Vulnerabilites related to juniper - mx304
Vulnerability from fkie_nvd
Published
2024-01-12 01:15
Modified
2024-11-21 08:54
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
An Unsupported Feature in the UI vulnerability in Juniper Networks Junos OS on MX Series and EX9200 Series allows an unauthenticated, network-based attacker to cause partial impact to the integrity of the device.
If the "tcp-reset" option is added to the "reject" action in an IPv6 filter which matches on "payload-protocol", packets are permitted instead of rejected. This happens because the payload-protocol match criteria is not supported in the kernel filter causing it to accept all packets without taking any other action. As a fix the payload-protocol match will be treated the same as a "next-header" match to avoid this filter bypass.
This issue doesn't affect IPv4 firewall filters.
This issue affects Juniper Networks Junos OS on MX Series and EX9200 Series:
* All versions earlier than 20.4R3-S7;
* 21.1 versions earlier than 21.1R3-S5;
* 21.2 versions earlier than 21.2R3-S5;
* 21.3 versions earlier than 21.3R3-S4;
* 21.4 versions earlier than 21.4R3-S4;
* 22.1 versions earlier than 22.1R3-S2;
* 22.2 versions earlier than 22.2R3-S2;
* 22.3 versions earlier than 22.3R2-S2, 22.3R3;
* 22.4 versions earlier than 22.4R1-S2, 22.4R2-S2, 22.4R3.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*", matchCriteriaId: "E3A96966-5060-4139-A124-D4E2C879FD6C", versionEndExcluding: "20.4", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:-:*:*:*:*:*:*", matchCriteriaId: "3D361B23-A3C2-444B-BEB8-E231DA950567", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r1:*:*:*:*:*:*", matchCriteriaId: "20DDC6B7-BFC4-4F0B-8E68-442C23765BF2", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r1-s1:*:*:*:*:*:*", matchCriteriaId: "037BA01C-3F5C-4503-A633-71765E9EF774", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r2:*:*:*:*:*:*", matchCriteriaId: "C54B047C-4B38-40C0-9855-067DCF7E48BD", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r2-s1:*:*:*:*:*:*", matchCriteriaId: "38984199-E332-4A9C-A4C0-78083D052E15", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r2-s2:*:*:*:*:*:*", matchCriteriaId: "AA6526FB-2941-4D18-9B2E-472AD5A62A53", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r3:*:*:*:*:*:*", matchCriteriaId: "09876787-A40A-4340-9C12-8628C325353B", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r3-s1:*:*:*:*:*:*", matchCriteriaId: "41615104-C17E-44DA-AB0D-6E2053BD4EF4", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r3-s2:*:*:*:*:*:*", matchCriteriaId: "1981DE38-36B5-469D-917E-92717EE3ED53", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r3-s3:*:*:*:*:*:*", matchCriteriaId: "AFA68ACD-AAE5-4577-B734-23AAF77BC85A", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r3-s4:*:*:*:*:*:*", matchCriteriaId: "65948ABC-22BB-46D5-8545-0806EDB4B86E", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r3-s5:*:*:*:*:*:*", matchCriteriaId: "283E41CB-9A90-4521-96DC-F31AA592CFD8", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r3-s6:*:*:*:*:*:*", matchCriteriaId: "14EEA504-CBC5-4F6F-889A-D505EC4BB5B1", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.1:-:*:*:*:*:*:*", matchCriteriaId: "6FDB5B7D-FB37-47E3-8678-B9ED578CCA5F", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.1:r1:*:*:*:*:*:*", matchCriteriaId: "625BA7E6-D2AD-4A48-9B94-24328BE5B06A", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.1:r1-s1:*:*:*:*:*:*", matchCriteriaId: "F462F4E3-762C-429F-8D25-5521100DD37C", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.1:r2:*:*:*:*:*:*", matchCriteriaId: "C0BC9DAC-D6B5-4C5E-8C73-6E550D9A30F5", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.1:r2-s1:*:*:*:*:*:*", matchCriteriaId: "689FE1AE-7A85-4FB6-AB02-E732F23581B6", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.1:r2-s2:*:*:*:*:*:*", matchCriteriaId: "79E56DAC-75AD-4C81-9835-634B40C15DA6", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.1:r3:*:*:*:*:*:*", matchCriteriaId: "A0040FE2-7ECD-4755-96CE-E899BA298E0C", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.1:r3-s1:*:*:*:*:*:*", matchCriteriaId: "076AB086-BB79-4583-AAF7-A5233DFB2F95", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.1:r3-s2:*:*:*:*:*:*", matchCriteriaId: "72E2DDF6-01DF-4880-AB60-B3DA3281E88D", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.1:r3-s3:*:*:*:*:*:*", matchCriteriaId: "54010163-0810-4CF5-95FE-7E62BC6CA4F9", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.1:r3-s4:*:*:*:*:*:*", matchCriteriaId: "5C1C3B09-3800-493E-A319-57648305FE6E", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*", matchCriteriaId: "216E7DDE-453D-481F-92E2-9F8466CDDA3F", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r1:*:*:*:*:*:*", matchCriteriaId: "A52AF794-B36B-43A6-82E9-628658624B0A", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r1-s1:*:*:*:*:*:*", matchCriteriaId: "3998DC76-F72F-4452-9150-652140B113EB", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r1-s2:*:*:*:*:*:*", matchCriteriaId: "36ED4552-2420-45F9-B6E4-6DA2B2B12870", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r2:*:*:*:*:*:*", matchCriteriaId: "C28A14E7-7EA0-4757-9764-E39A27CFDFA5", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r2-s1:*:*:*:*:*:*", matchCriteriaId: "4A43752D-A4AF-4B4E-B95B-192E42883A5B", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r2-s2:*:*:*:*:*:*", matchCriteriaId: "42986538-E9D0-4C2E-B1C4-A763A4EE451B", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r3:*:*:*:*:*:*", matchCriteriaId: "DE22CA01-EA7E-4EE5-B59F-EE100688C1DA", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r3-s1:*:*:*:*:*:*", matchCriteriaId: "E596ABD9-6ECD-48DC-B770-87B7E62EA345", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r3-s2:*:*:*:*:*:*", matchCriteriaId: "71745D02-D226-44DC-91AD-678C85F5E6FC", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r3-s3:*:*:*:*:*:*", matchCriteriaId: "39E44B09-7310-428C-8144-AE9DB0484D1F", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r3-s4:*:*:*:*:*:*", matchCriteriaId: "53938295-8999-4316-9DED-88E24D037852", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:-:*:*:*:*:*:*", matchCriteriaId: "2E7D597D-F6B6-44C3-9EBC-4FA0686ACB5C", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r1:*:*:*:*:*:*", matchCriteriaId: "CC78A4CB-D617-43FC-BB51-287D2D0C44ED", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r1-s1:*:*:*:*:*:*", matchCriteriaId: "30FF67F8-1E3C-47A8-8859-709B3614BA6E", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r1-s2:*:*:*:*:*:*", matchCriteriaId: "0C7C507E-C85E-4BC6-A3B0-549516BAB524", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r2:*:*:*:*:*:*", matchCriteriaId: "6514CDE8-35DC-469F-89A3-078684D18F7A", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r2-s1:*:*:*:*:*:*", matchCriteriaId: "4624565D-8F59-44A8-B7A8-01AD579745E7", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r2-s2:*:*:*:*:*:*", matchCriteriaId: "4BF8CD82-C338-4D9A-8C98-FCB3CEAA9227", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r3:*:*:*:*:*:*", matchCriteriaId: "57E08E70-1AF3-4BA5-9A09-06DFE9663ADE", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r3-s1:*:*:*:*:*:*", matchCriteriaId: "255B6F20-D32F-42C1-829C-AE9C7923558A", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r3-s2:*:*:*:*:*:*", matchCriteriaId: "90AE30DB-C448-4FE9-AC11-FF0F27CDA227", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r3-s3:*:*:*:*:*:*", matchCriteriaId: "93F324AE-65D3-4CFC-AEAB-898CE1BD05CD", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:-:*:*:*:*:*:*", matchCriteriaId: "79ED3CE8-CC57-43AB-9A26-BBC87816062D", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r1:*:*:*:*:*:*", matchCriteriaId: "4310D2D9-A8A6-48F8-9384-0A0692A1E1C3", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r1-s1:*:*:*:*:*:*", matchCriteriaId: "9962B01C-C57C-4359-9532-676AB81CE8B0", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r1-s2:*:*:*:*:*:*", matchCriteriaId: "62178549-B679-4902-BFDB-2993803B7FCE", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r2:*:*:*:*:*:*", matchCriteriaId: "9AD697DF-9738-4276-94ED-7B9380CD09F5", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r2-s1:*:*:*:*:*:*", matchCriteriaId: "09FF5818-0803-4646-A386-D7C645EE58A3", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r2-s2:*:*:*:*:*:*", matchCriteriaId: "2229FA59-EB24-49A2-85CE-F529A8DE6BA7", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r3:*:*:*:*:*:*", matchCriteriaId: "0CB280D8-C5D8-4B51-A879-496ACCDE4538", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r3-s1:*:*:*:*:*:*", matchCriteriaId: "5F3F54F1-75B3-400D-A735-2C27C8CEBE79", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r3-s2:*:*:*:*:*:*", matchCriteriaId: "476A49E7-37E9-40F9-BF2D-9BBFFAA1DFFC", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r3-s3:*:*:*:*:*:*", matchCriteriaId: "0A5B196A-2AF1-4AE5-9148-A75A572807BC", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:-:*:*:*:*:*:*", matchCriteriaId: "9D157211-535E-4B2D-B2FE-F697FAFDF65C", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r1:*:*:*:*:*:*", matchCriteriaId: "3F96EBE9-2532-4E35-ABA5-CA68830476A4", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r1-s1:*:*:*:*:*:*", matchCriteriaId: "B4D936AE-FD74-4823-A824-2D9F24C25BFB", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r1-s2:*:*:*:*:*:*", matchCriteriaId: "E117E493-F4E1-4568-88E3-F243C74A2662", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r2:*:*:*:*:*:*", matchCriteriaId: "01E3E308-FD9C-4686-8C35-8472A0E99F0D", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r2-s1:*:*:*:*:*:*", matchCriteriaId: "3683A8F5-EE0E-4936-A005-DF7F6B75DED3", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r2-s2:*:*:*:*:*:*", matchCriteriaId: "1B615DBA-8C53-41D4-B264-D3EED8578471", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r3:*:*:*:*:*:*", matchCriteriaId: "B3124DD0-9E42-4896-9060-CB7DD07FC342", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r3-s1:*:*:*:*:*:*", matchCriteriaId: "44F6FD6C-03AF-4D2C-B411-A753DE12A2DA", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.2:-:*:*:*:*:*:*", matchCriteriaId: "06156CD6-09D3-4A05-9C5E-BC64A70640F9", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.2:r1:*:*:*:*:*:*", matchCriteriaId: "E949B21B-AD62-4022-9088-06313277479E", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.2:r1-s1:*:*:*:*:*:*", matchCriteriaId: "8D862E6F-0D01-4B25-8340-888C30F75A2F", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.2:r1-s2:*:*:*:*:*:*", matchCriteriaId: "2F28F73E-8563-41B9-A313-BBAAD5B57A67", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.2:r2:*:*:*:*:*:*", matchCriteriaId: "E37D4694-C80B-475E-AB5B-BB431F59C5E1", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.2:r2-s1:*:*:*:*:*:*", matchCriteriaId: "5EC0D2D2-4922-4675-8A2C-57A08D7BE334", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.2:r2-s2:*:*:*:*:*:*", matchCriteriaId: "9EC91F9D-DEDA-46B4-A39F-59A2CDB86C2E", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.2:r3:*:*:*:*:*:*", matchCriteriaId: "591AA3E6-62A2-4A1A-A04C-E808F71D8B6E", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.2:r3-s1:*:*:*:*:*:*", matchCriteriaId: "786F993E-32CB-492A-A7CC-A7E4F48EA8B9", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.3:-:*:*:*:*:*:*", matchCriteriaId: "CEB98E3F-B0A9-488F-ACFC-56B9485E7C9E", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.3:r1:*:*:*:*:*:*", matchCriteriaId: "19519212-51DD-4448-B115-8A20A40192CC", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.3:r1-s1:*:*:*:*:*:*", matchCriteriaId: "5CC9909E-AE9F-414D-99B1-83AA04D5297B", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.3:r1-s2:*:*:*:*:*:*", matchCriteriaId: "FDE9E767-4713-4EA2-8D00-1382975A4A15", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.3:r2:*:*:*:*:*:*", matchCriteriaId: "59DDA54E-6845-47EB-AE3C-5EC6BD33DFA7", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.3:r2-s1:*:*:*:*:*:*", matchCriteriaId: "574730B0-56C8-4A03-867B-1737148ED9B1", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.4:-:*:*:*:*:*:*", matchCriteriaId: "1379EF30-AF04-4F98-8328-52A631F24737", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.4:r1:*:*:*:*:*:*", matchCriteriaId: "28E42A41-7965-456B-B0AF-9D3229CE4D4C", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.4:r1-s1:*:*:*:*:*:*", matchCriteriaId: "CB1A77D6-D3AD-481B-979C-8F778530B175", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.4:r2:*:*:*:*:*:*", matchCriteriaId: "40813417-A938-4F74-A419-8C5188A35486", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.4:r2-s1:*:*:*:*:*:*", matchCriteriaId: "7FC1BA1A-DF0E-4B15-86BA-24C60E546732", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:juniper:ex9200:-:*:*:*:*:*:*:*", matchCriteriaId: "D08A8D94-134A-41E7-8396-70D8B0735E9C", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:ex9204:-:*:*:*:*:*:*:*", matchCriteriaId: "86E82CE3-F43D-4B29-A64D-B14ADB6CC357", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:ex9208:-:*:*:*:*:*:*:*", matchCriteriaId: "13C0199E-B9F0-41D3-B625-083990517CDF", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx10:-:*:*:*:*:*:*:*", matchCriteriaId: "52699E2B-450A-431C-81E3-DC4483C8B4F2", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx10000:-:*:*:*:*:*:*:*", matchCriteriaId: "D97AF6F8-3D50-4D35-BCB1-54E3BEC69B9F", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx10003:-:*:*:*:*:*:*:*", matchCriteriaId: "D5627740-42E3-4FB1-B8B9-0B768AFFA1EC", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx10004:-:*:*:*:*:*:*:*", matchCriteriaId: "84F7BB7E-3A52-4C23-A4D2-50E75C912AFC", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx10008:-:*:*:*:*:*:*:*", matchCriteriaId: "D6F0EA2F-BF7E-45D0-B2B4-8A7B67A9475A", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx10016:-:*:*:*:*:*:*:*", matchCriteriaId: "C39DA74D-F5C7-4C11-857D-50631A110644", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx104:-:*:*:*:*:*:*:*", matchCriteriaId: "F72C850A-0530-4DB7-A553-7E19F82122B5", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx150:-:*:*:*:*:*:*:*", matchCriteriaId: "7FE2089C-F341-4DC1-B76D-633BC699306D", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx2008:-:*:*:*:*:*:*:*", matchCriteriaId: "2FEF33EB-B2E0-42EF-A1BB-D41021B6D08F", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx2010:-:*:*:*:*:*:*:*", matchCriteriaId: "27175D9A-CA2C-4218-8042-835E25DFCA43", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx2020:-:*:*:*:*:*:*:*", matchCriteriaId: "00C7FC57-8ACF-45AA-A227-7E3B350FD24F", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx204:-:*:*:*:*:*:*:*", matchCriteriaId: "2754C2DF-DF6E-4109-9463-38B4E0465B77", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx240:-:*:*:*:*:*:*:*", matchCriteriaId: "F4A26704-A6A4-4C4F-9E12-A0A0259491EF", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx304:-:*:*:*:*:*:*:*", matchCriteriaId: "3F7FB0CC-624D-4AB9-A7AC-BB19838C3B22", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx40:-:*:*:*:*:*:*:*", matchCriteriaId: "C982A2FF-A1F9-4830-BAB6-77CFCE1F093F", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx480:-:*:*:*:*:*:*:*", matchCriteriaId: "104858BD-D31D-40E0-8524-2EC311F10EAC", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx5:-:*:*:*:*:*:*:*", matchCriteriaId: "3B557965-0040-4048-B56C-F564FF28635B", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx80:-:*:*:*:*:*:*:*", matchCriteriaId: "EB875EBD-A3CD-4466-B2A3-39D47FF94592", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx960:-:*:*:*:*:*:*:*", matchCriteriaId: "B5E08E1E-0FE4-4294-9497-BBFFECA2A220", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "\nAn Unsupported Feature in the UI vulnerability in Juniper Networks Junos OS on MX Series and EX9200 Series allows an unauthenticated, network-based attacker to cause partial impact to the integrity of the device.\n\nIf the \"tcp-reset\" option is added to the \"reject\" action in an IPv6 filter which matches on \"payload-protocol\", packets are permitted instead of rejected. This happens because the payload-protocol match criteria is not supported in the kernel filter causing it to accept all packets without taking any other action. As a fix the payload-protocol match will be treated the same as a \"next-header\" match to avoid this filter bypass.\n\nThis issue doesn't affect IPv4 firewall filters.\n\nThis issue affects Juniper Networks Junos OS on MX Series and EX9200 Series:\n\n\n\n * All versions earlier than 20.4R3-S7;\n * 21.1 versions earlier than 21.1R3-S5;\n * 21.2 versions earlier than 21.2R3-S5;\n * 21.3 versions earlier than 21.3R3-S4;\n * 21.4 versions earlier than 21.4R3-S4;\n * 22.1 versions earlier than 22.1R3-S2;\n * 22.2 versions earlier than 22.2R3-S2;\n * 22.3 versions earlier than 22.3R2-S2, 22.3R3;\n * 22.4 versions earlier than 22.4R1-S2, 22.4R2-S2, 22.4R3.\n\n\n\n\n\n\n", }, { lang: "es", value: "Una característica no compatible en la vulnerabilidad de la interfaz de usuario en Juniper Networks Junos OS en las series MX y EX9200 permite que un atacante no autenticado basado en la red cause un impacto parcial en la integridad del dispositivo. Si se agrega la opción \"tcp-reset\" a la acción \"reject\" en un filtro IPv6 que coincide con el \"payload-protocol\", los paquetes se permiten en lugar de rechazarse. Esto sucede porque los criterios de coincidencia del payload-protocol no son compatibles con el filtro del kernel, lo que hace que acepte todos los paquetes sin realizar ninguna otra acción. Como solución, la coincidencia del payload-protocol se tratará de la misma manera que una coincidencia del \"next-header\" para evitar esta omisión del filtro. Este problema no afecta a los filtros de firewall IPv4. Este problema afecta a Juniper Networks Junos OS en las series MX y EX9200: * Todas las versiones anteriores a 20.4R3-S7; * Versiones 21.1 anteriores a 21.1R3-S5; * Versiones 21.2 anteriores a 21.2R3-S5; * Versiones 21.3 anteriores a 21.3R3-S4; * Versiones 21.4 anteriores a 21.4R3-S4; * Versiones 22.1 anteriores a 22.1R3-S2; * Versiones 22.2 anteriores a 22.2R3-S2; * Versiones 22.3 anteriores a 22.3R2-S2, 22.3R3; * Versiones 22.4 anteriores a 22.4R1-S2, 22.4R2-S2, 22.4R3.", }, ], id: "CVE-2024-21607", lastModified: "2024-11-21T08:54:42.600", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "sirt@juniper.net", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-01-12T01:15:49.057", references: [ { source: "sirt@juniper.net", tags: [ "Vendor Advisory", ], url: "https://supportportal.juniper.net/JSA75748", }, { source: "sirt@juniper.net", tags: [ "Third Party Advisory", ], url: "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://supportportal.juniper.net/JSA75748", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", }, ], sourceIdentifier: "sirt@juniper.net", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-447", }, ], source: "sirt@juniper.net", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-07-11 17:15
Modified
2025-03-05 14:53
Severity ?
Summary
A Missing Release of Memory after Effective Lifetime vulnerability in Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS).
In a subscriber management scenario continuous subscriber logins will trigger a memory leak and eventually lead to an FPC crash and restart.
This issue affects Junos OS on MX Series:
* All version before 21.2R3-S6,
* 21.4 versions before 21.4R3-S6,
* 22.1 versions before 22.1R3-S5,
* 22.2 versions before 22.2R3-S3,
* 22.3 versions before 22.3R3-S2,
* 22.4 versions before 22.4R3,
* 23.2 versions before 23.2R2.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| sirt@juniper.net | https://supportportal.juniper.net/JSA82999 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://supportportal.juniper.net/JSA82999 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*", matchCriteriaId: "331C0F12-D9B9-483B-9EF0-28E48ED8346D", versionEndExcluding: "21.2", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*", matchCriteriaId: "216E7DDE-453D-481F-92E2-9F8466CDDA3F", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r1:*:*:*:*:*:*", matchCriteriaId: "A52AF794-B36B-43A6-82E9-628658624B0A", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r1-s1:*:*:*:*:*:*", matchCriteriaId: "3998DC76-F72F-4452-9150-652140B113EB", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r1-s2:*:*:*:*:*:*", matchCriteriaId: "36ED4552-2420-45F9-B6E4-6DA2B2B12870", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r2:*:*:*:*:*:*", matchCriteriaId: "C28A14E7-7EA0-4757-9764-E39A27CFDFA5", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r2-s1:*:*:*:*:*:*", matchCriteriaId: "4A43752D-A4AF-4B4E-B95B-192E42883A5B", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r2-s2:*:*:*:*:*:*", matchCriteriaId: "42986538-E9D0-4C2E-B1C4-A763A4EE451B", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r3:*:*:*:*:*:*", matchCriteriaId: "DE22CA01-EA7E-4EE5-B59F-EE100688C1DA", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r3-s1:*:*:*:*:*:*", matchCriteriaId: "E596ABD9-6ECD-48DC-B770-87B7E62EA345", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r3-s2:*:*:*:*:*:*", matchCriteriaId: "71745D02-D226-44DC-91AD-678C85F5E6FC", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r3-s3:*:*:*:*:*:*", matchCriteriaId: "39E44B09-7310-428C-8144-AE9DB0484D1F", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r3-s4:*:*:*:*:*:*", matchCriteriaId: "53938295-8999-4316-9DED-88E24D037852", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r3-s5:*:*:*:*:*:*", matchCriteriaId: "2307BF56-640F-49A8-B060-6ACB0F653A61", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:-:*:*:*:*:*:*", matchCriteriaId: "79ED3CE8-CC57-43AB-9A26-BBC87816062D", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r1:*:*:*:*:*:*", matchCriteriaId: "4310D2D9-A8A6-48F8-9384-0A0692A1E1C3", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r1-s1:*:*:*:*:*:*", matchCriteriaId: "9962B01C-C57C-4359-9532-676AB81CE8B0", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r1-s2:*:*:*:*:*:*", matchCriteriaId: "62178549-B679-4902-BFDB-2993803B7FCE", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r2:*:*:*:*:*:*", matchCriteriaId: "9AD697DF-9738-4276-94ED-7B9380CD09F5", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r2-s1:*:*:*:*:*:*", matchCriteriaId: "09FF5818-0803-4646-A386-D7C645EE58A3", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r2-s2:*:*:*:*:*:*", matchCriteriaId: "2229FA59-EB24-49A2-85CE-F529A8DE6BA7", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r3:*:*:*:*:*:*", matchCriteriaId: "0CB280D8-C5D8-4B51-A879-496ACCDE4538", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r3-s1:*:*:*:*:*:*", matchCriteriaId: "5F3F54F1-75B3-400D-A735-2C27C8CEBE79", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r3-s2:*:*:*:*:*:*", matchCriteriaId: "476A49E7-37E9-40F9-BF2D-9BBFFAA1DFFC", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r3-s3:*:*:*:*:*:*", matchCriteriaId: "0A5B196A-2AF1-4AE5-9148-A75A572807BC", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r3-s4:*:*:*:*:*:*", matchCriteriaId: "3B457616-2D91-4913-9A7D-038BBF8F1F66", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r3-s5:*:*:*:*:*:*", matchCriteriaId: "C470FB4E-A927-4AF3-ACB0-AD1E264218B7", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:-:*:*:*:*:*:*", matchCriteriaId: "9D157211-535E-4B2D-B2FE-F697FAFDF65C", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r1:*:*:*:*:*:*", matchCriteriaId: "3F96EBE9-2532-4E35-ABA5-CA68830476A4", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r1-s1:*:*:*:*:*:*", matchCriteriaId: "B4D936AE-FD74-4823-A824-2D9F24C25BFB", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r1-s2:*:*:*:*:*:*", matchCriteriaId: "E117E493-F4E1-4568-88E3-F243C74A2662", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r2:*:*:*:*:*:*", matchCriteriaId: "01E3E308-FD9C-4686-8C35-8472A0E99F0D", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r2-s1:*:*:*:*:*:*", matchCriteriaId: "3683A8F5-EE0E-4936-A005-DF7F6B75DED3", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r2-s2:*:*:*:*:*:*", matchCriteriaId: "1B615DBA-8C53-41D4-B264-D3EED8578471", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r3:*:*:*:*:*:*", matchCriteriaId: "B3124DD0-9E42-4896-9060-CB7DD07FC342", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r3-s1:*:*:*:*:*:*", matchCriteriaId: "44F6FD6C-03AF-4D2C-B411-A753DE12A2DA", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r3-s2:*:*:*:*:*:*", matchCriteriaId: "D49FFB60-BA71-4902-9404-E67162919ADC", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r3-s3:*:*:*:*:*:*", matchCriteriaId: "EFF72FCA-C440-4D43-9BDB-F712DB413717", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r3-s4:*:*:*:*:*:*", matchCriteriaId: "DE69E9E3-00FC-41BF-9109-617668CF9A0B", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.2:-:*:*:*:*:*:*", matchCriteriaId: "06156CD6-09D3-4A05-9C5E-BC64A70640F9", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.2:r1:*:*:*:*:*:*", matchCriteriaId: "E949B21B-AD62-4022-9088-06313277479E", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.2:r1-s1:*:*:*:*:*:*", matchCriteriaId: "8D862E6F-0D01-4B25-8340-888C30F75A2F", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.2:r1-s2:*:*:*:*:*:*", matchCriteriaId: "2F28F73E-8563-41B9-A313-BBAAD5B57A67", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.2:r2:*:*:*:*:*:*", matchCriteriaId: "E37D4694-C80B-475E-AB5B-BB431F59C5E1", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.2:r2-s1:*:*:*:*:*:*", matchCriteriaId: "5EC0D2D2-4922-4675-8A2C-57A08D7BE334", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.2:r2-s2:*:*:*:*:*:*", matchCriteriaId: "9EC91F9D-DEDA-46B4-A39F-59A2CDB86C2E", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.2:r3:*:*:*:*:*:*", matchCriteriaId: "591AA3E6-62A2-4A1A-A04C-E808F71D8B6E", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.2:r3-s1:*:*:*:*:*:*", matchCriteriaId: "786F993E-32CB-492A-A7CC-A7E4F48EA8B9", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.2:r3-s2:*:*:*:*:*:*", matchCriteriaId: "60CEA89D-BAC4-41CD-A1D1-AA5EDDEBD54A", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.3:-:*:*:*:*:*:*", matchCriteriaId: "CEB98E3F-B0A9-488F-ACFC-56B9485E7C9E", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.3:r1:*:*:*:*:*:*", matchCriteriaId: "19519212-51DD-4448-B115-8A20A40192CC", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.3:r1-s1:*:*:*:*:*:*", matchCriteriaId: "5CC9909E-AE9F-414D-99B1-83AA04D5297B", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.3:r1-s2:*:*:*:*:*:*", matchCriteriaId: "FDE9E767-4713-4EA2-8D00-1382975A4A15", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.3:r2:*:*:*:*:*:*", matchCriteriaId: "59DDA54E-6845-47EB-AE3C-5EC6BD33DFA7", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.3:r2-s1:*:*:*:*:*:*", matchCriteriaId: "574730B0-56C8-4A03-867B-1737148ED9B1", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.3:r2-s2:*:*:*:*:*:*", matchCriteriaId: "20EBC676-1B26-4A71-8326-0F892124290A", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.3:r3:*:*:*:*:*:*", matchCriteriaId: "FB4C0FBF-8813-44E5-B71A-22CBAA603E2F", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.3:r3-s1:*:*:*:*:*:*", matchCriteriaId: "8BCDE58C-80CC-4C5A-9667-8A4468D8D76C", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.4:-:*:*:*:*:*:*", matchCriteriaId: "1379EF30-AF04-4F98-8328-52A631F24737", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.4:r1:*:*:*:*:*:*", matchCriteriaId: "28E42A41-7965-456B-B0AF-9D3229CE4D4C", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.4:r1-s1:*:*:*:*:*:*", matchCriteriaId: "CB1A77D6-D3AD-481B-979C-8F778530B175", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.4:r1-s2:*:*:*:*:*:*", matchCriteriaId: "3A064B6B-A99B-4D8D-A62D-B00C7870BC30", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.4:r2:*:*:*:*:*:*", matchCriteriaId: "40813417-A938-4F74-A419-8C5188A35486", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.4:r2-s1:*:*:*:*:*:*", matchCriteriaId: "7FC1BA1A-DF0E-4B15-86BA-24C60E546732", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.4:r2-s2:*:*:*:*:*:*", matchCriteriaId: "EBB967BF-3495-476D-839A-9DBFCBE69F91", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:23.2:-:*:*:*:*:*:*", matchCriteriaId: "1A78CC80-E8B1-4CDA-BB35-A61833657FA7", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:23.2:r1:*:*:*:*:*:*", matchCriteriaId: "4B3B2FE1-C228-46BE-AC76-70C2687050AE", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:23.2:r1-s1:*:*:*:*:*:*", matchCriteriaId: "F1B16FF0-900F-4AEE-B670-A537139F6909", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:23.2:r1-s2:*:*:*:*:*:*", matchCriteriaId: "B227E831-30FF-4BE1-B8B2-31829A5610A6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:juniper:mx:-:*:*:*:*:*:*:*", matchCriteriaId: "72952BFC-45B9-4379-8D9A-A10132CC34EF", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx10:-:*:*:*:*:*:*:*", matchCriteriaId: "52699E2B-450A-431C-81E3-DC4483C8B4F2", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx10000:-:*:*:*:*:*:*:*", matchCriteriaId: "D97AF6F8-3D50-4D35-BCB1-54E3BEC69B9F", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx10003:-:*:*:*:*:*:*:*", matchCriteriaId: "D5627740-42E3-4FB1-B8B9-0B768AFFA1EC", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx10004:-:*:*:*:*:*:*:*", matchCriteriaId: "84F7BB7E-3A52-4C23-A4D2-50E75C912AFC", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx10008:-:*:*:*:*:*:*:*", matchCriteriaId: "D6F0EA2F-BF7E-45D0-B2B4-8A7B67A9475A", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx10016:-:*:*:*:*:*:*:*", matchCriteriaId: "C39DA74D-F5C7-4C11-857D-50631A110644", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx104:-:*:*:*:*:*:*:*", matchCriteriaId: "F72C850A-0530-4DB7-A553-7E19F82122B5", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx150:-:*:*:*:*:*:*:*", matchCriteriaId: "7FE2089C-F341-4DC1-B76D-633BC699306D", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx2008:-:*:*:*:*:*:*:*", matchCriteriaId: "2FEF33EB-B2E0-42EF-A1BB-D41021B6D08F", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx2010:-:*:*:*:*:*:*:*", matchCriteriaId: "27175D9A-CA2C-4218-8042-835E25DFCA43", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx2020:-:*:*:*:*:*:*:*", matchCriteriaId: "00C7FC57-8ACF-45AA-A227-7E3B350FD24F", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx204:-:*:*:*:*:*:*:*", matchCriteriaId: "2754C2DF-DF6E-4109-9463-38B4E0465B77", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx240:-:*:*:*:*:*:*:*", matchCriteriaId: "F4A26704-A6A4-4C4F-9E12-A0A0259491EF", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx304:-:*:*:*:*:*:*:*", matchCriteriaId: "3F7FB0CC-624D-4AB9-A7AC-BB19838C3B22", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx40:-:*:*:*:*:*:*:*", matchCriteriaId: "C982A2FF-A1F9-4830-BAB6-77CFCE1F093F", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx480:-:*:*:*:*:*:*:*", matchCriteriaId: "104858BD-D31D-40E0-8524-2EC311F10EAC", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx5:-:*:*:*:*:*:*:*", matchCriteriaId: "3B557965-0040-4048-B56C-F564FF28635B", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx80:-:*:*:*:*:*:*:*", matchCriteriaId: "EB875EBD-A3CD-4466-B2A3-39D47FF94592", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx960:-:*:*:*:*:*:*:*", matchCriteriaId: "B5E08E1E-0FE4-4294-9497-BBFFECA2A220", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A Missing Release of Memory after Effective Lifetime vulnerability in Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS).\n\nIn a subscriber management scenario continuous subscriber logins will trigger a memory leak and eventually lead to an FPC crash and restart.\n\nThis issue affects Junos OS on MX Series:\n\n\n\n * All version before 21.2R3-S6,\n * 21.4 versions before 21.4R3-S6,\n * 22.1 versions before 22.1R3-S5,\n * 22.2 versions before 22.2R3-S3, \n * 22.3 versions before 22.3R3-S2,\n * 22.4 versions before 22.4R3,\n * 23.2 versions before 23.2R2.", }, { lang: "es", value: "Una vulnerabilidad de liberación de memoria faltante después de la vida útil efectiva en Juniper Networks Junos OS en la serie MX permite que un atacante adyacente no autenticado provoque una denegación de servicio (DoS). En un escenario de gestión de suscriptores, los inicios de sesión continuos de los suscriptores provocarán una pérdida de memoria y, eventualmente, provocarán un bloqueo y reinicio del FPC. Este problema afecta a Junos OS en la serie MX: * Todas las versiones anteriores a 21.2R3-S6, * Versiones 21.4 anteriores a 21.4R3-S6, * Versiones 22.1 anteriores a 22.1R3-S5, * Versiones 22.2 anteriores a 22.2R3-S3, * Versiones 22.3 anteriores a 22.3 R3-S2, *versiones 22.4 anteriores a 22.4R3, *versiones 23.2 anteriores a 23.2R2.", }, ], id: "CVE-2024-39539", lastModified: "2025-03-05T14:53:25.190", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 3.6, source: "sirt@juniper.net", type: "Secondary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "PRESENT", attackVector: "ADJACENT", availabilityRequirement: "NOT_DEFINED", baseScore: 6, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "NONE", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "LOW", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "HIGH", vulnConfidentialityImpact: "NONE", vulnIntegrityImpact: "NONE", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "sirt@juniper.net", type: "Secondary", }, ], }, published: "2024-07-11T17:15:12.633", references: [ { source: "sirt@juniper.net", tags: [ "Vendor Advisory", ], url: "https://supportportal.juniper.net/JSA82999", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://supportportal.juniper.net/JSA82999", }, ], sourceIdentifier: "sirt@juniper.net", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-401", }, ], source: "sirt@juniper.net", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-13 00:15
Modified
2024-11-21 08:25
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
An Improper Release of Memory Before Removing Last Reference vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a local, low privileged attacker to cause an FPC crash, leading to Denial of Service (DoS).
On all Junos MX Series with MPC1 - MPC9, LC480, LC2101, MX10003, and MX80, when Connectivity-Fault-Management (CFM) is enabled in a VPLS scenario, and a specific LDP related command is run, an FPC will crash and reboot. Continued execution of this specific LDP command can lead to sustained Denial of Service condition.
This issue affects:
Juniper Networks Junos OS on MX Series:
* All versions prior to 20.4R3-S7;
* 21.1 versions prior to 21.1R3-S5;
* 21.2 versions prior to 21.2R3-S4;
* 21.3 versions prior to 21.3R3-S4;
* 21.4 versions prior to 21.4R3-S3;
* 22.1 versions prior to 22.1R3-S1;
* 22.2 versions prior to 22.2R2-S1, 22.2R3;
* 22.3 versions prior to 22.3R1-S2, 22.3R2.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| sirt@juniper.net | https://supportportal.juniper.net/JSA73157 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://supportportal.juniper.net/JSA73157 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*", matchCriteriaId: "E3A96966-5060-4139-A124-D4E2C879FD6C", versionEndExcluding: "20.4", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:-:*:*:*:*:*:*", matchCriteriaId: "3D361B23-A3C2-444B-BEB8-E231DA950567", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r1:*:*:*:*:*:*", matchCriteriaId: "20DDC6B7-BFC4-4F0B-8E68-442C23765BF2", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r1-s1:*:*:*:*:*:*", matchCriteriaId: "037BA01C-3F5C-4503-A633-71765E9EF774", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r2:*:*:*:*:*:*", matchCriteriaId: "C54B047C-4B38-40C0-9855-067DCF7E48BD", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r2-s1:*:*:*:*:*:*", matchCriteriaId: "38984199-E332-4A9C-A4C0-78083D052E15", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r2-s2:*:*:*:*:*:*", matchCriteriaId: "AA6526FB-2941-4D18-9B2E-472AD5A62A53", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r3:*:*:*:*:*:*", matchCriteriaId: "09876787-A40A-4340-9C12-8628C325353B", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r3-s1:*:*:*:*:*:*", matchCriteriaId: "41615104-C17E-44DA-AB0D-6E2053BD4EF4", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r3-s2:*:*:*:*:*:*", matchCriteriaId: "1981DE38-36B5-469D-917E-92717EE3ED53", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r3-s3:*:*:*:*:*:*", matchCriteriaId: "AFA68ACD-AAE5-4577-B734-23AAF77BC85A", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r3-s4:*:*:*:*:*:*", matchCriteriaId: "65948ABC-22BB-46D5-8545-0806EDB4B86E", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r3-s5:*:*:*:*:*:*", matchCriteriaId: "283E41CB-9A90-4521-96DC-F31AA592CFD8", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r3-s6:*:*:*:*:*:*", matchCriteriaId: "14EEA504-CBC5-4F6F-889A-D505EC4BB5B1", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.1:-:*:*:*:*:*:*", matchCriteriaId: "6FDB5B7D-FB37-47E3-8678-B9ED578CCA5F", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.1:r1:*:*:*:*:*:*", matchCriteriaId: "625BA7E6-D2AD-4A48-9B94-24328BE5B06A", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.1:r1-s1:*:*:*:*:*:*", matchCriteriaId: "F462F4E3-762C-429F-8D25-5521100DD37C", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.1:r2:*:*:*:*:*:*", matchCriteriaId: "C0BC9DAC-D6B5-4C5E-8C73-6E550D9A30F5", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.1:r2-s1:*:*:*:*:*:*", matchCriteriaId: "689FE1AE-7A85-4FB6-AB02-E732F23581B6", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.1:r2-s2:*:*:*:*:*:*", matchCriteriaId: "79E56DAC-75AD-4C81-9835-634B40C15DA6", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.1:r3:*:*:*:*:*:*", matchCriteriaId: "A0040FE2-7ECD-4755-96CE-E899BA298E0C", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.1:r3-s1:*:*:*:*:*:*", matchCriteriaId: "076AB086-BB79-4583-AAF7-A5233DFB2F95", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.1:r3-s2:*:*:*:*:*:*", matchCriteriaId: "72E2DDF6-01DF-4880-AB60-B3DA3281E88D", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.1:r3-s3:*:*:*:*:*:*", matchCriteriaId: "54010163-0810-4CF5-95FE-7E62BC6CA4F9", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.1:r3-s4:*:*:*:*:*:*", matchCriteriaId: "5C1C3B09-3800-493E-A319-57648305FE6E", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*", matchCriteriaId: "216E7DDE-453D-481F-92E2-9F8466CDDA3F", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r1:*:*:*:*:*:*", matchCriteriaId: "A52AF794-B36B-43A6-82E9-628658624B0A", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r1-s1:*:*:*:*:*:*", matchCriteriaId: "3998DC76-F72F-4452-9150-652140B113EB", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r1-s2:*:*:*:*:*:*", matchCriteriaId: "36ED4552-2420-45F9-B6E4-6DA2B2B12870", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r2:*:*:*:*:*:*", matchCriteriaId: "C28A14E7-7EA0-4757-9764-E39A27CFDFA5", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r2-s1:*:*:*:*:*:*", matchCriteriaId: "4A43752D-A4AF-4B4E-B95B-192E42883A5B", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r2-s2:*:*:*:*:*:*", matchCriteriaId: "42986538-E9D0-4C2E-B1C4-A763A4EE451B", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r3:*:*:*:*:*:*", matchCriteriaId: "DE22CA01-EA7E-4EE5-B59F-EE100688C1DA", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r3-s1:*:*:*:*:*:*", matchCriteriaId: "E596ABD9-6ECD-48DC-B770-87B7E62EA345", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r3-s2:*:*:*:*:*:*", matchCriteriaId: "71745D02-D226-44DC-91AD-678C85F5E6FC", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r3-s3:*:*:*:*:*:*", matchCriteriaId: "39E44B09-7310-428C-8144-AE9DB0484D1F", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:-:*:*:*:*:*:*", matchCriteriaId: "2E7D597D-F6B6-44C3-9EBC-4FA0686ACB5C", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r1:*:*:*:*:*:*", matchCriteriaId: "CC78A4CB-D617-43FC-BB51-287D2D0C44ED", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r1-s1:*:*:*:*:*:*", matchCriteriaId: "30FF67F8-1E3C-47A8-8859-709B3614BA6E", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r1-s2:*:*:*:*:*:*", matchCriteriaId: "0C7C507E-C85E-4BC6-A3B0-549516BAB524", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r2:*:*:*:*:*:*", matchCriteriaId: "6514CDE8-35DC-469F-89A3-078684D18F7A", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r2-s1:*:*:*:*:*:*", matchCriteriaId: "4624565D-8F59-44A8-B7A8-01AD579745E7", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r2-s2:*:*:*:*:*:*", matchCriteriaId: "4BF8CD82-C338-4D9A-8C98-FCB3CEAA9227", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r3:*:*:*:*:*:*", matchCriteriaId: "57E08E70-1AF3-4BA5-9A09-06DFE9663ADE", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r3-s1:*:*:*:*:*:*", matchCriteriaId: "255B6F20-D32F-42C1-829C-AE9C7923558A", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r3-s2:*:*:*:*:*:*", matchCriteriaId: "90AE30DB-C448-4FE9-AC11-FF0F27CDA227", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r3-s3:*:*:*:*:*:*", matchCriteriaId: "93F324AE-65D3-4CFC-AEAB-898CE1BD05CD", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:-:*:*:*:*:*:*", matchCriteriaId: "79ED3CE8-CC57-43AB-9A26-BBC87816062D", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r1:*:*:*:*:*:*", matchCriteriaId: "4310D2D9-A8A6-48F8-9384-0A0692A1E1C3", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r1-s1:*:*:*:*:*:*", matchCriteriaId: "9962B01C-C57C-4359-9532-676AB81CE8B0", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r1-s2:*:*:*:*:*:*", matchCriteriaId: "62178549-B679-4902-BFDB-2993803B7FCE", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r2:*:*:*:*:*:*", matchCriteriaId: "9AD697DF-9738-4276-94ED-7B9380CD09F5", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r2-s1:*:*:*:*:*:*", matchCriteriaId: "09FF5818-0803-4646-A386-D7C645EE58A3", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r2-s2:*:*:*:*:*:*", matchCriteriaId: "2229FA59-EB24-49A2-85CE-F529A8DE6BA7", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r1:*:*:*:*:*:*", matchCriteriaId: "3F96EBE9-2532-4E35-ABA5-CA68830476A4", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r1-s1:*:*:*:*:*:*", matchCriteriaId: "B4D936AE-FD74-4823-A824-2D9F24C25BFB", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r1-s2:*:*:*:*:*:*", matchCriteriaId: "E117E493-F4E1-4568-88E3-F243C74A2662", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r2:*:*:*:*:*:*", matchCriteriaId: "01E3E308-FD9C-4686-8C35-8472A0E99F0D", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r2-s1:*:*:*:*:*:*", matchCriteriaId: "3683A8F5-EE0E-4936-A005-DF7F6B75DED3", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r2-s2:*:*:*:*:*:*", matchCriteriaId: "1B615DBA-8C53-41D4-B264-D3EED8578471", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r3:*:*:*:*:*:*", matchCriteriaId: "B3124DD0-9E42-4896-9060-CB7DD07FC342", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.2:-:*:*:*:*:*:*", matchCriteriaId: "06156CD6-09D3-4A05-9C5E-BC64A70640F9", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.2:r1:*:*:*:*:*:*", matchCriteriaId: "E949B21B-AD62-4022-9088-06313277479E", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.2:r1-s1:*:*:*:*:*:*", matchCriteriaId: "8D862E6F-0D01-4B25-8340-888C30F75A2F", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.2:r1-s2:*:*:*:*:*:*", matchCriteriaId: "2F28F73E-8563-41B9-A313-BBAAD5B57A67", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.2:r2:*:*:*:*:*:*", matchCriteriaId: "E37D4694-C80B-475E-AB5B-BB431F59C5E1", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.3:r1:*:*:*:*:*:*", matchCriteriaId: "19519212-51DD-4448-B115-8A20A40192CC", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.3:r1-s1:*:*:*:*:*:*", matchCriteriaId: "5CC9909E-AE9F-414D-99B1-83AA04D5297B", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.3:r1-s2:*:*:*:*:*:*", matchCriteriaId: "FDE9E767-4713-4EA2-8D00-1382975A4A15", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.3:r2:*:*:*:*:*:*", matchCriteriaId: "59DDA54E-6845-47EB-AE3C-5EC6BD33DFA7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:juniper:mx10003:-:*:*:*:*:*:*:*", matchCriteriaId: "D5627740-42E3-4FB1-B8B9-0B768AFFA1EC", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx10004:-:*:*:*:*:*:*:*", matchCriteriaId: "84F7BB7E-3A52-4C23-A4D2-50E75C912AFC", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx10008:-:*:*:*:*:*:*:*", matchCriteriaId: "D6F0EA2F-BF7E-45D0-B2B4-8A7B67A9475A", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx2008:-:*:*:*:*:*:*:*", matchCriteriaId: "2FEF33EB-B2E0-42EF-A1BB-D41021B6D08F", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx2010:-:*:*:*:*:*:*:*", matchCriteriaId: "27175D9A-CA2C-4218-8042-835E25DFCA43", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx2020:-:*:*:*:*:*:*:*", matchCriteriaId: "00C7FC57-8ACF-45AA-A227-7E3B350FD24F", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx204:-:*:*:*:*:*:*:*", matchCriteriaId: "2754C2DF-DF6E-4109-9463-38B4E0465B77", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx240:-:*:*:*:*:*:*:*", matchCriteriaId: "F4A26704-A6A4-4C4F-9E12-A0A0259491EF", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx304:-:*:*:*:*:*:*:*", matchCriteriaId: "3F7FB0CC-624D-4AB9-A7AC-BB19838C3B22", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx480:-:*:*:*:*:*:*:*", matchCriteriaId: "104858BD-D31D-40E0-8524-2EC311F10EAC", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx960:-:*:*:*:*:*:*:*", matchCriteriaId: "B5E08E1E-0FE4-4294-9497-BBFFECA2A220", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "\nAn Improper Release of Memory Before Removing Last Reference vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a local, low privileged attacker to cause an FPC crash, leading to Denial of Service (DoS).\n\nOn all Junos MX Series with MPC1 - MPC9, LC480, LC2101, MX10003, and MX80, when Connectivity-Fault-Management (CFM) is enabled in a VPLS scenario, and a specific LDP related command is run, an FPC will crash and reboot. Continued execution of this specific LDP command can lead to sustained Denial of Service condition.\n\nThis issue affects:\n\nJuniper Networks Junos OS on MX Series:\n\n\n\n * All versions prior to 20.4R3-S7;\n * 21.1 versions prior to 21.1R3-S5;\n * 21.2 versions prior to 21.2R3-S4;\n * 21.3 versions prior to 21.3R3-S4;\n * 21.4 versions prior to 21.4R3-S3;\n * 22.1 versions prior to 22.1R3-S1;\n * 22.2 versions prior to 22.2R2-S1, 22.2R3;\n * 22.3 versions prior to 22.3R1-S2, 22.3R2.\n\n\n\n\n\n\n", }, { lang: "es", value: "Una vulnerabilidad de liberación inadecuada de memoria antes de eliminar la última referencia en Packet Forwarding Engine (PFE) de Juniper Networks Junos OS permite que un atacante local con pocos privilegios provoque una falla del FPC, lo que lleva a una Denegación de Servicio (DoS). En todas las series Junos MX con MPC1 - MPC9, LC480, LC2101, MX10003 y MX80, cuando Connectivity-Fault-Management (CFM) está habilitada en un escenario VPLS y se ejecuta un comando relacionado con LDP específico, un FPC fallará y se reiniciará. La ejecución continua de este comando LDP específico puede provocar una condición sostenida de Denegación de Servicio. Este problema afecta a: Juniper Networks Junos OS en la serie MX: * Todas las versiones anteriores a 20.4R3-S7; * Versiones 21.1 anteriores a 21.1R3-S5; * Versiones 21.2 anteriores a 21.2R3-S4; * Versiones 21.3 anteriores a 21.3R3-S4; * Versiones 21.4 anteriores a 21.4R3-S3; * Versiones 22.1 anteriores a 22.1R3-S1; * Versiones 22.2 anteriores a 22.2R2-S1, 22.2R3; * Versiones 22.3 anteriores a 22.3R1-S2, 22.3R2.", }, ], id: "CVE-2023-44193", lastModified: "2024-11-21T08:25:24.877", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "sirt@juniper.net", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-10-13T00:15:12.377", references: [ { source: "sirt@juniper.net", tags: [ "Vendor Advisory", ], url: "https://supportportal.juniper.net/JSA73157", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://supportportal.juniper.net/JSA73157", }, ], sourceIdentifier: "sirt@juniper.net", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-401", }, ], source: "sirt@juniper.net", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-401", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-13 00:15
Modified
2024-11-21 08:25
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).
On Junos MX Series platforms with Precision Time Protocol (PTP) configured, a prolonged routing protocol churn can lead to an FPC crash and restart.
