 22.1 before 22.1R3-S5,
* from 22.2 before 22.2R3-S3,
* from 22.3 before 22.3R3,
* from 22.4 before 22.4R2;
Junos OS Evolved:
* All versions before 20.4R3-S10 -EVO,
* All versions of 21.2-EVO,
* from 21.4-EVO before 21.4R3-S9-EVO,
* from 22.1-EVO before 22.1R3-S5-EVO,
* from 22.2-EVO before 22.2R3-S3-EVO,
* from 22.3-EVO before 22.3R3-EVO,
* from 22.4-EVO before 22.4R2-EVO.
Severity ?
CWE
- CWE-252 - Unchecked Return Value
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
0 , < 20.4R3-S10
(semver)
Affected: 21.2 , < 21.2R3-S7 (semver) Affected: 21.4 , < 21.4R3-S6 (semver) Affected: 22.1 , < 22.1R3-S5 (semver) Affected: 22.2 , < 22.2R3-S3 (semver) Affected: 22.3 , < 22.3R3 (semver) Affected: 22.4 , < 22.4R2 (semver) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:juniper:junos_os:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos_os",
"vendor": "juniper",
"versions": [
{
"lessThan": "20.4R3-S10",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.2R3-S7",
"status": "affected",
"version": "21.2",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S6",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S5",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S3",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R2",
"status": "affected",
"version": "22.4",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos_os_evolved",
"vendor": "juniper",
"versions": [
{
"lessThan": "20.4R3-S10-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.2*-EVO",
"status": "affected",
"version": "21.2R1-EVO",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S9-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S5-EVO",
"status": "affected",
"version": "22.1-EVO",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S3-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R3-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R2-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39558",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T14:25:31.554466Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T20:36:57.726Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.994Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA83018"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S10",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.2R3-S7",
"status": "affected",
"version": "21.2",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S6",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S5",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S3",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R2",
"status": "affected",
"version": "22.4",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S10-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.2*-EVO",
"status": "affected",
"version": "21.2R1-EVO",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S9-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S5-EVO",
"status": "affected",
"version": "22.1-EVO",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S3-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R3-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R2-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue only affects systems with PIM and MoFRR enabled.\u0026nbsp; For example:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ protocols pim ]\u003cbr\u003e[ routing-options multicast stream-protection ]\u003c/tt\u003e"
}
],
"value": "This issue only affects systems with PIM and MoFRR enabled.\u00a0 For example:\n\n[ protocols pim ]\n[ routing-options multicast stream-protection ]"
}
],
"datePublic": "2024-07-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Unchecked Return Value vulnerability in the Routing Protocol Daemon (rpd) on Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows a logically adjacent, unauthenticated attacker sending a specific PIM packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS), when PIM is configured with Multicast-only Fast Reroute (MoFRR). Continued receipt and processing of this packet may create a sustained Denial of Service (DoS) condition.\u003cbr\u003e\u003cbr\u003eThis issue is observed on Junos and Junos Evolved platforms where PIM is configured along with MoFRR. MoFRR tries to select the active path, but due to an internal timing issue, rpd is unable to select the forwarding next-hop towards the source, resulting in an rpd crash.\u003cbr\u003e\u003cbr\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJunos OS: \u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 20.4R3-S10, \u003c/li\u003e\u003cli\u003efrom 21.2 before 21.2R3-S7, \u003c/li\u003e\u003cli\u003efrom 21.4 before 21.4R3-S6, \u003c/li\u003e\u003cli\u003efrom 22.1 before 22.1R3-S5, \u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S3, \u003c/li\u003e\u003cli\u003efrom 22.3 before 22.3R3, \u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R2;\u0026nbsp;\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eJunos OS Evolved: \u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 20.4R3-S10 -EVO,\u003c/li\u003e\u003cli\u003eAll versions of 21.2-EVO,\u003c/li\u003e\u003cli\u003efrom 21.4-EVO before 21.4R3-S9-EVO,\u003c/li\u003e\u003cli\u003efrom 22.1-EVO before 22.1R3-S5-EVO,\u003c/li\u003e\u003cli\u003efrom 22.2-EVO before 22.2R3-S3-EVO,\u003c/li\u003e\u003cli\u003efrom 22.3-EVO before 22.3R3-EVO,\u003c/li\u003e\u003cli\u003efrom 22.4-EVO before 22.4R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "An Unchecked Return Value vulnerability in the Routing Protocol Daemon (rpd) on Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows a logically adjacent, unauthenticated attacker sending a specific PIM packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS), when PIM is configured with Multicast-only Fast Reroute (MoFRR). Continued receipt and processing of this packet may create a sustained Denial of Service (DoS) condition.\n\nThis issue is observed on Junos and Junos Evolved platforms where PIM is configured along with MoFRR. MoFRR tries to select the active path, but due to an internal timing issue, rpd is unable to select the forwarding next-hop towards the source, resulting in an rpd crash.\n\nThis issue affects:\n\nJunos OS: \n\n\n * All versions before 20.4R3-S10, \n * from 21.2 before 21.2R3-S7, \n * from 21.4 before 21.4R3-S6, \n * from 22.1 before 22.1R3-S5, \n * from 22.2 before 22.2R3-S3, \n * from 22.3 before 22.3R3, \n * from 22.4 before 22.4R2;\u00a0\n\n\n\n\nJunos OS Evolved: \n\n\n * All versions before 20.4R3-S10 -EVO,\n * All versions of 21.2-EVO,\n * from 21.4-EVO before 21.4R3-S9-EVO,\n * from 22.1-EVO before 22.1R3-S5-EVO,\n * from 22.2-EVO before 22.2R3-S3-EVO,\n * from 22.3-EVO before 22.3R3-EVO,\n * from 22.4-EVO before 22.4R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/R:A",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-252",
"description": "CWE-252 Unchecked Return Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T20:50:13.375Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA83018"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue:\u003cbr\u003eJunos: 20.4R3-S10, 21.2R3-S7, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3, 22.4R2, 23.2R1, and all subsequent releases.\u003cbr\u003eJunos OS Evolved: 20.4R3-S10-EVO, 21.4R3-S9-EVO, 22.1R3-S5-EVO, 22.2R3-S3-EVO, 22.3R3-EVO, 22.4R2-EVO, 23.2R1-EVO, and all subsequent releases.\u003cbr\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue:\nJunos: 20.4R3-S10, 21.2R3-S7, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3, 22.4R2, 23.2R1, and all subsequent releases.\nJunos OS Evolved: 20.4R3-S10-EVO, 21.4R3-S9-EVO, 22.1R3-S5-EVO, 22.2R3-S3-EVO, 22.3R3-EVO, 22.4R2-EVO, 23.2R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA83018",
"defect": [
"1709038"
],
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-07-10T16:00:00.000Z",
"value": "Initial Publication"
},
{
"lang": "en",
"time": "2024-08-08T21:00:00.000Z",
"value": "Updated list of EVO affected and fixed releases"
}
],
"title": "Junos OS and Junos OS Evolved: Receipt of specific PIM packet causes rpd crash when PIM is configured along with MoFRR",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-39558",
"datePublished": "2024-07-10T22:40:44.365Z",
"dateReserved": "2024-06-25T15:12:53.247Z",
"dateUpdated": "2024-08-13T20:36:57.726Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39530 (GCVE-0-2024-39530)
Vulnerability from cvelistv5 – Published: 2024-07-11 16:04 – Updated: 2024-08-02 04:26
VLAI?
EPSS
Title
Junos OS: Attempting to access specific sensors on platforms not supporting these will lead to a chassisd crash
Summary
An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis management daemon (chassisd) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a
Denial-of-Service (DoS).
If an attempt is made to access specific sensors on platforms not supporting these sensors, either via GRPC or netconf, chassisd will crash and restart leading to a restart of all FPCs and thereby a complete outage.
This issue affects Junos OS:
* 21.4 versions from 21.4R3 before 21.4R3-S5,
* 22.1 versions from 22.1R3 before 22.1R3-S4,
* 22.2 versions from 22.2R2 before 22.2R3,
* 22.3 versions from 22.3R1 before 22.3R2-S2, 22.3R3,
* 22.4 versions from 22.4R1 before 22.4R2.
This issue does not affect Junos OS versions earlier than 21.4.
Severity ?
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
21.4R3 , < 21.4R3-S5
(semver)
Affected: 22.1R3 , < 22.1R3-S4 (semver) Affected: 22.2R2 , < 22.2R3 (semver) Affected: 22.3R1 , < 22.3R2-S2, 22.3R3 (semver) Affected: 22.4R1 , < 22.4R2 (semver) Unaffected: 0 , < 21.4 (semver) |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:juniper:junos_os:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "junos_os",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.4",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "22.4r2",
"status": "affected",
"version": "22.4r1",
"versionType": "semver"
},
{
"lessThan": "22.3r2-s2",
"status": "affected",
"version": "22.3r1",
"versionType": "semver"
},
{
"lessThan": "22.3r3",
"status": "affected",
"version": "22.3r1",
"versionType": "custom"
},
{
"lessThan": "22.2r3",
"status": "affected",
"version": "22.2r2",
"versionType": "semver"
},
{
"lessThan": "22.1r3-s4",
"status": "affected",
"version": "22.1r3",
"versionType": "semver"
},
{
"lessThan": "21.4r3-s5",
"status": "affected",
"version": "21.4r3",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39530",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T20:25:07.250062Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T16:31:27.051Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.620Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA82989"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.4R3-S5",
"status": "affected",
"version": "21.4R3",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S4",
"status": "affected",
"version": "22.1R3",
"versionType": "semver"
},
{
"lessThan": "22.2R3",
"status": "affected",
"version": "22.2R2",
"versionType": "semver"
},
{
"lessThan": "22.3R2-S2, 22.3R3",
"status": "affected",
"version": "22.3R1",
"versionType": "semver"
},
{
"lessThan": "22.4R2",
"status": "affected",
"version": "22.4R1",
"versionType": "semver"
},
{
"lessThan": "21.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "For this issue to be exploited over GRPC it needs to be configured as follows:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ system services extension-service request-response grpc ]\u003c/tt\u003e"
}
],
"value": "For this issue to be exploited over GRPC it needs to be configured as follows:\n\n[ system services extension-service request-response grpc ]"
}
],
"datePublic": "2024-07-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis management daemon (chassisd) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDenial-of-Service (DoS)\u003c/span\u003e.\u003cbr\u003e\u003cbr\u003eIf an attempt is made to access specific sensors on platforms not supporting these sensors, either via GRPC or netconf, chassisd will crash and restart leading to a restart of all FPCs and thereby a complete outage.\u003cbr\u003e\u003cbr\u003e\u003cp\u003eThis issue affects Junos OS:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e21.4 versions from 21.4R3 before 21.4R3-S5,\u003c/li\u003e\u003cli\u003e22.1 versions from 22.1R3 before 22.1R3-S4,\u003c/li\u003e\u003cli\u003e22.2 versions from 22.2R2 before 22.2R3,\u003c/li\u003e\u003cli\u003e22.3 versions from 22.3R1 before 22.3R2-S2, 22.3R3,\u003c/li\u003e\u003cli\u003e22.4 versions from 22.4R1 before 22.4R2.\u003c/li\u003e\u003c/ul\u003eThis issue does not affect Junos OS versions earlier than 21.4.\u003cbr\u003e"
}
],
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis management daemon (chassisd) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a \n\nDenial-of-Service (DoS).\n\nIf an attempt is made to access specific sensors on platforms not supporting these sensors, either via GRPC or netconf, chassisd will crash and restart leading to a restart of all FPCs and thereby a complete outage.\n\nThis issue affects Junos OS:\n\n\n\n * 21.4 versions from 21.4R3 before 21.4R3-S5,\n * 22.1 versions from 22.1R3 before 22.1R3-S4,\n * 22.2 versions from 22.2R2 before 22.2R3,\n * 22.3 versions from 22.3R1 before 22.3R2-S2, 22.3R3,\n * 22.4 versions from 22.4R1 before 22.4R2.\n\n\nThis issue does not affect Junos OS versions earlier than 21.4."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T16:04:13.075Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA82989"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: 21.4R3-S5, 22.1R3-S4, 22.2R3, 22.3R2-S2, 22.3R3, 22.4R2, 23.2R1, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue: 21.4R3-S5, 22.1R3-S4, 22.2R3, 22.3R2-S2, 22.3R3, 22.4R2, 23.2R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA82989",
"defect": [
"1708557"
],
"discovery": "INTERNAL"
},
"title": "Junos OS: Attempting to access specific sensors on platforms not supporting these will lead to a chassisd crash",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-39530",
"datePublished": "2024-07-11T16:04:13.075Z",
"dateReserved": "2024-06-25T15:12:53.240Z",
"dateUpdated": "2024-08-02T04:26:15.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39517 (GCVE-0-2024-39517)
Vulnerability from cvelistv5 – Published: 2024-07-10 23:06 – Updated: 2024-08-02 04:26
VLAI?
EPSS
Title
Junos OS and Junos OS Evolved: Upon processing specific L2 traffic, rpd can hang in devices with EVPN/VXLAN configured
Summary
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Layer 2 Address Learning Daemon (l2ald) on Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause Denial of Service (DoS).
In an EVPN/VXLAN scenario, when a high amount specific Layer 2 packets are processed by the device, it can cause the Routing Protocol Daemon (rpd) to utilize all CPU resources which causes the device to hang. A manual restart of the rpd is required to restore services.
This issue affects both IPv4 and IPv6 implementations.
This issue affects
Junos OS:
All versions earlier than 21.4R3-S7;
22.1 versions earlier than 22.1R3-S5;
22.2 versions earlier than 22.2R3-S3;
22.3 versions earlier than 22.3R3-S3;
22.4 versions earlier than 22.4R3-S2;
23.2 versions earlier than 23.2R2;
23.4 versions earlier than 23.4R1-S1.
Junos OS Evolved:
All versions earlier than 21.4R3-S7-EVO;
22.1-EVO versions earlier than 22.1R3-S5-EVO;
22.2-EVO versions earlier than 22.2R3-S3-EVO;
22.3-EVO versions earlier than 22.3R3-S3-EVO;
22.4-EVO versions earlier than 22.4R3-S2-EVO;
23.2-EVO versions earlier than 23.2R2-EVO;
23.4-EVO versions earlier than 23.4R1-S1-EVO, 23.4R2-EVO.
Severity ?
