{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-30382", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "state": "PUBLISHED", "assignerShortName": "juniper", "dateReserved": "2024-03-26T23:06:12.474Z", "datePublished": "2024-04-12T15:22:03.210Z", "dateUpdated": "2024-06-04T17:39:41.914Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Junos OS", "vendor": "Juniper Networks", "versions": [{"lessThan": "20.4R3-S10", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThan": "21.2R3-S8", "status": "affected", "version": "21.2", "versionType": "semver"}, {"lessThan": "21.3R3", "status": "affected", "version": "21.3", "versionType": "semver"}, {"lessThan": "21.4R3", "status": "affected", "version": "21.4", "versionType": "semver"}, {"lessThan": "22.1R2", "status": "affected", "version": "22.1", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Junos OS Evolved", "vendor": "Juniper Networks", "versions": [{"lessThan": "21.2R3-S8-EVO", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThan": "21.3R3-EVO", "status": "affected", "version": "21.3", "versionType": "semver"}, {"lessThan": "21.4R3-EVO", "status": "affected", "version": "21.4", "versionType": "semver"}, {"lessThan": "22.1R2-EVO", "status": "affected", "version": "22.1", "versionType": "semver"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The following is an example of CoS-based forwarding configuration:<br><br><tt>[edit policy-options]<br>set policy-statement my-cos-forwarding term 1 from route-filter destination-prefix match-type<br>set policy-statement my-cos-forwarding term 1 then <b>cos-next-hop-map</b> map-name</tt>"}], "value": "The following is an example of CoS-based forwarding configuration:\n\n[edit policy-options]\nset policy-statement my-cos-forwarding term 1 from route-filter destination-prefix match-type\nset policy-statement my-cos-forwarding term 1 then cos-next-hop-map map-name"}], "datePublic": "2024-04-10T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to send a specific routing update, causing an rpd core due to memory corruption, leading to a Denial of Service (DoS).<br><br>This issue can only be triggered when the system is configured for CoS-based forwarding (CBF) with a policy map containing a cos-next-hop-map action (see below).<br><p>This issue affects:<br>Junos OS: <br></p><ul><li>all versions before 20.4R3-S10, </li><li>from 21.2 before 21.2R3-S8,</li><li>from 21.3 before 21.3R3, </li><li>from 21.4 before 21.4R3, </li><li>from 22.1 before 22.1R2;</li></ul><p></p><p>Junos OS Evolved: <br></p><ul><li>all versions before 21.2R3-S8-EVO,</li><li>from 21.3 before 21.3R3-EVO, </li><li>from 21.4 before 21.4R3-EVO, </li><li>from 22.1 before 22.1R2-EVO.</li></ul><p></p>"}], "value": "An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to send a specific routing update, causing an rpd core due to memory corruption, leading to a Denial of Service (DoS).\n\nThis issue can only be triggered when the system is configured for CoS-based forwarding (CBF) with a policy map containing a cos-next-hop-map action (see below).\nThis issue affects:\nJunos OS: \n\n\n * all versions before 20.4R3-S10, \n * from 21.2 before 21.2R3-S8,\n * from 21.3 before 21.3R3, \n * from 21.4 before 21.4R3, \n * from 22.1 before 22.1R2;\n\n\n\n\nJunos OS Evolved: \n\n\n * all versions before 21.2R3-S8-EVO,\n * from 21.3 before 21.3R3-EVO, \n * from 21.4 before 21.4R3-EVO, \n * from 22.1 before 22.1R2-EVO."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.7, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-755", "description": "CWE-755 Improper Handling of Exceptional Conditions", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"description": "Denial of Service (DoS)", "lang": "en"}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2024-05-16T18:01:47.966Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://supportportal.juniper.net/JSA79174"}, {"tags": ["technical-description"], "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The following software releases have been updated to resolve this specific issue: <br>Junos OS: 20.4R3-S10, 21.3R3, 21.4R3, 22.1R2, 22.2R1, and all subsequent releases.\n<br>Junos OS Evolved:&nbsp;&nbsp;21.3R3-EVO, 21.4R3-EVO, 22.1R2-EVO, 22.2R1-EVO, and all subsequent releases."}], "value": "The following software releases have been updated to resolve this specific issue: \nJunos OS: 20.4R3-S10, 21.3R3, 21.4R3, 22.1R2, 22.2R1, and all subsequent releases.\n\nJunos OS Evolved:\u00a0\u00a021.3R3-EVO, 21.4R3-EVO, 22.1R2-EVO, 22.2R1-EVO, and all subsequent releases."