This issue affects Juniper Networks Junos OS on MX Series:
* All versions prior to 20.4R3-S4;
* 21.1 version 21.1R1 and later versions;
* 21.2 versions prior to 21.2R3-S2;
* 21.3 versions prior to 21.3R3-S5;
* 21.4 versions prior to 21.4R3;
* 22.1 versions prior to 22.1R3;
* 22.2 versions prior to 22.2R1-S1, 22.2R2.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| sirt@juniper.net | https://supportportal.juniper.net/JSA73165 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://supportportal.juniper.net/JSA73165 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*", matchCriteriaId: "E3A96966-5060-4139-A124-D4E2C879FD6C", versionEndExcluding: "20.4", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:-:*:*:*:*:*:*", matchCriteriaId: "3D361B23-A3C2-444B-BEB8-E231DA950567", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r1:*:*:*:*:*:*", matchCriteriaId: "20DDC6B7-BFC4-4F0B-8E68-442C23765BF2", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r1-s1:*:*:*:*:*:*", matchCriteriaId: "037BA01C-3F5C-4503-A633-71765E9EF774", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r2:*:*:*:*:*:*", matchCriteriaId: "C54B047C-4B38-40C0-9855-067DCF7E48BD", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r2-s1:*:*:*:*:*:*", matchCriteriaId: "38984199-E332-4A9C-A4C0-78083D052E15", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r2-s2:*:*:*:*:*:*", matchCriteriaId: "AA6526FB-2941-4D18-9B2E-472AD5A62A53", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r3:*:*:*:*:*:*", matchCriteriaId: "09876787-A40A-4340-9C12-8628C325353B", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r3-s1:*:*:*:*:*:*", matchCriteriaId: "41615104-C17E-44DA-AB0D-6E2053BD4EF4", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r3-s2:*:*:*:*:*:*", matchCriteriaId: "1981DE38-36B5-469D-917E-92717EE3ED53", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r3-s3:*:*:*:*:*:*", matchCriteriaId: "AFA68ACD-AAE5-4577-B734-23AAF77BC85A", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.1:r1:*:*:*:*:*:*", matchCriteriaId: "625BA7E6-D2AD-4A48-9B94-24328BE5B06A", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.1:r1-s1:*:*:*:*:*:*", matchCriteriaId: "F462F4E3-762C-429F-8D25-5521100DD37C", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.1:r2:*:*:*:*:*:*", matchCriteriaId: "C0BC9DAC-D6B5-4C5E-8C73-6E550D9A30F5", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.1:r2-s1:*:*:*:*:*:*", matchCriteriaId: "689FE1AE-7A85-4FB6-AB02-E732F23581B6", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.1:r2-s2:*:*:*:*:*:*", matchCriteriaId: "79E56DAC-75AD-4C81-9835-634B40C15DA6", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.1:r3:*:*:*:*:*:*", matchCriteriaId: "A0040FE2-7ECD-4755-96CE-E899BA298E0C", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.1:r3-s1:*:*:*:*:*:*", matchCriteriaId: "076AB086-BB79-4583-AAF7-A5233DFB2F95", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.1:r3-s2:*:*:*:*:*:*", matchCriteriaId: "72E2DDF6-01DF-4880-AB60-B3DA3281E88D", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.1:r3-s3:*:*:*:*:*:*", matchCriteriaId: "54010163-0810-4CF5-95FE-7E62BC6CA4F9", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.1:r3-s4:*:*:*:*:*:*", matchCriteriaId: "5C1C3B09-3800-493E-A319-57648305FE6E", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.1:r3-s5:*:*:*:*:*:*", matchCriteriaId: "4BFDCC2B-FAB5-4164-8D70-28E4DFF052AD", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*", matchCriteriaId: "216E7DDE-453D-481F-92E2-9F8466CDDA3F", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r1:*:*:*:*:*:*", matchCriteriaId: "A52AF794-B36B-43A6-82E9-628658624B0A", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r1-s1:*:*:*:*:*:*", matchCriteriaId: "3998DC76-F72F-4452-9150-652140B113EB", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r1-s2:*:*:*:*:*:*", matchCriteriaId: "36ED4552-2420-45F9-B6E4-6DA2B2B12870", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r2:*:*:*:*:*:*", matchCriteriaId: "C28A14E7-7EA0-4757-9764-E39A27CFDFA5", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r2-s1:*:*:*:*:*:*", matchCriteriaId: "4A43752D-A4AF-4B4E-B95B-192E42883A5B", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r2-s2:*:*:*:*:*:*", matchCriteriaId: "42986538-E9D0-4C2E-B1C4-A763A4EE451B", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r3:*:*:*:*:*:*", matchCriteriaId: "DE22CA01-EA7E-4EE5-B59F-EE100688C1DA", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r3-s1:*:*:*:*:*:*", matchCriteriaId: "E596ABD9-6ECD-48DC-B770-87B7E62EA345", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r3-s2:*:*:*:*:*:*", matchCriteriaId: "71745D02-D226-44DC-91AD-678C85F5E6FC", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:-:*:*:*:*:*:*", matchCriteriaId: "2E7D597D-F6B6-44C3-9EBC-4FA0686ACB5C", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r1:*:*:*:*:*:*", matchCriteriaId: "CC78A4CB-D617-43FC-BB51-287D2D0C44ED", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r1-s1:*:*:*:*:*:*", matchCriteriaId: "30FF67F8-1E3C-47A8-8859-709B3614BA6E", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r1-s2:*:*:*:*:*:*", matchCriteriaId: "0C7C507E-C85E-4BC6-A3B0-549516BAB524", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r2:*:*:*:*:*:*", matchCriteriaId: "6514CDE8-35DC-469F-89A3-078684D18F7A", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r2-s1:*:*:*:*:*:*", matchCriteriaId: "4624565D-8F59-44A8-B7A8-01AD579745E7", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r2-s2:*:*:*:*:*:*", matchCriteriaId: "4BF8CD82-C338-4D9A-8C98-FCB3CEAA9227", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r3:*:*:*:*:*:*", matchCriteriaId: "57E08E70-1AF3-4BA5-9A09-06DFE9663ADE", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r3-s1:*:*:*:*:*:*", matchCriteriaId: "255B6F20-D32F-42C1-829C-AE9C7923558A", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r3-s2:*:*:*:*:*:*", matchCriteriaId: "90AE30DB-C448-4FE9-AC11-FF0F27CDA227", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r3-s3:*:*:*:*:*:*", matchCriteriaId: "93F324AE-65D3-4CFC-AEAB-898CE1BD05CD", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r3-s4:*:*:*:*:*:*", matchCriteriaId: "3CCBB2F4-F05B-4CC5-9B1B-ECCB798D0483", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:-:*:*:*:*:*:*", matchCriteriaId: "79ED3CE8-CC57-43AB-9A26-BBC87816062D", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r1:*:*:*:*:*:*", matchCriteriaId: "4310D2D9-A8A6-48F8-9384-0A0692A1E1C3", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r1-s1:*:*:*:*:*:*", matchCriteriaId: "9962B01C-C57C-4359-9532-676AB81CE8B0", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r1-s2:*:*:*:*:*:*", matchCriteriaId: "62178549-B679-4902-BFDB-2993803B7FCE", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r2:*:*:*:*:*:*", matchCriteriaId: "9AD697DF-9738-4276-94ED-7B9380CD09F5", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r2-s1:*:*:*:*:*:*", matchCriteriaId: "09FF5818-0803-4646-A386-D7C645EE58A3", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r2-s2:*:*:*:*:*:*", matchCriteriaId: "2229FA59-EB24-49A2-85CE-F529A8DE6BA7", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:-:*:*:*:*:*:*", matchCriteriaId: "9D157211-535E-4B2D-B2FE-F697FAFDF65C", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r1:*:*:*:*:*:*", matchCriteriaId: "3F96EBE9-2532-4E35-ABA5-CA68830476A4", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r1-s1:*:*:*:*:*:*", matchCriteriaId: "B4D936AE-FD74-4823-A824-2D9F24C25BFB", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r1-s2:*:*:*:*:*:*", matchCriteriaId: "E117E493-F4E1-4568-88E3-F243C74A2662", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r2:*:*:*:*:*:*", matchCriteriaId: "01E3E308-FD9C-4686-8C35-8472A0E99F0D", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r2-s1:*:*:*:*:*:*", matchCriteriaId: "3683A8F5-EE0E-4936-A005-DF7F6B75DED3", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r2-s2:*:*:*:*:*:*", matchCriteriaId: "1B615DBA-8C53-41D4-B264-D3EED8578471", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.2:-:*:*:*:*:*:*", matchCriteriaId: "06156CD6-09D3-4A05-9C5E-BC64A70640F9", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.2:r1:*:*:*:*:*:*", matchCriteriaId: "E949B21B-AD62-4022-9088-06313277479E", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:juniper:mx10003:-:*:*:*:*:*:*:*", matchCriteriaId: "D5627740-42E3-4FB1-B8B9-0B768AFFA1EC", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx10004:-:*:*:*:*:*:*:*", matchCriteriaId: "84F7BB7E-3A52-4C23-A4D2-50E75C912AFC", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx10008:-:*:*:*:*:*:*:*", matchCriteriaId: "D6F0EA2F-BF7E-45D0-B2B4-8A7B67A9475A", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx2008:-:*:*:*:*:*:*:*", matchCriteriaId: "2FEF33EB-B2E0-42EF-A1BB-D41021B6D08F", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx2010:-:*:*:*:*:*:*:*", matchCriteriaId: "27175D9A-CA2C-4218-8042-835E25DFCA43", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx2020:-:*:*:*:*:*:*:*", matchCriteriaId: "00C7FC57-8ACF-45AA-A227-7E3B350FD24F", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx204:-:*:*:*:*:*:*:*", matchCriteriaId: "2754C2DF-DF6E-4109-9463-38B4E0465B77", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx240:-:*:*:*:*:*:*:*", matchCriteriaId: "F4A26704-A6A4-4C4F-9E12-A0A0259491EF", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx304:-:*:*:*:*:*:*:*", matchCriteriaId: "3F7FB0CC-624D-4AB9-A7AC-BB19838C3B22", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx480:-:*:*:*:*:*:*:*", matchCriteriaId: "104858BD-D31D-40E0-8524-2EC311F10EAC", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx960:-:*:*:*:*:*:*:*", matchCriteriaId: "B5E08E1E-0FE4-4294-9497-BBFFECA2A220", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "\nAn Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).\n\nOn Junos MX Series platforms with Precision Time Protocol (PTP) configured, a prolonged routing protocol churn can lead to an FPC crash and restart.\n\nThis issue affects Juniper Networks Junos OS on MX Series:\n\n\n\n * All versions prior to 20.4R3-S4;\n * 21.1 version 21.1R1 and later versions;\n * 21.2 versions prior to 21.2R3-S2;\n * 21.3 versions prior to 21.3R3-S5;\n * 21.4 versions prior to 21.4R3;\n * 22.1 versions prior to 22.1R3;\n * 22.2 versions prior to 22.2R1-S1, 22.2R2.\n\n\n\n\n\n\n", }, { lang: "es", value: "Una vulnerabilidad de Verificación Inadecuada de Condiciones Inusuales o Excepcionales en Packet Forwarding Engine (PFE) de Juniper Networks Junos OS en la serie MX permite que un atacante no autenticado basado en la red provoque una Denegación de Servicio (DoS). En las plataformas Junos MX Series con Precision Time Protocol (PTP) configurado, una rotación prolongada del protocolo de enrutamiento puede provocar un bloqueo y reinicio del FPC. Este problema afecta a Juniper Networks Junos OS en la serie MX: * Todas las versiones anteriores a 20.4R3-S4; * 21.1 versión 21.1R1 y versiones posteriores; * Versiones 21.2 anteriores a 21.2R3-S2; * Versiones 21.3 anteriores a 21.3R3-S5; * Versiones 21.4 anteriores a 21.4R3; * Versiones 22.1 anteriores a 22.1R3; * Versiones 22.2 anteriores a 22.2R1-S1, 22.2R2.", }, ], id: "CVE-2023-44199", lastModified: "2024-11-21T08:25:25.727", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "sirt@juniper.net", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-10-13T00:15:12.837", references: [ { source: "sirt@juniper.net", tags: [ "Vendor Advisory", ], url: "https://supportportal.juniper.net/JSA73165", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://supportportal.juniper.net/JSA73165", }, ], sourceIdentifier: "sirt@juniper.net", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-754", }, ], source: "sirt@juniper.net", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-754", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-01-12 01:15
Modified
2024-11-21 08:54
Severity ?
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
An Improper Handling of Exceptional Conditions vulnerability in the broadband edge subscriber management daemon (bbe-smgd) of Juniper Networks Junos OS on MX Series allows an attacker directly connected to the vulnerable system who repeatedly flaps DHCP subscriber sessions to cause a slow memory leak, ultimately leading to a Denial of Service (DoS). Memory can only be recovered by manually restarting bbe-smgd.
This issue only occurs if BFD liveness detection for DHCP subscribers is enabled. Systems without BFD liveness detection enabled are not vulnerable to this issue.
Indication of the issue can be observed by periodically executing the 'show system processes extensive' command, which will indicate an increase in memory allocation for bbe-smgd. A small amount of memory is leaked every time a DHCP subscriber logs in, which will become visible over time, ultimately leading to memory starvation.
user@junos> show system processes extensive | match bbe-smgd
13071 root 24 0 415M 201M select 0 0:41 7.28% bbe-smgd{bbe-smgd}
13071 root 20 0 415M 201M select 1 0:04 0.00% bbe-smgd{bbe-smgd}
...
user@junos> show system processes extensive | match bbe-smgd
13071 root 20 0 420M 208M select 0 4:33 0.10% bbe-smgd{bbe-smgd}
13071 root 20 0 420M 208M select 0 0:12 0.00% bbe-smgd{bbe-smgd}
...
This issue affects Juniper Networks Junos OS on MX Series:
* All versions earlier than 20.4R3-S9;
* 21.2 versions earlier than 21.2R3-S7;
* 21.3 versions earlier than 21.3R3-S5;
* 21.4 versions earlier than 21.4R3-S5;
* 22.1 versions earlier than 22.1R3-S4;
* 22.2 versions earlier than 22.2R3-S3;
* 22.3 versions earlier than 22.3R3-S2;
* 22.4 versions earlier than 22.4R2-S2, 22.4R3;
* 23.2 versions earlier than 23.2R1-S1, 23.2R2.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:juniper:junos:20.4:-:*:*:*:*:*:*", matchCriteriaId: "3D361B23-A3C2-444B-BEB8-E231DA950567", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r1:*:*:*:*:*:*", matchCriteriaId: "20DDC6B7-BFC4-4F0B-8E68-442C23765BF2", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r1-s1:*:*:*:*:*:*", matchCriteriaId: "037BA01C-3F5C-4503-A633-71765E9EF774", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r2:*:*:*:*:*:*", matchCriteriaId: "C54B047C-4B38-40C0-9855-067DCF7E48BD", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r2-s1:*:*:*:*:*:*", matchCriteriaId: "38984199-E332-4A9C-A4C0-78083D052E15", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r2-s2:*:*:*:*:*:*", matchCriteriaId: "AA6526FB-2941-4D18-9B2E-472AD5A62A53", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r3:*:*:*:*:*:*", matchCriteriaId: "09876787-A40A-4340-9C12-8628C325353B", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r3-s1:*:*:*:*:*:*", matchCriteriaId: "41615104-C17E-44DA-AB0D-6E2053BD4EF4", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r3-s2:*:*:*:*:*:*", matchCriteriaId: "1981DE38-36B5-469D-917E-92717EE3ED53", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r3-s3:*:*:*:*:*:*", matchCriteriaId: "AFA68ACD-AAE5-4577-B734-23AAF77BC85A", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r3-s4:*:*:*:*:*:*", matchCriteriaId: "65948ABC-22BB-46D5-8545-0806EDB4B86E", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r3-s5:*:*:*:*:*:*", matchCriteriaId: "283E41CB-9A90-4521-96DC-F31AA592CFD8", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r3-s6:*:*:*:*:*:*", matchCriteriaId: "14EEA504-CBC5-4F6F-889A-D505EC4BB5B1", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r3-s7:*:*:*:*:*:*", matchCriteriaId: "977DEF80-0DB5-4828-97AC-09BB3111D585", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r3-s8:*:*:*:*:*:*", matchCriteriaId: "C445622E-8E57-4990-A71A-E1993BFCB91A", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*", matchCriteriaId: "216E7DDE-453D-481F-92E2-9F8466CDDA3F", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r1:*:*:*:*:*:*", matchCriteriaId: "A52AF794-B36B-43A6-82E9-628658624B0A", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r1-s1:*:*:*:*:*:*", matchCriteriaId: "3998DC76-F72F-4452-9150-652140B113EB", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r1-s2:*:*:*:*:*:*", matchCriteriaId: "36ED4552-2420-45F9-B6E4-6DA2B2B12870", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r2:*:*:*:*:*:*", matchCriteriaId: "C28A14E7-7EA0-4757-9764-E39A27CFDFA5", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r2-s1:*:*:*:*:*:*", matchCriteriaId: "4A43752D-A4AF-4B4E-B95B-192E42883A5B", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r2-s2:*:*:*:*:*:*", matchCriteriaId: "42986538-E9D0-4C2E-B1C4-A763A4EE451B", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r3:*:*:*:*:*:*", matchCriteriaId: "DE22CA01-EA7E-4EE5-B59F-EE100688C1DA", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r3-s1:*:*:*:*:*:*", matchCriteriaId: "E596ABD9-6ECD-48DC-B770-87B7E62EA345", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r3-s2:*:*:*:*:*:*", matchCriteriaId: "71745D02-D226-44DC-91AD-678C85F5E6FC", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r3-s3:*:*:*:*:*:*", matchCriteriaId: "39E44B09-7310-428C-8144-AE9DB0484D1F", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r3-s4:*:*:*:*:*:*", matchCriteriaId: "53938295-8999-4316-9DED-88E24D037852", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r3-s5:*:*:*:*:*:*", matchCriteriaId: "2307BF56-640F-49A8-B060-6ACB0F653A61", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r3-s6:*:*:*:*:*:*", matchCriteriaId: "737DDF96-7B1D-44E2-AD0F-E2F50858B2A3", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:-:*:*:*:*:*:*", matchCriteriaId: "2E7D597D-F6B6-44C3-9EBC-4FA0686ACB5C", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r1:*:*:*:*:*:*", matchCriteriaId: "CC78A4CB-D617-43FC-BB51-287D2D0C44ED", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r1-s1:*:*:*:*:*:*", matchCriteriaId: "30FF67F8-1E3C-47A8-8859-709B3614BA6E", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r1-s2:*:*:*:*:*:*", matchCriteriaId: "0C7C507E-C85E-4BC6-A3B0-549516BAB524", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r2:*:*:*:*:*:*", matchCriteriaId: "6514CDE8-35DC-469F-89A3-078684D18F7A", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r2-s1:*:*:*:*:*:*", matchCriteriaId: "4624565D-8F59-44A8-B7A8-01AD579745E7", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r2-s2:*:*:*:*:*:*", matchCriteriaId: "4BF8CD82-C338-4D9A-8C98-FCB3CEAA9227", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r3:*:*:*:*:*:*", matchCriteriaId: "57E08E70-1AF3-4BA5-9A09-06DFE9663ADE", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r3-s1:*:*:*:*:*:*", matchCriteriaId: "255B6F20-D32F-42C1-829C-AE9C7923558A", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r3-s2:*:*:*:*:*:*", matchCriteriaId: "90AE30DB-C448-4FE9-AC11-FF0F27CDA227", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r3-s3:*:*:*:*:*:*", matchCriteriaId: "93F324AE-65D3-4CFC-AEAB-898CE1BD05CD", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r3-s4:*:*:*:*:*:*", matchCriteriaId: "3CCBB2F4-F05B-4CC5-9B1B-ECCB798D0483", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:-:*:*:*:*:*:*", matchCriteriaId: "79ED3CE8-CC57-43AB-9A26-BBC87816062D", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r1:*:*:*:*:*:*", matchCriteriaId: "4310D2D9-A8A6-48F8-9384-0A0692A1E1C3", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r1-s1:*:*:*:*:*:*", matchCriteriaId: "9962B01C-C57C-4359-9532-676AB81CE8B0", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r1-s2:*:*:*:*:*:*", matchCriteriaId: "62178549-B679-4902-BFDB-2993803B7FCE", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r2:*:*:*:*:*:*", matchCriteriaId: "9AD697DF-9738-4276-94ED-7B9380CD09F5", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r2-s1:*:*:*:*:*:*", matchCriteriaId: "09FF5818-0803-4646-A386-D7C645EE58A3", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r2-s2:*:*:*:*:*:*", matchCriteriaId: "2229FA59-EB24-49A2-85CE-F529A8DE6BA7", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r3:*:*:*:*:*:*", matchCriteriaId: "0CB280D8-C5D8-4B51-A879-496ACCDE4538", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r3-s1:*:*:*:*:*:*", matchCriteriaId: "5F3F54F1-75B3-400D-A735-2C27C8CEBE79", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r3-s2:*:*:*:*:*:*", matchCriteriaId: "476A49E7-37E9-40F9-BF2D-9BBFFAA1DFFC", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r3-s3:*:*:*:*:*:*", matchCriteriaId: "0A5B196A-2AF1-4AE5-9148-A75A572807BC", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r3-s4:*:*:*:*:*:*", matchCriteriaId: "3B457616-2D91-4913-9A7D-038BBF8F1F66", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:-:*:*:*:*:*:*", matchCriteriaId: "9D157211-535E-4B2D-B2FE-F697FAFDF65C", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r1:*:*:*:*:*:*", matchCriteriaId: "3F96EBE9-2532-4E35-ABA5-CA68830476A4", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r1-s1:*:*:*:*:*:*", matchCriteriaId: "B4D936AE-FD74-4823-A824-2D9F24C25BFB", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r1-s2:*:*:*:*:*:*", matchCriteriaId: "E117E493-F4E1-4568-88E3-F243C74A2662", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r2:*:*:*:*:*:*", matchCriteriaId: "01E3E308-FD9C-4686-8C35-8472A0E99F0D", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r2-s1:*:*:*:*:*:*", matchCriteriaId: "3683A8F5-EE0E-4936-A005-DF7F6B75DED3", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r2-s2:*:*:*:*:*:*", matchCriteriaId: "1B615DBA-8C53-41D4-B264-D3EED8578471", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r3:*:*:*:*:*:*", matchCriteriaId: "B3124DD0-9E42-4896-9060-CB7DD07FC342", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r3-s1:*:*:*:*:*:*", matchCriteriaId: "44F6FD6C-03AF-4D2C-B411-A753DE12A2DA", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r3-s2:*:*:*:*:*:*", matchCriteriaId: "D49FFB60-BA71-4902-9404-E67162919ADC", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r3-s3:*:*:*:*:*:*", matchCriteriaId: "EFF72FCA-C440-4D43-9BDB-F712DB413717", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.2:-:*:*:*:*:*:*", matchCriteriaId: "06156CD6-09D3-4A05-9C5E-BC64A70640F9", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.2:r1:*:*:*:*:*:*", matchCriteriaId: "E949B21B-AD62-4022-9088-06313277479E", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.2:r1-s1:*:*:*:*:*:*", matchCriteriaId: "8D862E6F-0D01-4B25-8340-888C30F75A2F", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.2:r1-s2:*:*:*:*:*:*", matchCriteriaId: "2F28F73E-8563-41B9-A313-BBAAD5B57A67", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.2:r2:*:*:*:*:*:*", matchCriteriaId: "E37D4694-C80B-475E-AB5B-BB431F59C5E1", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.2:r2-s1:*:*:*:*:*:*", matchCriteriaId: "5EC0D2D2-4922-4675-8A2C-57A08D7BE334", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.2:r2-s2:*:*:*:*:*:*", matchCriteriaId: "9EC91F9D-DEDA-46B4-A39F-59A2CDB86C2E", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.2:r3:*:*:*:*:*:*", matchCriteriaId: "591AA3E6-62A2-4A1A-A04C-E808F71D8B6E", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.2:r3-s1:*:*:*:*:*:*", matchCriteriaId: "786F993E-32CB-492A-A7CC-A7E4F48EA8B9", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.2:r3-s2:*:*:*:*:*:*", matchCriteriaId: "60CEA89D-BAC4-41CD-A1D1-AA5EDDEBD54A", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.3:-:*:*:*:*:*:*", matchCriteriaId: "CEB98E3F-B0A9-488F-ACFC-56B9485E7C9E", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.3:r1:*:*:*:*:*:*", matchCriteriaId: "19519212-51DD-4448-B115-8A20A40192CC", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.3:r1-s1:*:*:*:*:*:*", matchCriteriaId: "5CC9909E-AE9F-414D-99B1-83AA04D5297B", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.3:r1-s2:*:*:*:*:*:*", matchCriteriaId: "FDE9E767-4713-4EA2-8D00-1382975A4A15", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.3:r2:*:*:*:*:*:*", matchCriteriaId: "59DDA54E-6845-47EB-AE3C-5EC6BD33DFA7", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.3:r2-s1:*:*:*:*:*:*", matchCriteriaId: "574730B0-56C8-4A03-867B-1737148ED9B1", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.3:r2-s2:*:*:*:*:*:*", matchCriteriaId: "20EBC676-1B26-4A71-8326-0F892124290A", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.3:r3:*:*:*:*:*:*", matchCriteriaId: "FB4C0FBF-8813-44E5-B71A-22CBAA603E2F", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.3:r3-s1:*:*:*:*:*:*", matchCriteriaId: "8BCDE58C-80CC-4C5A-9667-8A4468D8D76C", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.4:-:*:*:*:*:*:*", matchCriteriaId: "1379EF30-AF04-4F98-8328-52A631F24737", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.4:r1:*:*:*:*:*:*", matchCriteriaId: "28E42A41-7965-456B-B0AF-9D3229CE4D4C", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.4:r1-s1:*:*:*:*:*:*", matchCriteriaId: "CB1A77D6-D3AD-481B-979C-8F778530B175", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.4:r1-s2:*:*:*:*:*:*", matchCriteriaId: "3A064B6B-A99B-4D8D-A62D-B00C7870BC30", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.4:r2:*:*:*:*:*:*", matchCriteriaId: "40813417-A938-4F74-A419-8C5188A35486", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.4:r2-s1:*:*:*:*:*:*", matchCriteriaId: "7FC1BA1A-DF0E-4B15-86BA-24C60E546732", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:23.2:r1:*:*:*:*:*:*", matchCriteriaId: "4B3B2FE1-C228-46BE-AC76-70C2687050AE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:juniper:mx10:-:*:*:*:*:*:*:*", matchCriteriaId: "52699E2B-450A-431C-81E3-DC4483C8B4F2", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx10000:-:*:*:*:*:*:*:*", matchCriteriaId: "D97AF6F8-3D50-4D35-BCB1-54E3BEC69B9F", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx10003:-:*:*:*:*:*:*:*", matchCriteriaId: "D5627740-42E3-4FB1-B8B9-0B768AFFA1EC", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx10004:-:*:*:*:*:*:*:*", matchCriteriaId: "84F7BB7E-3A52-4C23-A4D2-50E75C912AFC", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx10008:-:*:*:*:*:*:*:*", matchCriteriaId: "D6F0EA2F-BF7E-45D0-B2B4-8A7B67A9475A", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx10016:-:*:*:*:*:*:*:*", matchCriteriaId: "C39DA74D-F5C7-4C11-857D-50631A110644", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx104:-:*:*:*:*:*:*:*", matchCriteriaId: "F72C850A-0530-4DB7-A553-7E19F82122B5", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx150:-:*:*:*:*:*:*:*", matchCriteriaId: "7FE2089C-F341-4DC1-B76D-633BC699306D", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx2008:-:*:*:*:*:*:*:*", matchCriteriaId: "2FEF33EB-B2E0-42EF-A1BB-D41021B6D08F", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx2010:-:*:*:*:*:*:*:*", matchCriteriaId: "27175D9A-CA2C-4218-8042-835E25DFCA43", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx2020:-:*:*:*:*:*:*:*", matchCriteriaId: "00C7FC57-8ACF-45AA-A227-7E3B350FD24F", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx204:-:*:*:*:*:*:*:*", matchCriteriaId: "2754C2DF-DF6E-4109-9463-38B4E0465B77", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx240:-:*:*:*:*:*:*:*", matchCriteriaId: "F4A26704-A6A4-4C4F-9E12-A0A0259491EF", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx304:-:*:*:*:*:*:*:*", matchCriteriaId: "3F7FB0CC-624D-4AB9-A7AC-BB19838C3B22", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx40:-:*:*:*:*:*:*:*", matchCriteriaId: "C982A2FF-A1F9-4830-BAB6-77CFCE1F093F", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx480:-:*:*:*:*:*:*:*", matchCriteriaId: "104858BD-D31D-40E0-8524-2EC311F10EAC", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx5:-:*:*:*:*:*:*:*", matchCriteriaId: "3B557965-0040-4048-B56C-F564FF28635B", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx80:-:*:*:*:*:*:*:*", matchCriteriaId: "EB875EBD-A3CD-4466-B2A3-39D47FF94592", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx960:-:*:*:*:*:*:*:*", matchCriteriaId: "B5E08E1E-0FE4-4294-9497-BBFFECA2A220", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "\nAn Improper Handling of Exceptional Conditions vulnerability in the broadband edge subscriber management daemon (bbe-smgd) of Juniper Networks Junos OS on MX Series allows an attacker directly connected to the vulnerable system who repeatedly flaps DHCP subscriber sessions to cause a slow memory leak, ultimately leading to a Denial of Service (DoS). Memory can only be recovered by manually restarting bbe-smgd.