CVE-2024-30378 — Use After Free in Networks Junos OS

CWE-416 — Use After Free4 documents4 sources

Severity

6.9MEDIUMNVD

EPSS

0.1%

top 84.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos

Timeline

PublishedApr 16

Description

A Use After Free vulnerability in command processing of Juniper Networks Junos OS on MX Series allows a local, authenticated attacker to cause the broadband edge service manager daemon (bbe-smgd) to crash upon execution of specific CLI commands, creating a Denial of Service (DoS) condition. The process crashes and restarts automatically. When specific CLI commands are executed, the bbe-smgd daemon attempts to write into an area of memory (mgd socket) that was already closed, causing the process…

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_os21.1 — 21.1R3-S4+7

▶NVDjuniper/junos< 20.4+8

🔴Vulnerability Details

CVEList

Junos OS: MX Series: bbe-smgd process crash upon execution of specific CLI commands↗2024-04-16

▶

GHSA

GHSA-38f5-rx4x-f6j9: A Use After Free vulnerability in command processing of Juniper Networks Junos OS on MX Series allows a local, authenticated attacker to cause the bro↗2024-04-16

▶

📋Vendor Advisories

Juniper

CVE-2024-30378: A Use After Free vulnerability in command processing of Juniper Networks Junos OS on MX Series allows a local, authenticated attacker to cause the bro↗2024-04-16

▶