}], "source": {"advisory": "JSA79174", "defect": ["1640813"], "discovery": "INTERNAL"}, "title": "Junos OS and Junos OS Evolved: RPD crash when CoS-based forwarding (CBF) policy is configured", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>There are no known workarounds for this issue.</p>"}], "value": "There are no known workarounds for this issue."}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-30382", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-12T17:23:18.353034Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:juniper:junos_os_evolved:21.3:-:*:*:*:*:*:*"], "vendor": "juniper", "product": "junos_os_evolved", "versions": [{"status": "affected", "version": "21.3", "lessThan": "21.3R3-EVO", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:juniper:junos_os_evolved:21.4:-:*:*:*:*:*:*"], "vendor": "juniper", "product": "junos_os_evolved", "versions": [{"status": "affected", "version": "21.4", "lessThan": "21.4R3-EVO", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:juniper:junos_os_evolved:22.1:-:*:*:*:*:*:*"], "vendor": "juniper", "product": "junos_os_evolved", "versions": [{"status": "affected", "version": "22.1", "lessThan": "22.1R2-EVO", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*"], "vendor": "juniper", "product": "junos", "versions": [{"status": "affected", "version": "21.2", "lessThan": "21.2R3-S8", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:juniper:junos:21.3:-:*:*:*:*:*:*"], "vendor": "juniper", "product": "junos", "versions": [{"status": "affected", "version": "21.3", "lessThan": "21.3R3", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:juniper:junos:21.4:-:*:*:*:*:*:*"], "vendor": "juniper", "product": "junos", "versions": [{"status": "affected", "version": "21.4", "lessThan": "21.4R3", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:juniper:junos:22.1:-:*:*:*:*:*:*"], "vendor": "juniper", "product": "junos", "versions": [{"status": "affected", "version": "22.1", "lessThan": "22.1R2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:juniper:junos:-:*:*:*:*:*:*:*"], "vendor": "juniper", "product": "junos", "versions": [{"status": "affected", "version": "0", "lessThan": "20.4R3-S10", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:39:41.914Z"}}]}}

{"descriptions": [{"lang": "en", "value": "An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to send a specific routing update, causing an rpd core due to memory corruption, leading to a Denial of Service (DoS).\n\nThis issue can only be triggered when the system is configured for CoS-based forwarding (CBF) with a policy map containing a cos-next-hop-map action (see below).\nThis issue affects:\nJunos OS: \n\n\n * all versions before 20.4R3-S10, \n * from 21.2 before 21.2R3-S8,\n * from 21.3 before 21.3R3, \n * from 21.4 before 21.4R3, \n * from 22.1 before 22.1R2;\n\n\n\n\nJunos OS Evolved: \n\n\n * all versions before 21.2R3-S8-EVO,\n * from 21.3 before 21.3R3-EVO, \n * from 21.4 before 21.4R3-EVO, \n * from 22.1 before 22.1R2-EVO."}, {"lang": "es", "value": "Una vulnerabilidad de manejo inadecuado de condiciones excepcionales en el daemon del protocolo de enrutamiento (rpd) de Juniper Networks Junos OS y Junos OS Evolved permite que un atacante no autenticado basado en la red env\u00ede una actualizaci\u00f3n de enrutamiento espec\u00edfica, lo que provoca un n\u00facleo rpd debido a la corrupci\u00f3n de la memoria, lo que lleva a una denegaci\u00f3n de servicio (DoS). Este problema solo se puede desencadenar cuando el sistema est\u00e1 configurado para el reenv\u00edo basado en CoS (CBF) con un mapa de pol\u00edticas que contiene una acci\u00f3n cos-next-hop-map (ver m\u00e1s abajo). Este problema afecta a: Junos OS: * todas las versiones anteriores a 20.4R3-S10, * desde 21.2 anterior a 21.2R3-S8, * desde 21.3 anterior a 21.3R3, * desde 21.4 anterior a 21.4R3, * desde 22.1 anterior a 22.1R2; Junos OS Evolved: * todas las versiones anteriores a 21.2R3-S8-EVO, * desde 21.3 anteriores a 21.3R3-EVO, * desde 21.4 anteriores a 21.4R3-EVO, * desde 22.1 anteriores a 22.1R2-EVO."}], "id": "CVE-2024-30382", "lastModified": "2024-05-16T18:15:10.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "sirt@juniper.net", "type": "Primary"}]}, "published": "2024-04-12T16:15:37.207", "references": [{"source": "sirt@juniper.net", "url": "https://supportportal.juniper.net/JSA79174"}, {"source": "sirt@juniper.net", "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-755"}], "source": "sirt@juniper.net", "type": "Secondary"}]}

{}