We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Zendesk (Helpdesk and Chat)
Ok

THREATINT
PUBLISHED

CVE-2024-30387

Junos OS: ACX5448 & ACX710: Due to interface flaps the PFE process can crash

Reserved:2024-03-26
Published:2024-04-12
Updated:2024-05-16

Description

A Missing Synchronization vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on ACX5448 and ACX710 allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS). If an interface flaps while the system gathers statistics on that interface, two processes simultaneously access a shared resource which leads to a PFE crash and restart. This issue affects Junos OS: * All versions before 20.4R3-S9, * 21.2 versions before 21.2R3-S5,  * 21.3 versions before 21.3R3-S5,  * 21.4 versions before 21.4R3-S4, * 22.1 versions before 22.1R3-S2, * 22.2 versions before 22.2R3-S2, * 22.3 versions before 22.3R2-S2, 22.3R3, * 22.4 versions before 22.4R2.



MEDIUM: 6.5CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

CWE-820 Missing Synchronization

Denial-of-Service (DoS)

Product status

Default status
unaffected

Any version before 20.4R3-S9
affected

21.2 before 21.2R3-S5
affected

21.3 before 21.3R3-S5
affected

21.4 before 21.4R3-S4
affected

22.1 before 22.1R3-S2
affected

22.2 before 22.2R3-S2
affected

22.3 before 22.3R2-S2, 22.3R3
affected

22.4 before 22.4R2, 22.4R3
affected

References

http://supportportal.juniper.net/JSA79187 vendor-advisory

https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L technical-description

cve.org CVE-2024-30387

nvd.nist.gov CVE-2024-30387

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-30387