CVE-2024-30386 — Use After Free in Networks Junos OS

CWE-416 — Use After Free4 documents4 sources

Severity

7.1HIGHNVD

EPSS

0.1%

top 76.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Networks Junos OS Evolved Juniper Junos +1 more

Timeline

PublishedApr 12

Description

A Use-After-Free vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause l2ald to crash leading to a Denial-of-Service (DoS). In an EVPN-VXLAN scenario, when state updates are received and processed by the affected system, the correct order of some processing steps is not ensured, which can lead to an l2ald crash and restart. Whether the crash occurs depends on system internal timing w…

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

Affected Packages4 packages

▶CVEListV5juniper_networks/junos_os_evolved21.2-EVO — 21.2R3-S6-EVO+7

▶NVDjuniper/junos_os_evolved< 20.4+8

▶CVEListV5juniper_networks/junos_os21.2 — 21.2R3-S6+7

▶NVDjuniper/junos< 20.4+8

🔴Vulnerability Details

CVEList

Junos OS and Junos OS Evolved: In a EVPN-VXLAN scenario state changes on adjacent systems can cause an l2ald process crash↗2024-04-12

▶

GHSA

GHSA-r4g7-rp4j-9cv7: A Use-After-Free vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthentic↗2024-04-12

▶

📋Vendor Advisories

Juniper

CVE-2024-30386: A Use-After-Free vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenti↗2024-04-12

▶