\n\nThis issue only occurs if BFD liveness detection for DHCP subscribers is enabled. Systems without BFD liveness detection enabled are not vulnerable to this issue.\n\nIndication of the issue can be observed by periodically executing the 'show system processes extensive' command, which will indicate an increase in memory allocation for bbe-smgd. A small amount of memory is leaked every time a DHCP subscriber logs in, which will become visible over time, ultimately leading to memory starvation.\n\nuser@junos> show system processes extensive | match bbe-smgd\n13071 root 24 0 415M 201M select 0 0:41 7.28% bbe-smgd{bbe-smgd}\n13071 root 20 0 415M 201M select 1 0:04 0.00% bbe-smgd{bbe-smgd}\n...\nuser@junos> show system processes extensive | match bbe-smgd\n13071 root 20 0 420M 208M select 0 4:33 0.10% bbe-smgd{bbe-smgd}\n13071 root 20 0 420M 208M select 0 0:12 0.00% bbe-smgd{bbe-smgd}\n...\nThis issue affects Juniper Networks Junos OS on MX Series:\n\n\n\n * All versions earlier than 20.4R3-S9;\n * 21.2 versions earlier than 21.2R3-S7;\n * 21.3 versions earlier than 21.3R3-S5;\n * 21.4 versions earlier than 21.4R3-S5;\n * 22.1 versions earlier than 22.1R3-S4;\n * 22.2 versions earlier than 22.2R3-S3;\n * 22.3 versions earlier than 22.3R3-S2;\n * 22.4 versions earlier than 22.4R2-S2, 22.4R3;\n * 23.2 versions earlier than 23.2R1-S1, 23.2R2.\n\n\n\n\n\n\n", }, { lang: "es", value: "Una vulnerabilidad de manejo inadecuado de condiciones excepcionales en el demonio de administración de suscriptores de borde de banda ancha (bbe-smgd) de Juniper Networks Junos OS en la serie MX permite que un atacante conectado directamente al sistema vulnerable altere repetidamente las sesiones de suscriptores DHCP para causar, en última instancia, una pérdida lenta de memoria. lo que lleva a una denegación de servicio (DoS). La memoria sólo se puede recuperar reiniciando bbe-smgd manualmente. Este problema solo ocurre si la detección de actividad BFD para suscriptores de DHCP está habilitada. Los sistemas sin detección de actividad BFD habilitada no son vulnerables a este problema. La indicación del problema se puede observar ejecutando periódicamente el comando 'show system processes extensive', lo que indicará un aumento en la asignación de memoria para bbe-smgd. Cada vez que un suscriptor de DHCP inicia sesión, se pierde una pequeña cantidad de memoria, lo que se hará visible con el tiempo y, en última instancia, provocará una falta de memoria. user@junos> show system processes extensive | match bbe-smgd 13071 root 24 0 415M 201M select 0 0:41 7.28% bbe-smgd{bbe-smgd} 13071 root 20 0 415M 201M select 1 0:04 0.00% bbe-smgd{bbe-smgd} ... user@junos> show system processes extensive | match bbe-smgd 13071 root 20 0 420M 208M select 0 4:33 0.10% bbe-smgd{bbe-smgd} 13071 root 20 0 420M 208M select 0 0:12 0.00% bbe-smgd{bbe-smgd} ... Esto El problema afecta a Juniper Networks Junos OS en la serie MX: * Todas las versiones anteriores a 20.4R3-S9; * Versiones 21.2 anteriores a 21.2R3-S7; * Versiones 21.3 anteriores a 21.3R3-S5; * Versiones 21.4 anteriores a 21.4R3-S5; * Versiones 22.1 anteriores a 22.1R3-S4; * Versiones 22.2 anteriores a 22.2R3-S3; * Versiones 22.3 anteriores a 22.3R3-S2; * Versiones 22.4 anteriores a 22.4R2-S2, 22.4R3; * Versiones 23.2 anteriores a 23.2R1-S1, 23.2R2.", }, ], id: "CVE-2024-21587", lastModified: "2024-11-21T08:54:40.027", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "sirt@juniper.net", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-01-12T01:15:46.290", references: [ { source: "sirt@juniper.net", tags: [ "Vendor Advisory", ], url: "https://supportportal.juniper.net/JSA75725", }, { source: "sirt@juniper.net", tags: [ "Third Party Advisory", ], url: "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://supportportal.juniper.net/JSA75725", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L", }, ], sourceIdentifier: "sirt@juniper.net", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-755", }, ], source: "sirt@juniper.net", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-755", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-12 15:15
Modified
2025-03-05 14:53
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Summary
An Improper Handling of Exceptional Conditions vulnerability in the Class of Service daemon (cosd) of Juniper Networks Junos OS on MX Series allows an authenticated, network-based attacker with low privileges to cause a limited Denial of Service (DoS).
In a scaled subscriber scenario when specific low privileged commands, received over NETCONF, SSH or telnet, are handled by cosd on behalf of mgd, the respective child management daemon (mgd) processes will get stuck. In case of (Netconf over) SSH this leads to stuck SSH sessions, so that when the connection-limit for SSH is reached new sessions can't be established anymore. A similar behavior will be seen for telnet etc.
Stuck mgd processes can be monitored by executing the following command:
user@host> show system processes extensive | match mgd | match sbwait
This issue affects Juniper Networks Junos OS on MX Series:
All versions earlier than 20.4R3-S9;
21.2 versions earlier than 21.2R3-S7;
21.3 versions earlier than 21.3R3-S5;
21.4 versions earlier than 21.4R3-S5;
22.1 versions earlier than 22.1R3-S4;
22.2 versions earlier than 22.2R3-S3;
22.3 versions earlier than 22.3R3-S2;
22.4 versions earlier than 22.4R3;
23.2 versions earlier than 23.2R1-S2, 23.2R2.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*", matchCriteriaId: "E3A96966-5060-4139-A124-D4E2C879FD6C", versionEndExcluding: "20.4", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:-:*:*:*:*:*:*", matchCriteriaId: "3D361B23-A3C2-444B-BEB8-E231DA950567", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r1:*:*:*:*:*:*", matchCriteriaId: "20DDC6B7-BFC4-4F0B-8E68-442C23765BF2", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r1-s1:*:*:*:*:*:*", matchCriteriaId: "037BA01C-3F5C-4503-A633-71765E9EF774", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r2:*:*:*:*:*:*", matchCriteriaId: "C54B047C-4B38-40C0-9855-067DCF7E48BD", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r2-s1:*:*:*:*:*:*", matchCriteriaId: "38984199-E332-4A9C-A4C0-78083D052E15", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r2-s2:*:*:*:*:*:*", matchCriteriaId: "AA6526FB-2941-4D18-9B2E-472AD5A62A53", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r3:*:*:*:*:*:*", matchCriteriaId: "09876787-A40A-4340-9C12-8628C325353B", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r3-s1:*:*:*:*:*:*", matchCriteriaId: "41615104-C17E-44DA-AB0D-6E2053BD4EF4", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r3-s2:*:*:*:*:*:*", matchCriteriaId: "1981DE38-36B5-469D-917E-92717EE3ED53", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r3-s3:*:*:*:*:*:*", matchCriteriaId: "AFA68ACD-AAE5-4577-B734-23AAF77BC85A", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r3-s4:*:*:*:*:*:*", matchCriteriaId: "65948ABC-22BB-46D5-8545-0806EDB4B86E", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r3-s5:*:*:*:*:*:*", matchCriteriaId: "283E41CB-9A90-4521-96DC-F31AA592CFD8", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r3-s6:*:*:*:*:*:*", matchCriteriaId: "14EEA504-CBC5-4F6F-889A-D505EC4BB5B1", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r3-s7:*:*:*:*:*:*", matchCriteriaId: "977DEF80-0DB5-4828-97AC-09BB3111D585", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r3-s8:*:*:*:*:*:*", matchCriteriaId: "C445622E-8E57-4990-A71A-E1993BFCB91A", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*", matchCriteriaId: "216E7DDE-453D-481F-92E2-9F8466CDDA3F", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r1:*:*:*:*:*:*", matchCriteriaId: "A52AF794-B36B-43A6-82E9-628658624B0A", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r1-s1:*:*:*:*:*:*", matchCriteriaId: "3998DC76-F72F-4452-9150-652140B113EB", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r1-s2:*:*:*:*:*:*", matchCriteriaId: "36ED4552-2420-45F9-B6E4-6DA2B2B12870", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r2:*:*:*:*:*:*", matchCriteriaId: "C28A14E7-7EA0-4757-9764-E39A27CFDFA5", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r2-s1:*:*:*:*:*:*", matchCriteriaId: "4A43752D-A4AF-4B4E-B95B-192E42883A5B", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r2-s2:*:*:*:*:*:*", matchCriteriaId: "42986538-E9D0-4C2E-B1C4-A763A4EE451B", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r3:*:*:*:*:*:*", matchCriteriaId: "DE22CA01-EA7E-4EE5-B59F-EE100688C1DA", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r3-s1:*:*:*:*:*:*", matchCriteriaId: "E596ABD9-6ECD-48DC-B770-87B7E62EA345", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r3-s2:*:*:*:*:*:*", matchCriteriaId: "71745D02-D226-44DC-91AD-678C85F5E6FC", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r3-s3:*:*:*:*:*:*", matchCriteriaId: "39E44B09-7310-428C-8144-AE9DB0484D1F", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r3-s4:*:*:*:*:*:*", matchCriteriaId: "53938295-8999-4316-9DED-88E24D037852", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r3-s5:*:*:*:*:*:*", matchCriteriaId: "2307BF56-640F-49A8-B060-6ACB0F653A61", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r3-s6:*:*:*:*:*:*", matchCriteriaId: "737DDF96-7B1D-44E2-AD0F-E2F50858B2A3", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:-:*:*:*:*:*:*", matchCriteriaId: "2E7D597D-F6B6-44C3-9EBC-4FA0686ACB5C", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r1:*:*:*:*:*:*", matchCriteriaId: "CC78A4CB-D617-43FC-BB51-287D2D0C44ED", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r1-s1:*:*:*:*:*:*", matchCriteriaId: "30FF67F8-1E3C-47A8-8859-709B3614BA6E", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r1-s2:*:*:*:*:*:*", matchCriteriaId: "0C7C507E-C85E-4BC6-A3B0-549516BAB524", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r2:*:*:*:*:*:*", matchCriteriaId: "6514CDE8-35DC-469F-89A3-078684D18F7A", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r2-s1:*:*:*:*:*:*", matchCriteriaId: "4624565D-8F59-44A8-B7A8-01AD579745E7", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r2-s2:*:*:*:*:*:*", matchCriteriaId: "4BF8CD82-C338-4D9A-8C98-FCB3CEAA9227", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r3:*:*:*:*:*:*", matchCriteriaId: "57E08E70-1AF3-4BA5-9A09-06DFE9663ADE", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r3-s1:*:*:*:*:*:*", matchCriteriaId: "255B6F20-D32F-42C1-829C-AE9C7923558A", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r3-s2:*:*:*:*:*:*", matchCriteriaId: "90AE30DB-C448-4FE9-AC11-FF0F27CDA227", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r3-s3:*:*:*:*:*:*", matchCriteriaId: "93F324AE-65D3-4CFC-AEAB-898CE1BD05CD", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r3-s4:*:*:*:*:*:*", matchCriteriaId: "3CCBB2F4-F05B-4CC5-9B1B-ECCB798D0483", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:-:*:*:*:*:*:*", matchCriteriaId: "79ED3CE8-CC57-43AB-9A26-BBC87816062D", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r1:*:*:*:*:*:*", matchCriteriaId: "4310D2D9-A8A6-48F8-9384-0A0692A1E1C3", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r1-s1:*:*:*:*:*:*", matchCriteriaId: "9962B01C-C57C-4359-9532-676AB81CE8B0", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r1-s2:*:*:*:*:*:*", matchCriteriaId: "62178549-B679-4902-BFDB-2993803B7FCE", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r2:*:*:*:*:*:*", matchCriteriaId: "9AD697DF-9738-4276-94ED-7B9380CD09F5", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r2-s1:*:*:*:*:*:*", matchCriteriaId: "09FF5818-0803-4646-A386-D7C645EE58A3", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r2-s2:*:*:*:*:*:*", matchCriteriaId: "2229FA59-EB24-49A2-85CE-F529A8DE6BA7", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r3:*:*:*:*:*:*", matchCriteriaId: "0CB280D8-C5D8-4B51-A879-496ACCDE4538", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r3-s1:*:*:*:*:*:*", matchCriteriaId: "5F3F54F1-75B3-400D-A735-2C27C8CEBE79", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r3-s2:*:*:*:*:*:*", matchCriteriaId: "476A49E7-37E9-40F9-BF2D-9BBFFAA1DFFC", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r3-s3:*:*:*:*:*:*", matchCriteriaId: "0A5B196A-2AF1-4AE5-9148-A75A572807BC", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r3-s4:*:*:*:*:*:*", matchCriteriaId: "3B457616-2D91-4913-9A7D-038BBF8F1F66", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:-:*:*:*:*:*:*", matchCriteriaId: "9D157211-535E-4B2D-B2FE-F697FAFDF65C", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r1:*:*:*:*:*:*", matchCriteriaId: "3F96EBE9-2532-4E35-ABA5-CA68830476A4", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r1-s1:*:*:*:*:*:*", matchCriteriaId: "B4D936AE-FD74-4823-A824-2D9F24C25BFB", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r1-s2:*:*:*:*:*:*", matchCriteriaId: "E117E493-F4E1-4568-88E3-F243C74A2662", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r2:*:*:*:*:*:*", matchCriteriaId: "01E3E308-FD9C-4686-8C35-8472A0E99F0D", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r2-s1:*:*:*:*:*:*", matchCriteriaId: "3683A8F5-EE0E-4936-A005-DF7F6B75DED3", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r2-s2:*:*:*:*:*:*", matchCriteriaId: "1B615DBA-8C53-41D4-B264-D3EED8578471", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r3:*:*:*:*:*:*", matchCriteriaId: "B3124DD0-9E42-4896-9060-CB7DD07FC342", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r3-s1:*:*:*:*:*:*", matchCriteriaId: "44F6FD6C-03AF-4D2C-B411-A753DE12A2DA", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r3-s2:*:*:*:*:*:*", matchCriteriaId: "D49FFB60-BA71-4902-9404-E67162919ADC", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r3-s3:*:*:*:*:*:*", matchCriteriaId: "EFF72FCA-C440-4D43-9BDB-F712DB413717", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.2:-:*:*:*:*:*:*", matchCriteriaId: "06156CD6-09D3-4A05-9C5E-BC64A70640F9", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.2:r1:*:*:*:*:*:*", matchCriteriaId: "E949B21B-AD62-4022-9088-06313277479E", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.2:r1-s1:*:*:*:*:*:*", matchCriteriaId: "8D862E6F-0D01-4B25-8340-888C30F75A2F", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.2:r1-s2:*:*:*:*:*:*", matchCriteriaId: "2F28F73E-8563-41B9-A313-BBAAD5B57A67", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.2:r2:*:*:*:*:*:*", matchCriteriaId: "E37D4694-C80B-475E-AB5B-BB431F59C5E1", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.2:r2-s1:*:*:*:*:*:*", matchCriteriaId: "5EC0D2D2-4922-4675-8A2C-57A08D7BE334", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.2:r2-s2:*:*:*:*:*:*", matchCriteriaId: "9EC91F9D-DEDA-46B4-A39F-59A2CDB86C2E", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.2:r3:*:*:*:*:*:*", matchCriteriaId: "591AA3E6-62A2-4A1A-A04C-E808F71D8B6E", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.2:r3-s1:*:*:*:*:*:*", matchCriteriaId: "786F993E-32CB-492A-A7CC-A7E4F48EA8B9", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.2:r3-s2:*:*:*:*:*:*", matchCriteriaId: "60CEA89D-BAC4-41CD-A1D1-AA5EDDEBD54A", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.3:-:*:*:*:*:*:*", matchCriteriaId: "CEB98E3F-B0A9-488F-ACFC-56B9485E7C9E", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.3:r1:*:*:*:*:*:*", matchCriteriaId: "19519212-51DD-4448-B115-8A20A40192CC", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.3:r1-s1:*:*:*:*:*:*", matchCriteriaId: "5CC9909E-AE9F-414D-99B1-83AA04D5297B", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.3:r1-s2:*:*:*:*:*:*", matchCriteriaId: "FDE9E767-4713-4EA2-8D00-1382975A4A15", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.3:r2:*:*:*:*:*:*", matchCriteriaId: "59DDA54E-6845-47EB-AE3C-5EC6BD33DFA7", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.3:r2-s1:*:*:*:*:*:*", matchCriteriaId: "574730B0-56C8-4A03-867B-1737148ED9B1", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.3:r2-s2:*:*:*:*:*:*", matchCriteriaId: "20EBC676-1B26-4A71-8326-0F892124290A", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.3:r3:*:*:*:*:*:*", matchCriteriaId: "FB4C0FBF-8813-44E5-B71A-22CBAA603E2F", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.3:r3-s1:*:*:*:*:*:*", matchCriteriaId: "8BCDE58C-80CC-4C5A-9667-8A4468D8D76C", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.4:-:*:*:*:*:*:*", matchCriteriaId: "1379EF30-AF04-4F98-8328-52A631F24737", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.4:r1:*:*:*:*:*:*", matchCriteriaId: "28E42A41-7965-456B-B0AF-9D3229CE4D4C", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.4:r1-s1:*:*:*:*:*:*", matchCriteriaId: "CB1A77D6-D3AD-481B-979C-8F778530B175", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.4:r1-s2:*:*:*:*:*:*", matchCriteriaId: "3A064B6B-A99B-4D8D-A62D-B00C7870BC30", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.4:r2:*:*:*:*:*:*", matchCriteriaId: "40813417-A938-4F74-A419-8C5188A35486", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.4:r2-s1:*:*:*:*:*:*", matchCriteriaId: "7FC1BA1A-DF0E-4B15-86BA-24C60E546732", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.4:r2-s2:*:*:*:*:*:*", matchCriteriaId: "EBB967BF-3495-476D-839A-9DBFCBE69F91", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:23.2:-:*:*:*:*:*:*", matchCriteriaId: "1A78CC80-E8B1-4CDA-BB35-A61833657FA7", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:23.2:r1:*:*:*:*:*:*", matchCriteriaId: "4B3B2FE1-C228-46BE-AC76-70C2687050AE", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:23.2:r1-s1:*:*:*:*:*:*", matchCriteriaId: "F1B16FF0-900F-4AEE-B670-A537139F6909", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:juniper:mx:-:*:*:*:*:*:*:*", matchCriteriaId: "72952BFC-45B9-4379-8D9A-A10132CC34EF", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx10:-:*:*:*:*:*:*:*", matchCriteriaId: "52699E2B-450A-431C-81E3-DC4483C8B4F2", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx10000:-:*:*:*:*:*:*:*", matchCriteriaId: "D97AF6F8-3D50-4D35-BCB1-54E3BEC69B9F", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx10003:-:*:*:*:*:*:*:*", matchCriteriaId: "D5627740-42E3-4FB1-B8B9-0B768AFFA1EC", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx10004:-:*:*:*:*:*:*:*", matchCriteriaId: "84F7BB7E-3A52-4C23-A4D2-50E75C912AFC", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx10008:-:*:*:*:*:*:*:*", matchCriteriaId: "D6F0EA2F-BF7E-45D0-B2B4-8A7B67A9475A", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx10016:-:*:*:*:*:*:*:*", matchCriteriaId: "C39DA74D-F5C7-4C11-857D-50631A110644", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx104:-:*:*:*:*:*:*:*", matchCriteriaId: "F72C850A-0530-4DB7-A553-7E19F82122B5", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx150:-:*:*:*:*:*:*:*", matchCriteriaId: "7FE2089C-F341-4DC1-B76D-633BC699306D", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx2008:-:*:*:*:*:*:*:*", matchCriteriaId: "2FEF33EB-B2E0-42EF-A1BB-D41021B6D08F", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx2010:-:*:*:*:*:*:*:*", matchCriteriaId: "27175D9A-CA2C-4218-8042-835E25DFCA43", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx2020:-:*:*:*:*:*:*:*", matchCriteriaId: "00C7FC57-8ACF-45AA-A227-7E3B350FD24F", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx204:-:*:*:*:*:*:*:*", matchCriteriaId: "2754C2DF-DF6E-4109-9463-38B4E0465B77", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx240:-:*:*:*:*:*:*:*", matchCriteriaId: "F4A26704-A6A4-4C4F-9E12-A0A0259491EF", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx304:-:*:*:*:*:*:*:*", matchCriteriaId: "3F7FB0CC-624D-4AB9-A7AC-BB19838C3B22", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx40:-:*:*:*:*:*:*:*", matchCriteriaId: "C982A2FF-A1F9-4830-BAB6-77CFCE1F093F", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx480:-:*:*:*:*:*:*:*", matchCriteriaId: "104858BD-D31D-40E0-8524-2EC311F10EAC", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx5:-:*:*:*:*:*:*:*", matchCriteriaId: "3B557965-0040-4048-B56C-F564FF28635B", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx80:-:*:*:*:*:*:*:*", matchCriteriaId: "EB875EBD-A3CD-4466-B2A3-39D47FF94592", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx960:-:*:*:*:*:*:*:*", matchCriteriaId: "B5E08E1E-0FE4-4294-9497-BBFFECA2A220", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "An Improper Handling of Exceptional Conditions vulnerability in the Class of Service daemon (cosd) of Juniper Networks Junos OS on MX Series allows an authenticated, network-based attacker with low privileges to cause a limited Denial of Service (DoS).\n\nIn a scaled subscriber scenario when specific low privileged commands, received over NETCONF, SSH or telnet, are handled by cosd on behalf of mgd, the respective child management daemon (mgd) processes will get stuck. In case of (Netconf over) SSH this leads to stuck SSH sessions, so that when the connection-limit for SSH is reached new sessions can't be established anymore. A similar behavior will be seen for telnet etc.\n\nStuck mgd processes can be monitored by executing the following command:\n\n user@host> show system processes extensive | match mgd | match sbwait\n\nThis issue affects Juniper Networks Junos OS on MX Series:\nAll versions earlier than 20.4R3-S9;\n21.2 versions earlier than 21.2R3-S7;\n21.3 versions earlier than 21.3R3-S5;\n21.4 versions earlier than 21.4R3-S5;\n22.1 versions earlier than 22.1R3-S4;\n22.2 versions earlier than 22.2R3-S3;\n22.3 versions earlier than 22.3R3-S2;\n22.4 versions earlier than 22.4R3;\n23.2 versions earlier than 23.2R1-S2, 23.2R2.", }, { lang: "es", value: "Una vulnerabilidad de manejo inadecuado de condiciones excepcionales en el daemon de clase de servicio (cosd) de Juniper Networks Junos OS en la serie MX permite que un atacante autenticado basado en red con privilegios bajos cause una denegación de servicio (DoS) limitada. En un escenario de suscriptor escalado, cuando cosd maneja comandos específicos de privilegios bajos, recibidos a través de NETCONF, SSH o telnet, en nombre de mgd, los respectivos procesos del daemon de administración infantil (mgd) se atascarán. En el caso de (Netconf sobre) SSH, esto conduce a sesiones SSH bloqueadas, de modo que cuando se alcanza el límite de conexión para SSH ya no se pueden establecer nuevas sesiones. Se observará un comportamiento similar para telnet, etc. Los procesos mgd atascados se pueden monitorear ejecutando el siguiente comando: usuario@host> mostrar procesos del sistema extensos | partido mgd | match sbwait Este problema afecta a Juniper Networks Junos OS en la serie MX: todas las versiones anteriores a 20.4R3-S9; Versiones 21.2 anteriores a 21.2R3-S7; Versiones 21.3 anteriores a 21.3R3-S5; Versiones 21.4 anteriores a 21.4R3-S5; Versiones 22.1 anteriores a 22.1R3-S4; Versiones 22.2 anteriores a 22.2R3-S3; Versiones 22.3 anteriores a 22.3R3-S2; Versiones 22.4 anteriores a 22.4R3; Versiones 23.2 anteriores a 23.2R1-S2, 23.2R2.", }, ], id: "CVE-2024-21610", lastModified: "2025-03-05T14:53:25.190", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "sirt@juniper.net", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "LOW", vulnConfidentialityImpact: "NONE", vulnIntegrityImpact: "NONE", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "sirt@juniper.net", type: "Secondary", }, ], }, published: "2024-04-12T15:15:23.950", references: [ { source: "sirt@juniper.net", tags: [ "Vendor Advisory", ], url: "http://supportportal.juniper.net/JSA75751", }, { source: "sirt@juniper.net", tags: [ "Not Applicable", ], url: "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://supportportal.juniper.net/JSA75751", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", ], url: "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", }, ], sourceIdentifier: "sirt@juniper.net", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-755", }, ], source: "sirt@juniper.net", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-16 20:15
Modified
2025-03-05 14:53
Severity ?