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
0 , < 21.2R3-S8
(semver)
Affected: 21.4 , < 21.4R3-S7 (semver) Affected: 22.1 , < 22.1R3-S5 (semver) Affected: 22.2 , < 22.2R3-S3 (semver) Affected: 22.3 , < 22.3R3-S3 (semver) Affected: 22.4 , < 22.4R3-S2 (semver) Affected: 23.2 , < 23.2R2 (semver) Affected: 23.4 , < 23.4R1-S1 (semver) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39517",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T13:08:45.672820Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T13:09:04.536Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.885Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA79175"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S7",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S5",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S3",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S3",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S2",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R1-S1",
"status": "affected",
"version": "23.4",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S8-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S7-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S5-EVO",
"status": "affected",
"version": "22.1-EVO",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S3-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S3-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S2-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
},
{
"lessThan": "23.2R2-EVO",
"status": "affected",
"version": "23.2-EVO",
"versionType": "semver"
},
{
"lessThan": "23.4R1-S1-EVO, 23.4R2-EVO",
"status": "affected",
"version": "23.4-EVO",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eEVPN is configured on the device:\u003cbr\u003e\u003c/p\u003e\u003ctt\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp; \u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e[protocols evpn]\u003c/span\u003e\u003c/tt\u003e\u003cp\u003eTo be exposed to this issue the device needs be configured for VXLAN with either of the following statements:\u003cbr\u003e\u003c/p\u003e\u003ctt\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp; [vlans \u0026lt;vlan\u0026gt; vxlan]\u003cbr\u003e\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp; [routing-instances \u0026lt;routing-instance\u0026gt; vxlan]\u003c/span\u003e\u003c/tt\u003e"
}
],
"value": "EVPN is configured on the device:\n\n\n\u00a0 [protocols evpn]To be exposed to this issue the device needs be configured for VXLAN with either of the following statements:\n\n\n\u00a0 [vlans \u003cvlan\u003e vxlan]\n\u00a0 [routing-instances \u003crouting-instance\u003e vxlan]"
}
],
"datePublic": "2024-07-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the\u0026nbsp;Layer 2 Address Learning Daemon (l2ald) on Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003eIn an \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEVPN/VXLAN\u003c/span\u003e scenario, when a high amount specific Layer 2 packets are processed by the device, it can cause the Routing Protocol Daemon (rpd) to utilize all CPU resources which causes the device to hang. A manual restart of the rpd is required to restore services.\u003cbr\u003e\u003cbr\u003eThis issue affects both IPv4 and IPv6 implementations.\u003cbr\u003e\u003cp\u003eThis issue affects\u003cbr\u003eJunos OS:\u003cbr\u003eAll versions earlier than\u0026nbsp;21.4R3-S7;\u003cbr\u003e22.1\u0026nbsp;versions earlier than 22.1R3-S5;\u003cbr\u003e22.2 versions earlier than\u0026nbsp;22.2R3-S3;\u003cbr\u003e22.3 versions earlier than\u0026nbsp;22.3R3-S3;\u003cbr\u003e22.4 versions earlier than\u0026nbsp;22.4R3-S2;\u003cbr\u003e23.2 versions earlier than\u0026nbsp;23.2R2;\u003cbr\u003e23.4 versions earlier than\u0026nbsp;23.4R1-S1.\u003c/p\u003eJunos OS Evolved:\u003cbr\u003eAll versions earlier than\u0026nbsp;21.4R3-S7-EVO;\u003cbr\u003e22.1-EVO versions earlier than\u0026nbsp;22.1R3-S5-EVO;\u003cbr\u003e22.2-EVO versions earlier than\u0026nbsp;22.2R3-S3-EVO;\u003cbr\u003e22.3-EVO versions earlier than 22.3R3-S3-EVO;\u003cbr\u003e22.4-EVO versions earlier than\u0026nbsp;22.4R3-S2-EVO;\u003cbr\u003e23.2-EVO versions earlier than\u0026nbsp;23.2R2-EVO;\u003cbr\u003e23.4-EVO versions earlier than\u0026nbsp;23.4R1-S1-EVO, 23.4R2-EVO."
}
],
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the\u00a0Layer 2 Address Learning Daemon (l2ald) on Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause Denial of Service (DoS).\n\nIn an EVPN/VXLAN scenario, when a high amount specific Layer 2 packets are processed by the device, it can cause the Routing Protocol Daemon (rpd) to utilize all CPU resources which causes the device to hang. A manual restart of the rpd is required to restore services.\n\nThis issue affects both IPv4 and IPv6 implementations.\nThis issue affects\nJunos OS:\nAll versions earlier than\u00a021.4R3-S7;\n22.1\u00a0versions earlier than 22.1R3-S5;\n22.2 versions earlier than\u00a022.2R3-S3;\n22.3 versions earlier than\u00a022.3R3-S3;\n22.4 versions earlier than\u00a022.4R3-S2;\n23.2 versions earlier than\u00a023.2R2;\n23.4 versions earlier than\u00a023.4R1-S1.\n\nJunos OS Evolved:\nAll versions earlier than\u00a021.4R3-S7-EVO;\n22.1-EVO versions earlier than\u00a022.1R3-S5-EVO;\n22.2-EVO versions earlier than\u00a022.2R3-S3-EVO;\n22.3-EVO versions earlier than 22.3R3-S3-EVO;\n22.4-EVO versions earlier than\u00a022.4R3-S2-EVO;\n23.2-EVO versions earlier than\u00a023.2R2-EVO;\n23.4-EVO versions earlier than\u00a023.4R1-S1-EVO, 23.4R2-EVO."
}
],
"exploits": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T23:06:40.329Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA79175"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue:\u0026nbsp;\u003cbr\u003e\nJunos OS:\u0026nbsp;21.4R3-S7,\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e22.1R3-S5, 22.2R3-S3, 22.3R3-S3, 22.4R3-S2, 23.2R2, 23.4R1-S1, 23.4R2, 24.2R1, and all subsequent releases.\u003cbr\u003e\u003c/span\u003eJunos OS Evolved:\u0026nbsp;21.4R3-S7-EVO,\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e22.1R3-S5-EVO, 22.2R3-S3-EVO, 22.3R3-S3-EVO,\u0026nbsp;22.4R3-S2-EVO,\u0026nbsp;23.2R2-EVO, 23.4R1-S1-EVO, 23.4R2-EVO, 24.2R1-EVO, and all subsequent releases.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue:\u00a0\n\nJunos OS:\u00a021.4R3-S7,\u00a022.1R3-S5, 22.2R3-S3, 22.3R3-S3, 22.4R3-S2, 23.2R2, 23.4R1-S1, 23.4R2, 24.2R1, and all subsequent releases.\nJunos OS Evolved:\u00a021.4R3-S7-EVO,\u00a022.1R3-S5-EVO, 22.2R3-S3-EVO, 22.3R3-S3-EVO,\u00a022.4R3-S2-EVO,\u00a023.2R2-EVO, 23.4R1-S1-EVO, 23.4R2-EVO, 24.2R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA79175",
"defect": [
"1783346"
],
"discovery": "INTERNAL"
},
"title": "Junos OS and Junos OS Evolved: Upon processing specific L2 traffic, rpd can hang in devices with EVPN/VXLAN configured",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-39517",
"datePublished": "2024-07-10T23:06:40.329Z",
"dateReserved": "2024-06-25T15:12:53.239Z",
"dateUpdated": "2024-08-02T04:26:15.885Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39552 (GCVE-0-2024-39552)
Vulnerability from cvelistv5 – Published: 2024-07-11 16:30 – Updated: 2024-08-02 04:26
VLAI?
EPSS
Title
Junos OS and Junos OS Evolved: Malformed BGP UPDATE causes RPD crash
Summary
An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a network based, unauthenticated attacker to cause the RPD process to crash leading to a Denial of Service (DoS).
When a malformed BGP UPDATE packet is received over an established BGP session, RPD crashes and restarts.
Continuous receipt of the malformed BGP UPDATE messages will create a sustained Denial of Service (DoS) condition for impacted devices.
This issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations. This issue requires a remote attacker to have at least one established BGP session.
This issue affects:
Juniper Networks Junos OS:
* All versions earlier than 20.4R3-S9;
* 21.2 versions earlier than 21.2R3-S7;
* 21.3 versions earlier than 21.3R3-S5;
* 21.4 versions earlier than 21.4R3-S6;
* 22.1 versions earlier than 22.1R3-S4;
* 22.2 versions earlier than 22.2R3-S3;
* 22.3 versions earlier than 22.3R3-S2;
* 22.4 versions earlier than 22.4R3;
* 23.2 versions earlier than 23.2R2.
Juniper Networks Junos OS Evolved:
* All versions earlier than 21.2R3-S7;
* 21.3-EVO versions earlier than 21.3R3-S5;
* 21.4-EVO versions earlier than 21.4R3-S8;
* 22.1-EVO versions earlier than 22.1R3-S4;
* 22.2-EVO versions earlier than 22.2R3-S3;
* 22.3-EVO versions earlier than 22.3R3-S2;
* 22.4-EVO versions earlier than 22.4R3;
* 23.2-EVO versions earlier than 23.2R2.
Severity ?
CWE
- CWE-755 - Improper Handling of Exceptional Conditions
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
0 , < 20.4R3-S9
(semver)
Affected: 21.2 , < 21.2R3-S7 (semver) Affected: 21.3 , < 21.3R3-S6 (semver) Affected: 21.4 , < 21.4R3-S6 (semver) Affected: 22.1 , < 22.1R3-S4 (semver) Affected: 22.2 , < 22.2R3-S3 (semver) Affected: 22.3 , < 22.3R3-S2 (semver) Affected: 22.4 , < 22.4R3 (semver) Affected: 23.2 , < 23.2R2 (semver) |
|||||||
|
|||||||||
Credits
Juniper SIRT would like to acknowledge and thank Matteo Memilli (mmemelli@amazon.com) from Amazon for responsibly reporting this vulnerability.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:juniper:junos:21.2:*:*:*:*:*:*:*",
"cpe:2.3:o:juniper:junos:21.3:*:*:*:*:*:*:*",
"cpe:2.3:o:juniper:junos:21.4:*:*:*:*:*:*:*",
"cpe:2.3:o:juniper:junos:22.2:*:*:*:*:*:*:*",
"cpe:2.3:o:juniper:junos:22.3:*:*:*:*:*:*:*",
"cpe:2.3:o:juniper:junos:22.4:*:*:*:*:*:*:*",
"cpe:2.3:o:juniper:junos:23.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "junos",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.2r3-s7",
"status": "affected",
"version": "21.2",
"versionType": "semver"
},
{
"lessThan": "21.3r3-s6",
"status": "affected",
"version": "21.3",
"versionType": "semver"
},
{
"lessThan": "21.4r3-s6",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.2r3-s3",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3r3-s2",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4r3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2r2",
"status": "affected",
"version": "23.2",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos",
"vendor": "juniper",
"versions": [
{
"lessThan": "20.4r3-s9",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:juniper:junos:22.1:-:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos",
"vendor": "juniper",
"versions": [
{
"lessThan": "22.1r3-s4",
"status": "affected",
"version": "22.1",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:juniper:junos_os_evolved:21.3:*:*:*:*:*:*:*",
"cpe:2.3:o:juniper:junos_os_evolved:21.4:*:*:*:*:*:*:*",
"cpe:2.3:o:juniper:junos_os_evolved:22.1:*:*:*:*:*:*:*",
"cpe:2.3:o:juniper:junos_os_evolved:22.2:*:*:*:*:*:*:*",
"cpe:2.3:o:juniper:junos_os_evolved:22.3:*:*:*:*:*:*:*",
"cpe:2.3:o:juniper:junos_os_evolved:22.4:*:*:*:*:*:*:*",
"cpe:2.3:o:juniper:junos_os_evolved:23.2:*:*:*:*:*:*:*",
"cpe:2.3:o:juniper:junos_os_evolved:23.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "junos_os_evolved",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.3r3-s5",
"status": "affected",
"version": "21.3",
"versionType": "semver"
},
{
"lessThan": "21.4r3-s8",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1r3-s4",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2r3-s3",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3r3-s2",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4r3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2r2",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4r1",
"status": "affected",
"version": "23.4",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos_os_evolved",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.2r3-s7",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39552",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T17:55:41.253582Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T18:44:39.895Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.942Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA75726"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S9",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.2R3-S7",
"status": "affected",
"version": "21.2",
"versionType": "semver"
},
{
"lessThan": "21.3R3-S6",
"status": "affected",
"version": "21.3",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S6",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S4",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S3",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S2",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2",
"status": "affected",
"version": "23.2",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S7-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.3R3-S5-EVO",
"status": "affected",
"version": "21.3-EVO",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S8-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S4-EVO",
"status": "affected",
"version": "22.1-EVO",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S3-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S2-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R3-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
},
{
"lessThan": "23.2R2-EVO",
"status": "affected",
"version": "23.2-EVO",
"versionType": "semver"
},
{
"lessThan": "23.4R1-EVO",
"status": "affected",
"version": "23.4-EVO",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003eTo be exposed to this issue the device needs to be configure for one established BGP session:\u003cbr\u003e\u003cbr\u003e[ protocols bgp group \u0026lt;name\u0026gt; neighbor \u0026lt;address\u0026gt; ]\u003ctt\u003e\u003c/tt\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "To be exposed to this issue the device needs to be configure for one established BGP session:\n\n[ protocols bgp group \u003cname\u003e neighbor \u003caddress\u003e ]"
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Juniper SIRT would like to acknowledge and thank Matteo Memilli (mmemelli@amazon.com) from Amazon for responsibly reporting this vulnerability."
}
],
"datePublic": "2024-07-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a network based, unauthenticated attacker to cause the RPD process to crash leading to a Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003eWhen a malformed BGP UPDATE packet is received over an established BGP session, RPD crashes and restarts.\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eContinuous receipt of the malformed BGP UPDATE messages will create a sustained Denial of Service (DoS) condition for impacted devices.\u003cbr\u003e\u003cbr\u003e\u003c/span\u003eThis issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations. This issue requires a remote attacker to have at least one established BGP session.\u003cbr\u003e\u003cbr\u003eThis issue affects:\u003cbr\u003e \u003cbr\u003eJuniper Networks Junos OS:\u003cbr\u003e\u003cul\u003e\u003cli\u003eAll versions earlier than 20.4R3-S9;\u003c/li\u003e\u003cli\u003e21.2 versions earlier than 21.2R3-S7;\u003c/li\u003e\u003cli\u003e21.3 versions earlier than 21.3R3-S5;\u003c/li\u003e\u003cli\u003e21.4 versions earlier than 21.4R3-S6;\u003c/li\u003e\u003cli\u003e22.1 versions earlier than 22.1R3-S4;\u003c/li\u003e\u003cli\u003e22.2 versions earlier than 22.2R3-S3;\u003c/li\u003e\u003cli\u003e22.3 versions earlier than 22.3R3-S2;\u003c/li\u003e\u003cli\u003e22.4 versions earlier than 22.4R3;\u003c/li\u003e\u003cli\u003e23.2 versions earlier than 23.2R2.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003eJuniper Networks Junos OS Evolved:\u003cbr\u003e\u003cul\u003e\u003cli\u003eAll versions earlier than 21.2R3-S7;\u003c/li\u003e\u003cli\u003e21.3-EVO versions earlier than 21.3R3-S5;\u003c/li\u003e\u003cli\u003e21.4-EVO versions earlier than 21.4R3-S8;\u003c/li\u003e\u003cli\u003e22.1-EVO versions earlier than 22.1R3-S4;\u003c/li\u003e\u003cli\u003e22.2-EVO versions earlier than 22.2R3-S3;\u003c/li\u003e\u003cli\u003e22.3-EVO versions earlier than 22.3R3-S2;\u003c/li\u003e\u003cli\u003e22.4-EVO versions earlier than 22.4R3;\u003c/li\u003e\u003cli\u003e23.2-EVO versions earlier than 23.2R2.\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a network based, unauthenticated attacker to cause the RPD process to crash leading to a Denial of Service (DoS).\n\nWhen a malformed BGP UPDATE packet is received over an established BGP session, RPD crashes and restarts.\n\nContinuous receipt of the malformed BGP UPDATE messages will create a sustained Denial of Service (DoS) condition for impacted devices.\n\nThis issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations. This issue requires a remote attacker to have at least one established BGP session.\n\nThis issue affects:\n \nJuniper Networks Junos OS:\n * All versions earlier than 20.4R3-S9;\n * 21.2 versions earlier than 21.2R3-S7;\n * 21.3 versions earlier than 21.3R3-S5;\n * 21.4 versions earlier than 21.4R3-S6;\n * 22.1 versions earlier than 22.1R3-S4;\n * 22.2 versions earlier than 22.2R3-S3;\n * 22.3 versions earlier than 22.3R3-S2;\n * 22.4 versions earlier than 22.4R3;\n * 23.2 versions earlier than 23.2R2.\n\n\n\nJuniper Networks Junos OS Evolved:\n * All versions earlier than 21.2R3-S7;\n * 21.3-EVO versions earlier than 21.3R3-S5;\n * 21.4-EVO versions earlier than 21.4R3-S8;\n * 22.1-EVO versions earlier than 22.1R3-S4;\n * 22.2-EVO versions earlier than 22.2R3-S3;\n * 22.3-EVO versions earlier than 22.3R3-S2;\n * 22.4-EVO versions earlier than 22.4R3;\n * 23.2-EVO versions earlier than 23.2R2."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e"
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/R:A",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755 Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T21:08:27.291Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA75726"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue: \u003c/p\u003e\u003cp\u003eJunos OS: 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S3, 22.3R3-S2, 22.4R3, 23.2R2, 23.4R1, and all subsequent releases.\u003c/p\u003e\u003cp\u003eJunos OS Evolved: 21.2R3-S7-EVO, 21.3R3-S5-EVO, 21.4R3-S8-EVO, 22.1R3-S4-EVO, 22.2R3-S3-EVO, 22.3R3-S2-EVO, 22.4R3-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases.\u003c/p\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS: 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S3, 22.3R3-S2, 22.4R3, 23.2R2, 23.4R1, and all subsequent releases.\n\nJunos OS Evolved: 21.2R3-S7-EVO, 21.3R3-S5-EVO, 21.4R3-S8-EVO, 22.1R3-S4-EVO, 22.2R3-S3-EVO, 22.3R3-S2-EVO, 22.4R3-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA75726",
"defect": [
"1755287"
],
"discovery": "EXTERNAL"
},
"title": "Junos OS and Junos OS Evolved: Malformed BGP UPDATE causes RPD crash",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are no known workarounds for this issue.\u003c/p\u003e"
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-av217"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-39552",
"datePublished": "2024-07-11T16:30:36.672Z",
"dateReserved": "2024-06-25T15:12:53.246Z",
"dateUpdated": "2024-08-02T04:26:15.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39518 (GCVE-0-2024-39518)
Vulnerability from cvelistv5 – Published: 2024-07-10 23:07 – Updated: 2024-08-02 04:26
VLAI?
