CVE-2024-30401Out-of-bounds Read in Networks Junos OS

CWE-125Out-of-bounds Read4 documents4 sources
Severity
8.2HIGHNVD
EPSS
0.2%
top 61.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedApr 12

Description

An Out-of-bounds Read vulnerability in the advanced forwarding management process aftman of Juniper Networks Junos OS on MX Series with MPC10E, MPC11, MX10K-LC9600 line cards, MX304, and EX9200-15C, may allow an attacker to exploit a stack-based buffer overflow, leading to a reboot of the FPC. Through code review, it was determined that the interface definition code for aftman could read beyond a buffer boundary, leading to a stack-based buffer overflow. This issue affects Junos OS on MX Series

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5juniper_networks/junos_os21.221.2R3-S1+3
NVDjuniper/junos4 versions+3

🔴Vulnerability Details

2
CVEList
Junos OS: MX Series and EX9200-15C: Stack-based buffer overflow in aftman2024-04-12
GHSA
GHSA-pqmg-f829-g3ww: An Out-of-bounds Read vulnerability in the advanced forwarding management process aftman of Juniper Networks Junos OS on MX Series with MPC10E, MPC11,2024-04-12

📋Vendor Advisories

1
Juniper
CVE-2024-30401: An Out-of-bounds Read vulnerability in the advanced forwarding management process aftman of Juniper Networks Junos OS on MX Series with MPC10E, MPC11,2024-04-12
CVE-2024-30401 — Out-of-bounds Read | cvebase