Summary
A Use After Free vulnerability in command processing of Juniper Networks Junos OS on MX Series allows a local, authenticated attacker to cause the broadband edge service manager daemon (bbe-smgd) to crash upon execution of specific CLI commands, creating a Denial of Service (DoS) condition. The process crashes and restarts automatically.
When specific CLI commands are executed, the bbe-smgd daemon attempts to write into an area of memory (mgd socket) that was already closed, causing the process to crash. This process manages and controls the configuration of broadband subscriber sessions and services. While the process is unavailable, additional subscribers will not be able to connect to the device, causing a temporary Denial of Service condition.
This issue only occurs if Graceful Routing Engine Switchover (GRES) and Subscriber Management are enabled.
This issue affects Junos OS:
* All versions before 20.4R3-S5,
* from 21.1 before 21.1R3-S4,
* from 21.2 before 21.2R3-S3,
* from 21.3 before 21.3R3-S5,
* from 21.4 before 21.4R3-S5,
* from 22.1 before 22.1R3,
* from 22.2 before 22.2R3,
* from 22.3 before 22.3R2;
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*", matchCriteriaId: "E3A96966-5060-4139-A124-D4E2C879FD6C", versionEndExcluding: "20.4", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:-:*:*:*:*:*:*", matchCriteriaId: "3D361B23-A3C2-444B-BEB8-E231DA950567", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r1:*:*:*:*:*:*", matchCriteriaId: "20DDC6B7-BFC4-4F0B-8E68-442C23765BF2", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r1-s1:*:*:*:*:*:*", matchCriteriaId: "037BA01C-3F5C-4503-A633-71765E9EF774", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r2:*:*:*:*:*:*", matchCriteriaId: "C54B047C-4B38-40C0-9855-067DCF7E48BD", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r2-s1:*:*:*:*:*:*", matchCriteriaId: "38984199-E332-4A9C-A4C0-78083D052E15", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r2-s2:*:*:*:*:*:*", matchCriteriaId: "AA6526FB-2941-4D18-9B2E-472AD5A62A53", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r3:*:*:*:*:*:*", matchCriteriaId: "09876787-A40A-4340-9C12-8628C325353B", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r3-s1:*:*:*:*:*:*", matchCriteriaId: "41615104-C17E-44DA-AB0D-6E2053BD4EF4", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r3-s2:*:*:*:*:*:*", matchCriteriaId: "1981DE38-36B5-469D-917E-92717EE3ED53", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r3-s3:*:*:*:*:*:*", matchCriteriaId: "AFA68ACD-AAE5-4577-B734-23AAF77BC85A", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r3-s4:*:*:*:*:*:*", matchCriteriaId: "65948ABC-22BB-46D5-8545-0806EDB4B86E", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.1:-:*:*:*:*:*:*", matchCriteriaId: "6FDB5B7D-FB37-47E3-8678-B9ED578CCA5F", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.1:r1:*:*:*:*:*:*", matchCriteriaId: "625BA7E6-D2AD-4A48-9B94-24328BE5B06A", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.1:r1-s1:*:*:*:*:*:*", matchCriteriaId: "F462F4E3-762C-429F-8D25-5521100DD37C", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.1:r2:*:*:*:*:*:*", matchCriteriaId: "C0BC9DAC-D6B5-4C5E-8C73-6E550D9A30F5", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.1:r2-s1:*:*:*:*:*:*", matchCriteriaId: "689FE1AE-7A85-4FB6-AB02-E732F23581B6", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.1:r2-s2:*:*:*:*:*:*", matchCriteriaId: "79E56DAC-75AD-4C81-9835-634B40C15DA6", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.1:r3:*:*:*:*:*:*", matchCriteriaId: "A0040FE2-7ECD-4755-96CE-E899BA298E0C", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.1:r3-s1:*:*:*:*:*:*", matchCriteriaId: "076AB086-BB79-4583-AAF7-A5233DFB2F95", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.1:r3-s2:*:*:*:*:*:*", matchCriteriaId: "72E2DDF6-01DF-4880-AB60-B3DA3281E88D", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.1:r3-s3:*:*:*:*:*:*", matchCriteriaId: "54010163-0810-4CF5-95FE-7E62BC6CA4F9", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*", matchCriteriaId: "216E7DDE-453D-481F-92E2-9F8466CDDA3F", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r1:*:*:*:*:*:*", matchCriteriaId: "A52AF794-B36B-43A6-82E9-628658624B0A", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r1-s1:*:*:*:*:*:*", matchCriteriaId: "3998DC76-F72F-4452-9150-652140B113EB", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r1-s2:*:*:*:*:*:*", matchCriteriaId: "36ED4552-2420-45F9-B6E4-6DA2B2B12870", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r2:*:*:*:*:*:*", matchCriteriaId: "C28A14E7-7EA0-4757-9764-E39A27CFDFA5", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r2-s1:*:*:*:*:*:*", matchCriteriaId: "4A43752D-A4AF-4B4E-B95B-192E42883A5B", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r2-s2:*:*:*:*:*:*", matchCriteriaId: "42986538-E9D0-4C2E-B1C4-A763A4EE451B", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r3:*:*:*:*:*:*", matchCriteriaId: "DE22CA01-EA7E-4EE5-B59F-EE100688C1DA", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r3-s1:*:*:*:*:*:*", matchCriteriaId: "E596ABD9-6ECD-48DC-B770-87B7E62EA345", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r3-s2:*:*:*:*:*:*", matchCriteriaId: "71745D02-D226-44DC-91AD-678C85F5E6FC", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:-:*:*:*:*:*:*", matchCriteriaId: "2E7D597D-F6B6-44C3-9EBC-4FA0686ACB5C", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r1:*:*:*:*:*:*", matchCriteriaId: "CC78A4CB-D617-43FC-BB51-287D2D0C44ED", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r1-s1:*:*:*:*:*:*", matchCriteriaId: "30FF67F8-1E3C-47A8-8859-709B3614BA6E", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r1-s2:*:*:*:*:*:*", matchCriteriaId: "0C7C507E-C85E-4BC6-A3B0-549516BAB524", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r2:*:*:*:*:*:*", matchCriteriaId: "6514CDE8-35DC-469F-89A3-078684D18F7A", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r2-s1:*:*:*:*:*:*", matchCriteriaId: "4624565D-8F59-44A8-B7A8-01AD579745E7", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r2-s2:*:*:*:*:*:*", matchCriteriaId: "4BF8CD82-C338-4D9A-8C98-FCB3CEAA9227", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r3:*:*:*:*:*:*", matchCriteriaId: "57E08E70-1AF3-4BA5-9A09-06DFE9663ADE", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r3-s1:*:*:*:*:*:*", matchCriteriaId: "255B6F20-D32F-42C1-829C-AE9C7923558A", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r3-s2:*:*:*:*:*:*", matchCriteriaId: "90AE30DB-C448-4FE9-AC11-FF0F27CDA227", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r3-s3:*:*:*:*:*:*", matchCriteriaId: "93F324AE-65D3-4CFC-AEAB-898CE1BD05CD", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r3-s4:*:*:*:*:*:*", matchCriteriaId: "3CCBB2F4-F05B-4CC5-9B1B-ECCB798D0483", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:-:*:*:*:*:*:*", matchCriteriaId: "79ED3CE8-CC57-43AB-9A26-BBC87816062D", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r1:*:*:*:*:*:*", matchCriteriaId: "4310D2D9-A8A6-48F8-9384-0A0692A1E1C3", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r1-s1:*:*:*:*:*:*", matchCriteriaId: "9962B01C-C57C-4359-9532-676AB81CE8B0", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r1-s2:*:*:*:*:*:*", matchCriteriaId: "62178549-B679-4902-BFDB-2993803B7FCE", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r2:*:*:*:*:*:*", matchCriteriaId: "9AD697DF-9738-4276-94ED-7B9380CD09F5", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r2-s1:*:*:*:*:*:*", matchCriteriaId: "09FF5818-0803-4646-A386-D7C645EE58A3", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r2-s2:*:*:*:*:*:*", matchCriteriaId: "2229FA59-EB24-49A2-85CE-F529A8DE6BA7", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r3:*:*:*:*:*:*", matchCriteriaId: "0CB280D8-C5D8-4B51-A879-496ACCDE4538", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r3-s1:*:*:*:*:*:*", matchCriteriaId: "5F3F54F1-75B3-400D-A735-2C27C8CEBE79", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r3-s2:*:*:*:*:*:*", matchCriteriaId: "476A49E7-37E9-40F9-BF2D-9BBFFAA1DFFC", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r3-s3:*:*:*:*:*:*", matchCriteriaId: "0A5B196A-2AF1-4AE5-9148-A75A572807BC", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r3-s4:*:*:*:*:*:*", matchCriteriaId: "3B457616-2D91-4913-9A7D-038BBF8F1F66", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:-:*:*:*:*:*:*", matchCriteriaId: "9D157211-535E-4B2D-B2FE-F697FAFDF65C", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r1:*:*:*:*:*:*", matchCriteriaId: "3F96EBE9-2532-4E35-ABA5-CA68830476A4", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r1-s1:*:*:*:*:*:*", matchCriteriaId: "B4D936AE-FD74-4823-A824-2D9F24C25BFB", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r1-s2:*:*:*:*:*:*", matchCriteriaId: "E117E493-F4E1-4568-88E3-F243C74A2662", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r2:*:*:*:*:*:*", matchCriteriaId: "01E3E308-FD9C-4686-8C35-8472A0E99F0D", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r2-s1:*:*:*:*:*:*", matchCriteriaId: "3683A8F5-EE0E-4936-A005-DF7F6B75DED3", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r2-s2:*:*:*:*:*:*", matchCriteriaId: "1B615DBA-8C53-41D4-B264-D3EED8578471", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.2:-:*:*:*:*:*:*", matchCriteriaId: "06156CD6-09D3-4A05-9C5E-BC64A70640F9", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.2:r1:*:*:*:*:*:*", matchCriteriaId: "E949B21B-AD62-4022-9088-06313277479E", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.2:r1-s1:*:*:*:*:*:*", matchCriteriaId: "8D862E6F-0D01-4B25-8340-888C30F75A2F", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.2:r1-s2:*:*:*:*:*:*", matchCriteriaId: "2F28F73E-8563-41B9-A313-BBAAD5B57A67", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.2:r2:*:*:*:*:*:*", matchCriteriaId: "E37D4694-C80B-475E-AB5B-BB431F59C5E1", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.2:r2-s1:*:*:*:*:*:*", matchCriteriaId: "5EC0D2D2-4922-4675-8A2C-57A08D7BE334", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.2:r2-s2:*:*:*:*:*:*", matchCriteriaId: "9EC91F9D-DEDA-46B4-A39F-59A2CDB86C2E", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.3:-:*:*:*:*:*:*", matchCriteriaId: "CEB98E3F-B0A9-488F-ACFC-56B9485E7C9E", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.3:r1:*:*:*:*:*:*", matchCriteriaId: "19519212-51DD-4448-B115-8A20A40192CC", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.3:r1-s1:*:*:*:*:*:*", matchCriteriaId: "5CC9909E-AE9F-414D-99B1-83AA04D5297B", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.3:r1-s2:*:*:*:*:*:*", matchCriteriaId: "FDE9E767-4713-4EA2-8D00-1382975A4A15", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:juniper:mx:-:*:*:*:*:*:*:*", matchCriteriaId: "72952BFC-45B9-4379-8D9A-A10132CC34EF", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx10:-:*:*:*:*:*:*:*", matchCriteriaId: "52699E2B-450A-431C-81E3-DC4483C8B4F2", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx10000:-:*:*:*:*:*:*:*", matchCriteriaId: "D97AF6F8-3D50-4D35-BCB1-54E3BEC69B9F", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx10003:-:*:*:*:*:*:*:*", matchCriteriaId: "D5627740-42E3-4FB1-B8B9-0B768AFFA1EC", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx10004:-:*:*:*:*:*:*:*", matchCriteriaId: "84F7BB7E-3A52-4C23-A4D2-50E75C912AFC", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx10008:-:*:*:*:*:*:*:*", matchCriteriaId: "D6F0EA2F-BF7E-45D0-B2B4-8A7B67A9475A", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx10016:-:*:*:*:*:*:*:*", matchCriteriaId: "C39DA74D-F5C7-4C11-857D-50631A110644", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx104:-:*:*:*:*:*:*:*", matchCriteriaId: "F72C850A-0530-4DB7-A553-7E19F82122B5", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx150:-:*:*:*:*:*:*:*", matchCriteriaId: "7FE2089C-F341-4DC1-B76D-633BC699306D", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx2008:-:*:*:*:*:*:*:*", matchCriteriaId: "2FEF33EB-B2E0-42EF-A1BB-D41021B6D08F", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx2010:-:*:*:*:*:*:*:*", matchCriteriaId: "27175D9A-CA2C-4218-8042-835E25DFCA43", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx2020:-:*:*:*:*:*:*:*", matchCriteriaId: "00C7FC57-8ACF-45AA-A227-7E3B350FD24F", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx204:-:*:*:*:*:*:*:*", matchCriteriaId: "2754C2DF-DF6E-4109-9463-38B4E0465B77", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx240:-:*:*:*:*:*:*:*", matchCriteriaId: "F4A26704-A6A4-4C4F-9E12-A0A0259491EF", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx304:-:*:*:*:*:*:*:*", matchCriteriaId: "3F7FB0CC-624D-4AB9-A7AC-BB19838C3B22", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx40:-:*:*:*:*:*:*:*", matchCriteriaId: "C982A2FF-A1F9-4830-BAB6-77CFCE1F093F", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx480:-:*:*:*:*:*:*:*", matchCriteriaId: "104858BD-D31D-40E0-8524-2EC311F10EAC", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx5:-:*:*:*:*:*:*:*", matchCriteriaId: "3B557965-0040-4048-B56C-F564FF28635B", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx80:-:*:*:*:*:*:*:*", matchCriteriaId: "EB875EBD-A3CD-4466-B2A3-39D47FF94592", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx960:-:*:*:*:*:*:*:*", matchCriteriaId: "B5E08E1E-0FE4-4294-9497-BBFFECA2A220", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A Use After Free vulnerability in command processing of Juniper Networks Junos OS on MX Series allows a local, authenticated attacker to cause the broadband edge service manager daemon (bbe-smgd) to crash upon execution of specific CLI commands, creating a Denial of Service (DoS) condition. The process crashes and restarts automatically.\n\nWhen specific CLI commands are executed, the bbe-smgd daemon attempts to write into an area of memory (mgd socket) that was already closed, causing the process to crash. This process manages and controls the configuration of broadband subscriber sessions and services. While the process is unavailable, additional subscribers will not be able to connect to the device, causing a temporary Denial of Service condition.\n\nThis issue only occurs if Graceful Routing Engine Switchover (GRES) and Subscriber Management are enabled.\nThis issue affects Junos OS:\n\n\n * All versions before 20.4R3-S5, \n * from 21.1 before 21.1R3-S4, \n * from 21.2 before 21.2R3-S3, \n * from 21.3 before 21.3R3-S5, \n * from 21.4 before 21.4R3-S5, \n * from 22.1 before 22.1R3, \n * from 22.2 before 22.2R3, \n * from 22.3 before 22.3R2;", }, { lang: "es", value: "Una vulnerabilidad Use After Free en el procesamiento de comandos de Juniper Networks Junos OS en la serie MX permite que un atacante local autenticado provoque que el demonio del administrador de servicios de banda ancha (bbe-smgd) se bloquee al ejecutar comandos CLI específicos, creando una condición de denegación de servicio ( DoS). El proceso falla y se reinicia automáticamente. Cuando se ejecutan comandos CLI específicos, el demonio bbe-smgd intenta escribir en un área de la memoria (socket mgd) que ya estaba cerrada, lo que provoca que el proceso falle. Este proceso gestiona y controla la configuración de las sesiones y servicios de los suscriptores de banda ancha. Mientras el proceso no esté disponible, los suscriptores adicionales no podrán conectarse al dispositivo, lo que provocará una condición temporal de denegación de servicio. Este problema solo ocurre si están habilitados Graceful Routing Engine Switchover (GRES) y Subscriber Management. Este problema afecta a Junos OS: * Todas las versiones anteriores a 20.4R3-S5, * desde 21.1 anterior a 21.1R3-S4, * desde 21.2 anterior a 21.2R3-S3, * desde 21.3 anterior a 21.3R3-S5, * desde 21.4 anterior a 21.4R3-S5 , * desde 22.1 antes de 22.1R3, * desde 22.2 antes de 22.2R3, * desde 22.3 antes de 22.3R2;", }, ], id: "CVE-2024-30378", lastModified: "2025-03-05T14:53:25.190", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "sirt@juniper.net", type: "Secondary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "LOCAL", availabilityRequirement: "NOT_DEFINED", baseScore: 6.9, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "NONE", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "LOW", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "HIGH", vulnConfidentialityImpact: "NONE", vulnIntegrityImpact: "NONE", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "sirt@juniper.net", type: "Secondary", }, ], }, published: "2024-04-16T20:15:09.680", references: [ { source: "sirt@juniper.net", tags: [ "Vendor Advisory", ], url: "https://supportportal.juniper.net/JSA79109", }, { source: "sirt@juniper.net", tags: [ "Not Applicable", ], url: "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://supportportal.juniper.net/JSA79109", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", ], url: "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L", }, ], sourceIdentifier: "sirt@juniper.net", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "sirt@juniper.net", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-13 00:15
Modified
2024-11-21 08:25
Severity ?
5.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
An Improper Check for Unusual or Exceptional Conditions vulnerability in the SIP ALG of Juniper Networks Junos OS on SRX Series and MX Series allows an unauthenticated network-based attacker to cause an integrity impact in connected networks.
If the SIP ALG is configured and a device receives a specifically malformed SIP packet, the device prevents this packet from being forwarded, but any subsequently received retransmissions of the same packet are forwarded as if they were valid.
This issue affects Juniper Networks Junos OS on SRX Series and MX Series:
* 20.4 versions prior to 20.4R3-S5;
* 21.1 versions prior to 21.1R3-S4;
* 21.2 versions prior to 21.2R3-S4;
* 21.3 versions prior to 21.3R3-S3;
* 21.4 versions prior to 21.4R3-S2;
* 22.1 versions prior to 22.1R2-S2, 22.1R3;
* 22.2 versions prior to 22.2R2-S1, 22.2R3;
* 22.3 versions prior to 22.3R1-S2, 22.3R2.