EPSS
Title
Junos OS: MX240, MX480, MX960 platforms using MPC10E: Memory leak will be observed when subscribed to a specific subscription on Junos Telemetry Interface
Summary
A Heap-based Buffer Overflow vulnerability in the telemetry sensor process (sensord) of Juniper Networks Junos OS on MX240, MX480, MX960 platforms using MPC10E causes a steady increase in memory utilization, ultimately leading to a Denial of Service (DoS).
When the device is subscribed to a specific subscription on Junos Telemetry Interface, a slow memory leak occurs and eventually all resources are consumed and the device becomes unresponsive. A manual reboot of the Line Card will be required to restore the device to its normal functioning.
This issue is only seen when telemetry subscription is active.
The Heap memory utilization can be monitored using the following command:
> show system processes extensive
The following command can be used to monitor the memory utilization of the specific sensor
> show system info | match sensord
PID NAME MEMORY PEAK MEMORY %CPU THREAD-COUNT CORE-AFFINITY UPTIME
1986 sensord 877.57MB 877.57MB 2 4 0,2-15 7-21:41:32
This issue affects Junos OS:
* from 21.2R3-S5 before 21.2R3-S7,
* from 21.4R3-S4 before 21.4R3-S6,
* from 22.2R3 before 22.2R3-S4,
* from 22.3R2 before 22.3R3-S2,
* from 22.4R1 before 22.4R3,
* from 23.2R1 before 23.2R2.
Severity ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
21.2R3-S5 , < 21.2R3-S7
(semver)
Affected: 21.4R3-S4 , < 21.4R3-S6 (semver) Affected: 22.2R3 , < 22.2R3-S4 (semver) Affected: 22.3R2 , < 22.3R3-S2 (semver) Affected: 22.4R1 , < 22.4R3 (semver) Affected: 23.2R1 , < 23.2R2 (semver) |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:juniper:junos_os:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "junos_os",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.2R3-S7",
"status": "affected",
"version": "21.2R3-S5",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S6",
"status": "affected",
"version": "21.4R3-S4",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S4",
"status": "affected",
"version": "22.2R3",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S2",
"status": "affected",
"version": "22.3R2",
"versionType": "semver"
},
{
"lessThan": "22.4R3",
"status": "affected",
"version": "22.4R1",
"versionType": "semver"
},
{
"lessThan": "23.2R2",
"status": "affected",
"version": "23.2R1",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39518",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T14:09:55.941009Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T16:42:36.399Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.900Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA82982"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"MX240 using MPC10E",
"MX480 using MPC10E",
"MX960 using MPC10E"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S7",
"status": "affected",
"version": "21.2R3-S5",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S6",
"status": "affected",
"version": "21.4R3-S4",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S4",
"status": "affected",
"version": "22.2R3",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S2",
"status": "affected",
"version": "22.3R2",
"versionType": "semver"
},
{
"lessThan": "22.4R3",
"status": "affected",
"version": "22.4R1",
"versionType": "semver"
},
{
"lessThan": "23.2R2",
"status": "affected",
"version": "23.2R1",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-07-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Heap-based Buffer Overflow vulnerability in the telemetry sensor process (sensord) of Juniper Networks Junos OS on MX240, MX480, MX960 platforms using MPC10E causes a steady increase in memory utilization, ultimately leading to a Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003eWhen the device is subscribed to a specific subscription on Junos Telemetry Interface, a slow memory leak occurs and eventually all resources are consumed and the device becomes unresponsive. A manual reboot of the Line Card will be required to restore the device to its normal functioning.\u0026nbsp;\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(251, 251, 251);\"\u003eThis issue is only seen when telemetry subscription is active.\u003cbr\u003e\u003c/span\u003e\u003cbr\u003eThe Heap memory utilization can be monitored using the following command:\u003cbr\u003e\u0026nbsp; \u0026gt; show system processes extensive\u003cbr\u003e\u003cbr\u003eThe following command can be used to monitor the memory utilization of the specific sensor\u003cbr\u003e\u0026nbsp; \u0026gt; show system info | match sensord\u003cbr\u003e\u003cpre\u003e PID NAME MEMORY PEAK MEMORY %CPU THREAD-COUNT CORE-AFFINITY UPTIME\u003cbr\u003e\n 1986 sensord 877.57MB 877.57MB 2 4 0,2-15 7-21:41:32\u003c/pre\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects Junos OS:\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 21.2R3-S5 before 21.2R3-S7,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 21.4R3-S4 before 21.4R3-S6,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 22.2R3 before 22.2R3-S4,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 22.3R2 before 22.3R3-S2,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 22.4R1 before 22.4R3,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 23.2R1 before 23.2R2.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "A Heap-based Buffer Overflow vulnerability in the telemetry sensor process (sensord) of Juniper Networks Junos OS on MX240, MX480, MX960 platforms using MPC10E causes a steady increase in memory utilization, ultimately leading to a Denial of Service (DoS).\n\nWhen the device is subscribed to a specific subscription on Junos Telemetry Interface, a slow memory leak occurs and eventually all resources are consumed and the device becomes unresponsive. A manual reboot of the Line Card will be required to restore the device to its normal functioning.\u00a0\n\nThis issue is only seen when telemetry subscription is active.\n\nThe Heap memory utilization can be monitored using the following command:\n\u00a0 \u003e show system processes extensive\n\nThe following command can be used to monitor the memory utilization of the specific sensor\n\u00a0 \u003e show system info | match sensord\n PID NAME MEMORY PEAK MEMORY %CPU THREAD-COUNT CORE-AFFINITY UPTIME\n\n 1986 sensord 877.57MB 877.57MB 2 4 0,2-15 7-21:41:32\n\n\nThis issue affects Junos OS:\u00a0\n\n\n\n * from 21.2R3-S5 before 21.2R3-S7,\u00a0\n * from 21.4R3-S4 before 21.4R3-S6,\u00a0\n * from 22.2R3 before 22.2R3-S4,\u00a0\n * from 22.3R2 before 22.3R3-S2,\u00a0\n * from 22.4R1 before 22.4R3,\u00a0\n * from 23.2R1 before 23.2R2."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T23:07:59.646Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA82982"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: 20.4R3-S10, 21.2R3-S7,\u0026nbsp;21.4R3-S6,\u0026nbsp;22.2R3-S3, 22.2R3-S4,\u0026nbsp;22.3R3-S2,\u0026nbsp;22.4R3,\u0026nbsp;23.2R2, 23.4R1, 23.4R2, and all subsequent releases.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue: 20.4R3-S10, 21.2R3-S7,\u00a021.4R3-S6,\u00a022.2R3-S3, 22.2R3-S4,\u00a022.3R3-S2,\u00a022.4R3,\u00a023.2R2, 23.4R1, 23.4R2, and all subsequent releases."
}
],
"source": {
"advisory": "JSA82982",
"defect": [
"1771284"
],
"discovery": "USER"
},
"title": "Junos OS: MX240, MX480, MX960 platforms using MPC10E: Memory leak will be observed when subscribed to a specific subscription on Junos Telemetry Interface",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-39518",
"datePublished": "2024-07-10T23:07:59.646Z",
"dateReserved": "2024-06-25T15:12:53.239Z",
"dateUpdated": "2024-08-02T04:26:15.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39539 (GCVE-0-2024-39539)
Vulnerability from cvelistv5 – Published: 2024-07-11 16:15 – Updated: 2024-08-02 04:26
VLAI?
EPSS
Title
Junos OS: MX Series: Continuous subscriber logins will lead to a memory leak and eventually an FPC crash
Summary
A Missing Release of Memory after Effective Lifetime vulnerability in Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS).
In a subscriber management scenario continuous subscriber logins will trigger a memory leak and eventually lead to an FPC crash and restart.
This issue affects Junos OS on MX Series:
* All version before 21.2R3-S6,
* 21.4 versions before 21.4R3-S6,
* 22.1 versions before 22.1R3-S5,
* 22.2 versions before 22.2R3-S3,
* 22.3 versions before 22.3R3-S2,
* 22.4 versions before 22.4R3,
* 23.2 versions before 23.2R2.
Severity ?
CWE
- CWE-401 - Missing Release of Memory after Effective Lifetime
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
0 , < 21.2R3-S6
(semver)
Affected: 21.4 , < 21.4R3-S6 (semver) Affected: 22.1 , < 22.1R3-S5 (semver) Affected: 22.2 , < 22.2R3-S3 (semver) Affected: 22.3 , < 22.3R3-S2 (semver) Affected: 22.4 , < 22.4R3 (semver) Affected: 23.2 , < 23.2R2 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39539",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T18:53:12.463354Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T18:53:18.899Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.901Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA82999"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"MX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S6",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S6",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S5",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S3",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S2",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2",
"status": "affected",
"version": "23.2",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "To be exposed to this vulnerability subscriber management needs to be enabled via:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[system services subscriber-management enable]\u003c/tt\u003e"
}
],
"value": "To be exposed to this vulnerability subscriber management needs to be enabled via:\n\n[system services subscriber-management enable]"
}
],
"datePublic": "2024-07-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Missing Release of Memory after Effective Lifetime vulnerability in Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDenial-of-Service (DoS).\u003cbr\u003e\u003cbr\u003eIn a subscriber management scenario continuous subscriber logins will trigger a memory leak and eventually lead to an FPC crash and restart.\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003cp\u003eThis issue affects Junos OS on MX Series:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll version before 21.2R3-S6,\u003c/li\u003e\u003cli\u003e21.4 versions before 21.4R3-S6,\u003c/li\u003e\u003cli\u003e22.1 versions before 22.1R3-S5,\u003c/li\u003e\u003cli\u003e22.2 versions before 22.2R3-S3,\u0026nbsp;\u003c/li\u003e\u003cli\u003e22.3 versions before 22.3R3-S2,\u003c/li\u003e\u003cli\u003e22.4 versions before 22.4R3,\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "A Missing Release of Memory after Effective Lifetime vulnerability in Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a\u00a0Denial-of-Service (DoS).\n\nIn a subscriber management scenario continuous subscriber logins will trigger a memory leak and eventually lead to an FPC crash and restart.\n\nThis issue affects Junos OS on MX Series:\n\n\n\n * All version before 21.2R3-S6,\n * 21.4 versions before 21.4R3-S6,\n * 22.1 versions before 22.1R3-S5,\n * 22.2 versions before 22.2R3-S3,\u00a0\n * 22.3 versions before 22.3R3-S2,\n * 22.4 versions before 22.4R3,\n * 23.2 versions before 23.2R2."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T16:15:57.431Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA82999"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: 21.2R3-S6, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3, 23.2R2, 23.4R1, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue: 21.2R3-S6, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3, 23.2R2, 23.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA82999",
"defect": [
"1735490"
],
"discovery": "INTERNAL"
},
"title": "Junos OS: MX Series: Continuous subscriber logins will lead to a memory leak and eventually an FPC crash",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-39539",
"datePublished": "2024-07-11T16:15:57.431Z",
"dateReserved": "2024-06-25T15:12:53.244Z",
"dateUpdated": "2024-08-02T04:26:15.901Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39560 (GCVE-0-2024-39560)
Vulnerability from cvelistv5 – Published: 2024-07-10 22:44 – Updated: 2024-10-01 19:16
VLAI?
EPSS
Title
Junos OS and Junos OS Evolved: Memory leak due to RSVP neighbor persistent error leading to kernel crash
Summary
An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a logically adjacent downstream RSVP neighbor to cause kernel memory exhaustion, leading to a kernel crash, resulting in a Denial of Service (DoS).
The kernel memory leak and eventual crash will be seen when the downstream RSVP neighbor has a persistent error which will not be corrected.
System kernel memory can be monitored through the use of the 'show system kernel memory' command as shown below:
user@router> show system kernel memory
Real memory total/reserved: 4130268/ 133344 Kbytes
kmem map free: 18014398509110220 Kbytes
This issue affects:
Junos OS:
* All versions before 20.4R3-S9,
* All versions of 21.2,
* from 21.4 before 21.4R3-S5,
* from 22.1 before 22.1R3-S5,
* from 22.2 before 22.2R3-S3,
* from 22.3 before 22.3R3-S2,
* from 22.4 before 22.4R3,
* from 23.2 before 23.2R2;
Junos OS Evolved:
* All versions before 21.4R3-S5-EVO,
* from 22.1-EVO before 22.1R3-S5-EVO,
* from 22.2-EVO before 22.2R3-S3-EVO,
* from 22.3-EVO before 22.3R3-S2-EVO,
* from 22.4-EVO before 22.4R3-EVO,
* from 23.2-EVO before 23.2R2-EVO.
Severity ?
