THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Fathom (Privacy friendly web analytics)
Zendesk (Helpdesk and Chat)

Ok

Home | EN
Support
CVE
PUBLISHED

CVE-2024-39511

Junos OS: The 802.1X Authentication Daemon crashes on running a specific command

Assignerjuniper
Reserved2024-06-25
Published2024-07-10
Updated2024-07-11

Description

An Improper Input Validation vulnerability in the 802.1X Authentication (dot1x) Daemon of Juniper Networks Junos OS allows a local, low-privileged attacker with access to the CLI to cause a Denial of Service (DoS). On running a specific operational dot1x command, the dot1x daemon crashes. An attacker can cause a sustained DoS condition by running this command repeatedly. When the crash occurs, the authentication status of any 802.1x clients is cleared, and any authorized dot1x port becomes unauthorized. The client cannot re-authenticate until the dot1x daemon restarts. This issue affects Junos OS: * All versions before 20.4R3-S10; * 21.2 versions before 21.2R3-S7; * 21.4 versions before 21.4R3-S6; * 22.1 versions before 22.1R3-S5; * 22.2 versions before 22.2R3-S3; * 22.3 versions before 22.3R3-S2; * 22.4 versions before 22.4R3-S1; * 23.2 versions before 23.2R2.



MEDIUM: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
MEDIUM: 6.8CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-20 Improper Input Validation

Product status

Default status
unaffected

Any version before 20.4R3-S10
affected

21.2 before 21.2R3-S7
affected

21.4 before 21.4R3-S6
affected

22.1 before 22.1R3-S5
affected

22.2 before 22.2R3-S3
affected

22.3 before 22.3R3-S2
affected

22.4 before 22.4R3-S1
affected

23.2 before 23.2R2
affected

References

https://supportportal.juniper.net/JSA82976 vendor-advisory

cve.org CVE-2024-39511

nvd.nist.gov CVE-2024-39511

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-39511
© Copyright 2024 THREATINT. Made in Cyprus with +