CVE-2024-39511Improper Input Validation in Networks Junos OS

CWE-20Improper Input Validation4 documents4 sources
Severity
6.8MEDIUMNVD
EPSS
0.1%
top 83.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedJul 10
Latest updateJul 11

Description

An Improper Input Validation vulnerability in the 802.1X Authentication (dot1x) Daemon of Juniper Networks Junos OS allows a local, low-privileged attacker with access to the CLI to cause a Denial of Service (DoS). On running a specific operational dot1x command, the dot1x daemon crashes. An attacker can cause a sustained DoS condition by running this command repeatedly. When the crash occurs, the authentication status of any 802.1x clients is cleared, and any authorized dot1x port becomes una

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5juniper_networks/junos_os21.221.2R3-S7+7
NVDjuniper/junos< 20.4+8

🔴Vulnerability Details

2
GHSA
GHSA-g643-7wqc-f2xg: An Improper Input Validation vulnerability in the 8022024-07-11
CVEList
Junos OS: The 802.1X Authentication Daemon crashes on running a specific command2024-07-10

📋Vendor Advisories

1
Juniper
CVE-2024-39511: An Improper Input Validation vulnerability in the 802.1X Authentication (dot1x) Daemon of Juniper Networks Junos OS allows a local, low-privileged att2024-07-10
CVE-2024-39511 — Improper Input Validation | cvebase