CWE
- CWE-755 - Improper Handling of Exceptional Conditions
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
0 , < 20.4R3-S9
(semver)
Affected: 21.2R1 , < 21.2* (semver) Affected: 21.4 , < 21.4R3-S5 (semver) Affected: 22.1 , < 22.1R3-S5 (semver) Affected: 22.2 , < 22.2R3-S3 (semver) Affected: 22.3 , < 22.3R3-S2 (semver) Affected: 22.4 , < 22.4R3 (semver) Affected: 23.2 , < 23.2R2 (semver) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39560",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T15:02:00.519779Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T15:02:07.966Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.909Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA83020"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S9",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.2*",
"status": "affected",
"version": "21.2R1",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S5",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S5",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S3",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S2",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2",
"status": "affected",
"version": "23.2",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.4R3-S5-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S5-EVO",
"status": "affected",
"version": "22.1-EVO",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S3-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S2-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R3-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
},
{
"lessThan": "23.2R2-EVO",
"status": "affected",
"version": "23.2-EVO",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue only affects systems configured with RSVP.\u0026nbsp; A minimum RSVP configuration is shown below:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[edit protocols rsvp]\u003cbr\u003e\u003cbr\u003e\u003c/tt\u003e"
}
],
"value": "This issue only affects systems configured with RSVP.\u00a0 A minimum RSVP configuration is shown below:\n\n[edit protocols rsvp]"
}
],
"datePublic": "2024-07-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a logically adjacent downstream RSVP neighbor to cause kernel memory exhaustion, leading to a kernel crash, resulting in a Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003eThe kernel memory leak and eventual crash will be seen when the downstream RSVP neighbor has a persistent error which will not be corrected.\u003cbr\u003e\u003cbr\u003eSystem kernel memory can be monitored through the use of the \u0027show system kernel memory\u0027 command as shown below:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e\u003ctt\u003euser@router\u0026gt; \u003c/tt\u003eshow system kernel memory \u0026nbsp; \u003cbr\u003eReal memory total/reserved: 4130268/ 133344 Kbytes\u003cbr\u003ekmem map free: 18014398509110220 Kbytes\u003c/tt\u003e\u003cbr\u003e\u003cbr\u003eThis issue affects:\u003cbr\u003e\u003cp\u003eJunos OS:\u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 20.4R3-S9,\u003c/li\u003e\u003cli\u003eAll versions of 21.2,\u003c/li\u003e\u003cli\u003efrom 21.4 before 21.4R3-S5,\u003c/li\u003e\u003cli\u003efrom 22.1 before 22.1R3-S5,\u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S3,\u003c/li\u003e\u003cli\u003efrom 22.3 before 22.3R3-S2,\u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3,\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2;\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eJunos OS Evolved:\u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.4R3-S5-EVO,\u003c/li\u003e\u003cli\u003efrom 22.1-EVO before 22.1R3-S5-EVO, \u003c/li\u003e\u003cli\u003efrom 22.2-EVO before 22.2R3-S3-EVO, \u003c/li\u003e\u003cli\u003efrom 22.3-EVO before 22.3R3-S2-EVO, \u003c/li\u003e\u003cli\u003efrom 22.4-EVO before 22.4R3-EVO, \u003c/li\u003e\u003cli\u003efrom 23.2-EVO before 23.2R2-EVO.\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a logically adjacent downstream RSVP neighbor to cause kernel memory exhaustion, leading to a kernel crash, resulting in a Denial of Service (DoS).\n\nThe kernel memory leak and eventual crash will be seen when the downstream RSVP neighbor has a persistent error which will not be corrected.\n\nSystem kernel memory can be monitored through the use of the \u0027show system kernel memory\u0027 command as shown below:\n\nuser@router\u003e show system kernel memory \u00a0 \nReal memory total/reserved: 4130268/ 133344 Kbytes\nkmem map free: 18014398509110220 Kbytes\n\nThis issue affects:\nJunos OS:\n\n\n * All versions before 20.4R3-S9,\n * All versions of 21.2,\n * from 21.4 before 21.4R3-S5,\n * from 22.1 before 22.1R3-S5,\n * from 22.2 before 22.2R3-S3,\n * from 22.3 before 22.3R3-S2,\n * from 22.4 before 22.4R3,\n * from 23.2 before 23.2R2;\n\n\nJunos OS Evolved:\n\n\n * All versions before 21.4R3-S5-EVO,\n * from 22.1-EVO before 22.1R3-S5-EVO, \n * from 22.2-EVO before 22.2R3-S3-EVO, \n * from 22.3-EVO before 22.3R3-S2-EVO, \n * from 22.4-EVO before 22.4R3-EVO, \n * from 23.2-EVO before 23.2R2-EVO."
}
],
"exploits": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/R:A",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755 Improper Handling of Exceptional Conditions",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T19:16:59.626Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA83020"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: \u003cbr\u003e\u003cbr\u003eJunos OS: 20.4R3-S10, 20.4R3-S9, 21.4R3-S5, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3, 23.2R2, 23.4R1, and all subsequent releases.\u003cbr\u003e\nJunos OS Evolved:\u0026nbsp;\u0026nbsp;21.4R3-S5-EVO, 22.1R3-S5-EVO, 22.2R3-S3-EVO, 22.3R3-S2-EVO, 22.4R3-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS: 20.4R3-S10, 20.4R3-S9, 21.4R3-S5, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3, 23.2R2, 23.4R1, and all subsequent releases.\n\nJunos OS Evolved:\u00a0\u00a021.4R3-S5-EVO, 22.1R3-S5-EVO, 22.2R3-S3-EVO, 22.3R3-S2-EVO, 22.4R3-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA83020",
"defect": [
"1732862"
],
"discovery": "USER"
},
"timeline": [
{
"lang": "en",
"time": "2024-07-10T16:00:00.000Z",
"value": "Initial Publication"
},
{
"lang": "en",
"time": "2024-10-01T16:00:00.000Z",
"value": "Corrected \u0027show\u0027 command for kernel memory"
}
],
"title": "Junos OS and Junos OS Evolved: Memory leak due to RSVP neighbor persistent error leading to kernel crash",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-39560",
"datePublished": "2024-07-10T22:44:55.736Z",
"dateReserved": "2024-06-25T15:12:53.247Z",
"dateUpdated": "2024-10-01T19:16:59.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39549 (GCVE-0-2024-39549)
Vulnerability from cvelistv5 – Published: 2024-07-11 16:27 – Updated: 2025-02-26 18:16
VLAI?
EPSS
Title
Junos OS and Junos OS Evolved: Receipt of malformed BGP path attributes leads to a memory leak
Summary
A Missing Release of Memory after Effective Lifetime vulnerability in the routing process daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a malformed BGP Path attribute update which allocates memory used to log the bad path attribute. This memory is not properly freed in all circumstances, leading to a Denial of Service (DoS).
Consumed memory can be freed by manually restarting Routing Protocol Daemon (rpd).
Memory utilization could be monitored by:
user@host> show system memory or show system monitor memory status
This issue affects:
Junos OS: * All versions before 21.2R3-S8,
* from 21.4 before 21.4R3-S8,
* from 22.2 before 22.2R3-S4,
* from 22.3 before 22.3R3-S3,
* from 22.4 before 22.4R3-S3,
* from 23.2 before 23.2R2-S1,
* from 23.4 before 23.4R1-S2, 23.4R2.
Junos OS Evolved:
* All versions before 21.2R3-S8-EVO,
* from 21.4 before 21.4R3-S8-EVO,
* from 22.2 before 22.2R3-S4-EVO,
* from 22.3 before 22.3R3-S3-EVO,
* from 22.4 before 22.4R3-S3-EVO,
* from 23.2 before 23.2R2-S1-EVO,
* from 23.4 before 23.4R1-S2-EVO, 23.4R2-EVO.
Severity ?
CWE
- CWE-401 - Missing Release of Memory after Effective Lifetime
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
0 , < 21.2R3-S8
(semver)
Affected: 21.4 , < 21.4R3-S8 (semver) Affected: 22.2 , < 22.2R3-S4 (semver) Affected: 22.3 , < 22.3R3-S3 (semver) Affected: 22.4 , < 22.4R3-S3 (semver) Affected: 23.2 , < 23.2R2-S1 (semver) Affected: 23.4 , < 23.4R1-S2, 23.4R2 (semver) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:juniper:junos_os:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos_os",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.2R3-S8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S8",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S4",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S3",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S1",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R1-S2",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "23.4R2",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "24.2R2",
"status": "affected",
"version": "24.2",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos_os_evolved",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.2R3-S8-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S8-EVO",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S4-EVO",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S3-EVO",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S3-EVO",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S1-EVO",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R1-S2-EVO",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "23.4R2-EVO",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "24.2R2-EVO",
"status": "affected",
"version": "24.2",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39549",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T18:16:20.812180Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T18:16:27.497Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.913Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA83011"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S8",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S4",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S3",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S1",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R1-S2, 23.4R2",
"status": "affected",
"version": "23.4",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S8-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S8-EVO",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S4-EVO",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S3-EVO",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S3-EVO",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S1-EVO",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R1-S2-EVO, 23.4R2-EVO",
"status": "affected",
"version": "23.4",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-07-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Missing Release of Memory after Effective Lifetime vulnerability in the routing process daemon (rpd) of\u0026nbsp;Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a malformed BGP Path attribute update which allocates memory used to log the bad path attribute. This memory is not properly freed in all circumstances, leading to a Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003eConsumed memory can be freed by manually restarting Routing Protocol Daemon (rpd).\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMemory utilization could be monitored by:\u0026nbsp;\u003cbr\u003euser@host\u0026gt; show system memory or show system monitor memory status\u003c/span\u003e\u003cbr\u003e\u003cbr\u003eThis issue affects:\u003cbr\u003e\u003cbr\u003eJunos OS:\u0026nbsp;\u003cul\u003e\u003cli\u003eAll versions before 21.2R3-S8,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 21.4 before 21.4R3-S8,\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S4,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.3 before 22.3R3-S3,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3-S3,\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-S1,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R1-S2, 23.4R2.\u003c/li\u003e\u003c/ul\u003eJunos OS Evolved:\u003cbr\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.2R3-S8-EVO, \u003c/li\u003e\u003cli\u003efrom 21.4 before 21.4R3-S8-EVO,\u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S4-EVO, \u003c/li\u003e\u003cli\u003efrom 22.3 before 22.3R3-S3-EVO, \u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3-S3-EVO,\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-S1-EVO, \u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R1-S2-EVO, 23.4R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
}
],
"value": "A Missing Release of Memory after Effective Lifetime vulnerability in the routing process daemon (rpd) of\u00a0Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a malformed BGP Path attribute update which allocates memory used to log the bad path attribute. This memory is not properly freed in all circumstances, leading to a Denial of Service (DoS).\n\nConsumed memory can be freed by manually restarting Routing Protocol Daemon (rpd).\n\nMemory utilization could be monitored by:\u00a0\nuser@host\u003e show system memory or show system monitor memory status\n\nThis issue affects:\n\nJunos OS:\u00a0 * All versions before 21.2R3-S8,\u00a0\n * from 21.4 before 21.4R3-S8,\n\n * from 22.2 before 22.2R3-S4,\u00a0\n * from 22.3 before 22.3R3-S3,\u00a0\n * from 22.4 before 22.4R3-S3,\n * from 23.2 before 23.2R2-S1,\u00a0\n * from 23.4 before 23.4R1-S2, 23.4R2.\n\n\nJunos OS Evolved:\n * All versions before 21.2R3-S8-EVO, \n * from 21.4 before 21.4R3-S8-EVO,\n * from 22.2 before 22.2R3-S4-EVO, \n * from 22.3 before 22.3R3-S3-EVO, \n * from 22.4 before 22.4R3-S3-EVO,\n\n * from 23.2 before 23.2R2-S1-EVO, \n * from 23.4 before 23.4R1-S2-EVO, 23.4R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/R:U",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401: Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T21:09:45.677Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA83011"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue:\u003cbr\u003e \u003cbr\u003eJunos OS: 21.2R3-S8, 21.4R3-S8, 22.2R3-S4, 22.3R3-S3, \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e22.4R3-S3,\u0026nbsp;\u003c/span\u003e23.2R2-S1, 23.4R1-S2, 23.4R2, 24.2R1, and all subsequent releases.\u003cbr\u003e\u003cbr\u003e\nJunos OS Evolved:\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e21.2R3-S8-EVO, 21.4R3-S8-EVO, 22.2R3-S4-EVO, \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e22.3R3-S3-EVO,\u0026nbsp;\u003c/span\u003e22.4R3-S3-EVO, 23.2R2-S1-EVO, 23.4R1-S2-EVO, 23.4R2-EVO, 24.2R1-EVO and all subsequent releases.\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue:\n \nJunos OS: 21.2R3-S8, 21.4R3-S8, 22.2R3-S4, 22.3R3-S3, 22.4R3-S3,\u00a023.2R2-S1, 23.4R1-S2, 23.4R2, 24.2R1, and all subsequent releases.\n\n\nJunos OS Evolved:\u00a021.2R3-S8-EVO, 21.4R3-S8-EVO, 22.2R3-S4-EVO, 22.3R3-S3-EVO,\u00a022.4R3-S3-EVO, 23.2R2-S1-EVO, 23.4R1-S2-EVO, 23.4R2-EVO, 24.2R1-EVO and all subsequent releases."
}
],
"source": {
"advisory": "JSA83011",
"defect": [
"1778879"
],
"discovery": "INTERNAL"
},
"title": "Junos OS and Junos OS Evolved: Receipt of malformed BGP path attributes leads to a memory leak",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are no known workarounds for this issue.\u003c/p\u003e"
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-39549",
"datePublished": "2024-07-11T16:27:19.238Z",
"dateReserved": "2024-06-25T15:12:53.246Z",
"dateUpdated": "2025-02-26T18:16:27.497Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39528 (GCVE-0-2024-39528)
Vulnerability from cvelistv5 – Published: 2024-07-11 16:02 – Updated: 2024-08-02 04:26
VLAI?
EPSS
Title
Junos OS and Junos OS Evolved: Concurrent deletion of a routing-instance and receipt of an SNMP request cause an RPD crash
Summary
A Use After Free vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an authenticated, network-based attacker to cause a Denial of Service (DoS).On all Junos OS and Junos Evolved platforms, if a routing-instance deactivation is triggered, and at the same time a specific SNMP request is received, a segmentation fault occurs which causes rpd to crash and restart.
This issue affects:
Junos OS:
* All versions before 21.2R3-S8,
* 21.4 versions before 21.4R3-S5,
* 22.2 versions before 22.2R3-S3,
* 22.3 versions before 22.3R3-S2,
* 22.4 versions before 22.4R3,
* 23.2 versions before 23.2R2.
Junos OS Evolved:
* All versions before 21.2R3-S8-EVO,
* 21.4-EVO versions before 21.4R3-S5-EVO,
* 22.2-EVO versions before 22.2R3-S3-EVO,
* 22.3-EVO versions before 22.3R3-S2-EVO,
* 22.4-EVO versions before 22.4R3-EVO,
* 23.2-EVO versions before 23.2R2-EVO.
Severity ?
