CVE-2024-21610

{"id": "CVE-2024-21610", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "sirt@juniper.net", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2024-04-12T15:15:23.950", "references": [{"url": "http://supportportal.juniper.net/JSA75751", "source": "sirt@juniper.net"}, {"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "source": "sirt@juniper.net"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "sirt@juniper.net", "description": [{"lang": "en", "value": "CWE-755"}]}], "descriptions": [{"lang": "en", "value": "An Improper Handling of Exceptional Conditions vulnerability in the Class of Service daemon (cosd) of Juniper Networks Junos OS on MX Series allows an authenticated, network-based attacker with low privileges to cause a limited Denial of Service (DoS).\n\nIn a scaled subscriber scenario when specific low privileged commands, received over NETCONF, SSH or telnet, are handled by cosd on behalf of mgd, the respective child management daemon (mgd) processes will get stuck. In case of (Netconf over) SSH this leads to stuck SSH sessions, so that when the connection-limit for SSH is reached new sessions can't be established anymore. A similar behavior will be seen for telnet etc.\n\nStuck mgd processes can be monitored by executing the following command:\n\n\u00a0 user@host> show system processes extensive | match mgd | match sbwait\n\nThis issue affects Juniper Networks Junos OS on MX Series:\nAll versions earlier than 20.4R3-S9;\n21.2 versions earlier than 21.2R3-S7;\n21.3 versions earlier than 21.3R3-S5;\n21.4 versions earlier than 21.4R3-S5;\n22.1 versions earlier than 22.1R3-S4;\n22.2 versions earlier than 22.2R3-S3;\n22.3 versions earlier than 22.3R3-S2;\n22.4 versions earlier than 22.4R3;\n23.2 versions earlier than 23.2R1-S2, 23.2R2.\n"}, {"lang": "es", "value": "Una vulnerabilidad de manejo inadecuado de condiciones excepcionales en el daemon de clase de servicio (cosd) de Juniper Networks Junos OS en la serie MX permite que un atacante autenticado basado en red con privilegios bajos cause una denegaci\u00f3n de servicio (DoS) limitada. En un escenario de suscriptor escalado, cuando cosd maneja comandos espec\u00edficos de privilegios bajos, recibidos a trav\u00e9s de NETCONF, SSH o telnet, en nombre de mgd, los respectivos procesos del daemon de administraci\u00f3n infantil (mgd) se atascar\u00e1n. En el caso de (Netconf sobre) SSH, esto conduce a sesiones SSH bloqueadas, de modo que cuando se alcanza el l\u00edmite de conexi\u00f3n para SSH ya no se pueden establecer nuevas sesiones. Se observar\u00e1 un comportamiento similar para telnet, etc. Los procesos mgd atascados se pueden monitorear ejecutando el siguiente comando: usuario@host> mostrar procesos del sistema extensos | partido mgd | match sbwait Este problema afecta a Juniper Networks Junos OS en la serie MX: todas las versiones anteriores a 20.4R3-S9; Versiones 21.2 anteriores a 21.2R3-S7; Versiones 21.3 anteriores a 21.3R3-S5; Versiones 21.4 anteriores a 21.4R3-S5; Versiones 22.1 anteriores a 22.1R3-S4; Versiones 22.2 anteriores a 22.2R3-S3; Versiones 22.3 anteriores a 22.3R3-S2; Versiones 22.4 anteriores a 22.4R3; Versiones 23.2 anteriores a 23.2R1-S2, 23.2R2."}], "lastModified": "2024-04-15T13:15:51.577", "sourceIdentifier": "sirt@juniper.net"}