Lucene search
JuniperCVE-2024-39528HistoryJul 11, 2024 - 4:15 p.m.
CVE-2024-39528
2024-07-1116:15:04
CWE-416
juniper
web.nvd.nist.gov
26
juniper networks
rpd
junos os
junos os evolved
use after free
vulnerability
denial of service
dos
routing protocol daemon
authenticated
network-based attacker
routing-instance deactivation
snmp request
segmentation fault
crash
restart
CVSS3
5.7
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
CVSS4
6
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/SC:N/VI:N/SI:N/VA:H/SA:L
EPSS
0
Percentile
13.7%
A Use After Free vulnerability in the Routing Protocol Daemon (rpd) ofย Juniper Networks Junos OS and Junos OS Evolved allows an authenticated, network-based attacker to cause a Denial of Service (DoS).On all Junos OS and Junos Evolved platforms, if a routing-instance deactivation is triggered, and at the same time a specific SNMP request is received, a segmentation fault occurs which causes rpd to crash and restart.
This issue affects:
Junos OS:
- All versions before 21.2R3-S8,
- 21.4 versions before 21.4R3-S5,
- 22.2 versions before 22.2R3-S3,
- 22.3 versions before 22.3R3-S2,
- 22.4 versions before 22.4R3,
- 23.2 versions before 23.2R2.
Junos OS Evolved:
- All versions before 21.2R3-S8-EVO,
- 21.4-EVO versions before 21.4R3-S5-EVO,
- 22.2-EVO versions before 22.2R3-S3-EVO,
- 22.3-EVO versions before 22.3R3-S2-EVO,
- 22.4-EVO versions before 22.4R3-EVO,
- 23.2-EVO versions before 23.2R2-EVO.
Affected configurations
Node
juniperjunosRange<21.2
ORjuniperjunosMatch21.2-
ORjuniperjunosMatch21.2r1
ORjuniperjunosMatch21.2r1-s1
ORjuniperjunosMatch21.2r1-s2
ORjuniperjunosMatch21.2r2
ORjuniperjunosMatch21.2r2-s1
ORjuniperjunosMatch21.2r2-s2
ORjuniperjunosMatch21.2r3
ORjuniperjunosMatch21.2r3-s1
ORjuniperjunosMatch21.2r3-s2
ORjuniperjunosMatch21.2r3-s3
ORjuniperjunosMatch21.2r3-s4
ORjuniperjunosMatch21.2r3-s5
ORjuniperjunosMatch21.2r3-s6
ORjuniperjunosMatch21.2r3-s7
Node
juniperjunosMatch21.4-
ORjuniperjunosMatch21.4r1
ORjuniperjunosMatch21.4r1-s1
ORjuniperjunosMatch21.4r1-s2
ORjuniperjunosMatch21.4r2
ORjuniperjunosMatch21.4r2-s1
ORjuniperjunosMatch21.4r2-s2
ORjuniperjunosMatch21.4r3
ORjuniperjunosMatch21.4r3-s1
ORjuniperjunosMatch21.4r3-s2
ORjuniperjunosMatch21.4r3-s3
ORjuniperjunosMatch21.4r3-s4
Node
juniperjunosMatch22.2-
ORjuniperjunosMatch22.2r1
ORjuniperjunosMatch22.2r1-s1
ORjuniperjunosMatch22.2r1-s2
ORjuniperjunosMatch22.2r2
ORjuniperjunosMatch22.2r2-s1
ORjuniperjunosMatch22.2r2-s2
ORjuniperjunosMatch22.2r3
ORjuniperjunosMatch22.2r3-s1
ORjuniperjunosMatch22.2r3-s2
Node
juniperjunosMatch22.3-
ORjuniperjunosMatch22.3r1
ORjuniperjunosMatch22.3r1-s1
ORjuniperjunosMatch22.3r1-s2
ORjuniperjunosMatch22.3r2
ORjuniperjunosMatch22.3r2-s1
ORjuniperjunosMatch22.3r2-s2
ORjuniperjunosMatch22.3r3
ORjuniperjunosMatch22.3r3-s1
Node
juniperjunosMatch22.4-
ORjuniperjunosMatch22.4r1
ORjuniperjunosMatch22.4r1-s1
ORjuniperjunosMatch22.4r1-s2
ORjuniperjunosMatch22.4r2
ORjuniperjunosMatch22.4r2-s1
ORjuniperjunosMatch22.4r2-s2
Node
juniperjunosMatch23.2-
ORjuniperjunosMatch23.2r1
ORjuniperjunosMatch23.2r1-s1
ORjuniperjunosMatch23.2r1-s2
Node
juniperjunos_os_evolvedRange<21.2
ORjuniperjunos_os_evolvedMatch21.2-
ORjuniperjunos_os_evolvedMatch21.2r1
ORjuniperjunos_os_evolvedMatch21.2r1-s1
ORjuniperjunos_os_evolvedMatch21.2r1-s2
ORjuniperjunos_os_evolvedMatch21.2r2
ORjuniperjunos_os_evolvedMatch21.2r2-s1
ORjuniperjunos_os_evolvedMatch21.2r2-s2
ORjuniperjunos_os_evolvedMatch21.2r3
