Lucene search

[email protected]NVD:CVE-2024-30390

HistoryApr 12, 2024 - 4:15 p.m.

CVE-2024-30390

2024-04-1216:15:38

CWE-307

[email protected]

web.nvd.nist.gov

juniper networks

junos os evolved

vulnerability

denial of service

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

0.0005 Low

EPSS

Percentile

17.1%

JSON

An Improper Restriction of Excessive Authentication Attempts vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a limited Denial of Service (DoS) to the management plane.

When an incoming connection was blocked because it exceeded the connections-per-second rate-limit, the system doesn’t consider existing connections anymore for subsequent connection attempts so that the connection limit can be exceeded.
This issue affects Junos OS Evolved:

All versions before 21.4R3-S4-EVO,
22.1-EVO versions before 22.1R3-S3-EVO,
22.2-EVO versions before 22.2R3-S2-EVO,
22.3-EVO versions before 22.3R2-S1-EVO, 22.3R3-EVO.

References

supportportal.juniper.net/JSA79183

www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for NVD:CVE-2024-30390

cvelist1 nessus1 cve1