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
0 , < 21.2R3-S8
(semver)
Affected: 21.4 , < 21.4R3-S5 (semver) Affected: 22.2 , < 22.2R3-S3 (semver) Affected: 22.3 , < 22.3R3-S2 (semver) Affected: 22.4 , < 22.4R3 (semver) Affected: 23.2 , < 23.2R2 (semver) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39528",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T18:58:24.226448Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T18:58:33.830Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.902Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA82987"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S5",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S3",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S2",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2",
"status": "affected",
"version": "23.2",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S8-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S5-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S3-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S2-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R3-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
},
{
"lessThan": "23.2R2-EVO",
"status": "affected",
"version": "23.2-EVO",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "To be exposed to this issue, the device needs to be configured for SNMP v2 or v3 with at least read access:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ snmp\u0026nbsp;community \u0026lt;name\u0026gt; ]\u003cbr\u003e\u003cbr\u003e\u003c/tt\u003eor\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ snmp v3 ... ]\u003c/tt\u003e\u003cbr\u003e"
}
],
"value": "To be exposed to this issue, the device needs to be configured for SNMP v2 or v3 with at least read access:\n\n[ snmp\u00a0community \u003cname\u003e ]\n\nor\n\n[ snmp v3 ... ]"
}
],
"datePublic": "2024-07-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Use After Free vulnerability in the Routing Protocol Daemon (rpd) of\u0026nbsp;Juniper Networks Junos OS and Junos OS Evolved allows an authenticated, network-based attacker to cause a Denial of Service (DoS).\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eOn all Junos OS and Junos Evolved platforms, if a routing-instance deactivation is triggered, and at the same time a specific SNMP request is received, a segmentation fault occurs which causes rpd to crash and restart.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u003cbr\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003e\u0026nbsp; \u0026nbsp;Junos OS:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.2R3-S8,\u0026nbsp;\u003c/li\u003e\u003cli\u003e21.4 versions before 21.4R3-S5,\u003c/li\u003e\u003cli\u003e22.2 versions before 22.2R3-S3,\u003c/li\u003e\u003cli\u003e22.3 versions before 22.3R3-S2,\u003c/li\u003e\u003cli\u003e22.4 versions before 22.4R3,\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e \u003cp\u003e\u0026nbsp; Junos OS Evolved:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.2R3-S8-EVO,\u003c/li\u003e\u003cli\u003e21.4-EVO versions before 21.4R3-S5-EVO,\u003c/li\u003e\u003cli\u003e22.2-EVO versions before 22.2R3-S3-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003e22.3-EVO versions before 22.3R3-S2-EVO,\u003c/li\u003e\u003cli\u003e22.4-EVO versions before 22.4R3-EVO,\u003c/li\u003e\u003cli\u003e23.2-EVO versions before 23.2R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "A Use After Free vulnerability in the Routing Protocol Daemon (rpd) of\u00a0Juniper Networks Junos OS and Junos OS Evolved allows an authenticated, network-based attacker to cause a Denial of Service (DoS).On all Junos OS and Junos Evolved platforms, if a routing-instance deactivation is triggered, and at the same time a specific SNMP request is received, a segmentation fault occurs which causes rpd to crash and restart.\n\n\n\n\nThis issue affects:\n\n\u00a0 \u00a0Junos OS:\n\n\n\n * All versions before 21.2R3-S8,\u00a0\n * 21.4 versions before 21.4R3-S5,\n * 22.2 versions before 22.2R3-S3,\n * 22.3 versions before 22.3R3-S2,\n * 22.4 versions before 22.4R3,\n * 23.2 versions before 23.2R2.\n\n\n\n\n \u00a0 Junos OS Evolved:\n\n\n\n * All versions before 21.2R3-S8-EVO,\n * 21.4-EVO versions before 21.4R3-S5-EVO,\n * 22.2-EVO versions before 22.2R3-S3-EVO,\u00a0\n * 22.3-EVO versions before 22.3R3-S2-EVO,\n * 22.4-EVO versions before 22.4R3-EVO,\n * 23.2-EVO versions before 23.2R2-EVO."
}
],
"exploits": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T16:02:45.680Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA82987"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue:\u003cbr\u003eJunos OS: 21.2R3-S8, 21.4R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3, 23.2R2, 23.4R1, and all subsequent releases.\u003cbr\u003eJunos OS Evolved: 21.2R3-S8-EVO, 21.4R3-S5-EVO, 22.2R3-S3-EVO, 22.3R3-S2-EVO, 22.4R3-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue:\nJunos OS: 21.2R3-S8, 21.4R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3, 23.2R2, 23.4R1, and all subsequent releases.\nJunos OS Evolved: 21.2R3-S8-EVO, 21.4R3-S5-EVO, 22.2R3-S3-EVO, 22.3R3-S2-EVO, 22.4R3-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA82987",
"defect": [
"1740028"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: Concurrent deletion of a routing-instance and receipt of an SNMP request cause an RPD crash",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-39528",
"datePublished": "2024-07-11T16:02:45.680Z",
"dateReserved": "2024-06-25T15:12:53.240Z",
"dateUpdated": "2024-08-02T04:26:15.902Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39555 (GCVE-0-2024-39555)
Vulnerability from cvelistv5 – Published: 2024-07-10 22:36 – Updated: 2024-08-02 04:26
VLAI?
EPSS
Title
Junos OS and Junos OS Evolved: Receipt of a specific malformed BGP update causes the session to reset
Summary
An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker sending a specific malformed BGP update message to cause the session to reset, resulting in a Denial of Service (DoS). Continued receipt and processing of these malformed BGP update messages will create a sustained Denial of Service (DoS) condition.
Upon receipt of a BGP update message over an established BGP session containing a specifically malformed tunnel encapsulation attribute, when segment routing is enabled, internal processing of the malformed attributes within the update results in improper parsing of remaining attributes, leading to session reset:
BGP SEND Notification code 3 (Update Message Error) subcode 1 (invalid attribute list)
Only systems with segment routing enabled are vulnerable to this issue.
This issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations, and requires a remote attacker to have at least one established BGP session.
This issue affects:
Junos OS:
* All versions before 21.4R3-S8,
* from 22.2 before 22.2R3-S4,
* from 22.3 before 22.3R3-S3,
* from 22.4 before 22.4R3-S3,
* from 23.2 before 23.2R2-S1,
* from 23.4 before 23.4R1-S2, 23.4R2.
Junos OS Evolved:
* All versions before 21.4R3-S8-EVO,
* from 22.2-EVO before 22.2R3-S4-EVO,
* from 22.3-EVO before 22.3R3-S3-EVO,
* from 22.4-EVO before 22.4R3-S3-EVO,
* from 23.2-EVO before 23.2R2-S1-EVO,
* from 23.4-EVO before 23.4R1-S2-EVO, 23.4R2-EVO.
Severity ?
CWE
- CWE-755 - Improper Handling of Exceptional Conditions
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
0 , < 21.4R3-S8
(semver)
Affected: 22.2 , < 22.2R3-S4 (semver) Affected: 22.3 , < 22.3R3-S3 (semver) Affected: 22.4 , < 22.4R3-S3 (semver) Affected: 23.2 , < 23.2R2-S1 (semver) Affected: 23.4 , < 23.4R1-S2, 23.4R2 (semver) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:juniper:junos_os:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "junos_os",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.4R3-S8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S4",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S3",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S1",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R1-S2",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "23.4R2",
"status": "affected",
"version": "23.4",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "junos_os_evolved",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.4R3-S8-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S4-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S3-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S3-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S1-EVO",
"status": "affected",
"version": "23.2-EVO",
"versionType": "semver"
},
{
"lessThan": "23.4R1-S2-EVO",
"status": "affected",
"version": "23.4-EVO",
"versionType": "semver"
},
{
"lessThan": "23.4R2-EVO",
"status": "affected",
"version": "23.4-EVO",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39555",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T14:13:23.572231Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T16:41:46.291Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.946Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA83015"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.4R3-S8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S4",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S3",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S1",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R1-S2, 23.4R2",
"status": "affected",
"version": "23.4",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.4R3-S8-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S4-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S3-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S3-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S1-EVO",
"status": "affected",
"version": "23.2-EVO",
"versionType": "semver"
},
{
"lessThan": "23.4R1-S2-EVO, 23.4R2-EVO",
"status": "affected",
"version": "23.4-EVO",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A sample BGP segment routing configuration is shown below:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ protocols bgp group \u0026lt;name\u0026gt; family inet segment-routing-te ] (IPv4)\u003cbr\u003e\n\n[ protocols bgp group \u0026lt;name\u0026gt; family inet6 segment-routing-te ] (IPv6)\u003cbr\u003e\u003c/tt\u003e"
}
],
"value": "A sample BGP segment routing configuration is shown below:\n\n[ protocols bgp group \u003cname\u003e family inet segment-routing-te ] (IPv4)\n\n\n[ protocols bgp group \u003cname\u003e family inet6 segment-routing-te ] (IPv6)"
}
],
"datePublic": "2024-07-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker sending a specific malformed BGP update message to cause the session to reset, resulting in a Denial of Service (DoS). Continued receipt and processing of these malformed BGP update messages will create a sustained Denial of Service (DoS) condition.\u003cbr\u003e\u003cbr\u003eUpon receipt of a BGP update message over an established BGP session containing a specifically malformed tunnel encapsulation attribute, when segment routing is enabled, internal processing of the malformed attributes within the update results in improper parsing of remaining attributes, leading to session reset:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003eBGP SEND Notification code 3 (Update Message Error) subcode 1 (invalid attribute list)\u003c/tt\u003e\u003cbr\u003e\u003cbr\u003eOnly systems with segment routing enabled are vulnerable to this issue.\u003cbr\u003e\u003cbr\u003eThis issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations, and requires a remote attacker to have at least one established BGP session.\u003cbr\u003e\u003cbr\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJunos OS: \u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.4R3-S8, \u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S4, \u003c/li\u003e\u003cli\u003efrom 22.3 before 22.3R3-S3, \u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3-S3, \u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-S1, \u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R1-S2, 23.4R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eJunos OS Evolved:\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.4R3-S8-EVO, \u003c/li\u003e\u003cli\u003efrom 22.2-EVO before 22.2R3-S4-EVO, \u003c/li\u003e\u003cli\u003efrom 22.3-EVO before 22.3R3-S3-EVO, \u003c/li\u003e\u003cli\u003efrom 22.4-EVO before 22.4R3-S3-EVO, \u003c/li\u003e\u003cli\u003efrom 23.2-EVO before 23.2R2-S1-EVO, \u003c/li\u003e\u003cli\u003efrom 23.4-EVO before 23.4R1-S2-EVO, 23.4R2-EVO.\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker sending a specific malformed BGP update message to cause the session to reset, resulting in a Denial of Service (DoS). Continued receipt and processing of these malformed BGP update messages will create a sustained Denial of Service (DoS) condition.\n\nUpon receipt of a BGP update message over an established BGP session containing a specifically malformed tunnel encapsulation attribute, when segment routing is enabled, internal processing of the malformed attributes within the update results in improper parsing of remaining attributes, leading to session reset:\n\nBGP SEND Notification code 3 (Update Message Error) subcode 1 (invalid attribute list)\n\nOnly systems with segment routing enabled are vulnerable to this issue.\n\nThis issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations, and requires a remote attacker to have at least one established BGP session.\n\nThis issue affects:\n\nJunos OS: \n\n\n * All versions before 21.4R3-S8, \n * from 22.2 before 22.2R3-S4, \n * from 22.3 before 22.3R3-S3, \n * from 22.4 before 22.4R3-S3, \n * from 23.2 before 23.2R2-S1, \n * from 23.4 before 23.4R1-S2, 23.4R2.\n\n\nJunos OS Evolved:\u00a0\n\n * All versions before 21.4R3-S8-EVO, \n * from 22.2-EVO before 22.2R3-S4-EVO, \n * from 22.3-EVO before 22.3R3-S3-EVO, \n * from 22.4-EVO before 22.4R3-S3-EVO, \n * from 23.2-EVO before 23.2R2-S1-EVO, \n * from 23.4-EVO before 23.4R1-S2-EVO, 23.4R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/R:A",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755 Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T22:37:53.351Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA83015"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue:\u003cbr\u003e \n\u003cbr\u003eJunos OS: 21.4R3-S8, 22.2R3-S4, 22.3R3-S3, 22.4R3-S3, 23.2R2-S1, 23.4R1-S2, 23.4R2, 24.2R1, and all subsequent releases.\u003cbr\u003eJunos OS Evolved: 21.4R3-S8-EVO, 22.2R3-S4-EVO, 22.3R3-S3-EVO, 22.4R3-S3-EVO, 23.2R2-S1-EVO, 23.4R1-S2-EVO, 23.4R2-EVO, 24.2R1-EVO, and all subsequent releases.\u003cbr\u003e\n\n\n\n\u003cbr\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue:\n \n\nJunos OS: 21.4R3-S8, 22.2R3-S4, 22.3R3-S3, 22.4R3-S3, 23.2R2-S1, 23.4R1-S2, 23.4R2, 24.2R1, and all subsequent releases.\nJunos OS Evolved: 21.4R3-S8-EVO, 22.2R3-S4-EVO, 22.3R3-S3-EVO, 22.4R3-S3-EVO, 23.2R2-S1-EVO, 23.4R1-S2-EVO, 23.4R2-EVO, 24.2R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA83015",
"defect": [
"1787290"
],
"discovery": "INTERNAL"
},
"title": "Junos OS and Junos OS Evolved: Receipt of a specific malformed BGP update causes the session to reset",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-39555",
"datePublished": "2024-07-10T22:36:48.706Z",
"dateReserved": "2024-06-25T15:12:53.247Z",
"dateUpdated": "2024-08-02T04:26:15.946Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39550 (GCVE-0-2024-39550)
Vulnerability from cvelistv5 – Published: 2024-07-11 16:29 – Updated: 2024-08-02 04:26
VLAI?
EPSS
Title
Junos OS: MX Series with SPC3 line card: Port flaps causes rtlogd memory leak leading to Denial of Service
Summary
A Missing Release of Memory after Effective Lifetime vulnerability in the rtlogd process of Juniper Networks Junos OS on MX Series with SPC3 allows an unauthenticated, adjacent attacker to trigger internal events cause ( which can be done by repeated port flaps) to cause a slow memory leak, ultimately leading to a Denial of Service (DoS).
Memory can only be recovered by manually restarting rtlogd process.
The memory usage can be monitored using the below command.
user@host> show system processes extensive | match rtlog
This issue affects Junos OS on MX Series with SPC3 line card:
* from 21.2R3 before 21.2R3-S8,
* from 21.4R2 before 21.4R3-S6,
* from 22.1 before 22.1R3-S5,
* from 22.2 before 22.2R3-S3,
* from 22.3 before 22.3R3-S2,
* from 22.4 before 22.4R3-S1,
* from 23.2 before 23.2R2,
* from 23.4 before 23.4R2.
Severity ?
CWE
- CWE-401 - Missing Release of Memory after Effective Lifetime
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
21.2R3 , < 21.2R3-S8
(semver)
Affected: 21.4R2 , < 21.4R3-S6 (semver) Affected: 22.1 , < 22.1R3-S5 (semver) Affected: 22.2 , < 22.2R3-S3 (semver) Affected: 22.3 , < 22.3R3-S2 (semver) Affected: 22.4 , < 22.4R3-S1 (semver) Affected: 23.2 , < 23.2R2 (semver) Affected: 23.4 , < 23.4R2 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39550",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T18:47:29.420589Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T18:47:38.416Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.926Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA83012"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"MX Series with SPC3"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S8",
"status": "affected",
"version": "21.2R3",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S6",
"status": "affected",
"version": "21.4R2",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S5",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S3",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S2",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S1",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R2",
"status": "affected",
"version": "23.4",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNext Gen Services\u0026nbsp;\u003c/span\u003ecan be enabled by using this command:\u0026nbsp;\u003cbr\u003e\u003cbr\u003euser@host\u0026gt; request system enable unified-services\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAfter you enter \u003c/span\u003e\u003ccode\u003erequest system enable unified-services\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e, reboot the chassis.\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Next Gen Services\u00a0can be enabled by using this command:\u00a0\n\nuser@host\u003e request system enable unified-services\n\nAfter you enter request system enable unified-services, reboot the chassis."
