{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-30386","assignerOrgId":"8cbe9d5a-a066-4c94-8978-4b15efeae968","state":"PUBLISHED","assignerShortName":"juniper","dateReserved":"2024-03-26T23:06:12.476Z","datePublished":"2024-04-12T15:23:24.249Z","dateUpdated":"2024-08-02T01:32:07.240Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Junos OS","vendor":"Juniper Networks","versions":[{"lessThan":"20.4R3-S8","status":"affected","version":"0","versionType":"semver"},{"lessThan":"21.2R3-S6","status":"affected","version":"21.2","versionType":"semver"},{"lessThan":"21.3R3-S5","status":"affected","version":"21.3","versionType":"semver"},{"lessThan":"21.4R3-S4","status":"affected","version":"21.4","versionType":"semver"},{"lessThan":"22.1R3-S3","status":"affected","version":"22.1","versionType":"semver"},{"lessThan":"22.2R3-S1","status":"affected","version":"22.2","versionType":"semver"},{"lessThan":"22.3R3","status":"affected","version":"22.3","versionType":"semver"},{"lessThan":"22.4R2","status":"affected","version":"22.4","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Junos OS Evolved","vendor":"Juniper Networks","versions":[{"lessThan":"20.4R3-S8-EVO","status":"affected","version":"0","versionType":"semver"},{"lessThan":"21.2R3-S6-EVO","status":"affected","version":"21.2-EVO","versionType":"semver"},{"lessThan":"21.3R3-S5-EVO","status":"affected","version":"21.3-EVO","versionType":"semver"},{"lessThan":"21.4R3-S4-EVO","status":"affected","version":"21.4-EVO","versionType":"semver"},{"lessThan":"22.1R3-S3-EVO","status":"affected","version":"22.1-EVO","versionType":"semver"},{"lessThan":"22.2R3-S1-EVO","status":"affected","version":"22.2-EVO","versionType":"semver"},{"lessThan":"22.3R3-EVO","status":"affected","version":"22.3-EVO","versionType":"semver"},{"lessThan":"22.4R2-EVO","status":"affected","version":"22.4-EVO","versionType":"semver"}]}],"configurations":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<span style=\"background-color: rgb(251, 251, 251);\">To be exposed to this issue the device must be configured for EVPN-VXLAN. Refer to product documentation for how to configure EVPN-VXLAN as there are different configuration options.</span>"}],"value":"To be exposed to this issue the device must be configured for EVPN-VXLAN. Refer to product documentation for how to configure EVPN-VXLAN as there are different configuration options."}],"datePublic":"2024-04-10T16:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"A Use-After-Free vulnerability in the&nbsp;<span style=\"background-color: rgb(251, 251, 251);\">Layer 2 Address Learning Daemon (l2ald)</span>\n\n of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause l2ald to crash leading to a Denial-of-Service (DoS).<br><br>In an EVPN-VXLAN scenario,&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">when </span>\n\nstate updates are received and processed by the affected system, the correct order of some processing steps is not ensured, which can lead to an l2ald crash and restart. Whether the crash occurs depends on system internal timing which is outside the attackers control.<br><p>This issue affects:</p><p>Junos OS:&nbsp;</p><p></p><ul><li>All versions before 20.4R3-S8,</li><li>21.2 versions before 21.2R3-S6,</li><li>21.3 versions before 21.3R3-S5,</li><li>21.4 versions before 21.4R3-S4,</li><li>22.1 versions before 22.1R3-S3,</li><li>22.2 versions before 22.2R3-S1,</li><li>22.3 versions before 22.3R3,,</li><li>22.4 versions before 22.4R2;</li></ul><p></p><p>Junos OS Evolved:&nbsp;</p><p></p><ul><li>All versions before 20.4R3-S8-EVO,</li><li>21.2-EVO versions before 21.2R3-S6-EVO,&nbsp;</li><li>21.3-EVO\n\n versions before 21.3R3-S5-EVO,</li><li>21.4-EVO\n\n versions before 21.4R3-S4-EVO,</li><li>22.1-EVO\n\n versions before 22.1R3-S3-EVO,</li><li>22.2-EVO\n\n versions before 22.2R3-S1-EVO,</li><li>22.3-EVO\n\n versions before 22.3R3-EVO,</li><li>22.4-EVO\n\n<span style=\"background-color: var(--wht);\"> versions before 22.4R2-EVO.