Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
0

CVE-2024-30402

Disclosure Date: April 12, 2024
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).

When telemetry requests are sent to the device, and the Dynamic Rendering Daemon (drend) is suspended, the l2ald crashes and restarts due to factors outside the attackers control. Repeated occurrences of these events causes a sustained DoS condition.

This issue affects:
Junos OS:

  • All versions earlier than 20.4R3-S10;
  • 21.2 versions earlier than 21.2R3-S7;
  • 21.4 versions earlier than 21.4R3-S5;
  • 22.1 versions earlier than 22.1R3-S4;
  • 22.2 versions earlier than 22.2R3-S3;
  • 22.3 versions earlier than 22.3R3-S1;
  • 22.4 versions earlier than 22.4R3;
  • 23.2 versions earlier than 23.2R1-S2, 23.2R2.

Junos OS Evolved:

  • All versions earlier than 21.4R3-S5-EVO;
  • 22.1-EVO versions earlier than 22.1R3-S4-EVO;
  • 22.2-EVO versions earlier than 22.2R3-S3-EVO;
  • 22.3-EVO versions earlier than 22.3R3-S1-EVO;
  • 22.4-EVO versions earlier than 22.4R3-EVO;
  • 23.2-EVO versions earlier than 23.2R2-EVO.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
5.9 Medium
Impact Score:
3.6
Exploitability Score:
2.2
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector (AV):
Network
Attack Complexity (AC):
High
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
None
Integrity (I):
None
Availability (A):
High

General Information

Vendors

  • Juniper Networks

Products

  • Junos OS,
  • Junos OS Evolved

Additional Info

Technical Analysis