}
],
"datePublic": "2024-07-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Missing Release of Memory after Effective Lifetime vulnerability in the rtlogd process\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;of \u003c/span\u003eJuniper Networks Junos OS on MX Series with SPC3 allows an unauthenticated, adjacent attacker to trigger internal events cause ( which can be done by repeated port flaps)\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eto cause a slow memory leak, ultimately leading to a Denial of Service (DoS). \u003cbr\u003e\u003cbr\u003eMemory can only be recovered by manually restarting rtlogd process.\u0026nbsp;\u003cbr\u003e\u003cp\u003eThe memory usage can be monitored using the below command.\u003c/p\u003e\u003ccode\u003e\u2003\u2003\u2003\u2003user@host\u0026gt; show system processes extensive | match rtlog\u0026nbsp;\u003cbr\u003e\u003c/code\u003e\u003c/span\u003e\u003cbr\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Junos OS on MX Series with SPC3 line card:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003efrom 21.2R3 before 21.2R3-S8,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 21.4R2 before 21.4R3-S6,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.1 before 22.1R3-S5,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S3,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.3 before 22.3R3-S2,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3-S1,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R2.\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "A Missing Release of Memory after Effective Lifetime vulnerability in the rtlogd process\u00a0of Juniper Networks Junos OS on MX Series with SPC3 allows an unauthenticated, adjacent attacker to trigger internal events cause ( which can be done by repeated port flaps)\u00a0to cause a slow memory leak, ultimately leading to a Denial of Service (DoS). \n\nMemory can only be recovered by manually restarting rtlogd process.\u00a0\nThe memory usage can be monitored using the below command.\n\n\u2003\u2003\u2003\u2003user@host\u003e show system processes extensive | match rtlog\u00a0\n\n\n\nThis issue affects Junos OS on MX Series with SPC3 line card:\u00a0\n\n\n\n * from 21.2R3 before 21.2R3-S8,\u00a0\n * from 21.4R2 before 21.4R3-S6,\u00a0\n * from 22.1 before 22.1R3-S5,\u00a0\n * from 22.2 before 22.2R3-S3,\u00a0\n * from 22.3 before 22.3R3-S2,\u00a0\n * from 22.4 before 22.4R3-S1,\u00a0\n * from 23.2 before 23.2R2,\u00a0\n * from 23.4 before 23.4R2."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/R:U",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T16:29:03.646Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA83012"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue:\u003cbr\u003e \u003cbr\u003eJunos OS: 21.2R3-S8, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3-S1, 23.2R2, 23.4R2, 24.2R1, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue:\n \nJunos OS: 21.2R3-S8, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3-S1, 23.2R2, 23.4R2, 24.2R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA83012",
"defect": [
"1779424"
],
"discovery": "USER"
},
"title": "Junos OS: MX Series with SPC3 line card: Port flaps causes rtlogd memory leak leading to Denial of Service",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-39550",
"datePublished": "2024-07-11T16:29:03.646Z",
"dateReserved": "2024-06-25T15:12:53.246Z",
"dateUpdated": "2024-08-02T04:26:15.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39514 (GCVE-0-2024-39514)
Vulnerability from cvelistv5 – Published: 2024-07-10 23:05 – Updated: 2024-08-02 04:26
VLAI?
EPSS
Title
Junos OS and Junos OS Evolved: Receiving specific traffic on devices with EVPN-VPWS with IGMP-snooping enabled will cause the rpd to crash
Summary
An Improper Check or Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).
An attacker can send specific traffic to the device, which causes the rpd to crash and restart. Continued receipt of this traffic will result in a sustained DoS condition.
This issue only affects devices with an EVPN-VPWS instance with IGMP-snooping enabled.
This issue affects Junos OS:
* All versions before 20.4R3-S10,
* from 21.4 before 21.4R3-S6,
* from 22.1 before 22.1R3-S5,
* from 22.2 before 22.2R3-S3,
* from 22.3 before 22.3R3-S2,
* from 22.4 before 22.4R3,
* from 23.2 before 23.2R2;
Junos OS Evolved:
* All versions before 20.4R3-S10-EVO,
* from 21.4-EVO before 21.4R3-S6-EVO,
* from 22.1-EVO before 22.1R3-S5-EVO,
* from 22.2-EVO before 22.2R3-S3-EVO,
* from 22.3-EVO before 22.3R3-S2-EVO,
* from 22.4-EVO before 22.4R3-EVO,
* from 23.2-EVO before 23.2R2-EVO.
Severity ?
CWE
- CWE-703 - Improper Check or Handling of Exceptional Conditions
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
0 , < 20.4R3-S10
(semver)
Affected: 21.4 , < 21.4R3-S6 (semver) Affected: 22.1 , < 22.1R3-S5 (semver) Affected: 22.2 , < 22.2R3-S3 (semver) Affected: 22.3 , < 22.3R3-S2 (semver) Affected: 22.4 , < 22.4R3 (semver) Affected: 23.2 , < 23.2R2 (semver) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39514",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T13:56:58.930100Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T18:47:32.484Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.815Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA82980"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S10",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S6",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S5",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S3",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S2",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2",
"status": "affected",
"version": "23.2",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S10-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S6-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S5-EVO",
"status": "affected",
"version": "22.1-EVO",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S3-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S2-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R3-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
},
{
"lessThan": "23.2R2-EVO",
"status": "affected",
"version": "23.2-EVO",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "EVPN-VPWS can be configured with the following:\u0026nbsp; \u0026nbsp;\u003cbr\u003e\u003ctt\u003e\u003ctt\u003e[ routing-instances \u0026lt;instance-name\u0026gt; instance-type evpn-vpws ]\u003cbr\u003e[ routing-instances \u0026lt;instance-name\u0026gt; interface \u0026lt;interface\u0026gt; ]\u003c/tt\u003e\u003c/tt\u003e\u003cbr\u003e\u003cbr\u003eIGMP-snooping can be enabled with the following configuration line:\u003cbr\u003e\u003ctt\u003e[ routing-instances \u0026lt;instance-name\u0026gt; bridge-domains \u0026lt;name\u0026gt; igmp-snooping vlan \u0026lt;vlan\u0026gt; ]\u003c/tt\u003e\u003ctt\u003e\u003c/tt\u003e"
}
],
"value": "EVPN-VPWS can be configured with the following:\u00a0 \u00a0\n[ routing-instances \u003cinstance-name\u003e instance-type evpn-vpws ]\n[ routing-instances \u003cinstance-name\u003e interface \u003cinterface\u003e ]\n\nIGMP-snooping can be enabled with the following configuration line:\n[ routing-instances \u003cinstance-name\u003e bridge-domains \u003cname\u003e igmp-snooping vlan \u003cvlan\u003e ]"
}
],
"datePublic": "2024-07-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Check or Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003eAn attacker can send specific traffic to the device, which causes the rpd to crash and restart. Continued receipt of this traffic will result in a sustained DoS condition.\u003cbr\u003e\u003cbr\u003eThis issue only affects devices with an EVPN-VPWS instance with IGMP-snooping enabled.\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects Junos OS: \u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eAll versions before 20.4R3-S10,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 21.4 before 21.4R3-S6,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 22.1 before 22.1R3-S5,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 22.2 before 22.2R3-S3,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 22.3 before 22.3R3-S2,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 22.4 before 22.4R3,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 23.2 before 23.2R2;\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003eJunos OS Evolved: \u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eAll versions before 20.4R3-S10-EVO,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 21.4-EVO before 21.4R3-S6-EVO,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 22.1-EVO before 22.1R3-S5-EVO,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 22.2-EVO before 22.2R3-S3-EVO,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 22.3-EVO before 22.3R3-S2-EVO,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 22.4-EVO before 22.4R3-EVO,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 23.2-EVO before 23.2R2-EVO.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/span\u003e"
}
],
"value": "An Improper Check or Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).\n\nAn attacker can send specific traffic to the device, which causes the rpd to crash and restart. Continued receipt of this traffic will result in a sustained DoS condition.\n\nThis issue only affects devices with an EVPN-VPWS instance with IGMP-snooping enabled.\n\nThis issue affects Junos OS: \n * All versions before 20.4R3-S10,\u00a0\n * from 21.4 before 21.4R3-S6,\u00a0\n * from 22.1 before 22.1R3-S5,\u00a0\n * from 22.2 before 22.2R3-S3,\u00a0\n * from 22.3 before 22.3R3-S2,\u00a0\n * from 22.4 before 22.4R3,\u00a0\n * from 23.2 before 23.2R2;\n\n\nJunos OS Evolved: \n * All versions before 20.4R3-S10-EVO,\u00a0\n * from 21.4-EVO before 21.4R3-S6-EVO,\u00a0\n * from 22.1-EVO before 22.1R3-S5-EVO,\u00a0\n * from 22.2-EVO before 22.2R3-S3-EVO,\u00a0\n * from 22.3-EVO before 22.3R3-S2-EVO,\u00a0\n * from 22.4-EVO before 22.4R3-EVO,\u00a0\n * from 23.2-EVO before 23.2R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703 Improper Check or Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T23:05:27.050Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA82980"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: \u003cbr\u003eJunos OS: 20.4R3-S10, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3, 23.2R2, 23.4R1, and all subsequent releases.\u003cbr\u003eJunos OS Evolved: 20.4R3-S10-EVO, 21.4R3-S6-EVO, 22.1R3-S5-EVO, 22.2R3-S3-EVO, 22.3R3-S2-EVO, 22.4R3-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases.\n\u003cbr\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue: \nJunos OS: 20.4R3-S10, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3, 23.2R2, 23.4R1, and all subsequent releases.\nJunos OS Evolved: 20.4R3-S10-EVO, 21.4R3-S6-EVO, 22.1R3-S5-EVO, 22.2R3-S3-EVO, 22.3R3-S2-EVO, 22.4R3-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA82980",
"defect": [
"1758171"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: Receiving specific traffic on devices with EVPN-VPWS with IGMP-snooping enabled will cause the rpd to crash",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-39514",
"datePublished": "2024-07-10T23:05:27.050Z",
"dateReserved": "2024-06-25T15:12:53.238Z",
"dateUpdated": "2024-08-02T04:26:15.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39545 (GCVE-0-2024-39545)
Vulnerability from cvelistv5 – Published: 2024-07-11 16:22 – Updated: 2024-08-02 04:26
VLAI?
EPSS
Title
Junos OS: SRX Series, MX Series with SPC3 and NFX350: When VPN tunnels parameters are not configured in specific way the iked process will crash
Summary
An Improper Check for Unusual or Exceptional Conditions vulnerability in the the IKE daemon (iked) of Juniper Networks Junos OS on SRX Series, MX Series with SPC3 and NFX350 allows allows an unauthenticated, network-based attacker sending specific mismatching parameters as part of the IPsec negotiation to trigger an iked crash leading to Denial of Service (DoS).
This issue is applicable to all platforms that run iked. This issue affects Junos OS on SRX Series, MX Series with SPC3 and NFX350:
* All versions before 21.2R3-S8,
* from 21.4 before 21.4R3-S7,
* from 22.1 before 22.1R3-S2,
* from 22.2 before 22.2R3-S1,
* from 22.3 before 22.3R2-S1, 22.3R3,
* from 22.4 before 22.4R1-S2, 22.4R2, 22.4R3.
Severity ?
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
0 , < 21.2R3-S8
(semver)
Affected: 21.4 , < 21.4R3-S7 (semver) Affected: 22.1 , < 22.1R3-S2 (semver) Affected: 22.2 , < 22.2R3-S1 (semver) Affected: 22.3 , < 22.3R2-S1, 22.3R3 (semver) Affected: 22.4 , < 22.4R1-S2, 22.4R2, 22.4R3 (semver) |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:juniper:junos_os:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "junos_os",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.2R3-S8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S7",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S2",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S1",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R2-S1",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R1-S2",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "22.4R2",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "22.4R3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "22.3R3",
"status": "affected",
"version": "22.3",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39545",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T17:20:38.651409Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T16:36:35.287Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.979Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA83007"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"SRX Series",
"MX Series with SPC3",
"NFX350"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S7",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S2",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S1",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R2-S1, 22.3R3",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R1-S2, 22.4R2, 22.4R3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTo be exposed to this issue IPsec VPN needs to be configured with a minimal ike configuration:\u003c/p\u003e\u003cp\u003e\u0026nbsp; [ security ike gateway ike-policy ]\u003c/p\u003e\u003cp\u003e\u0026nbsp; [ security ipsec vpn ike gateway ]\u003c/p\u003e\u003cp\u003eAlso, the system needs to run iked (vs. kmd which is not affected), which can be verified with:\u003c/p\u003e\u003cp\u003e\u0026nbsp; show system processes extensive | match \"KMD|IKED\"\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "To be exposed to this issue IPsec VPN needs to be configured with a minimal ike configuration:\n\n\u00a0 [ security ike gateway ike-policy ]\n\n\u00a0 [ security ipsec vpn ike gateway ]\n\nAlso, the system needs to run iked (vs. kmd which is not affected), which can be verified with:\n\n\u00a0 show system processes extensive | match \"KMD|IKED\""
}
],
"datePublic": "2024-07-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the the IKE daemon (iked) of Juniper Networks Junos OS on SRX Series, MX Series with SPC3 and NFX350 allows allows an unauthenticated, network-based attacker sending specific mismatching parameters as part of the IPsec negotiation to trigger an iked crash leading to Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003eThis issue is applicable to all platforms that run iked.\u0026nbsp;\u003cp\u003eThis issue affects Junos OS on SRX Series, MX Series with SPC3 and NFX350:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.2R3-S8,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 21.4 before 21.4R3-S7,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.1 before 22.1R3-S2,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S1,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.3 before 22.3R2-S1, 22.3R3,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R1-S2, 22.4R2, 22.4R3.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the the IKE daemon (iked) of Juniper Networks Junos OS on SRX Series, MX Series with SPC3 and NFX350 allows allows an unauthenticated, network-based attacker sending specific mismatching parameters as part of the IPsec negotiation to trigger an iked crash leading to Denial of Service (DoS).\n\nThis issue is applicable to all platforms that run iked.\u00a0This issue affects Junos OS on SRX Series, MX Series with SPC3 and NFX350:\u00a0\n\n\n\n * All versions before 21.2R3-S8,\u00a0\n * from 21.4 before 21.4R3-S7,\u00a0\n * from 22.1 before 22.1R3-S2,\u00a0\n * from 22.2 before 22.2R3-S1,\u00a0\n * from 22.3 before 22.3R2-S1, 22.3R3,\u00a0\n * from 22.4 before 22.4R1-S2, 22.4R2, 22.4R3."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T16:22:13.915Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA83007"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: \u003cbr\u003e\u003cbr\u003eJunos OS: 21.2R3-S8, 21.4R3-S7, 22.1R3-J1, 22.1R3-S2, 22.2R3-S1, 22.3R2-S1, 22.3R3, 22.4R1-S2, 22.4R2, 22.4R3, 23.2R1, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS: 21.2R3-S8, 21.4R3-S7, 22.1R3-J1, 22.1R3-S2, 22.2R3-S1, 22.3R2-S1, 22.3R3, 22.4R1-S2, 22.4R2, 22.4R3, 23.2R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA83007",
"defect": [
"1716092"
],
"discovery": "USER"
},
"title": "Junos OS: SRX Series, MX Series with SPC3 and NFX350: When VPN tunnels parameters are not configured in specific way the iked process will crash",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-39545",
"datePublished": "2024-07-11T16:22:13.915Z",
"dateReserved": "2024-06-25T15:12:53.245Z",
"dateUpdated": "2024-08-02T04:26:15.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39554 (GCVE-0-2024-39554)
Vulnerability from cvelistv5 – Published: 2024-07-10 22:32 – Updated: 2024-08-02 04:26
VLAI?