ORjuniperjunos_os_evolvedMatch21.2r3-s1
ORjuniperjunos_os_evolvedMatch21.2r3-s2
ORjuniperjunos_os_evolvedMatch21.2r3-s3
ORjuniperjunos_os_evolvedMatch21.2r3-s4
ORjuniperjunos_os_evolvedMatch21.2r3-s5
ORjuniperjunos_os_evolvedMatch21.2r3-s6
ORjuniperjunos_os_evolvedMatch21.2r3-s7
ORjuniperjunos_os_evolvedMatch21.4-
ORjuniperjunos_os_evolvedMatch21.4r1
ORjuniperjunos_os_evolvedMatch21.4r1-s1
ORjuniperjunos_os_evolvedMatch21.4r1-s2
ORjuniperjunos_os_evolvedMatch21.4r2
ORjuniperjunos_os_evolvedMatch21.4r2-s1
ORjuniperjunos_os_evolvedMatch21.4r2-s2
ORjuniperjunos_os_evolvedMatch21.4r3
ORjuniperjunos_os_evolvedMatch21.4r3-s1
ORjuniperjunos_os_evolvedMatch21.4r3-s2
ORjuniperjunos_os_evolvedMatch21.4r3-s3
ORjuniperjunos_os_evolvedMatch21.4r3-s4
ORjuniperjunos_os_evolvedMatch22.2-
ORjuniperjunos_os_evolvedMatch22.2r1
ORjuniperjunos_os_evolvedMatch22.2r1-s1
ORjuniperjunos_os_evolvedMatch22.2r1-s2
ORjuniperjunos_os_evolvedMatch22.2r2
ORjuniperjunos_os_evolvedMatch22.2r2-s1
ORjuniperjunos_os_evolvedMatch22.2r2-s2
ORjuniperjunos_os_evolvedMatch22.2r3
ORjuniperjunos_os_evolvedMatch22.2r3-s1
ORjuniperjunos_os_evolvedMatch22.2r3-s2
ORjuniperjunos_os_evolvedMatch22.4-
ORjuniperjunos_os_evolvedMatch22.4r1
ORjuniperjunos_os_evolvedMatch22.4r1-s1
ORjuniperjunos_os_evolvedMatch22.4r1-s2
ORjuniperjunos_os_evolvedMatch22.4r2
ORjuniperjunos_os_evolvedMatch22.4r2-s1
ORjuniperjunos_os_evolvedMatch22.4r2-s2
ORjuniperjunos_os_evolvedMatch23.2-
ORjuniperjunos_os_evolvedMatch23.2r1
ORjuniperjunos_os_evolvedMatch23.2r1-s1
ORjuniperjunos_os_evolvedMatch23.2r1-s2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| juniper | junos | * | cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:* |
| juniper | junos | 21.2 | cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:* |
| juniper | junos | 21.2 | cpe:2.3:o:juniper:junos:21.2:r1:*:*:*:*:*:* |
| juniper | junos | 21.2 | cpe:2.3:o:juniper:junos:21.2:r1-s1:*:*:*:*:*:* |
| juniper | junos | 21.2 | cpe:2.3:o:juniper:junos:21.2:r1-s2:*:*:*:*:*:* |
| juniper | junos | 21.2 | cpe:2.3:o:juniper:junos:21.2:r2:*:*:*:*:*:* |
| juniper | junos | 21.2 | cpe:2.3:o:juniper:junos:21.2:r2-s1:*:*:*:*:*:* |
| juniper | junos | 21.2 | cpe:2.3:o:juniper:junos:21.2:r2-s2:*:*:*:*:*:* |
| juniper | junos | 21.2 | cpe:2.3:o:juniper:junos:21.2:r3:*:*:*:*:*:* |
| juniper | junos | 21.2 | cpe:2.3:o:juniper:junos:21.2:r3-s1:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S5",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S3",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S2",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2",
"status": "affected",
"version": "23.2",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S8-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S5-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S3-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S2-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R3-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
},
{
"lessThan": "23.2R2-EVO",
"status": "affected",
"version": "23.2-EVO",
"versionType": "semver"
}
]
}
]References
Related
cvelist
cvelist
vulnrichment
vulnrichment
nvd
nvd
CVE-2024-39528
2024-07-11 16:15:04
nessus
nessus
Juniper Junos OS Vulnerability (JSA82987)
2024-07-10 00:00:00
CVSS3
5.7
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
CVSS4
6
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/SC:N/VI:N/SI:N/VA:H/SA:L
EPSS
0
Percentile
13.7%
Related for CVE-2024-39528