This issue doesn't not affected releases prior to 20.4R1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| sirt@juniper.net | https://supportportal.juniper.net/JSA73164 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://supportportal.juniper.net/JSA73164 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*", matchCriteriaId: "E3A96966-5060-4139-A124-D4E2C879FD6C", versionEndExcluding: "20.4", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:-:*:*:*:*:*:*", matchCriteriaId: "3D361B23-A3C2-444B-BEB8-E231DA950567", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r1:*:*:*:*:*:*", matchCriteriaId: "20DDC6B7-BFC4-4F0B-8E68-442C23765BF2", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r1-s1:*:*:*:*:*:*", matchCriteriaId: "037BA01C-3F5C-4503-A633-71765E9EF774", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r2:*:*:*:*:*:*", matchCriteriaId: "C54B047C-4B38-40C0-9855-067DCF7E48BD", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r2-s1:*:*:*:*:*:*", matchCriteriaId: "38984199-E332-4A9C-A4C0-78083D052E15", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r2-s2:*:*:*:*:*:*", matchCriteriaId: "AA6526FB-2941-4D18-9B2E-472AD5A62A53", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r3:*:*:*:*:*:*", matchCriteriaId: "09876787-A40A-4340-9C12-8628C325353B", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r3-s1:*:*:*:*:*:*", matchCriteriaId: "41615104-C17E-44DA-AB0D-6E2053BD4EF4", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r3-s2:*:*:*:*:*:*", matchCriteriaId: "1981DE38-36B5-469D-917E-92717EE3ED53", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r3-s3:*:*:*:*:*:*", matchCriteriaId: "AFA68ACD-AAE5-4577-B734-23AAF77BC85A", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r3-s4:*:*:*:*:*:*", matchCriteriaId: "65948ABC-22BB-46D5-8545-0806EDB4B86E", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.1:-:*:*:*:*:*:*", matchCriteriaId: "6FDB5B7D-FB37-47E3-8678-B9ED578CCA5F", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.1:r1:*:*:*:*:*:*", matchCriteriaId: "625BA7E6-D2AD-4A48-9B94-24328BE5B06A", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.1:r1-s1:*:*:*:*:*:*", matchCriteriaId: "F462F4E3-762C-429F-8D25-5521100DD37C", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.1:r2:*:*:*:*:*:*", matchCriteriaId: "C0BC9DAC-D6B5-4C5E-8C73-6E550D9A30F5", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.1:r2-s1:*:*:*:*:*:*", matchCriteriaId: "689FE1AE-7A85-4FB6-AB02-E732F23581B6", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.1:r2-s2:*:*:*:*:*:*", matchCriteriaId: "79E56DAC-75AD-4C81-9835-634B40C15DA6", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.1:r3:*:*:*:*:*:*", matchCriteriaId: "A0040FE2-7ECD-4755-96CE-E899BA298E0C", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.1:r3-s1:*:*:*:*:*:*", matchCriteriaId: "076AB086-BB79-4583-AAF7-A5233DFB2F95", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.1:r3-s2:*:*:*:*:*:*", matchCriteriaId: "72E2DDF6-01DF-4880-AB60-B3DA3281E88D", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.1:r3-s3:*:*:*:*:*:*", matchCriteriaId: "54010163-0810-4CF5-95FE-7E62BC6CA4F9", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*", matchCriteriaId: "216E7DDE-453D-481F-92E2-9F8466CDDA3F", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r1:*:*:*:*:*:*", matchCriteriaId: "A52AF794-B36B-43A6-82E9-628658624B0A", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r1-s1:*:*:*:*:*:*", matchCriteriaId: "3998DC76-F72F-4452-9150-652140B113EB", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r1-s2:*:*:*:*:*:*", matchCriteriaId: "36ED4552-2420-45F9-B6E4-6DA2B2B12870", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r2:*:*:*:*:*:*", matchCriteriaId: "C28A14E7-7EA0-4757-9764-E39A27CFDFA5", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r2-s1:*:*:*:*:*:*", matchCriteriaId: "4A43752D-A4AF-4B4E-B95B-192E42883A5B", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r2-s2:*:*:*:*:*:*", matchCriteriaId: "42986538-E9D0-4C2E-B1C4-A763A4EE451B", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r3:*:*:*:*:*:*", matchCriteriaId: "DE22CA01-EA7E-4EE5-B59F-EE100688C1DA", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r3-s1:*:*:*:*:*:*", matchCriteriaId: "E596ABD9-6ECD-48DC-B770-87B7E62EA345", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r3-s2:*:*:*:*:*:*", matchCriteriaId: "71745D02-D226-44DC-91AD-678C85F5E6FC", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r3-s3:*:*:*:*:*:*", matchCriteriaId: "39E44B09-7310-428C-8144-AE9DB0484D1F", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:-:*:*:*:*:*:*", matchCriteriaId: "2E7D597D-F6B6-44C3-9EBC-4FA0686ACB5C", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r1:*:*:*:*:*:*", matchCriteriaId: "CC78A4CB-D617-43FC-BB51-287D2D0C44ED", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r1-s1:*:*:*:*:*:*", matchCriteriaId: "30FF67F8-1E3C-47A8-8859-709B3614BA6E", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r1-s2:*:*:*:*:*:*", matchCriteriaId: "0C7C507E-C85E-4BC6-A3B0-549516BAB524", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r2:*:*:*:*:*:*", matchCriteriaId: "6514CDE8-35DC-469F-89A3-078684D18F7A", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r2-s1:*:*:*:*:*:*", matchCriteriaId: "4624565D-8F59-44A8-B7A8-01AD579745E7", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r2-s2:*:*:*:*:*:*", matchCriteriaId: "4BF8CD82-C338-4D9A-8C98-FCB3CEAA9227", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r3:*:*:*:*:*:*", matchCriteriaId: "57E08E70-1AF3-4BA5-9A09-06DFE9663ADE", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r3-s1:*:*:*:*:*:*", matchCriteriaId: "255B6F20-D32F-42C1-829C-AE9C7923558A", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r3-s2:*:*:*:*:*:*", matchCriteriaId: "90AE30DB-C448-4FE9-AC11-FF0F27CDA227", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:-:*:*:*:*:*:*", matchCriteriaId: "79ED3CE8-CC57-43AB-9A26-BBC87816062D", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r1:*:*:*:*:*:*", matchCriteriaId: "4310D2D9-A8A6-48F8-9384-0A0692A1E1C3", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r1-s1:*:*:*:*:*:*", matchCriteriaId: "9962B01C-C57C-4359-9532-676AB81CE8B0", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r1-s2:*:*:*:*:*:*", matchCriteriaId: "62178549-B679-4902-BFDB-2993803B7FCE", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r2:*:*:*:*:*:*", matchCriteriaId: "9AD697DF-9738-4276-94ED-7B9380CD09F5", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r2-s1:*:*:*:*:*:*", matchCriteriaId: "09FF5818-0803-4646-A386-D7C645EE58A3", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r2-s2:*:*:*:*:*:*", matchCriteriaId: "2229FA59-EB24-49A2-85CE-F529A8DE6BA7", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r3:*:*:*:*:*:*", matchCriteriaId: "0CB280D8-C5D8-4B51-A879-496ACCDE4538", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r3-s1:*:*:*:*:*:*", matchCriteriaId: "5F3F54F1-75B3-400D-A735-2C27C8CEBE79", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:-:*:*:*:*:*:*", matchCriteriaId: "9D157211-535E-4B2D-B2FE-F697FAFDF65C", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r1:*:*:*:*:*:*", matchCriteriaId: "3F96EBE9-2532-4E35-ABA5-CA68830476A4", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r1-s1:*:*:*:*:*:*", matchCriteriaId: "B4D936AE-FD74-4823-A824-2D9F24C25BFB", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r1-s2:*:*:*:*:*:*", matchCriteriaId: "E117E493-F4E1-4568-88E3-F243C74A2662", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r2:*:*:*:*:*:*", matchCriteriaId: "01E3E308-FD9C-4686-8C35-8472A0E99F0D", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r2-s1:*:*:*:*:*:*", matchCriteriaId: "3683A8F5-EE0E-4936-A005-DF7F6B75DED3", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r3:*:*:*:*:*:*", matchCriteriaId: "B3124DD0-9E42-4896-9060-CB7DD07FC342", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r3-s1:*:*:*:*:*:*", matchCriteriaId: "44F6FD6C-03AF-4D2C-B411-A753DE12A2DA", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.2:-:*:*:*:*:*:*", matchCriteriaId: "06156CD6-09D3-4A05-9C5E-BC64A70640F9", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.2:r1:*:*:*:*:*:*", matchCriteriaId: "E949B21B-AD62-4022-9088-06313277479E", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.2:r1-s1:*:*:*:*:*:*", matchCriteriaId: "8D862E6F-0D01-4B25-8340-888C30F75A2F", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.2:r1-s2:*:*:*:*:*:*", matchCriteriaId: "2F28F73E-8563-41B9-A313-BBAAD5B57A67", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.2:r2:*:*:*:*:*:*", matchCriteriaId: "E37D4694-C80B-475E-AB5B-BB431F59C5E1", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.2:r2-s1:*:*:*:*:*:*", matchCriteriaId: "5EC0D2D2-4922-4675-8A2C-57A08D7BE334", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.3:-:*:*:*:*:*:*", matchCriteriaId: "CEB98E3F-B0A9-488F-ACFC-56B9485E7C9E", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.3:r1:*:*:*:*:*:*", matchCriteriaId: "19519212-51DD-4448-B115-8A20A40192CC", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.3:r1-s1:*:*:*:*:*:*", matchCriteriaId: "5CC9909E-AE9F-414D-99B1-83AA04D5297B", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.3:r1-s2:*:*:*:*:*:*", matchCriteriaId: "FDE9E767-4713-4EA2-8D00-1382975A4A15", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:juniper:mx10003:-:*:*:*:*:*:*:*", matchCriteriaId: "D5627740-42E3-4FB1-B8B9-0B768AFFA1EC", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx10004:-:*:*:*:*:*:*:*", matchCriteriaId: "84F7BB7E-3A52-4C23-A4D2-50E75C912AFC", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx10008:-:*:*:*:*:*:*:*", matchCriteriaId: "D6F0EA2F-BF7E-45D0-B2B4-8A7B67A9475A", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx2008:-:*:*:*:*:*:*:*", matchCriteriaId: "2FEF33EB-B2E0-42EF-A1BB-D41021B6D08F", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx2010:-:*:*:*:*:*:*:*", matchCriteriaId: "27175D9A-CA2C-4218-8042-835E25DFCA43", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx2020:-:*:*:*:*:*:*:*", matchCriteriaId: "00C7FC57-8ACF-45AA-A227-7E3B350FD24F", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx204:-:*:*:*:*:*:*:*", matchCriteriaId: "2754C2DF-DF6E-4109-9463-38B4E0465B77", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx240:-:*:*:*:*:*:*:*", matchCriteriaId: "F4A26704-A6A4-4C4F-9E12-A0A0259491EF", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx304:-:*:*:*:*:*:*:*", matchCriteriaId: "3F7FB0CC-624D-4AB9-A7AC-BB19838C3B22", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx480:-:*:*:*:*:*:*:*", matchCriteriaId: "104858BD-D31D-40E0-8524-2EC311F10EAC", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:mx960:-:*:*:*:*:*:*:*", matchCriteriaId: "B5E08E1E-0FE4-4294-9497-BBFFECA2A220", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:srx1500:-:*:*:*:*:*:*:*", matchCriteriaId: "2CEBF85C-736A-4E7D-956A-3E8210D4F70B", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:srx1600:-:*:*:*:*:*:*:*", matchCriteriaId: "4AE06B18-BFB5-4029-A05D-386CFBFBF683", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:srx2300:-:*:*:*:*:*:*:*", matchCriteriaId: "48A1DCCD-208C-46D9-8E14-89592B49AB9A", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:srx300:-:*:*:*:*:*:*:*", matchCriteriaId: "BB5AB24B-2B43-43DD-AE10-F758B4B19F2A", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:srx320:-:*:*:*:*:*:*:*", matchCriteriaId: "80F9DC32-5ADF-4430-B1A6-357D0B29DB78", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:srx340:-:*:*:*:*:*:*:*", matchCriteriaId: "8B82D4C4-7A65-409A-926F-33C054DCBFBA", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:srx345:-:*:*:*:*:*:*:*", matchCriteriaId: "CE535749-F4CE-4FFA-B23D-BF09C92481E5", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:srx380:-:*:*:*:*:*:*:*", matchCriteriaId: "2305DA9D-E6BA-48F4-80CF-9E2DE7661B2F", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:srx4100:-:*:*:*:*:*:*:*", matchCriteriaId: "3AA8999C-8AE4-416F-BA2A-B1A21F33B4D7", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:srx4200:-:*:*:*:*:*:*:*", matchCriteriaId: "CCC5F6F5-4347-49D3-909A-27A3A96D36C9", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:srx4300:-:*:*:*:*:*:*:*", matchCriteriaId: "826F893F-7B06-43B5-8653-A8D9794C052E", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:srx4600:-:*:*:*:*:*:*:*", matchCriteriaId: "56BA6B86-D3F4-4496-AE46-AC513C6560FA", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:srx4700:-:*:*:*:*:*:*:*", matchCriteriaId: "462CFD52-D3E2-4F7A-98AC-C589D2420556", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:srx5400:-:*:*:*:*:*:*:*", matchCriteriaId: "2FDDC897-747F-44DD-9599-7266F9B5B7B1", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:srx550:-:*:*:*:*:*:*:*", matchCriteriaId: "62FC145A-D477-4C86-89E7-F70F52773801", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:srx5600:-:*:*:*:*:*:*:*", matchCriteriaId: "68CA098D-CBE4-4E62-9EC0-43E1B6098710", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:srx5800:-:*:*:*:*:*:*:*", matchCriteriaId: "66F474D4-79B6-4525-983C-9A9011BD958B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "\nAn Improper Check for Unusual or Exceptional Conditions vulnerability in the SIP ALG of Juniper Networks Junos OS on SRX Series and MX Series allows an unauthenticated network-based attacker to cause an integrity impact in connected networks.\n\nIf the SIP ALG is configured and a device receives a specifically malformed SIP packet, the device prevents this packet from being forwarded, but any subsequently received retransmissions of the same packet are forwarded as if they were valid.\n\nThis issue affects Juniper Networks Junos OS on SRX Series and MX Series:\n\n\n\n * 20.4 versions prior to 20.4R3-S5;\n * 21.1 versions prior to 21.1R3-S4;\n * 21.2 versions prior to 21.2R3-S4;\n * 21.3 versions prior to 21.3R3-S3;\n * 21.4 versions prior to 21.4R3-S2;\n * 22.1 versions prior to 22.1R2-S2, 22.1R3;\n * 22.2 versions prior to 22.2R2-S1, 22.2R3;\n * 22.3 versions prior to 22.3R1-S2, 22.3R2.\n\n\n\n\nThis issue doesn't not affected releases prior to 20.4R1.\n\n\n\n", }, { lang: "es", value: "Una vulnerabilidad de Verificación Inadecuada de Condiciones Inusuales o Excepcionales en SIP ALG de Juniper Networks Junos OS en las series SRX y MX permite que un atacante basado en red no autenticado cause un impacto en la integridad de las redes conectadas. Si SIP ALG está configurado y un dispositivo recibe un paquete SIP específicamente mal formado, el dispositivo impide que este paquete se reenvíe, pero cualquier retransmisión recibida posteriormente del mismo paquete se reenvía como si fuera válida. Este problema afecta a Juniper Networks Junos OS en las series SRX y MX: * Versiones 20.4 anteriores a 20.4R3-S5; * Versiones 21.1 anteriores a 21.1R3-S4; * Versiones 21.2 anteriores a 21.2R3-S4; * Versiones 21.3 anteriores a 21.3R3-S3; * Versiones 21.4 anteriores a 21.4R3-S2; * Versiones 22.1 anteriores a 22.1R2-S2, 22.1R3; * Versiones 22.2 anteriores a 22.2R2-S1, 22.2R3; * Versiones 22.3 anteriores a 22.3R1-S2, 22.3R2. Este problema no afecta a las versiones anteriores a 20.4R1.", }, ], id: "CVE-2023-44198", lastModified: "2024-11-21T08:25:25.567", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.8, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "sirt@juniper.net", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-10-13T00:15:12.760", references: [ { source: "sirt@juniper.net", tags: [ "Vendor Advisory", ], url: "https://supportportal.juniper.net/JSA73164", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://supportportal.juniper.net/JSA73164", }, ], sourceIdentifier: "sirt@juniper.net", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-754", }, ], source: "sirt@juniper.net", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-754", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2024-30378
Vulnerability from cvelistv5
Published
2024-04-16 20:03
Modified
2024-08-02 01:32
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.9 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
6.9 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
EPSS score ?
Summary
A Use After Free vulnerability in command processing of Juniper Networks Junos OS on MX Series allows a local, authenticated attacker to cause the broadband edge service manager daemon (bbe-smgd) to crash upon execution of specific CLI commands, creating a Denial of Service (DoS) condition. The process crashes and restarts automatically.
When specific CLI commands are executed, the bbe-smgd daemon attempts to write into an area of memory (mgd socket) that was already closed, causing the process to crash. This process manages and controls the configuration of broadband subscriber sessions and services. While the process is unavailable, additional subscribers will not be able to connect to the device, causing a temporary Denial of Service condition.
This issue only occurs if Graceful Routing Engine Switchover (GRES) and Subscriber Management are enabled.
This issue affects Junos OS:
* All versions before 20.4R3-S5,
* from 21.1 before 21.1R3-S4,
* from 21.2 before 21.2R3-S3,
* from 21.3 before 21.3R3-S5,
* from 21.4 before 21.4R3-S5,
* from 22.1 before 22.1R3,
* from 22.2 before 22.2R3,
* from 22.3 before 22.3R2;
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportportal.juniper.net/JSA79109 | vendor-advisory | |
| https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L | technical-description |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Version: 0 ≤ Version: 21.1 ≤ Version: 21.2 ≤ Version: 21.3 ≤ Version: 21.4 ≤ Version: 22.1 ≤ Version: 22.2 ≤ Version: 22.3 ≤ |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:juniper:junos:21.1:-:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "junos", vendor: "juniper", versions: [ { status: "affected", version: "21.1", }, ], }, { cpes: [ "cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "junos", vendor: "juniper", versions: [ { status: "affected", version: "21.2", }, ], }, { cpes: [ "cpe:2.3:o:juniper:junos:21.3:-:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "junos", vendor: "juniper", versions: [ { status: "affected", version: "21.3", }, ], }, { cpes: [ "cpe:2.3:o:juniper:junos:21.4:-:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "junos", vendor: "juniper", versions: [ { status: "affected", version: "21.4", }, ], }, { cpes: [ "cpe:2.3:o:juniper:junos:22.1:-:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "junos", vendor: "juniper", versions: [ { status: "affected", version: "22.1", }, ], }, { cpes: [ "cpe:2.3:o:juniper:junos:22.2:-:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "junos", vendor: "juniper", versions: [ { status: "affected", version: "22.2", }, ], }, { cpes: [ "cpe:2.3:o:juniper:junos:22.3:-:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "junos", vendor: "juniper", versions: [ { status: "affected", version: "22.3", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-30378", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-04-19T18:42:01.923634Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:38:23.981Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:32:07.268Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://supportportal.juniper.net/JSA79109", }, { tags: [ "technical-description", "x_transferred", ], url: "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "MX Series", ], product: "Junos OS", vendor: "Juniper Networks", versions: [ { lessThan: "20.4R3-S5", status: "affected", version: "0", versionType: "semver", }, { lessThan: "21.1R3-S4", status: "affected", version: "21.1", versionType: "semver", }, { lessThan: "21.2R3-S3", status: "affected", version: "21.2", versionType: "semver", }, { lessThan: "21.3R3-S5", status: "affected", version: "21.3", versionType: "semver", }, { lessThan: "21.4R3-S5", status: "affected", version: "21.4", versionType: "semver", }, { lessThan: "22.1R3", status: "affected", version: "22.1", versionType: "semver", }, { lessThan: "22.2R3", status: "affected", version: "22.2", versionType: "semver", }, { lessThan: "22.3R2", status: "affected", version: "22.3", versionType: "semver", }, ], }, ], configurations: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Subscriber Services (Broadband Edge) and GRES must be enabled to be vulnerable to this issue:<br> <br> <tt>[edit system services]<br>subscriber-management enable; <br><br> [edit chassis redundancy]<br>graceful-switchover;</tt>", }, ], value: "Subscriber Services (Broadband Edge) and GRES must be enabled to be vulnerable to this issue:\n \n [edit system services]\nsubscriber-management enable; \n\n [edit chassis redundancy]\ngraceful-switchover;", }, ], datePublic: "2024-04-10T16:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "A Use After Free vulnerability in command processing of Juniper Networks Junos OS on MX Series allows a local, authenticated attacker to cause the broadband edge service manager daemon (bbe-smgd) to crash upon execution of specific CLI commands, creating a Denial of Service (DoS) condition. The process crashes and restarts automatically.<br><br>When specific CLI commands are executed, the bbe-smgd daemon attempts to write into an area of memory (mgd socket) that was already closed, causing the process to crash. This process manages and controls the configuration of broadband subscriber sessions and services. While the process is unavailable, additional subscribers will not be able to connect to the device, causing a temporary Denial of Service condition.<br><br>This issue only occurs if Graceful Routing Engine Switchover (GRES) and Subscriber Management are enabled.<br><p>This issue affects Junos OS:<br></p><ul><li>All versions before 20.4R3-S5, </li><li>from 21.1 before 21.1R3-S4, </li><li>from 21.2 before 21.2R3-S3, </li><li>from 21.3 before 21.3R3-S5, </li><li>from 21.4 before 21.4R3-S5, </li><li>from 22.1 before 22.1R3, </li><li>from 22.2 before 22.2R3, </li><li>from 22.3 before 22.3R2;</li></ul><p></p><p><br></p><p></p>", }, ], value: "A Use After Free vulnerability in command processing of Juniper Networks Junos OS on MX Series allows a local, authenticated attacker to cause the broadband edge service manager daemon (bbe-smgd) to crash upon execution of specific CLI commands, creating a Denial of Service (DoS) condition. The process crashes and restarts automatically.\n\nWhen specific CLI commands are executed, the bbe-smgd daemon attempts to write into an area of memory (mgd socket) that was already closed, causing the process to crash. This process manages and controls the configuration of broadband subscriber sessions and services. While the process is unavailable, additional subscribers will not be able to connect to the device, causing a temporary Denial of Service condition.\n\nThis issue only occurs if Graceful Routing Engine Switchover (GRES) and Subscriber Management are enabled.\nThis issue affects Junos OS:\n\n\n * All versions before 20.4R3-S5, \n * from 21.1 before 21.1R3-S4, \n * from 21.2 before 21.2R3-S3, \n * from 21.3 before 21.3R3-S5, \n * from 21.4 before 21.4R3-S5, \n * from 22.1 before 22.1R3, \n * from 22.2 before 22.2R3, \n * from 22.3 before 22.3R2;", }, ], exploits: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.", }, ], value: "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, { cvssV4_0: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "LOCAL", baseScore: 6.9, baseSeverity: "MEDIUM", privilegesRequired: "NONE", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "LOW", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L", version: "4.0", vulnAvailabilityImpact: "HIGH", vulnConfidentialityImpact: "NONE", vulnIntegrityImpact: "NONE", vulnerabilityResponseEffort: "NOT_DEFINED", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416 Use After Free", lang: "en", type: "CWE", }, ], }, { descriptions: [ { description: "Denial of Service (DoS)", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-16T17:55:20.345Z", orgId: "8cbe9d5a-a066-4c94-8978-4b15efeae968", shortName: "juniper", }, references: [ { tags: [ "vendor-advisory", ], url: "https://supportportal.juniper.net/JSA79109", }, { tags: [ "technical-description", ], url: "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L", }, ], solutions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "The following software releases have been updated to resolve this specific issue: Junos OS: 20.4R3-S5, 21.1R3-S4, 21.2R3-S3, 21.3R3-S5, 21.4R3-S5, 22.1R3, 22.2R3, 22.3R2, 22.4R1, and all subsequent releases.<br>", }, ], value: "The following software releases have been updated to resolve this specific issue: Junos OS: 20.4R3-S5, 21.1R3-S4, 21.2R3-S3, 21.3R3-S5, 21.4R3-S5, 22.1R3, 22.2R3, 22.3R2, 22.4R1, and all subsequent releases.", }, ], source: { advisory: "JSA79109", defect: [ "1688750", ], discovery: "INTERNAL", }, title: "Junos OS: MX Series: bbe-smgd process crash upon execution of specific CLI commands", workarounds: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>Use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.</p>", }, ], value: "Use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.", }, ], x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "8cbe9d5a-a066-4c94-8978-4b15efeae968", assignerShortName: "juniper", cveId: "CVE-2024-30378", datePublished: "2024-04-16T20:03:56.292Z", dateReserved: "2024-03-26T23:06:12.473Z", dateUpdated: "2024-08-02T01:32:07.268Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-21587
Vulnerability from cvelistv5
Published
2024-01-12 00:51
Modified
2024-08-01 22:27
Severity ?
EPSS score ?
Summary
An Improper Handling of Exceptional Conditions vulnerability in the broadband edge subscriber management daemon (bbe-smgd) of Juniper Networks Junos OS on MX Series allows an attacker directly connected to the vulnerable system who repeatedly flaps DHCP subscriber sessions to cause a slow memory leak, ultimately leading to a Denial of Service (DoS). Memory can only be recovered by manually restarting bbe-smgd.
This issue only occurs if BFD liveness detection for DHCP subscribers is enabled. Systems without BFD liveness detection enabled are not vulnerable to this issue.
Indication of the issue can be observed by periodically executing the 'show system processes extensive' command, which will indicate an increase in memory allocation for bbe-smgd. A small amount of memory is leaked every time a DHCP subscriber logs in, which will become visible over time, ultimately leading to memory starvation.
user@junos> show system processes extensive | match bbe-smgd
13071 root 24 0 415M 201M select 0 0:41 7.28% bbe-smgd{bbe-smgd}
13071 root 20 0 415M 201M select 1 0:04 0.00% bbe-smgd{bbe-smgd}
...
user@junos> show system processes extensive | match bbe-smgd
13071 root 20 0 420M 208M select 0 4:33 0.10% bbe-smgd{bbe-smgd}
13071 root 20 0 420M 208M select 0 0:12 0.00% bbe-smgd{bbe-smgd}
...
This issue affects Juniper Networks Junos OS on MX Series:
* All versions earlier than 20.4R3-S9;
* 21.2 versions earlier than 21.2R3-S7;
* 21.3 versions earlier than 21.3R3-S5;
* 21.4 versions earlier than 21.4R3-S5;
* 22.1 versions earlier than 22.1R3-S4;
* 22.2 versions earlier than 22.2R3-S3;
* 22.3 versions earlier than 22.3R3-S2;
* 22.4 versions earlier than 22.4R2-S2, 22.4R3;
* 23.2 versions earlier than 23.2R1-S1, 23.2R2.