</span></li></ul><p></p>"}],"value":"A Use-After-Free vulnerability in the Layer 2 Address Learning Daemon (l2ald)\n\n of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause l2ald to crash leading to a Denial-of-Service (DoS).\n\nIn an EVPN-VXLAN scenario, when \n\nstate updates are received and processed by the affected system, the correct order of some processing steps is not ensured, which can lead to an l2ald crash and restart. Whether the crash occurs depends on system internal timing which is outside the attackers control.\nThis issue affects:\n\nJunos OS: \n\n\n\n  *  All versions before 20.4R3-S8,\n  *  21.2 versions before 21.2R3-S6,\n  *  21.3 versions before 21.3R3-S5,\n  *  21.4 versions before 21.4R3-S4,\n  *  22.1 versions before 22.1R3-S3,\n  *  22.2 versions before 22.2R3-S1,\n  *  22.3 versions before 22.3R3,,\n  *  22.4 versions before 22.4R2;\n\n\n\n\nJunos OS Evolved: \n\n\n\n  *  All versions before 20.4R3-S8-EVO,\n  *  21.2-EVO versions before 21.2R3-S6-EVO, \n  *  21.3-EVO\n\n versions before 21.3R3-S5-EVO,\n  *  21.4-EVO\n\n versions before 21.4R3-S4-EVO,\n  *  22.1-EVO\n\n versions before 22.1R3-S3-EVO,\n  *  22.2-EVO\n\n versions before 22.2R3-S1-EVO,\n  *  22.3-EVO\n\n versions before 22.3R3-EVO,\n  *  22.4-EVO\n\n versions before 22.4R2-EVO."}],"exploits":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}],"value":"Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"ADJACENT_NETWORK","availabilityImpact":"HIGH","baseScore":5.3,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]},{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"ADJACENT","baseScore":7.1,"baseSeverity":"HIGH","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-416","description":"CWE-416 Use After Free","lang":"en","type":"CWE"}]},{"descriptions":[{"description":"Denial-of-Service (DoS)","lang":"en"}]}],"providerMetadata":{"orgId":"8cbe9d5a-a066-4c94-8978-4b15efeae968","shortName":"juniper","dateUpdated":"2024-05-16T20:15:40.526Z"},"references":[{"tags":["vendor-advisory"],"url":"http://supportportal.juniper.net/JSA79184"},{"tags":["technical-description"],"url":"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"The following software releases have been updated to resolve this specific issue:<br>Junos OS: 20.4R3-S8, 21.2R3-S6, 21.3R3-S5, 21.4R3-S4, 21.4R3-S5, 22.1R3-S3, 22.2R3-S1, 22.3R3, 22.3R3-S2, 22.4R2, 23.2R1, and all subsequent releases;<br>\n\n<span style=\"background-color: rgb(255, 255, 255);\">Junos OS Evolved: 20.4R3-S8-EVO, 21.2R3-S6-EVO, 21.3R3-S5-EVO, 21.4R3-S4-EVO, 22.1R3-S3-EVO, 22.2R3-S1-EVO, 22.3R3-EVO, 22.4R2-EVO, 23.2R1-EVO, and all subsequent releases.</span><br>"}],"value":"The following software releases have been updated to resolve this specific issue:\nJunos OS: 20.4R3-S8, 21.2R3-S6, 21.3R3-S5, 21.4R3-S4, 21.4R3-S5, 22.1R3-S3, 22.2R3-S1, 22.3R3, 22.3R3-S2, 22.4R2, 23.2R1, and all subsequent releases;\n\n\nJunos OS Evolved: 20.4R3-S8-EVO, 21.2R3-S6-EVO, 21.3R3-S5-EVO, 21.4R3-S4-EVO, 22.1R3-S3-EVO, 22.2R3-S1-EVO, 22.3R3-EVO, 22.4R2-EVO, 23.2R1-EVO, and all subsequent releases."}],"source":{"advisory":"JSA79184","defect":["1700170"],"discovery":"INTERNAL"},"title":"Junos OS and Junos OS Evolved: In a EVPN-VXLAN scenario state changes on adjacent systems can cause an l2ald process crash","workarounds":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>There are no known workarounds for this issue.</p>"}],"value":"There are no known workarounds for this issue."}],"x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"title":"CISA ADP Vulnrichment","metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-30386","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-04-12T17:34:57.452134Z"}}}],"providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-04T17:39:00.999Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T01:32:07.240Z"},"title":"CVE Program Container","references":[{"tags":["vendor-advisory","x_transferred"],"url":"http://supportportal.juniper.net/JSA79184"},{"tags":["technical-description","x_transferred"],"url":"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"}]}]}}