EPSS
Title
Junos OS and Junos OS Evolved: BGP multipath incremental calculation is resulting in an rpd crash
Summary
A Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability the
Routing Protocol Daemon (rpd)
of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to inject incremental routing updates when BGP multipath is enabled, causing rpd to crash and restart, resulting in a Denial of Service (DoS). Since this is a timing issue (race condition), the successful exploitation of this vulnerability is outside the attacker's control. However, continued receipt and processing of this packet may create a sustained Denial of Service (DoS) condition.
On all Junos OS and Junos OS Evolved platforms with BGP multipath enabled, a specific multipath calculation removes the original next hop from the multipath lead routes nexthop-set. When this change happens, multipath relies on certain internal timing to record the update. Under certain circumstance and with specific timing, this could result in an rpd crash.
This issue only affects systems with BGP multipath enabled.
This issue affects:
Junos OS:
* All versions of 21.1
* from 21.2 before 21.2R3-S7,
* from 21.4 before 21.4R3-S6,
* from 22.1 before 22.1R3-S5,
* from 22.2 before 22.2R3-S3,
* from 22.3 before 22.3R3-S2,
* from 22.4 before 22.4R3,
* from 23.2 before 23.2R2.
Junos OS Evolved:
* All versions of 21.1-EVO,
* All versions of 21.2-EVO,
* from 21.4-EVO before 21.4R3-S6-EVO,
* from 22.1-EVO before 22.1R3-S5-EVO,
* from 22.2-EVO before 22.2R3-S3-EVO,
* from 22.3-EVO before 22.3R3-S2-EVO,
* from 22.4-EVO before 22.4R3-EVO,
* from 23.2-EVO before 23.2R2-EVO.
Versions of Junos OS before 21.1R1 are unaffected by this vulnerability.
Versions of Junos OS Evolved before 21.1R1-EVO are unaffected by this vulnerability.
Severity ?
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
21.1 , < 21.1*
(semver)
Affected: 21.2 , < 21.2R3-S7 (semver) Affected: 21.4 , < 21.4R3-S6 (semver) Affected: 22.1 , < 22.1R3-S5 (semver) Affected: 22.2 , < 22.2R3-S3 (semver) Affected: 22.3 , < 22.3R3-S2 (semver) Affected: 22.4 , < 22.4R3 (semver) Affected: 23.2 , < 23.2R2 (semver) Unaffected: 0 , < 21.1R1 (semver) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:juniper:junos:21.1:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "junos",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.1*",
"status": "affected",
"version": "21.1",
"versionType": "custom"
},
{
"lessThan": "21.2r3-s7",
"status": "affected",
"version": "21.2",
"versionType": "custom"
},
{
"lessThan": "21.4r3-s6",
"status": "affected",
"version": "21.4",
"versionType": "custom"
},
{
"lessThan": "22.1r3-s5",
"status": "affected",
"version": "22.1",
"versionType": "custom"
},
{
"lessThan": "22.2r3-s3",
"status": "affected",
"version": "22.2",
"versionType": "custom"
},
{
"lessThan": "22.3r3-s2",
"status": "affected",
"version": "22.3",
"versionType": "custom"
},
{
"lessThan": "22.4r3",
"status": "affected",
"version": "22.4",
"versionType": "custom"
},
{
"lessThan": "23.2r2",
"status": "affected",
"version": "23.2",
"versionType": "custom"
},
{
"lessThan": "21.1r1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "junos_os_evolved",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.1r1-evo",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "21.1*-evo",
"status": "affected",
"version": "21.1-evo",
"versionType": "custom"
},
{
"lessThan": "21.2*-evo",
"status": "affected",
"version": "21.2-evo",
"versionType": "custom"
},
{
"lessThan": "21.4r3-s6-evo",
"status": "affected",
"version": "21.4-evo",
"versionType": "custom"
},
{
"lessThan": "22.1r3-s5-evo",
"status": "affected",
"version": "22.1-evo",
"versionType": "custom"
},
{
"lessThan": "22.2r3-s3-evo",
"status": "affected",
"version": "22.2-evo",
"versionType": "custom"
},
{
"lessThan": "22.3r3-s2-evo",
"status": "affected",
"version": "22.3-evo",
"versionType": "custom"
},
{
"lessThan": "22.4r3-evo",
"status": "affected",
"version": "22.4-evo",
"versionType": "custom"
},
{
"lessThan": "23.2r2-evo",
"status": "affected",
"version": "23.2-evo",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39554",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T13:09:55.707497Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T13:40:38.794Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.931Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA83014"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.1*",
"status": "affected",
"version": "21.1",
"versionType": "semver"
},
{
"lessThan": "21.2R3-S7",
"status": "affected",
"version": "21.2",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S6",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S5",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S3",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S2",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "21.1R1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.1*-EVO",
"status": "affected",
"version": "21.1-EVO",
"versionType": "semver"
},
{
"lessThan": "21.2*-EVO",
"status": "affected",
"version": "21.2-EVO",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S6-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S5-EVO",
"status": "affected",
"version": "22.1-EVO",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S3-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S2-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R3-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
},
{
"lessThan": "23.2R2-EVO",
"status": "affected",
"version": "23.2-EVO",
"versionType": "semver"
},
{
"lessThan": "21.1R1-EVO",
"status": "unaffected",
"version": "0",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A sample BGP multipath configuration is shown below:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ protocols bgp group \u0026lt;name\u0026gt; multipath ]\u003c/tt\u003e"
}
],
"value": "A sample BGP multipath configuration is shown below:\n\n[ protocols bgp group \u003cname\u003e multipath ]"
}
],
"datePublic": "2024-07-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027) vulnerability the \n\nRouting Protocol Daemon (rpd)\n\n of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to inject incremental routing updates when BGP multipath is enabled, causing rpd to crash and restart, resulting in a Denial of Service (DoS). Since this is a timing issue (race condition), the successful exploitation of this vulnerability is outside the attacker\u0027s control.\u0026nbsp; However, continued receipt and processing of this packet may create a sustained Denial of Service (DoS) condition.\u003cbr\u003e\u003cbr\u003eOn all Junos OS and Junos OS Evolved platforms with BGP multipath enabled, a specific multipath calculation removes the original next hop from the multipath lead routes nexthop-set. When this change happens, multipath relies on certain internal timing to record the update.\u0026nbsp; Under certain circumstance and with specific timing, this could result in an rpd crash.\u003cbr\u003e\u003cbr\u003eThis issue only affects systems with BGP multipath enabled.\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJunos OS: \u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions of 21.1\u003c/li\u003e\u003cli\u003efrom 21.2 before 21.2R3-S7, \u003c/li\u003e\u003cli\u003efrom 21.4 before 21.4R3-S6, \u003c/li\u003e\u003cli\u003efrom 22.1 before 22.1R3-S5, \u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S3, \u003c/li\u003e\u003cli\u003efrom 22.3 before 22.3R3-S2, \u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3, \u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eJunos OS Evolved: \u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions of 21.1-EVO,\u003c/li\u003e\u003cli\u003eAll versions of 21.2-EVO,\u003c/li\u003e\u003cli\u003efrom 21.4-EVO before 21.4R3-S6-EVO, \u003c/li\u003e\u003cli\u003efrom 22.1-EVO before 22.1R3-S5-EVO, \u003c/li\u003e\u003cli\u003efrom 22.2-EVO before 22.2R3-S3-EVO, \u003c/li\u003e\u003cli\u003efrom 22.3-EVO before 22.3R3-S2-EVO, \u003c/li\u003e\u003cli\u003efrom 22.4-EVO before 22.4R3-EVO, \u003c/li\u003e\u003cli\u003efrom 23.2-EVO before 23.2R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003eVersions of Junos OS before 21.1R1 are unaffected by this vulnerability.\u003cbr\u003eVersions of Junos OS Evolved before 21.1R1-EVO are unaffected by this vulnerability."
}
],
"value": "A Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027) vulnerability the \n\nRouting Protocol Daemon (rpd)\n\n of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to inject incremental routing updates when BGP multipath is enabled, causing rpd to crash and restart, resulting in a Denial of Service (DoS). Since this is a timing issue (race condition), the successful exploitation of this vulnerability is outside the attacker\u0027s control.\u00a0 However, continued receipt and processing of this packet may create a sustained Denial of Service (DoS) condition.\n\nOn all Junos OS and Junos OS Evolved platforms with BGP multipath enabled, a specific multipath calculation removes the original next hop from the multipath lead routes nexthop-set. When this change happens, multipath relies on certain internal timing to record the update.\u00a0 Under certain circumstance and with specific timing, this could result in an rpd crash.\n\nThis issue only affects systems with BGP multipath enabled.\n\n\nThis issue affects:\n\nJunos OS: \n\n\n * All versions of 21.1\n * from 21.2 before 21.2R3-S7, \n * from 21.4 before 21.4R3-S6, \n * from 22.1 before 22.1R3-S5, \n * from 22.2 before 22.2R3-S3, \n * from 22.3 before 22.3R3-S2, \n * from 22.4 before 22.4R3, \n * from 23.2 before 23.2R2.\n\n\n\n\nJunos OS Evolved: \n\n\n * All versions of 21.1-EVO,\n * All versions of 21.2-EVO,\n * from 21.4-EVO before 21.4R3-S6-EVO, \n * from 22.1-EVO before 22.1R3-S5-EVO, \n * from 22.2-EVO before 22.2R3-S3-EVO, \n * from 22.3-EVO before 22.3R3-S2-EVO, \n * from 22.4-EVO before 22.4R3-EVO, \n * from 23.2-EVO before 23.2R2-EVO.\n\n\n\nVersions of Junos OS before 21.1R1 are unaffected by this vulnerability.\nVersions of Junos OS Evolved before 21.1R1-EVO are unaffected by this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T23:23:10.774Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA83014"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue:\u003cbr\u003eJunos OS: 21.2R3-S7, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3, 23.2R2, 23.4R1, and all subsequent releases.\u003cbr\u003eJunos OS Evolved: 21.4R3-S6-EVO, 22.1R3-S5-EVO, 22.2R3-S3-EVO, 22.3R3-S2-EVO, 22.4R3-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases.\u003cbr\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue:\nJunos OS: 21.2R3-S7, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3, 23.2R2, 23.4R1, and all subsequent releases.\nJunos OS Evolved: 21.4R3-S6-EVO, 22.1R3-S5-EVO, 22.2R3-S3-EVO, 22.3R3-S2-EVO, 22.4R3-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA83014",
"defect": [
"1744801"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: BGP multipath incremental calculation is resulting in an rpd crash",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-39554",
"datePublished": "2024-07-10T22:32:34.310Z",
"dateReserved": "2024-06-25T15:12:53.246Z",
"dateUpdated": "2024-08-02T04:26:15.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39532 (GCVE-0-2024-39532)
Vulnerability from cvelistv5 – Published: 2024-07-11 16:06 – Updated: 2025-01-07 20:25
VLAI?
EPSS
Title
Junos OS and Junos OS Evolved: Confidential information in logs can be accessed by another user
Summary
An Insertion of Sensitive Information into Log File vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to access sensitive information.
When another user performs a specific operation, sensitive information is stored as plain text in a specific log file, so that a high-privileged attacker has access to this information.
This issue affects:
Junos OS:
* All versions before 21.2R3-S9;
*
21.4 versions before 21.4R3-S9;
* 22.2 versions before 22.2R2-S1, 22.2R3;
* 22.3 versions before 22.3R1-S1, 22.3R2;
Junos OS Evolved:
* All versions before before 22.1R3-EVO;
* 22.2-EVO versions before 22.2R2-S1-EVO, 22.2R3-EVO;
* 22.3-EVO versions before 22.3R1-S1-EVO, 22.3R2-EVO.
Severity ?
6.3 (Medium)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
0 , < 21.2R3-S9
(semver)
Affected: 21.4 , < 21.4R3-S9 (semver) Affected: 22.2 , < 22.2R2-S1, 22.2R3 (semver) Affected: 22.3 , < 22.3R1-S1, 22.3R2 (semver) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39532",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T18:58:58.168706Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T18:59:06.023Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.806Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA82992"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S9",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S9",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.2R2-S1, 22.2R3",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R1-S1, 22.3R2",
"status": "affected",
"version": "22.3",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "22.1R3-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "22.2R2-S1-EVO, 22.2R3-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R1-S1-EVO, 22.3R2-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-07-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Insertion of Sensitive Information into Log File vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to access sensitive information.\u003cbr\u003e\u003cbr\u003eWhen another user performs a specific operation, sensitive information is stored as plain text in a specific log file, so that a high-privileged attacker has access to this information.\u003cbr\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJunos OS:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.2R3-S9;\u003c/li\u003e\u003cli\u003e\n\n21.4 versions before 21.4R3-S9;\u003cbr\u003e\u003c/li\u003e\u003cli\u003e22.2 versions before 22.2R2-S1, 22.2R3;\u003c/li\u003e\u003cli\u003e22.3 versions before 22.3R1-S1, 22.3R2;\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eJunos OS Evolved:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before before 22.1R3-EVO;\u003c/li\u003e\u003cli\u003e22.2-EVO versions before 22.2R2-S1-EVO, 22.2R3-EVO;\u003c/li\u003e\u003cli\u003e22.3-EVO versions before 22.3R1-S1-EVO, 22.3R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "An Insertion of Sensitive Information into Log File vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to access sensitive information.\n\nWhen another user performs a specific operation, sensitive information is stored as plain text in a specific log file, so that a high-privileged attacker has access to this information.\nThis issue affects:\n\nJunos OS:\n\n\n\n * All versions before 21.2R3-S9;\n * \n\n21.4 versions before 21.4R3-S9;\n\n * 22.2 versions before 22.2R2-S1, 22.2R3;\n * 22.3 versions before 22.3R1-S1, 22.3R2;\n\n\n\n\nJunos OS Evolved:\n\n\n\n * All versions before before 22.1R3-EVO;\n * 22.2-EVO versions before 22.2R2-S1-EVO, 22.2R3-EVO;\n * 22.3-EVO versions before 22.3R1-S1-EVO, 22.3R2-EVO."
}
],
"exploits": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-07T20:25:28.188Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA82992"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue:\u003cbr\u003eJunos OS: 21.2R3-S9, 21.4R3-S9, 22.2R2-S1, 22.2R3, 22.3R1-S1, 22.3R2, 22.4R1, and all subsequent releases.\u003cbr\u003eJunos OS Evolved: 22.1R3-EVO, 22.2R2-S1-EVO, 22.2R3-EVO, 22.3R1-S1-EVO, 22.3R2-EVO, 22.4R1-EVO, and all subsequent releases.\u003cbr\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue:\nJunos OS: 21.2R3-S9, 21.4R3-S9, 22.2R2-S1, 22.2R3, 22.3R1-S1, 22.3R2, 22.4R1, and all subsequent releases.\nJunos OS Evolved: 22.1R3-EVO, 22.2R2-S1-EVO, 22.2R3-EVO, 22.3R1-S1-EVO, 22.3R2-EVO, 22.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA82992",
"defect": [
"1645119"
],
"discovery": "INTERNAL"
},
"title": "Junos OS and Junos OS Evolved: Confidential information in logs can be accessed by another user",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-39532",
"datePublished": "2024-07-11T16:06:40.305Z",
"dateReserved": "2024-06-25T15:12:53.241Z",
"dateUpdated": "2025-01-07T20:25:28.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39543 (GCVE-0-2024-39543)
Vulnerability from cvelistv5 – Published: 2024-07-11 16:21 – Updated: 2024-08-02 04:26
VLAI?