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportportal.juniper.net/JSA75725 | vendor-advisory | |
| https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L | technical-description |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Version: 0 ≤ Version: 21.2 ≤ Version: 21.3 ≤ Version: 21.4 ≤ Version: 22.1 ≤ Version: 22.2 ≤ Version: 22.3 ≤ Version: 22.4 ≤ Version: 23.2 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:27:34.860Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://supportportal.juniper.net/JSA75725", }, { tags: [ "technical-description", "x_transferred", ], url: "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "MX Series", ], product: "Junos OS", vendor: "Juniper Networks", versions: [ { lessThan: "20.4R3-S9", status: "affected", version: "0", versionType: "semver", }, { lessThan: "21.2R3-S7", status: "affected", version: "21.2", versionType: "semver", }, { lessThan: "21.3R3-S5", status: "affected", version: "21.3", versionType: "semver", }, { lessThan: "21.4R3-S5", status: "affected", version: "21.4", versionType: "semver", }, { lessThan: "22.1R3-S4", status: "affected", version: "22.1", versionType: "semver", }, { lessThan: "22.2R3-S3", status: "affected", version: "22.2", versionType: "semver", }, { lessThan: "22.3R3-S2", status: "affected", version: "22.3", versionType: "semver", }, { lessThan: "22.4R2-S2, 22.4R3", status: "affected", version: "22.4", versionType: "semver", }, { lessThan: "23.2R1-S1, 23.2R2", status: "affected", version: "23.2", versionType: "semver", }, ], }, ], configurations: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>DHCP liveness detection is enabled and configured as follows:</p><code> [edit forwarding-options dhcp-relay]</code><br/><code> user@host# edit liveness-detection</code><br/>", }, ], value: "DHCP liveness detection is enabled and configured as follows:\n\n [edit forwarding-options dhcp-relay]\n user@host# edit liveness-detection\n", }, ], datePublic: "2024-01-10T17:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\n\n<p>An Improper Handling of Exceptional Conditions vulnerability in the broadband edge subscriber management daemon (bbe-smgd) of Juniper Networks Junos OS on MX Series allows an attacker directly connected to the vulnerable system who repeatedly flaps DHCP subscriber sessions to cause a slow memory leak, ultimately leading to a Denial of Service (DoS). Memory can only be recovered by manually restarting bbe-smgd.</p><p>This issue only occurs if BFD liveness detection for DHCP subscribers is enabled. Systems without BFD liveness detection enabled are not vulnerable to this issue.</p><p>Indication of the issue can be observed by periodically executing the 'show system processes extensive' command, which will indicate an increase in memory allocation for bbe-smgd. A small amount of memory is leaked every time a DHCP subscriber logs in, which will become visible over time, ultimately leading to memory starvation.</p><code>user@junos> show system processes extensive | match bbe-smgd</code><br><code>13071 root 24 0 415M 201M select 0 0:41 7.28% bbe-smgd{bbe-smgd}</code><br><code>13071 root 20 0 415M 201M select 1 0:04 0.00% bbe-smgd{bbe-smgd}</code><br><code>...</code><br><code>user@junos> show system processes extensive | match bbe-smgd</code><br><code>13071 root 20 0 420M 208M select 0 4:33 0.10% bbe-smgd{bbe-smgd}</code><br><code>13071 root 20 0 420M 208M select 0 0:12 0.00% bbe-smgd{bbe-smgd}</code><br><code>...</code><br><p>This issue affects Juniper Networks Junos OS on MX Series:</p><p></p><ul><li>All versions earlier than 20.4R3-S9;</li><li>21.2 versions earlier than 21.2R3-S7;</li><li>21.3 versions earlier than 21.3R3-S5;</li><li>21.4 versions earlier than 21.4R3-S5;</li><li>22.1 versions earlier than 22.1R3-S4;</li><li>22.2 versions earlier than 22.2R3-S3;</li><li>22.3 versions earlier than 22.3R3-S2;</li><li>22.4 versions earlier than 22.4R2-S2, 22.4R3;</li><li>23.2 versions earlier than 23.2R1-S1, 23.2R2.</li></ul><p></p>\n\n", }, ], value: "\nAn Improper Handling of Exceptional Conditions vulnerability in the broadband edge subscriber management daemon (bbe-smgd) of Juniper Networks Junos OS on MX Series allows an attacker directly connected to the vulnerable system who repeatedly flaps DHCP subscriber sessions to cause a slow memory leak, ultimately leading to a Denial of Service (DoS). Memory can only be recovered by manually restarting bbe-smgd.\n\nThis issue only occurs if BFD liveness detection for DHCP subscribers is enabled. Systems without BFD liveness detection enabled are not vulnerable to this issue.\n\nIndication of the issue can be observed by periodically executing the 'show system processes extensive' command, which will indicate an increase in memory allocation for bbe-smgd. A small amount of memory is leaked every time a DHCP subscriber logs in, which will become visible over time, ultimately leading to memory starvation.\n\nuser@junos> show system processes extensive | match bbe-smgd\n13071 root 24 0 415M 201M select 0 0:41 7.28% bbe-smgd{bbe-smgd}\n13071 root 20 0 415M 201M select 1 0:04 0.00% bbe-smgd{bbe-smgd}\n...\nuser@junos> show system processes extensive | match bbe-smgd\n13071 root 20 0 420M 208M select 0 4:33 0.10% bbe-smgd{bbe-smgd}\n13071 root 20 0 420M 208M select 0 0:12 0.00% bbe-smgd{bbe-smgd}\n...\nThis issue affects Juniper Networks Junos OS on MX Series:\n\n\n\n * All versions earlier than 20.4R3-S9;\n * 21.2 versions earlier than 21.2R3-S7;\n * 21.3 versions earlier than 21.3R3-S5;\n * 21.4 versions earlier than 21.4R3-S5;\n * 22.1 versions earlier than 22.1R3-S4;\n * 22.2 versions earlier than 22.2R3-S3;\n * 22.3 versions earlier than 22.3R3-S2;\n * 22.4 versions earlier than 22.4R2-S2, 22.4R3;\n * 23.2 versions earlier than 23.2R1-S1, 23.2R2.\n\n\n\n\n\n\n", }, ], exploits: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>Juniper SIRT is not aware of any malicious exploitation of this vulnerability.</p>", }, ], value: "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-755", description: "CWE-755 Improper Handling of Exceptional Conditions", lang: "en", type: "CWE", }, ], }, { descriptions: [ { description: "Denial of Service (DoS)", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-12T00:51:30.990Z", orgId: "8cbe9d5a-a066-4c94-8978-4b15efeae968", shortName: "juniper", }, references: [ { tags: [ "vendor-advisory", ], url: "https://supportportal.juniper.net/JSA75725", }, { tags: [ "technical-description", ], url: "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L", }, ], solutions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>The following software releases have been updated to resolve this specific issue: Junos OS 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S3, 22.3R3-S2, 22.4R2-S2, 22.4R3, 23.2R1-S1, 23.2R2, 23.4R1, and all subsequent releases.</p>", }, ], value: "The following software releases have been updated to resolve this specific issue: Junos OS 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S3, 22.3R3-S2, 22.4R2-S2, 22.4R3, 23.2R1-S1, 23.2R2, 23.4R1, and all subsequent releases.\n\n", }, ], source: { advisory: "JSA75725", defect: [ "1734564", ], discovery: "USER", }, timeline: [ { lang: "en", time: "2024-01-10T17:00:00.000Z", value: "Initial Publication", }, ], title: "Junos OS: MX Series: Memory leak in bbe-smgd process if BFD liveness detection for DHCP subscribers is enabled", workarounds: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>This issue can be mitigated by disabling BFD liveness detection for DHCP subscribers.</p><p>Service can be restored by manually restarting the bbe-smgd process periodically.</p>", }, ], value: "This issue can be mitigated by disabling BFD liveness detection for DHCP subscribers.\n\nService can be restored by manually restarting the bbe-smgd process periodically.\n\n", }, ], x_generator: { engine: "Vulnogram 0.1.0-av217", }, }, }, cveMetadata: { assignerOrgId: "8cbe9d5a-a066-4c94-8978-4b15efeae968", assignerShortName: "juniper", cveId: "CVE-2024-21587", datePublished: "2024-01-12T00:51:30.990Z", dateReserved: "2023-12-27T19:38:25.703Z", dateUpdated: "2024-08-01T22:27:34.860Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-44199
Vulnerability from cvelistv5
Published
2023-10-12 23:05
Modified
2024-09-18 14:33
Severity ?
EPSS score ?
Summary
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).
On Junos MX Series platforms with Precision Time Protocol (PTP) configured, a prolonged routing protocol churn can lead to an FPC crash and restart.
This issue affects Juniper Networks Junos OS on MX Series:
* All versions prior to 20.4R3-S4;
* 21.1 version 21.1R1 and later versions;
* 21.2 versions prior to 21.2R3-S2;
* 21.3 versions prior to 21.3R3-S5;
* 21.4 versions prior to 21.4R3;
* 22.1 versions prior to 22.1R3;
* 22.2 versions prior to 22.2R1-S1, 22.2R2.
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportportal.juniper.net/JSA73165 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Version: 0 ≤ Version: 21.1R1 ≤ Version: 21.2 ≤ Version: 21.3 ≤ Version: 21.4 ≤ Version: 22.1 ≤ Version: 22.2 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T19:59:51.383Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://supportportal.juniper.net/JSA73165", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:juniper_networks:junos_os:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "junos_os", vendor: "juniper_networks", versions: [ { lessThan: "20.4r3-s4", status: "affected", version: "0", versionType: "semver", }, { lessThan: "21.1*", status: "affected", version: "21.1r1", versionType: "semver", }, { lessThan: "21.2r3-s2", status: "affected", version: "21.2", versionType: "semver", }, { lessThan: "21.3r3-s5", status: "affected", version: "21.3", versionType: "semver", }, { lessThan: "21.4r3", status: "affected", version: "21.4", versionType: "semver", }, { lessThan: "22.1r3", status: "affected", version: "22.1", versionType: "semver", }, { lessThan: "22.2r1-s1,22.2r2", status: "affected", version: "22.2", versionType: "semver", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-44199", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-18T14:33:42.839560Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-18T14:33:48.227Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "MX Series", ], product: "Junos OS", vendor: "Juniper Networks", versions: [ { lessThan: "20.4R3-S4", status: "affected", version: "0", versionType: "semver", }, { lessThan: "21.1*", status: "affected", version: "21.1R1", versionType: "semver", }, { lessThan: "21.2R3-S2", status: "affected", version: "21.2", versionType: "semver", }, { lessThan: "21.3R3-S5", status: "affected", version: "21.3", versionType: "semver", }, { lessThan: "21.4R3", status: "affected", version: "21.4", versionType: "semver", }, { lessThan: "22.1R3", status: "affected", version: "22.1", versionType: "semver", }, { lessThan: "22.2R1-S1, 22.2R2", status: "affected", version: "22.2", versionType: "semver", }, ], }, ], configurations: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>To be exposed to this issue an FPC must have at least one interface with PTP configured like in the following example:</p> <tt>[ protocols ptp master/slave interface ]</tt>", }, ], value: "To be exposed to this issue an FPC must have at least one interface with PTP configured like in the following example:\n\n [ protocols ptp master/slave interface ]", }, ], datePublic: "2023-10-11T16:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\n\n<p>An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).</p><p>On Junos MX Series platforms with Precision Time Protocol (PTP) configured, a prolonged routing protocol churn can lead to an FPC crash and restart.</p><p>This issue affects Juniper Networks Junos OS on MX Series:</p><p></p><ul><li>All versions prior to 20.4R3-S4;</li><li>21.1 version 21.1R1 and later versions;</li><li>21.2 versions prior to 21.2R3-S2;</li><li>21.3 versions prior to 21.3R3-S5;</li><li>21.4 versions prior to 21.4R3;</li><li>22.1 versions prior to 22.1R3;</li><li>22.2 versions prior to 22.2R1-S1, 22.2R2.</li></ul><p></p>\n\n", }, ], value: "\nAn Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).\n\nOn Junos MX Series platforms with Precision Time Protocol (PTP) configured, a prolonged routing protocol churn can lead to an FPC crash and restart.\n\nThis issue affects Juniper Networks Junos OS on MX Series:\n\n\n\n * All versions prior to 20.4R3-S4;\n * 21.1 version 21.1R1 and later versions;\n * 21.2 versions prior to 21.2R3-S2;\n * 21.3 versions prior to 21.3R3-S5;\n * 21.4 versions prior to 21.4R3;\n * 22.1 versions prior to 22.1R3;\n * 22.2 versions prior to 22.2R1-S1, 22.2R2.\n\n\n\n\n\n\n", }, ], exploits: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>Juniper SIRT is not aware of any malicious exploitation of this vulnerability.</p>", }, ], value: "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-754", description: "CWE-754 Improper Check for Unusual or Exceptional Conditions", lang: "en", type: "CWE", }, ], }, { descriptions: [ { description: "Denial of Service (DoS)", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-12T23:05:52.303Z", orgId: "8cbe9d5a-a066-4c94-8978-4b15efeae968", shortName: "juniper", }, references: [ { tags: [ "vendor-advisory", ], url: "https://supportportal.juniper.net/JSA73165", }, ], solutions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>The following software releases have been updated to resolve this specific issue: Junos OS 20.4R3-S4, 21.2R3-S2, 21.3R3-S5, 21.4R3, 22.1R3, 22.2R1-S1, 22.2R2, 22.3R1, and all subsequent releases.</p>", }, ], value: "The following software releases have been updated to resolve this specific issue: Junos OS 20.4R3-S4, 21.2R3-S2, 21.3R3-S5, 21.4R3, 22.1R3, 22.2R1-S1, 22.2R2, 22.3R1, and all subsequent releases.\n\n", }, ], source: { advisory: "JSA73165", defect: [ "1653681", ], discovery: "USER", }, timeline: [ { lang: "en", time: "2023-10-11T16:00:00.000Z", value: "Initial Publication", }, ], title: "Junos OS: MX Series: In a PTP scenario a prolonged routing protocol churn can trigger an FPC reboot", workarounds: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>There are no known workarounds for this issue.</p>", }, ], value: "There are no known workarounds for this issue.\n\n", }, ], x_generator: { engine: "Vulnogram 0.1.0-av217", }, }, }, cveMetadata: { assignerOrgId: "8cbe9d5a-a066-4c94-8978-4b15efeae968", assignerShortName: "juniper", cveId: "CVE-2023-44199", datePublished: "2023-10-12T23:05:52.303Z", dateReserved: "2023-09-26T19:30:32.350Z", dateUpdated: "2024-09-18T14:33:48.227Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-39539
Vulnerability from cvelistv5
Published
2024-07-11 16:15
Modified
2024-08-02 04:26
Severity ?
5.3 (Medium) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
6.0 (Medium) - CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
6.0 (Medium) - CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
EPSS score ?
Summary
A Missing Release of Memory after Effective Lifetime vulnerability in Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS).
In a subscriber management scenario continuous subscriber logins will trigger a memory leak and eventually lead to an FPC crash and restart.
This issue affects Junos OS on MX Series:
* All version before 21.2R3-S6,
* 21.4 versions before 21.4R3-S6,
* 22.1 versions before 22.1R3-S5,
* 22.2 versions before 22.2R3-S3,
* 22.3 versions before 22.3R3-S2,
* 22.4 versions before 22.4R3,
* 23.2 versions before 23.2R2.
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportportal.juniper.net/JSA82999 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Version: 0 ≤ Version: 21.4 ≤ Version: 22.1 ≤ Version: 22.2 ≤ Version: 22.3 ≤ Version: 22.4 ≤ Version: 23.2 ≤ |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-39539", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-11T18:53:12.463354Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-11T18:53:18.899Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T04:26:15.901Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://supportportal.juniper.net/JSA82999", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "MX Series", ], product: "Junos OS", vendor: "Juniper Networks", versions: [ { lessThan: "21.2R3-S6", status: "affected", version: "0", versionType: "semver", }, { lessThan: "21.4R3-S6", status: "affected", version: "21.4", versionType: "semver", }, { lessThan: "22.1R3-S5", status: "affected", version: "22.1", versionType: "semver", }, { lessThan: "22.2R3-S3", status: "affected", version: "22.2", versionType: "semver", }, { lessThan: "22.3R3-S2", status: "affected", version: "22.3", versionType: "semver", }, { lessThan: "22.4R3", status: "affected", version: "22.4", versionType: "semver", }, { lessThan: "23.2R2", status: "affected", version: "23.2", versionType: "semver", }, ], }, ], configurations: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "To be exposed to this vulnerability subscriber management needs to be enabled via:<br><br><tt>[system services subscriber-management enable]</tt>", }, ], value: "To be exposed to this vulnerability subscriber management needs to be enabled via:\n\n[system services subscriber-management enable]", }, ], datePublic: "2024-07-10T16:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "A Missing Release of Memory after Effective Lifetime vulnerability in Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a <span style=\"background-color: rgb(255, 255, 255);\">Denial-of-Service (DoS).<br><br>In a subscriber management scenario continuous subscriber logins will trigger a memory leak and eventually lead to an FPC crash and restart.<br><br></span><p>This issue affects Junos OS on MX Series:</p><p></p><ul><li>All version before 21.2R3-S6,</li><li>21.4 versions before 21.4R3-S6,</li><li>22.1 versions before 22.1R3-S5,</li><li>22.2 versions before 22.2R3-S3, </li><li>22.3 versions before 22.3R3-S2,</li><li>22.4 versions before 22.4R3,</li><li>23.2 versions before 23.2R2.</li></ul><p></p>", }, ], value: "A Missing Release of Memory after Effective Lifetime vulnerability in Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS).\n\nIn a subscriber management scenario continuous subscriber logins will trigger a memory leak and eventually lead to an FPC crash and restart.\n\nThis issue affects Junos OS on MX Series:\n\n\n\n * All version before 21.2R3-S6,\n * 21.4 versions before 21.4R3-S6,\n * 22.1 versions before 22.1R3-S5,\n * 22.2 versions before 22.2R3-S3, \n * 22.3 versions before 22.3R3-S2,\n * 22.4 versions before 22.4R3,\n * 23.2 versions before 23.2R2.", }, ], exploits: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.", }, ], value: "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, { cvssV4_0: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "PRESENT", attackVector: "ADJACENT", baseScore: 6, baseSeverity: "MEDIUM", privilegesRequired: "NONE", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "LOW", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L", version: "4.0", vulnAvailabilityImpact: "HIGH", vulnConfidentialityImpact: "NONE", vulnIntegrityImpact: "NONE", vulnerabilityResponseEffort: "NOT_DEFINED", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-401", description: "CWE-401 Missing Release of Memory after Effective Lifetime", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-11T16:15:57.431Z", orgId: "8cbe9d5a-a066-4c94-8978-4b15efeae968", shortName: "juniper", }, references: [ { tags: [ "vendor-advisory", ], url: "https://supportportal.juniper.net/JSA82999", }, ], solutions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "The following software releases have been updated to resolve this specific issue: 21.2R3-S6, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3, 23.2R2, 23.4R1, and all subsequent releases.", }, ], value: "The following software releases have been updated to resolve this specific issue: 21.2R3-S6, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3, 23.2R2, 23.4R1, and all subsequent releases.", }, ], source: { advisory: "JSA82999", defect: [ "1735490", ], discovery: "INTERNAL", }, title: "Junos OS: MX Series: Continuous subscriber logins will lead to a memory leak and eventually an FPC crash", workarounds: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "There are no known workarounds for this issue.", }, ], value: "There are no known workarounds for this issue.", }, ], x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "8cbe9d5a-a066-4c94-8978-4b15efeae968", assignerShortName: "juniper", cveId: "CVE-2024-39539", datePublished: "2024-07-11T16:15:57.431Z", dateReserved: "2024-06-25T15:12:53.244Z", dateUpdated: "2024-08-02T04:26:15.901Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-44193
Vulnerability from cvelistv5
Published
2023-10-12 23:04
Modified
2024-09-17 16:10
Severity ?
EPSS score ?
Summary
An Improper Release of Memory Before Removing Last Reference vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a local, low privileged attacker to cause an FPC crash, leading to Denial of Service (DoS).
On all Junos MX Series with MPC1 - MPC9, LC480, LC2101, MX10003, and MX80, when Connectivity-Fault-Management (CFM) is enabled in a VPLS scenario, and a specific LDP related command is run, an FPC will crash and reboot. Continued execution of this specific LDP command can lead to sustained Denial of Service condition.
This issue affects:
Juniper Networks Junos OS on MX Series:
* All versions prior to 20.4R3-S7;
* 21.1 versions prior to 21.1R3-S5;
* 21.2 versions prior to 21.2R3-S4;
* 21.3 versions prior to 21.3R3-S4;
* 21.4 versions prior to 21.4R3-S3;
* 22.1 versions prior to 22.1R3-S1;
* 22.2 versions prior to 22.2R2-S1, 22.2R3;
* 22.3 versions prior to 22.3R1-S2, 22.3R2.
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportportal.juniper.net/JSA73157 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Version: 0 ≤ Version: 21.1 ≤ Version: 21.2 ≤ Version: 21.3 ≤ Version: 21.4 ≤ Version: 22.1 ≤ Version: 22.2 ≤ Version: 22.3 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T19:59:51.669Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://supportportal.juniper.net/JSA73157", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-44193", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T15:53:55.982862Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-17T16:10:44.571Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "MX Series", ], product: "Junos OS", vendor: "Juniper Networks", versions: [ { lessThan: "20.4R3-S7", status: "affected", version: "0", versionType: "semver", }, { lessThan: "21.1R3-S5", status: "affected", version: "21.1", versionType: "semver", }, { lessThan: "21.2R3-S4", status: "affected", version: "21.2", versionType: "semver", }, { lessThan: "21.3R3-S4", status: "affected", version: "21.3", versionType: "semver", }, { lessThan: "21.4R3-S3", status: "affected", version: "21.4", versionType: "semver", }, { lessThan: "22.1R3-S1", status: "affected", version: "22.1", versionType: "semver", }, { lessThan: "22.2R2-S1, 22.2R3", status: "affected", version: "22.2", versionType: "semver", }, { lessThan: "22.3R1-S2, 22.3R2", status: "affected", version: "22.3", versionType: "semver", }, ], }, ], configurations: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\n\n<p>For this issue to occur, following minimal configuration is required.</p><code>[ ldp interface <interface1> ]</code><br><code>[ interfaces <interface1> flexible-vlan-tagging ]</code><br><code>[ interfaces <interface1> encapsulation vlan-vpls ]</code><br><code>[ protocols oam ethernet connectivity-fault-management maintenance-domain <md-name> interface <interface2> ]</code><br><code>[ routing-instances <md-name> instance-type vpls ]</code><br><code>[ routing-instances <md-name> interface <interface1> ]</code>\n\n", }, ], value: "\nFor this issue to occur, following minimal configuration is required.\n\n[ ldp interface <interface1> ]\n[ interfaces <interface1> flexible-vlan-tagging ]\n[ interfaces <interface1> encapsulation vlan-vpls ]\n[ protocols oam ethernet connectivity-fault-management maintenance-domain <md-name> interface <interface2> ]\n[ routing-instances <md-name> instance-type vpls ]\n[ routing-instances <md-name> interface <interface1> ]\n\n", }, ], datePublic: "2023-10-11T16:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\n\n<p>An Improper Release of Memory Before Removing Last Reference vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a local, low privileged attacker to cause an FPC crash, leading to Denial of Service (DoS).</p><p>On all Junos MX Series with MPC1 - MPC9, LC480, LC2101, MX10003, and MX80, when Connectivity-Fault-Management (CFM) is enabled in a VPLS scenario, and a specific LDP related command is run, an FPC will crash and reboot. Continued execution of this specific LDP command can lead to sustained Denial of Service condition.</p><p>This issue affects:</p><p>Juniper Networks Junos OS on MX Series:</p><p></p><ul><li>All versions prior to 20.4R3-S7;</li><li>21.1 versions prior to 21.1R3-S5;</li><li>21.2 versions prior to 21.2R3-S4;</li><li>21.3 versions prior to 21.3R3-S4;</li><li>21.4 versions prior to 21.4R3-S3;</li><li>22.1 versions prior to 22.1R3-S1;</li><li>22.2 versions prior to 22.2R2-S1, 22.2R3;</li><li>22.3 versions prior to 22.3R1-S2, 22.3R2.</li></ul><p></p>\n\n", }, ], value: "\nAn Improper Release of Memory Before Removing Last Reference vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a local, low privileged attacker to cause an FPC crash, leading to Denial of Service (DoS).\n\nOn all Junos MX Series with MPC1 - MPC9, LC480, LC2101, MX10003, and MX80, when Connectivity-Fault-Management (CFM) is enabled in a VPLS scenario, and a specific LDP related command is run, an FPC will crash and reboot. Continued execution of this specific LDP command can lead to sustained Denial of Service condition.\n\nThis issue affects:\n\nJuniper Networks Junos OS on MX Series:\n\n\n\n * All versions prior to 20.4R3-S7;\n * 21.1 versions prior to 21.1R3-S5;\n * 21.2 versions prior to 21.2R3-S4;\n * 21.3 versions prior to 21.3R3-S4;\n * 21.4 versions prior to 21.4R3-S3;\n * 22.1 versions prior to 22.1R3-S1;\n * 22.2 versions prior to 22.2R2-S1, 22.2R3;\n * 22.3 versions prior to 22.3R1-S2, 22.3R2.\n\n\n\n\n\n\n", }, ], exploits: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>Juniper SIRT is not aware of any malicious exploitation of this vulnerability.</p>", }, ], value: "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-401", description: "CWE-401 Improper Release of Memory Before Removing Last Reference", lang: "en", type: "CWE", }, ], }, { descriptions: [ { description: "Denial of Service (DoS)", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-12T23:04:00.332Z", orgId: "8cbe9d5a-a066-4c94-8978-4b15efeae968", shortName: "juniper", }, references: [ { tags: [ "vendor-advisory", ], url: "https://supportportal.juniper.net/JSA73157", }, ], solutions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>The following software releases have been updated to resolve this specific issue: Junos OS 20.4R3-S7, 21.1R3-S5, 21.2R3-S4, 21.3R3-S4, 21.4R3-S3, 22.1R3-S1, 22.2R2-S1, 22.2R3, 22.3R1-S2, 22.3R2, 22.4R1, and all subsequent releases.</p>", }, ], value: "The following software releases have been updated to resolve this specific issue: Junos OS 20.4R3-S7, 21.1R3-S5, 21.2R3-S4, 21.3R3-S4, 21.4R3-S3, 22.1R3-S1, 22.2R2-S1, 22.2R3, 22.3R1-S2, 22.3R2, 22.4R1, and all subsequent releases.\n\n", }, ], source: { advisory: "JSA73157", defect: [ "1668419", ], discovery: "USER", }, timeline: [ { lang: "en", time: "2023-10-11T16:00:00.000Z", value: "Initial Publication", }, ], title: "Junos OS: MX Series: An FPC crash is observed when CFM is enabled in a VPLS scenario and a specific LDP related command is run", workarounds: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>This issue can be avoided by disabling CFM MIP functionality.</p> <tt>[ protocols oam ethernet connectivity-fault-management maintenance-domain mip-half-function none ]</tt>", }, ], value: "This issue can be avoided by disabling CFM MIP functionality.\n\n [ protocols oam ethernet connectivity-fault-management maintenance-domain mip-half-function none ]", }, ], x_generator: { engine: "Vulnogram 0.1.0-av217", }, }, }, cveMetadata: { assignerOrgId: "8cbe9d5a-a066-4c94-8978-4b15efeae968", assignerShortName: "juniper", cveId: "CVE-2023-44193", datePublished: "2023-10-12T23:04:00.332Z", dateReserved: "2023-09-26T19:30:27.955Z", dateUpdated: "2024-09-17T16:10:44.571Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-21610
Vulnerability from cvelistv5
Published
2024-04-12 14:55
Modified
2024-08-01 22:27
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
EPSS score ?
Summary
An Improper Handling of Exceptional Conditions vulnerability in the Class of Service daemon (cosd) of Juniper Networks Junos OS on MX Series allows an authenticated, network-based attacker with low privileges to cause a limited Denial of Service (DoS).
