Missing Synchronization Vulnerability in Juniper Networks Junos OS Could Lead to Denial-of-Service Attacks
CVE-2024-30387

6.5MEDIUM

Key Information:

Vendor: Juniper Networks
Status: Junos Os
Vendor: CVE Published:; 12 April 2024

Badges

👾 Exploit Exists

Summary

A Missing Synchronization vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on ACX5448 and ACX710 allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).

If an interface flaps while the system gathers statistics on that interface, two processes simultaneously access a shared resource which leads to a PFE crash and restart.

This issue affects Junos OS:

All versions before 20.4R3-S9,
21.2 versions before 21.2R3-S5,
21.3 versions before 21.3R3-S5,
21.4 versions before 21.4R3-S4,
22.1 versions before 22.1R3-S2,
22.2 versions before 22.2R3-S2,
22.3 versions before 22.3R2-S2, 22.3R3,
22.4 versions before 22.4R2.

Affected Version(s)

Junos OS ACX5448 0 < 20.4R3-S9

Junos OS ACX5448 21.2 < 21.2R3-S5

Junos OS ACX5448 21.3 < 21.3R3-S5

References

http://supportportal.juniper.net/JSA79187

vendor-advisory

https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/A...

technical-description

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
May 16, 2024
Vulnerability published
Apr 12, 2024
Vulnerability Reserved
Mar 26, 2024

Collectors

NVD DatabaseMitre Database