EPSS
Title
Junos OS and Junos OS Evolved: Receipt of a large RPKI-RTR PDU packet can cause rpd to crash
Summary
A Buffer Copy without Checking Size of Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to send specific RPKI-RTR packets resulting in a crash, creating a Denial of Service (DoS) condition. Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.
This issue affects
Junos OS:
* All versions before 21.2R3-S8,
* from 21.4 before 21.4R3-S8,
* from 22.2 before 22.2R3-S4,
* from 22.3 before 22.3R3-S3,
* from 22.4 before 22.4R3-S2,
* from 23.2 before 23.2R2-S1,
* from 23.4 before 23.4R2.
Junos OS Evolved: * All versions before 21.2R3-S8-EVO,
* from 21.4 before 21.4R3-S8-EVO,
* from 22.2 before 22.2R3-S4-EVO,
* from 22.3 before 22.3R3-S3-EVO,
* from 22.4 before 22.4R3-S2-EVO,
* from 23.2 before 23.2R2-S1-EVO,
* from 23.4 before 23.4R2-EVO.
Severity ?
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
0 , < 21.2R3-S8
(semver)
Affected: 21.4 , < 21.4R3-S8 (semver) Affected: 22.2 , < 22.2R3-S4 (semver) Affected: 22.3 , < 22.3R3-S3 (semver) Affected: 22.4 , < 22.4R3-S2 (semver) Affected: 23.2 , < 23.2R2-S1 (semver) Affected: 23.4 , < 23.4R2 (semver) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39543",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T18:59:17.569893Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T18:59:25.632Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.957Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA83004"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S8",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S4",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S3",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S2",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S1",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R2",
"status": "affected",
"version": "23.4",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S8-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S8-EVO",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S4-EVO",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S3-EVO",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S2-EVO",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S1-EVO",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R2-EVO",
"status": "affected",
"version": "23.4",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTo be affected by this issue rpki-rtr session needs to be UP with the DUT with a given IP or by way of configuration.\u003c/p\u003eMore information regarding the config can be found here:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.juniper.net/documentation/us/en/software/junos/cli-reference/topics/ref/statement/validation-edit-routing-options.html\"\u003ehttps://www.juniper.net/documentation/us/en/software/junos/cli-reference/topics/ref/statement/validation-edit-routing-options.html\u003c/a\u003e\u003cbr\u003e\u003cp\u003e\u003c/p\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "To be affected by this issue rpki-rtr session needs to be UP with the DUT with a given IP or by way of configuration.\n\nMore information regarding the config can be found here:\u00a0 https://www.juniper.net/documentation/us/en/software/junos/cli-reference/topics/ref/statement/validation-edit-routing-options.html"
}
],
"datePublic": "2024-07-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA Buffer Copy without Checking Size of Input\u0026nbsp;vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to send specific RPKI-RTR packets resulting in a crash,\u0026nbsp;creating a Denial of Service (DoS) condition.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eContinued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003cp\u003eThis issue affects\u0026nbsp;\u003c/p\u003e\u003cp\u003eJunos OS:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.2R3-S8,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 21.4 before 21.4R3-S8,\u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S4,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.3 before 22.3R3-S3,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3-S2,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-S1,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R2.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eJunos OS Evolved:\u003c/span\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAll versions before 21.2R3-S8-EVO,\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003efrom 21.4 before 21.4R3-S8-EVO,\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003efrom 22.2 before 22.2R3-S4-EVO,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003efrom 22.3 before 22.3R3-S3-EVO,\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003efrom 22.4 before 22.4R3-S2-EVO,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003efrom 23.2 before 23.2R2-S1-EVO,\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003efrom 23.4 before 23.4R2-EVO.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "A Buffer Copy without Checking Size of Input\u00a0vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to send specific RPKI-RTR packets resulting in a crash,\u00a0creating a Denial of Service (DoS) condition.\u00a0Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.\n\nThis issue affects\u00a0\n\nJunos OS:\u00a0\n\n\n\n * All versions before 21.2R3-S8,\u00a0\n * from 21.4 before 21.4R3-S8,\n * from 22.2 before 22.2R3-S4,\u00a0\n * from 22.3 before 22.3R3-S3,\u00a0\n * from 22.4 before 22.4R3-S2,\u00a0\n * from 23.2 before 23.2R2-S1,\u00a0\n * from 23.4 before 23.4R2.\n\n\n\nJunos OS Evolved: * All versions before 21.2R3-S8-EVO,\n * from 21.4 before 21.4R3-S8-EVO,\n * from 22.2 before 22.2R3-S4-EVO,\u00a0\n * from 22.3 before 22.3R3-S3-EVO,\n * from 22.4 before 22.4R3-S2-EVO,\u00a0\n * from 23.2 before 23.2R2-S1-EVO,\n * from 23.4 before 23.4R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/R:A",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T16:21:38.508Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA83004"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: \u003cbr\u003e\u003cbr\u003eJunos OS: 21.2R3-S8, 21.4R3-S8, 22.2R3-S4, 22.3R3-S3, 22.4R3-S2, 23.2R2-S1, 23.4R2, 24.2R1, and all subsequent releases.\u003cbr\u003e\u003cbr\u003e\nJunos OS Evolved:\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e21.2R3-S8-EVO, 21.4R3-S8-EVO, 22.2R3-S4-EVO, 22.3R3-S3-EVO 22.4R3-S2-EVO, 23.2R2-S1-EVO, 23.4R2-EVO, 24.2R1-EVO,\u0026nbsp;and all subsequent releases.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS: 21.2R3-S8, 21.4R3-S8, 22.2R3-S4, 22.3R3-S3, 22.4R3-S2, 23.2R2-S1, 23.4R2, 24.2R1, and all subsequent releases.\n\n\nJunos OS Evolved:\u00a021.2R3-S8-EVO, 21.4R3-S8-EVO, 22.2R3-S4-EVO, 22.3R3-S3-EVO 22.4R3-S2-EVO, 23.2R2-S1-EVO, 23.4R2-EVO, 24.2R1-EVO,\u00a0and all subsequent releases."
}
],
"source": {
"advisory": "JSA83004",
"defect": [
"1803120"
],
"discovery": "INTERNAL"
},
"title": "Junos OS and Junos OS Evolved: Receipt of a large RPKI-RTR PDU packet can cause rpd to crash",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-39543",
"datePublished": "2024-07-11T16:21:38.508Z",
"dateReserved": "2024-06-25T15:12:53.245Z",
"dateUpdated": "2024-08-02T04:26:15.957Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39551 (GCVE-0-2024-39551)
Vulnerability from cvelistv5 – Published: 2024-07-11 16:29 – Updated: 2024-08-02 04:26
VLAI?
EPSS
Title
Junos OS: SRX Series and MX Series with SPC3 and MS-MPC/MIC: Receipt of specific packets in H.323 ALG causes traffic drop
Summary
An Uncontrolled Resource Consumption vulnerability in the H.323 ALG (Application Layer Gateway) of Juniper Networks Junos OS on SRX Series and MX Series with SPC3 and MS-MPC/MIC, allows an unauthenticated network-based attacker to send specific packets causing traffic loss leading to Denial of Service (DoS).
Continued receipt and processing of these specific packets will sustain the Denial of Service condition.
The memory usage can be monitored using the below command.
user@host> show usp memory segment sha data objcache jsf
This issue affects SRX Series and MX Series with SPC3 and MS-MPC/MIC:
* 20.4 before 20.4R3-S10,
* 21.2 before 21.2R3-S6,
* 21.3 before 21.3R3-S5,
* 21.4 before 21.4R3-S6,
* 22.1 before 22.1R3-S4,
* 22.2 before 22.2R3-S2,
* 22.3 before 22.3R3-S1,
* 22.4 before 22.4R3,
* 23.2 before 23.2R2.
Severity ?
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
20.4 , < 20.4R3-S10
(semver)
Affected: 21.2 , < 21.2R3-S6 (semver) Affected: 21.3 , < 21.3R3-S5 (semver) Affected: 21.4 , < 21.4R3-S6 (semver) Affected: 22.1 , < 22.1R3-S4 (semver) Affected: 22.2 , < 22.2R3-S2 (semver) Affected: 22.3 , < 22.3R3-S1 (semver) Affected: 22.4 , < 22.4R3 (semver) Affected: 23.2 , < 23.2R2 (semver) |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:juniper:junos_os:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "junos_os",
"vendor": "juniper",
"versions": [
{
"lessThan": "20.4r3-s10",
"status": "affected",
"version": "20.4",
"versionType": "semver"
},
{
"lessThan": "21.2r3-s6",
"status": "affected",
"version": "21.2",
"versionType": "semver"
},
{
"lessThan": "21.3r3-s5",
"status": "affected",
"version": "21.3",
"versionType": "semver"
},
{
"lessThan": "21.4r3-s6",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1r3-s4",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2r3-s2",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3r3-s1",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4r3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2r2",
"status": "affected",
"version": "23.2",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39551",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T18:33:00.389286Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T16:57:12.317Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.947Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA83013"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"SRX Series",
"MX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S10",
"status": "affected",
"version": "20.4",
"versionType": "semver"
},
{
"lessThan": "21.2R3-S6",
"status": "affected",
"version": "21.2",
"versionType": "semver"
},
{
"lessThan": "21.3R3-S5",
"status": "affected",
"version": "21.3",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S6",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S4",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S2",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S1",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2",
"status": "affected",
"version": "23.2",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTo be affected the SIP ALG needs to be enabled, either implicitly / by default or by way of configuration.\u003c/p\u003e\u003cp\u003ePlease verify on SRX with:\u003c/p\u003e\u003ccode\u003e user@host\u0026gt; show security alg status | match sip\u003c/code\u003e\u003cbr\u003e\u003ccode\u003e SIP : Enabled\u003c/code\u003e\u003cbr\u003e\u003cp\u003ePlease verify on MX whether the following is configured:\u003c/p\u003e\u003ccode\u003e user@host\u0026gt; show security alg status | match sip\u003c/code\u003e\u003cbr\u003e\u003ccode\u003e SIP : Enabled\u003c/code\u003e\u003cbr\u003e\u003ccode\u003e [services ... rule \u0026lt;rule-name\u0026gt; (term \u0026lt;term-name\u0026gt; ) from/match application/application-set \u0026lt;name\u0026gt;]\u003c/code\u003e\u003cbr\u003e\u003cp\u003ewhere either\u003c/p\u003e\u003ccode\u003e a. name = junos-sip\u003c/code\u003e\u003cbr\u003e\u003cp\u003eor an application or application-set refers to SIP:\u003c/p\u003e\u003ccode\u003e b. [applications application \u0026lt;name\u0026gt; application-protocol sip]\u003c/code\u003e\u003cbr\u003e\u003cp\u003eor\u003c/p\u003e\u003ccode\u003e c. [applications application-set \u0026lt;name\u0026gt; application junos-sip]\u003c/code\u003e\u003cbr\u003e"
}
],
"value": "To be affected the SIP ALG needs to be enabled, either implicitly / by default or by way of configuration.\n\nPlease verify on SRX with:\n\n user@host\u003e show security alg status | match sip\n SIP : Enabled\nPlease verify on MX whether the following is configured:\n\n user@host\u003e show security alg status | match sip\n SIP : Enabled\n [services ... rule \u003crule-name\u003e (term \u003cterm-name\u003e ) from/match application/application-set \u003cname\u003e]\nwhere either\n\n a. name = junos-sip\nor an application or application-set refers to SIP:\n\n b. [applications application \u003cname\u003e application-protocol sip]\nor\n\n c. [applications application-set \u003cname\u003e application junos-sip]"
}
],
"datePublic": "2024-07-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Uncontrolled Resource Consumption vulnerability in the H.323 ALG (Application Layer Gateway) of\u0026nbsp; Juniper Networks Junos OS on SRX Series and MX Series with SPC3 and MS-MPC/MIC, allows an\u0026nbsp;unauthenticated network-based attacker to send specific packets causing traffic loss leading to Denial of Service (DoS).\u0026nbsp;\u003cbr\u003e\u003cbr\u003eContinued receipt and processing of these specific packets will sustain the Denial of Service condition.\u003cbr\u003e\u003cbr\u003eThe memory usage can be monitored using the below command.\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u2003\u2003user@host\u0026gt; show usp memory segment sha data objcache jsf\u0026nbsp;\u003c/span\u003e\u003cbr\u003e\u003cp\u003eThis issue affects SRX Series and MX Series with SPC3 and MS-MPC/MIC:\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u200320.4 before 20.4R3-S10,\u0026nbsp;\u003c/li\u003e\u003cli\u003e\u200321.2 before 21.2R3-S6,\u0026nbsp;\u003c/li\u003e\u003cli\u003e\u200321.3 before 21.3R3-S5,\u0026nbsp;\u003c/li\u003e\u003cli\u003e\u200321.4 before 21.4R3-S6,\u0026nbsp;\u003c/li\u003e\u003cli\u003e\u200322.1 before 22.1R3-S4,\u0026nbsp;\u003c/li\u003e\u003cli\u003e\u200322.2 before 22.2R3-S2,\u0026nbsp;\u003c/li\u003e\u003cli\u003e\u200322.3 before 22.3R3-S1,\u0026nbsp;\u003c/li\u003e\u003cli\u003e\u200322.4 before 22.4R3,\u0026nbsp;\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--darkreader-bg--wht);\"\u003e\u200323.2 before 23.2R2.\u003c/span\u003e\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "An Uncontrolled Resource Consumption vulnerability in the H.323 ALG (Application Layer Gateway) of\u00a0 Juniper Networks Junos OS on SRX Series and MX Series with SPC3 and MS-MPC/MIC, allows an\u00a0unauthenticated network-based attacker to send specific packets causing traffic loss leading to Denial of Service (DoS).\u00a0\n\nContinued receipt and processing of these specific packets will sustain the Denial of Service condition.\n\nThe memory usage can be monitored using the below command.\n\n\u2003\u2003user@host\u003e show usp memory segment sha data objcache jsf\u00a0\nThis issue affects SRX Series and MX Series with SPC3 and MS-MPC/MIC:\u00a0\n\n * \u200320.4 before 20.4R3-S10,\u00a0\n * \u200321.2 before 21.2R3-S6,\u00a0\n * \u200321.3 before 21.3R3-S5,\u00a0\n * \u200321.4 before 21.4R3-S6,\u00a0\n * \u200322.1 before 22.1R3-S4,\u00a0\n * \u200322.2 before 22.2R3-S2,\u00a0\n * \u200322.3 before 22.3R3-S1,\u00a0\n * \u200322.4 before 22.4R3,\u00a0\n * \u200323.2 before 23.2R2."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T16:29:46.607Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA83013"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue:\u003cbr\u003e \u003cbr\u003eJunos OS: 20.4R3-S10, 21.2R3-S6, 21.3R3-S5, 21.4R3-S6, 22.1R3-S4, 22.2R3-S2, 22.3R3-S1, 22.4R3, 23.2R2, 23.4R1, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue:\n \nJunos OS: 20.4R3-S10, 21.2R3-S6, 21.3R3-S5, 21.4R3-S6, 22.1R3-S4, 22.2R3-S2, 22.3R3-S1, 22.4R3, 23.2R2, 23.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA83013",
"defect": [
"1745890"
],
"discovery": "INTERNAL"
},
"title": "Junos OS: SRX Series and MX Series with SPC3 and MS-MPC/MIC: Receipt of specific packets in H.323 ALG causes traffic drop",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-39551",
"datePublished": "2024-07-11T16:29:46.607Z",
"dateReserved": "2024-06-25T15:12:53.246Z",
"dateUpdated": "2024-08-02T04:26:15.947Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…