8.7
CVE-2024-30395
- EPSS 0.14%
- Veröffentlicht 12.04.2024 15:15:24
- Zuletzt bearbeitet 06.02.2025 18:39:02
- Quelle sirt@juniper.net
- CVE-Watchlists
- Unerledigt
LoginJunos OS and Junos OS Evolved: A malformed BGP tunnel encapsulation attribute will lead to an rpd crash
An Improper Validation of Specified Type of Input vulnerability in Routing Protocol Daemon (RPD) of Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). If a BGP update is received over an established BGP session which contains a tunnel encapsulation attribute with a specifically malformed TLV, rpd will crash and restart. This issue affects: Junos OS: * all versions before 21.2R3-S7, * from 21.3 before 21.3R3-S5, * from 21.4 before 21.4R3-S5, * from 22.1 before 22.1R3-S5, * from 22.2 before 22.2R3-S3, * from 22.3 before 22.3R3-S2, * from 22.4 before 22.4R3, * from 23.2 before 23.2R1-S2, 23.2R2. Junos OS Evolved: * all versions before 21.2R3-S7-EVO, * from 21.3-EVO before 21.3R3-S5-EVO, * from 21.4-EVO before 21.4R3-S5-EVO, * from 22.2-EVO before 22.2R3-S3-EVO, * from 22.3-EVO before 22.3R3-S2-EVO, * from 22.4-EVO before 22.4R3-EVO, * from 23.2-EVO before 23.2R1-S2-EVO, 23.2R2-EVO. This is a related but separate issue than the one described in JSA75739
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Juniper ≫ Junos Os Evolved Version < 21.2
Juniper ≫ Junos Os Evolved Version21.2 Update-
Juniper ≫ Junos Os Evolved Version21.2 Updater1
Juniper ≫ Junos Os Evolved Version21.2 Updater1-s1
Juniper ≫ Junos Os Evolved Version21.2 Updater1-s2
Juniper ≫ Junos Os Evolved Version21.2 Updater2
Juniper ≫ Junos Os Evolved Version21.2 Updater2-s1
Juniper ≫ Junos Os Evolved Version21.2 Updater2-s2
Juniper ≫ Junos Os Evolved Version21.2 Updater3
Juniper ≫ Junos Os Evolved Version21.2 Updater3-s1
Juniper ≫ Junos Os Evolved Version21.2 Updater3-s2
Juniper ≫ Junos Os Evolved Version21.2 Updater3-s3
Juniper ≫ Junos Os Evolved Version21.2 Updater3-s4
Juniper ≫ Junos Os Evolved Version21.2 Updater3-s5
Juniper ≫ Junos Os Evolved Version21.2 Updater3-s6
Juniper ≫ Junos Os Evolved Version21.3 Update-
Juniper ≫ Junos Os Evolved Version21.3 Updater1
Juniper ≫ Junos Os Evolved Version21.3 Updater1-s1
Juniper ≫ Junos Os Evolved Version21.3 Updater2
Juniper ≫ Junos Os Evolved Version21.3 Updater2-s1
Juniper ≫ Junos Os Evolved Version21.3 Updater2-s2
Juniper ≫ Junos Os Evolved Version21.3 Updater3
Juniper ≫ Junos Os Evolved Version21.3 Updater3-s1
Juniper ≫ Junos Os Evolved Version21.3 Updater3-s2
Juniper ≫ Junos Os Evolved Version21.3 Updater3-s3
Juniper ≫ Junos Os Evolved Version21.3 Updater3-s4
Juniper ≫ Junos Os Evolved Version21.4 Update-
Juniper ≫ Junos Os Evolved Version21.4 Updater1
Juniper ≫ Junos Os Evolved Version21.4 Updater1-s1
Juniper ≫ Junos Os Evolved Version21.4 Updater1-s2
Juniper ≫ Junos Os Evolved Version21.4 Updater2
Juniper ≫ Junos Os Evolved Version21.4 Updater2-s1
Juniper ≫ Junos Os Evolved Version21.4 Updater2-s2
Juniper ≫ Junos Os Evolved Version21.4 Updater3
Juniper ≫ Junos Os Evolved Version21.4 Updater3-s1
Juniper ≫ Junos Os Evolved Version21.4 Updater3-s2
Juniper ≫ Junos Os Evolved Version21.4 Updater3-s3
Juniper ≫ Junos Os Evolved Version21.4 Updater3-s4
Juniper ≫ Junos Os Evolved Version22.2 Update-
Juniper ≫ Junos Os Evolved Version22.2 Updater1
Juniper ≫ Junos Os Evolved Version22.2 Updater1-s1
Juniper ≫ Junos Os Evolved Version22.2 Updater1-s2
Juniper ≫ Junos Os Evolved Version22.2 Updater2
Juniper ≫ Junos Os Evolved Version22.2 Updater2-s1
Juniper ≫ Junos Os Evolved Version22.2 Updater2-s2
Juniper ≫ Junos Os Evolved Version22.2 Updater3
Juniper ≫ Junos Os Evolved Version22.2 Updater3-s1
Juniper ≫ Junos Os Evolved Version22.2 Updater3-s2
Juniper ≫ Junos Os Evolved Version22.3 Update-
Juniper ≫ Junos Os Evolved Version22.3 Updater1
Juniper ≫ Junos Os Evolved Version22.3 Updater1-s1
Juniper ≫ Junos Os Evolved Version22.3 Updater1-s2
Juniper ≫ Junos Os Evolved Version22.3 Updater2
Juniper ≫ Junos Os Evolved Version22.3 Updater2-s1
Juniper ≫ Junos Os Evolved Version22.3 Updater2-s2
Juniper ≫ Junos Os Evolved Version22.3 Updater3
Juniper ≫ Junos Os Evolved Version22.3 Updater3-s1
Juniper ≫ Junos Os Evolved Version22.4 Update-
Juniper ≫ Junos Os Evolved Version22.4 Updater1
Juniper ≫ Junos Os Evolved Version22.4 Updater1-s1
Juniper ≫ Junos Os Evolved Version22.4 Updater1-s2
Juniper ≫ Junos Os Evolved Version22.4 Updater2
Juniper ≫ Junos Os Evolved Version22.4 Updater2-s1
Juniper ≫ Junos Os Evolved Version22.4 Updater2-s2
Juniper ≫ Junos Os Evolved Version23.2 Update-
Juniper ≫ Junos Os Evolved Version23.2 Updater1
Juniper ≫ Junos Os Evolved Version23.2 Updater1-s1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.14% | 0.342 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| sirt@juniper.net | 8.7 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| sirt@juniper.net | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-1287 Improper Validation of Specified Type of Input
The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.