CVE-2024-30388

EPSS 0.03%
Published 12.04.2024 16:15:38
Last modified 21.11.2024 09:11:49
Source sirt@juniper.net
Teams watchlist Login
Open Login

An Improper Isolation or Compartmentalization vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on QFX5000 Series and EX Series allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).

If a specific malformed LACP packet is received by a QFX5000 Series, or an EX4400, EX4100 or EX4650 Series device, an LACP flap will occur resulting in traffic loss.
This issue affects Junos OS on QFX5000 Series, and on EX4400, EX4100 or EX4650 Series:



  *  20.4 versions from 

20.4R3-S4

before 20.4R3-S8,
  *  21.2 versions from 

21.2R3-S2

before 21.2R3-S6,
  *  21.4 versions from 

21.4R2

before 21.4R3-S4,

  *  22.1 versions from

22.1R2

 before 22.1R3-S3,
  *  22.2 versions before 22.2R3-S1,
  *  22.3 versions before 22.3R2-S2, 22.3R3,
  *  22.4 versions before 22.4R2-S1, 22.4R3.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorJuniper Networks

≫

Product Junos OS

Default Statusunaffected

Version < 20.4R3-S8

Version 20.4R3-S4

Status affected

Version < 21.2R3-S6

Version 21.2R3-S2

Status affected

Version < 21.4R3-S4

Version 21.4R2

Status affected

Version < 22.1R3-S3

Version 22.1R2

Status affected

Version < 22.2R3-S1

Version 22.2

Status affected

Version < 22.3R2-S2, 22.3R3

Version 22.3

Status affected

Version < 22.4R2-S1, 22.4R3

Version 22.4

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.069

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
sirt@juniper.net	7.1	0	0	CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
sirt@juniper.net	6.5	2.8	3.6	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-653 Improper Isolation or Compartmentalization

The product does not properly compartmentalize or isolate functionality, processes, or resources that require different privilege levels, rights, or permissions.

https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

http://supportportal.juniper.net/JSA79089

https://nvd.nist.gov/vuln/detail/CVE-2024-30388

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-30388

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-30388

EUVD