In a scaled subscriber scenario when specific low privileged commands, received over NETCONF, SSH or telnet, are handled by cosd on behalf of mgd, the respective child management daemon (mgd) processes will get stuck. In case of (Netconf over) SSH this leads to stuck SSH sessions, so that when the connection-limit for SSH is reached new sessions can't be established anymore. A similar behavior will be seen for telnet etc.
Stuck mgd processes can be monitored by executing the following command:
user@host> show system processes extensive | match mgd | match sbwait
This issue affects Juniper Networks Junos OS on MX Series:
All versions earlier than 20.4R3-S9;
21.2 versions earlier than 21.2R3-S7;
21.3 versions earlier than 21.3R3-S5;
21.4 versions earlier than 21.4R3-S5;
22.1 versions earlier than 22.1R3-S4;
22.2 versions earlier than 22.2R3-S3;
22.3 versions earlier than 22.3R3-S2;
22.4 versions earlier than 22.4R3;
23.2 versions earlier than 23.2R1-S2, 23.2R2.
References
| ▼ | URL | Tags |
|---|---|---|
| http://supportportal.juniper.net/JSA75751 | vendor-advisory | |
| https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N | technical-description |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Version: 0 ≤ Version: 21.2 ≤ Version: 21.3 ≤ Version: 21.4 ≤ Version: 22.1 ≤ Version: 22.2 ≤ Version: 22.3 ≤ Version: 22.4 ≤ Version: 23.2 ≤ |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-21610", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-31T17:38:19.364494Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-31T17:38:26.397Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:27:35.697Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "http://supportportal.juniper.net/JSA75751", }, { tags: [ "technical-description", "x_transferred", ], url: "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "MX Series", ], product: "Junos OS", vendor: "Juniper Networks", versions: [ { lessThan: "20.4R3-S9", status: "affected", version: "0", versionType: "semver", }, { lessThan: "21.2R3-S7", status: "affected", version: "21.2", versionType: "semver", }, { lessThan: "21.3R3-S5", status: "affected", version: "21.3", versionType: "semver", }, { lessThan: "21.4R3-S5", status: "affected", version: "21.4", versionType: "semver", }, { lessThan: "22.1R3-S4", status: "affected", version: "22.1", versionType: "semver", }, { lessThan: "22.2R3-S3", status: "affected", version: "22.2", versionType: "semver", }, { lessThan: "22.3R3-S2", status: "affected", version: "22.3", versionType: "semver", }, { lessThan: "22.4R3", status: "affected", version: "22.4", versionType: "semver", }, { lessThan: "23.2R1-S2, 23.2R2", status: "affected", version: "23.2", versionType: "semver", }, ], }, ], datePublic: "2024-04-10T16:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "An Improper Handling of Exceptional Conditions vulnerability in the Class of Service daemon (cosd) of Juniper Networks Junos OS on MX Series allows an authenticated, network-based attacker with low privileges to cause a limited Denial of Service (DoS).<br><br>In a scaled subscriber scenario when specific low privileged commands, received over NETCONF, SSH or telnet, are handled by cosd on behalf of mgd, the respective child management daemon (mgd) processes will get stuck. In case of (Netconf over) SSH this leads to stuck SSH sessions, so that when the connection-limit for SSH is reached new sessions can't be established anymore. A similar behavior will be seen for telnet etc.<br><br>Stuck mgd processes can be monitored by executing the following command:<br><br><tt> user@host> show system processes extensive | match mgd | match sbwait</tt><br><br>This issue affects Juniper Networks Junos OS on MX Series:<br>All versions earlier than 20.4R3-S9;<br>21.2 versions earlier than 21.2R3-S7;<br>21.3 versions earlier than 21.3R3-S5;<br>21.4 versions earlier than 21.4R3-S5;<br>22.1 versions earlier than 22.1R3-S4;<br>22.2 versions earlier than 22.2R3-S3;<br>22.3 versions earlier than 22.3R3-S2;<br>22.4 versions earlier than 22.4R3;<br>23.2 versions earlier than 23.2R1-S2, 23.2R2.<br>", }, ], value: "An Improper Handling of Exceptional Conditions vulnerability in the Class of Service daemon (cosd) of Juniper Networks Junos OS on MX Series allows an authenticated, network-based attacker with low privileges to cause a limited Denial of Service (DoS).\n\nIn a scaled subscriber scenario when specific low privileged commands, received over NETCONF, SSH or telnet, are handled by cosd on behalf of mgd, the respective child management daemon (mgd) processes will get stuck. In case of (Netconf over) SSH this leads to stuck SSH sessions, so that when the connection-limit for SSH is reached new sessions can't be established anymore. A similar behavior will be seen for telnet etc.\n\nStuck mgd processes can be monitored by executing the following command:\n\n user@host> show system processes extensive | match mgd | match sbwait\n\nThis issue affects Juniper Networks Junos OS on MX Series:\nAll versions earlier than 20.4R3-S9;\n21.2 versions earlier than 21.2R3-S7;\n21.3 versions earlier than 21.3R3-S5;\n21.4 versions earlier than 21.4R3-S5;\n22.1 versions earlier than 22.1R3-S4;\n22.2 versions earlier than 22.2R3-S3;\n22.3 versions earlier than 22.3R3-S2;\n22.4 versions earlier than 22.4R3;\n23.2 versions earlier than 23.2R1-S2, 23.2R2.", }, ], exploits: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>Juniper SIRT is not aware of any malicious exploitation of this vulnerability.</p>", }, ], value: "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, { cvssV4_0: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", baseScore: 5.3, baseSeverity: "MEDIUM", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", version: "4.0", vulnAvailabilityImpact: "LOW", vulnConfidentialityImpact: "NONE", vulnIntegrityImpact: "NONE", vulnerabilityResponseEffort: "NOT_DEFINED", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-755", description: "CWE-755 Improper Handling of Exceptional Conditions", lang: "en", type: "CWE", }, ], }, { descriptions: [ { description: "Denial of Service (DoS)", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-16T20:03:00.862Z", orgId: "8cbe9d5a-a066-4c94-8978-4b15efeae968", shortName: "juniper", }, references: [ { tags: [ "vendor-advisory", ], url: "http://supportportal.juniper.net/JSA75751", }, { tags: [ "technical-description", ], url: "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", }, ], solutions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>The following software releases have been updated to resolve this specific issue: Junos OS: 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S3, 22.3R3-S2, 22.4R3, 23.2R1-S2, 23.2R2, 23.4R1, and all subsequent releases.</p>", }, ], value: "The following software releases have been updated to resolve this specific issue: Junos OS: 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S3, 22.3R3-S2, 22.4R3, 23.2R1-S2, 23.2R2, 23.4R1, and all subsequent releases.", }, ], source: { advisory: "JSA75751", defect: [ "1757003", ], discovery: "USER", }, timeline: [ { lang: "en", time: "2024-04-10T16:00:00.000Z", value: "Initial Publication", }, ], title: "Junos OS: MX Series: In a scaled subscriber scenario if CoS information is gathered mgd processes gets stuck", workarounds: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>While not a workaround, the number of stuck mgd processes can be monitored and once they reach a high level they can be proactively terminated.</p>", }, ], value: "While not a workaround, the number of stuck mgd processes can be monitored and once they reach a high level they can be proactively terminated.", }, ], x_generator: { engine: "Vulnogram 0.1.0-av217", }, }, }, cveMetadata: { assignerOrgId: "8cbe9d5a-a066-4c94-8978-4b15efeae968", assignerShortName: "juniper", cveId: "CVE-2024-21610", datePublished: "2024-04-12T14:55:15.514Z", dateReserved: "2023-12-27T19:38:25.709Z", dateUpdated: "2024-08-01T22:27:35.697Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-21607
Vulnerability from cvelistv5
Published
2024-01-12 00:55
Modified
2024-08-01 22:27
Severity ?
EPSS score ?
Summary
An Unsupported Feature in the UI vulnerability in Juniper Networks Junos OS on MX Series and EX9200 Series allows an unauthenticated, network-based attacker to cause partial impact to the integrity of the device.
If the "tcp-reset" option is added to the "reject" action in an IPv6 filter which matches on "payload-protocol", packets are permitted instead of rejected. This happens because the payload-protocol match criteria is not supported in the kernel filter causing it to accept all packets without taking any other action. As a fix the payload-protocol match will be treated the same as a "next-header" match to avoid this filter bypass.
This issue doesn't affect IPv4 firewall filters.
This issue affects Juniper Networks Junos OS on MX Series and EX9200 Series:
* All versions earlier than 20.4R3-S7;
* 21.1 versions earlier than 21.1R3-S5;
* 21.2 versions earlier than 21.2R3-S5;
* 21.3 versions earlier than 21.3R3-S4;
* 21.4 versions earlier than 21.4R3-S4;
* 22.1 versions earlier than 22.1R3-S2;
* 22.2 versions earlier than 22.2R3-S2;
* 22.3 versions earlier than 22.3R2-S2, 22.3R3;
* 22.4 versions earlier than 22.4R1-S2, 22.4R2-S2, 22.4R3.
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportportal.juniper.net/JSA75748 | vendor-advisory | |
| https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N | technical-description |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Version: 0 ≤ Version: 21.1 ≤ Version: 21.2 ≤ Version: 21.3 ≤ Version: 21.4 ≤ Version: 22.1 ≤ Version: 22.2 ≤ Version: 22.3 ≤ Version: 22.4 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:27:35.403Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://supportportal.juniper.net/JSA75748", }, { tags: [ "technical-description", "x_transferred", ], url: "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "MX Series", "EX9200 Series", ], product: "Junos OS", vendor: "Juniper Networks", versions: [ { lessThan: "20.4R3-S7", status: "affected", version: "0", versionType: "semver", }, { lessThan: "21.1R3-S5", status: "affected", version: "21.1", versionType: "semver", }, { lessThan: "21.2R3-S5", status: "affected", version: "21.2", versionType: "semver", }, { lessThan: "21.3R3-S4", status: "affected", version: "21.3", versionType: "semver", }, { lessThan: "21.4R3-S4", status: "affected", version: "21.4", versionType: "semver", }, { lessThan: "22.1R3-S2", status: "affected", version: "22.1", versionType: "semver", }, { lessThan: "22.2R3-S2", status: "affected", version: "22.2", versionType: "semver", }, { lessThan: "22.3R2-S2, 22.3R3", status: "affected", version: "22.3", versionType: "semver", }, { lessThan: "22.4R1-S2, 22.4R2-S2, 22.4R3", status: "affected", version: "22.4", versionType: "semver", }, ], }, ], configurations: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>To be exposed to this issue a configuration utilizing an IPv6 firewall filter with the tcp-reset option like the following needs to be present:</p><code> [ firewall family inet6 filter <filter name> term <term name> match payload-protocol ]</code><br/><code> [ firewall family inet6 filter <filter name> term <term name> then reject tcp-reset ]</code><br/>", }, ], value: "To be exposed to this issue a configuration utilizing an IPv6 firewall filter with the tcp-reset option like the following needs to be present:\n\n [ firewall family inet6 filter <filter name> term <term name> match payload-protocol ]\n [ firewall family inet6 filter <filter name> term <term name> then reject tcp-reset ]\n", }, ], datePublic: "2024-01-10T17:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\n\n<p>An Unsupported Feature in the UI vulnerability in Juniper Networks Junos OS on MX Series and EX9200 Series allows an unauthenticated, network-based attacker to cause partial impact to the integrity of the device.</p><p>If the \"tcp-reset\" option is added to the \"reject\" action in an IPv6 filter which matches on \"payload-protocol\", packets are permitted instead of rejected. This happens because the payload-protocol match criteria is not supported in the kernel filter causing it to accept all packets without taking any other action. As a fix the payload-protocol match will be treated the same as a \"next-header\" match to avoid this filter bypass.</p><p>This issue doesn't affect IPv4 firewall filters.</p><p>This issue affects Juniper Networks Junos OS on MX Series and EX9200 Series:</p><p></p><ul><li>All versions earlier than 20.4R3-S7;</li><li>21.1 versions earlier than 21.1R3-S5;</li><li>21.2 versions earlier than 21.2R3-S5;</li><li>21.3 versions earlier than 21.3R3-S4;</li><li>21.4 versions earlier than 21.4R3-S4;</li><li>22.1 versions earlier than 22.1R3-S2;</li><li>22.2 versions earlier than 22.2R3-S2;</li><li>22.3 versions earlier than 22.3R2-S2, 22.3R3;</li><li>22.4 versions earlier than 22.4R1-S2, 22.4R2-S2, 22.4R3.</li></ul><p></p>\n\n", }, ], value: "\nAn Unsupported Feature in the UI vulnerability in Juniper Networks Junos OS on MX Series and EX9200 Series allows an unauthenticated, network-based attacker to cause partial impact to the integrity of the device.\n\nIf the \"tcp-reset\" option is added to the \"reject\" action in an IPv6 filter which matches on \"payload-protocol\", packets are permitted instead of rejected. This happens because the payload-protocol match criteria is not supported in the kernel filter causing it to accept all packets without taking any other action. As a fix the payload-protocol match will be treated the same as a \"next-header\" match to avoid this filter bypass.\n\nThis issue doesn't affect IPv4 firewall filters.\n\nThis issue affects Juniper Networks Junos OS on MX Series and EX9200 Series:\n\n\n\n * All versions earlier than 20.4R3-S7;\n * 21.1 versions earlier than 21.1R3-S5;\n * 21.2 versions earlier than 21.2R3-S5;\n * 21.3 versions earlier than 21.3R3-S4;\n * 21.4 versions earlier than 21.4R3-S4;\n * 22.1 versions earlier than 22.1R3-S2;\n * 22.2 versions earlier than 22.2R3-S2;\n * 22.3 versions earlier than 22.3R2-S2, 22.3R3;\n * 22.4 versions earlier than 22.4R1-S2, 22.4R2-S2, 22.4R3.\n\n\n\n\n\n\n", }, ], exploits: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>Juniper SIRT is not aware of any malicious exploitation of this vulnerability.</p>", }, ], value: "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-447", description: "CWE-447 Unimplemented or Unsupported Feature in UI", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-12T00:55:07.323Z", orgId: "8cbe9d5a-a066-4c94-8978-4b15efeae968", shortName: "juniper", }, references: [ { tags: [ "vendor-advisory", ], url: "https://supportportal.juniper.net/JSA75748", }, { tags: [ "technical-description", ], url: "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", }, ], solutions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>The following software releases have been updated to resolve this specific issue: Junos OS 20.4R3-S7, 21.1R3-S5, 21.2R3-S5, 21.3R3-S4, 21.4R3-S4, 22.1R3-S2, 22.2R3-S2, 22.3R2-S2, 22.3R3, 22.4R1-S2, 22.4R2-S2, 22.4R3, 23.2R1, and all subsequent releases.</p>", }, ], value: "The following software releases have been updated to resolve this specific issue: Junos OS 20.4R3-S7, 21.1R3-S5, 21.2R3-S5, 21.3R3-S4, 21.4R3-S4, 22.1R3-S2, 22.2R3-S2, 22.3R2-S2, 22.3R3, 22.4R1-S2, 22.4R2-S2, 22.4R3, 23.2R1, and all subsequent releases.\n\n", }, ], source: { advisory: "JSA75748", defect: [ "1689224", ], discovery: "USER", }, timeline: [ { lang: "en", time: "2024-01-10T17:00:00.000Z", value: "Initial Publication", }, ], title: "Junos OS: MX Series and EX9200 Series: If the \"tcp-reset\" option used in an IPv6 filter, matched packets are accepted instead of rejected", workarounds: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>A workarounds is to replace the payload-protocol match with a next-header match like in the following example:</p><code> [ firewall family inet6 filter <filter name> term <term name> match next-header]</code><br/><code> [ firewall family inet6 filter <filter name> term <term name> then reject tcp-reset ]</code><br/>", }, ], value: "A workarounds is to replace the payload-protocol match with a next-header match like in the following example:\n\n [ firewall family inet6 filter <filter name> term <term name> match next-header]\n [ firewall family inet6 filter <filter name> term <term name> then reject tcp-reset ]\n", }, ], x_generator: { engine: "Vulnogram 0.1.0-av217", }, }, }, cveMetadata: { assignerOrgId: "8cbe9d5a-a066-4c94-8978-4b15efeae968", assignerShortName: "juniper", cveId: "CVE-2024-21607", datePublished: "2024-01-12T00:55:07.323Z", dateReserved: "2023-12-27T19:38:25.708Z", dateUpdated: "2024-08-01T22:27:35.403Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-44198
Vulnerability from cvelistv5
Published
2023-10-12 23:05
Modified
2024-09-18 14:41
Severity ?
EPSS score ?
Summary
An Improper Check for Unusual or Exceptional Conditions vulnerability in the SIP ALG of Juniper Networks Junos OS on SRX Series and MX Series allows an unauthenticated network-based attacker to cause an integrity impact in connected networks.
If the SIP ALG is configured and a device receives a specifically malformed SIP packet, the device prevents this packet from being forwarded, but any subsequently received retransmissions of the same packet are forwarded as if they were valid.
This issue affects Juniper Networks Junos OS on SRX Series and MX Series:
* 20.4 versions prior to 20.4R3-S5;
* 21.1 versions prior to 21.1R3-S4;
* 21.2 versions prior to 21.2R3-S4;
* 21.3 versions prior to 21.3R3-S3;
* 21.4 versions prior to 21.4R3-S2;
* 22.1 versions prior to 22.1R2-S2, 22.1R3;
* 22.2 versions prior to 22.2R2-S1, 22.2R3;
* 22.3 versions prior to 22.3R1-S2, 22.3R2.
This issue doesn't not affected releases prior to 20.4R1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportportal.juniper.net/JSA73164 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Version: 20.4 ≤ Version: 21.1 ≤ Version: 21.2 ≤ Version: 21.3 ≤ Version: 21.4 ≤ Version: 22.1 ≤ Version: 22.2 ≤ Version: 22.3 ≤ Version: 0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T19:59:51.680Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://supportportal.juniper.net/JSA73164", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:o:juniper_networks:junos_os:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "junos_os", vendor: "juniper_networks", versions: [ { lessThan: "20.4r3-s5", status: "affected", version: "20.4", versionType: "semver", }, { lessThan: "21.1r3-s4", status: "affected", version: "21.1", versionType: "semver", }, { lessThan: "21.2r3-s4", status: "affected", version: "21.2", versionType: "semver", }, { lessThan: "21.3r3-s3", status: "affected", version: "21.3", versionType: "semver", }, { lessThan: "21.4r3-s2", status: "affected", version: "21.4", versionType: "semver", }, { lessThan: "22.1r2-s2,22.1r3", status: "affected", version: "22.1", versionType: "semver", }, { lessThan: "22.2r2-s122.2r3", status: "affected", version: "22.2", versionType: "semver", }, { lessThan: "22.3r1-s2.22.3r2", status: "affected", version: "22.3", versionType: "semver", }, { lessThan: "20.4r1", status: "affected", version: "0", versionType: "semver", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-44198", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-18T14:36:59.623824Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-18T14:41:11.841Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "SRX Series", "MX Series", ], product: "Junos OS", vendor: "Juniper Networks", versions: [ { lessThan: "20.4R3-S5", status: "affected", version: "20.4", versionType: "semver", }, { lessThan: "21.1R3-S4", status: "affected", version: "21.1", versionType: "semver", }, { lessThan: "21.2R3-S4", status: "affected", version: "21.2", versionType: "semver", }, { lessThan: "21.3R3-S3", status: "affected", version: "21.3", versionType: "semver", }, { lessThan: "21.4R3-S2", status: "affected", version: "21.4", versionType: "semver", }, { lessThan: "22.1R2-S2, 22.1R3", status: "affected", version: "22.1", versionType: "semver", }, { lessThan: "22.2R2-S1, 22.2R3", status: "affected", version: "22.2", versionType: "semver", }, { lessThan: "22.3R1-S2, 22.3R2", status: "affected", version: "22.3", versionType: "semver", }, { lessThan: "20.4R1", status: "affected", version: "0", versionType: "semver", }, ], }, ], configurations: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\n\n<p>To be affected the SIP ALG needs to be enabled, either implicitly / by default or by way of configuration. Please verify on SRX, and MX with SPC3 with:</p><code>user@host> show security alg status | match sip</code><br><code>SIP : Enabled</code><br><p>Please verify on MX whether the following is configured:</p><code>[ services ... rule <rule-name> (term <term-name> ) from/match application/application-set <name> ]</code><br><p>where either</p><code>a. name = junos-sip or</code><br><p>an application or application-set refers to SIP:</p><code>b. [ applications application <name> application-protocol sip ] or</code><br><code>c. [ applications application-set <name> application junos-sip ]</code>\n\n", }, ], value: "\nTo be affected the SIP ALG needs to be enabled, either implicitly / by default or by way of configuration. Please verify on SRX, and MX with SPC3 with:\n\nuser@host> show security alg status | match sip\nSIP : Enabled\nPlease verify on MX whether the following is configured:\n\n[ services ... rule <rule-name> (term <term-name> ) from/match application/application-set <name> ]\nwhere either\n\na. name = junos-sip or\nan application or application-set refers to SIP:\n\nb. [ applications application <name> application-protocol sip ] or\nc. [ applications application-set <name> application junos-sip ]\n\n", }, ], datePublic: "2023-10-11T16:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\n\n<p>An Improper Check for Unusual or Exceptional Conditions vulnerability in the SIP ALG of Juniper Networks Junos OS on SRX Series and MX Series allows an unauthenticated network-based attacker to cause an integrity impact in connected networks.</p><p>If the SIP ALG is configured and a device receives a specifically malformed SIP packet, the device prevents this packet from being forwarded, but any subsequently received retransmissions of the same packet are forwarded as if they were valid.</p><p>This issue affects Juniper Networks Junos OS on SRX Series and MX Series:</p><p></p><ul><li>20.4 versions prior to 20.4R3-S5;</li><li>21.1 versions prior to 21.1R3-S4;</li><li>21.2 versions prior to 21.2R3-S4;</li><li>21.3 versions prior to 21.3R3-S3;</li><li>21.4 versions prior to 21.4R3-S2;</li><li>22.1 versions prior to 22.1R2-S2, 22.1R3;</li><li>22.2 versions prior to 22.2R2-S1, 22.2R3;</li><li>22.3 versions prior to 22.3R1-S2, 22.3R2.</li></ul><p></p><p>This issue doesn't not affected releases prior to 20.4R1.</p>\n\n", }, ], value: "\nAn Improper Check for Unusual or Exceptional Conditions vulnerability in the SIP ALG of Juniper Networks Junos OS on SRX Series and MX Series allows an unauthenticated network-based attacker to cause an integrity impact in connected networks.\n\nIf the SIP ALG is configured and a device receives a specifically malformed SIP packet, the device prevents this packet from being forwarded, but any subsequently received retransmissions of the same packet are forwarded as if they were valid.\n\nThis issue affects Juniper Networks Junos OS on SRX Series and MX Series:\n\n\n\n * 20.4 versions prior to 20.4R3-S5;\n * 21.1 versions prior to 21.1R3-S4;\n * 21.2 versions prior to 21.2R3-S4;\n * 21.3 versions prior to 21.3R3-S3;\n * 21.4 versions prior to 21.4R3-S2;\n * 22.1 versions prior to 22.1R2-S2, 22.1R3;\n * 22.2 versions prior to 22.2R2-S1, 22.2R3;\n * 22.3 versions prior to 22.3R1-S2, 22.3R2.\n\n\n\n\nThis issue doesn't not affected releases prior to 20.4R1.\n\n\n\n", }, ], exploits: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>Juniper SIRT is not aware of any malicious exploitation of this vulnerability.</p>", }, ], value: "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.8, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-754", description: "CWE-754 Improper Check for Unusual or Exceptional Conditions", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-12T23:05:42.031Z", orgId: "8cbe9d5a-a066-4c94-8978-4b15efeae968", shortName: "juniper", }, references: [ { tags: [ "vendor-advisory", ], url: "https://supportportal.juniper.net/JSA73164", }, ], solutions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>The following software releases have been updated to resolve this specific issue: Junos OS 20.4R3-S5, 21.1R3-S4, 21.2R3-S4, 21.3R3-S3, 21.4R3-S2, 22.1R2-S2, 22.1R3, 22.2R2-S1, 22.2R3, 22.3R1-S2, 22.3R2, 22.4R1, and all subsequent releases.</p>", }, ], value: "The following software releases have been updated to resolve this specific issue: Junos OS 20.4R3-S5, 21.1R3-S4, 21.2R3-S4, 21.3R3-S3, 21.4R3-S2, 22.1R2-S2, 22.1R3, 22.2R2-S1, 22.2R3, 22.3R1-S2, 22.3R2, 22.4R1, and all subsequent releases.\n\n", }, ], source: { advisory: "JSA73164", defect: [ "1693379", ], discovery: "INTERNAL", }, timeline: [ { lang: "en", time: "2023-10-11T16:00:00.000Z", value: "Initial Publication", }, ], title: "Junos OS: SRX Series and MX Series: SIP ALG doesn't drop specifically malformed retransmitted SIP packets", workarounds: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>There are no known workarounds for this issue.</p>", }, ], value: "There are no known workarounds for this issue.\n\n", }, ], x_generator: { engine: "Vulnogram 0.1.0-av217", }, }, }, cveMetadata: { assignerOrgId: "8cbe9d5a-a066-4c94-8978-4b15efeae968", assignerShortName: "juniper", cveId: "CVE-2023-44198", datePublished: "2023-10-12T23:05:42.031Z", dateReserved: "2023-09-26T19:30:32.350Z", dateUpdated: "2024-09-18T14:41:11.841Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }