CVE-2024-30378 – Junos OS: MX Series: bbe-smgd process crash upon execution of specific CLI commands
https://notcve.org/view.php?id=CVE-2024-30378
A Use After Free vulnerability in command processing of Juniper Networks Junos OS on MX Series allows a local, authenticated attacker to cause the broadband edge service manager daemon (bbe-smgd) to crash upon execution of specific CLI commands, creating a Denial of Service (DoS) condition. The process crashes and restarts automatically. When specific CLI commands are executed, the bbe-smgd daemon attempts to write into an area of memory (mgd socket) that was already closed, causing the process to crash. This process manages and controls the configuration of broadband subscriber sessions and services. While the process is unavailable, additional subscribers will not be able to connect to the device, causing a temporary Denial of Service condition. This issue only occurs if Graceful Routing Engine Switchover (GRES) and Subscriber Management are enabled. This issue affects Junos OS: * All versions before 20.4R3-S5, * from 21.1 before 21.1R3-S4, * from 21.2 before 21.2R3-S3, * from 21.3 before 21.3R3-S5, * from 21.4 before 21.4R3-S5, * from 22.1 before 22.1R3, * from 22.2 before 22.2R3, * from 22.3 before 22.3R2; Una vulnerabilidad Use After Free en el procesamiento de comandos de Juniper Networks Junos OS en la serie MX permite que un atacante local autenticado provoque que el demonio del administrador de servicios de banda ancha (bbe-smgd) se bloquee al ejecutar comandos CLI específicos, creando una condición de denegación de servicio ( DoS). El proceso falla y se reinicia automáticamente. • https://supportportal.juniper.net/JSA79109 https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L • CWE-416: Use After Free •
CVE-2024-30403 – Junos OS Evolved: When MAC learning happens, and an interface gets flapped, the PFE crashes
https://notcve.org/view.php?id=CVE-2024-30403
A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). When Layer 2 traffic is sent through a logical interface, MAC learning happens. If during this process, the interface flaps, an Advanced Forwarding Toolkit manager (evo-aftmand-bt) core is observed. This leads to a PFE restart. The crash reoccurs if the same sequence of events happens, which will lead to a sustained DoS condition. This issue affects Juniper Networks Junos OS Evolved 23.2-EVO versions earlier than 23.2R1-S1-EVO, 23.2R2-EVO. Una vulnerabilidad de desreferencia de puntero NULL en el motor de reenvío de paquetes (PFE) de Juniper Networks Junos OS Evolved permite que un atacante adyacente no autenticado provoque una denegación de servicio (DoS). • https://supportportal.juniper.net/JSA79181 https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L • CWE-476: NULL Pointer Dereference •
CVE-2024-30402 – Junos OS and Junos OS Evolved: The l2ald crashes on receiving telemetry messages from a specific subscription
https://notcve.org/view.php?id=CVE-2024-30402
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). When telemetry requests are sent to the device, and the Dynamic Rendering Daemon (drend) is suspended, the l2ald crashes and restarts due to factors outside the attackers control. Repeated occurrences of these events causes a sustained DoS condition. This issue affects: Junos OS: * All versions earlier than 20.4R3-S10; * 21.2 versions earlier than 21.2R3-S7; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R1-S2, 23.2R2. Junos OS Evolved: * All versions earlier than 21.4R3-S5-EVO; * 22.1-EVO versions earlier than 22.1R3-S4-EVO; * 22.2-EVO versions earlier than 22.2R3-S3-EVO; * 22.3-EVO versions earlier than 22.3R3-S1-EVO; * 22.4-EVO versions earlier than 22.4R3-EVO; * 23.2-EVO versions earlier than 23.2R2-EVO. Una verificación inadecuada de la vulnerabilidad de condiciones inusuales o excepcionales en el daemon de aprendizaje de direcciones de capa 2 (l2ald) de Juniper Networks Junos OS y Junos OS Evolved permite que un atacante adyacente no autenticado provoque una denegación de servicio (DoS). Cuando se envían solicitudes de telemetría al dispositivo y el daemon de renderizado dinámico (drend) se suspende, l2ald falla y se reinicia debido a factores fuera del control de los atacantes. La ocurrencia repetida de estos eventos causa una condición DoS sostenida. • https://supportportal.juniper.net/JSA79180 https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVE-2024-30401 – Junos OS: MX Series and EX9200-15C: Stack-based buffer overflow in aftman
https://notcve.org/view.php?id=CVE-2024-30401
An Out-of-bounds Read vulnerability in the advanced forwarding management process aftman of Juniper Networks Junos OS on MX Series with MPC10E, MPC11, MX10K-LC9600 line cards, MX304, and EX9200-15C, may allow an attacker to exploit a stack-based buffer overflow, leading to a reboot of the FPC. Through code review, it was determined that the interface definition code for aftman could read beyond a buffer boundary, leading to a stack-based buffer overflow. This issue affects Junos OS on MX Series and EX9200-15C: * from 21.2 before 21.2R3-S1, * from 21.4 before 21.4R3, * from 22.1 before 22.1R2, * from 22.2 before 22.2R2; This issue does not affect: * versions of Junos OS prior to 20.3R1; * any version of Junos OS 20.4. Una vulnerabilidad de lectura fuera de los límites en el proceso avanzado de gestión de reenvío de Juniper Networks Junos OS en la serie MX con tarjetas de línea MPC10E, MPC11, MX10K-LC9600, MX304 y EX9200-15C, puede permitir que un atacante aproveche un desbordamiento del búfer basado en la pila, lo que provocará un reinicio del FPC. A través de la revisión del código, se determinó que el código de definición de interfaz para aftman podía leer más allá del límite del búfer, lo que provocaba un desbordamiento del búfer basado en pila. Este problema afecta a Junos OS en la serie MX y EX9200-15C: * desde 21.2 antes de 21.2R3-S1, * desde 21.4 antes de 21.4R3, * desde 22.1 antes de 22.1R2, * desde 22.2 antes de 22.2R2; Este problema no afecta a: * versiones de Junos OS anteriores a 20.3R1; * cualquier versión de Junos OS 20.4. • https://supportportal.juniper.net/JSA79110 https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N • CWE-125: Out-of-bounds Read •
CVE-2024-30398 – Junos OS: SRX4600 Series - A high amount of specific traffic causes packet drops and an eventual PFE crash
https://notcve.org/view.php?id=CVE-2024-30398
An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When a high amount of specific traffic is received on a SRX4600 device, due to an error in internal packet handling, a consistent rise in CPU memory utilization occurs. This results in packet drops in the traffic and eventually the PFE crashes. A manual reboot of the PFE will be required to restore the device to original state. This issue affects Junos OS: * 21.2 before 21.2R3-S7, * 21.4 before 21.4R3-S6, * 22.1 before 22.1R3-S5, * 22.2 before 22.2R3-S3, * 22.3 before 22.3R3-S2, * 22.4 before 22.4R3, * 23.2 before 23.2R1-S2, 23.2R2. Una restricción inadecuada de operaciones dentro de los límites de una vulnerabilidad de búfer de memoria en el motor de reenvío de paquetes (PFE) de Juniper Networks Junos OS permite que un atacante no autenticado basado en la red provoque una denegación de servicio (DoS). Cuando se recibe una gran cantidad de tráfico específico en un dispositivo SRX4600, debido a un error en el manejo de paquetes internos, se produce un aumento constante en la utilización de la memoria de la CPU. • https://supportportal.juniper.net/JSA79176 https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •