CVE-2024-21610Improper Handling of Exceptional Conditions in Networks Junos OS

CWE-755Improper Handling of Exceptional Conditions4 documents4 sources
Severity
5.3MEDIUMNVD
EPSS
0.1%
top 79.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedApr 12

Description

An Improper Handling of Exceptional Conditions vulnerability in the Class of Service daemon (cosd) of Juniper Networks Junos OS allows an authenticated, network-based attacker with low privileges to cause a limited Denial of Service (DoS). In a scaled CoS scenario with 1000s of interfaces, when specific low privileged commands, received over NETCONF, SSH or telnet, are handled by cosd on behalf of mgd, the respective child management daemon (mgd) processes will get stuck. In case of (Netconf ov

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5juniper_networks/junos_os21.221.2R3-S7+8
NVDjuniper/junos< 20.4+9

🔴Vulnerability Details

2
CVEList
Junos OS: If in a scaled CoS scenario information on CoS state is gathered mgd processes get stuck2024-04-12
GHSA
GHSA-6w3v-8x64-r348: An Improper Handling of Exceptional Conditions vulnerability in the Class of Service daemon (cosd) of Juniper Networks Junos OS on MX Series allows an2024-04-12

📋Vendor Advisories

1
Juniper
CVE-2024-21610: An Improper Handling of Exceptional Conditions vulnerability in the Class of Service daemon (cosd) of Juniper Networks Junos OS allows an authenticate2024-04-12
CVE-2024-21610 — Networks Junos OS vulnerability | cvebase