CVE-2024-30402

{"id": "CVE-2024-30402", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "sirt@juniper.net", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2024-04-12T16:15:39.930", "references": [{"url": "https://supportportal.juniper.net/JSA79180", "source": "sirt@juniper.net"}, {"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "source": "sirt@juniper.net"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "sirt@juniper.net", "description": [{"lang": "en", "value": "CWE-754"}]}], "descriptions": [{"lang": "en", "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the Layer 2 Address Learning Daemon\u00a0(l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).\n\nWhen telemetry requests are sent to the device,\u00a0and the Dynamic Rendering Daemon (drend) is suspended, the l2ald crashes and restarts due to factors outside the attackers control. Repeated occurrences of these events causes a sustained DoS condition.\n\n\nThis issue affects:\nJunos OS:\nAll versions earlier than\u00a020.4R3-S10;\n21.2 versions earlier than\u00a021.2R3-S7;\n21.4 versions earlier than\u00a021.4R3-S5;\n22.1 versions earlier than\u00a022.1R3-S4;\n22.2 versions earlier than\u00a022.2R3-S3;\n22.3 versions earlier than\u00a022.3R3-S1;\n22.4 versions earlier than\u00a022.4R3;\n23.2 versions earlier than\u00a023.2R1-S2, 23.2R2.\n\nJunos OS Evolved:\n\nAll versions earlier than\u00a021.4R3-S5-EVO;\n22.1-EVO versions earlier than\u00a022.1R3-S4-EVO;\n22.2-EVO versions earlier than\u00a022.2R3-S3-EVO;\n22.3-EVO versions earlier than\u00a022.3R3-S1-EVO;\n22.4-EVO versions earlier than\u00a022.4R3-EVO;\n23.2-EVO versions earlier than\u00a023.2R2-EVO.\n\n"}, {"lang": "es", "value": "Una verificaci\u00f3n inadecuada de la vulnerabilidad de condiciones inusuales o excepcionales en el daemon de aprendizaje de direcciones de capa 2 (l2ald) de Juniper Networks Junos OS y Junos OS Evolved permite que un atacante adyacente no autenticado provoque una denegaci\u00f3n de servicio (DoS). Cuando se env\u00edan solicitudes de telemetr\u00eda al dispositivo y el daemon de renderizado din\u00e1mico (drend) se suspende, l2ald falla y se reinicia debido a factores fuera del control de los atacantes. La ocurrencia repetida de estos eventos causa una condici\u00f3n DoS sostenida. Este problema afecta a: Junos OS: todas las versiones anteriores a 20.4R3-S10; Versiones 21.2 anteriores a 21.2R3-S7; Versiones 21.4 anteriores a 21.4R3-S5; Versiones 22.1 anteriores a 22.1R3-S4; Versiones 22.2 anteriores a 22.2R3-S3; Versiones 22.3 anteriores a 22.3R3-S1; Versiones 22.4 anteriores a 22.4R3; Versiones 23.2 anteriores a 23.2R1-S2, 23.2R2. Junos OS Evolved: todas las versiones anteriores a 21.4R3-S5-EVO; Versiones 22.1-EVO anteriores a 22.1R3-S4-EVO; Versiones 22.2-EVO anteriores a 22.2R3-S3-EVO; Versiones 22.3-EVO anteriores a 22.3R3-S1-EVO; Versiones 22.4-EVO anteriores a 22.4R3-EVO; Versiones 23.2-EVO anteriores a 23.2R2-EVO."}], "lastModified": "2024-04-15T13:15:51.577", "sourceIdentifier": "sirt@juniper.net"}