CVE-2024-21618

Опубликовано: 12 апр. 2024

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

On all Junos OS and Junos OS Evolved platforms, when LLDP is enabled on a specific interface, and a malformed LLDP packet is received, l2cpd crashes and restarts. The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP. Also, if any services depend on LLDP state (like PoE or VoIP device recognition), then these will also be affected.

This issue affects:

Junos OS:

from 21.4 before 21.4R3-S4,
from 22.1 before 22.1R3-S4,
from 22.2 before 22.2R3-S2,
from 22.3 before 22.3R2-S2, 22.3R3-S1,
from 22.4 before 22.4R3,
from 23.2 before 23.2R2.

Junos OS Evolved:

from 21.4-EVO before 21.4R3-S5-EVO,
from 22.1-EVO before 22.1R3-S4-EVO,
from 22

Ссылки

https://supportportal.juniper.net/JSA75759
Issue Tracking
Vendor Advisory
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
Issue Tracking
Vendor Advisory
https://supportportal.juniper.net/JSA75759
Issue Tracking
Vendor Advisory
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
Issue Tracking
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:juniper:junos:21.4:r1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:21.4:r1-s1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:21.4:r1-s2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:21.4:r2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:21.4:r2-s1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:21.4:r2-s2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:21.4:r3:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:21.4:r3-s1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:21.4:r3-s2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:21.4:r3-s3:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:22.1:-:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:22.1:r1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:22.1:r1-s1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:22.1:r1-s2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:22.1:r2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:22.1:r2-s1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:22.1:r2-s2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:22.1:r3:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:22.1:r3-s1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:22.1:r3-s2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:22.1:r3-s3:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:22.2:-:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:22.2:r1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:22.2:r1-s1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:22.2:r1-s2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:22.2:r2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:22.2:r2-s1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:22.2:r2-s2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:22.2:r3:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:22.2:r3-s1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:22.3:-:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:22.3:r1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:22.3:r1-s1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:22.3:r1-s2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:22.3:r2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:22.3:r2-s1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:22.4:-:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:22.4:r1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:22.4:r1-s1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:22.4:r1-s2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:22.4:r2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:22.4:r2-s1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:22.4:r2-s2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:23.2:-:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:23.2:r1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:23.2:r1-s1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:23.2:r1-s2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:21.4:r1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:21.4:r2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:21.4:r3:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s3:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s4:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:22.1:-:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:22.1:r1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:22.1:r1-s1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:22.1:r1-s2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:22.1:r2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:22.1:r2-s1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:22.1:r3:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:22.1:r3-s1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:22.1:r3-s2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:22.1:r3-s3:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:22.2:-:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:22.2:r1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:22.2:r1-s1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:22.2:r1-s2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:22.2:r2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:22.2:r2-s1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:22.2:r2-s2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:22.2:r3:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:22.2:r3-s1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:22.3:-:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:22.3:r1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:22.3:r1-s1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:22.3:r1-s2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:22.3:r2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:22.3:r2-s1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:22.4:-:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:22.4:r1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:22.4:r2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:22.4:r2-s1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:22.4:r2-s2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:23.2:-:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:23.2:r1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:23.2:r1-s1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:23.2:r1-s2:*:*:*:*:*:*

EPSS

Процентиль: 32%

0.00124

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-788

CWE-125

Связанные уязвимости

GHSA-6rj9-5jww-q88j

CVSS3: 6.5

github

почти 2 года назад

An Access of Memory Location After End of Buffer vulnerability in the Layer-2 Control Protocols Daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, when LLDP is enabled on a specific interface, and a malformed LLDP packet is received, l2cpd crashes and restarts. The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP. Also, if any services depend on LLDP state (like PoE or VoIP device recognition), then these will also be affected. This issue affects: Junos OS: * from 21.4 before 21.4R3-S4, * from 22.1 before 22.1R3-S4, * from 22.2 before 22.2R3-S2, * from 22.3 before 22.3R2-S2, 22.3R3-S1, * from 22.4 before 22.4R3, * from 23.2 before 23.2R2. Junos OS Evolved: * from 21.4-EVO before 21.4R3-S5-EVO, * from 22.1-EVO before 22.1R3-S4-EVO, * from...

BDU:2024-03380

CVSS3: 6.5

fstec

почти 2 года назад

Уязвимость демона Layer-2 Control Protocols Daemon (l2cpd) протокола LLDP операционных систем Juniper Networks Junos OS и Junos OS Evolved, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 32%

0.00124

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-788

CWE-125