Main Vulnerability Database Vulnerabilities #VU88444

#VU88444 Access of memory location after end of buffer in Junos OS Evolved and Juniper Junos OS - CVE-2024-21618

Published: April 11, 2024

Vulnerability identifier: #VU88444

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2024-21618

CWE-ID: CWE-788

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
Junos OS Evolved
Juniper Junos OS

Software vendor:
Juniper Networks, Inc.

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to access of memory location after end of buffer error in the Layer-2 Control Protocols Daemon (l2cpd). A remote non-authenticated attacker can cause Denial of Service (DoS).

On all Junos OS and Junos OS Evolved platforms, when LLDP is enabled on a specific interface, and a malformed LLDP packet is received, l2cpd crashes and restarts.

The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP.

Remediation

Install updates from vendor's website.

External links

https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-When-LLDP-is-enabled-and-a-malformed-LLDP-packet-is-received-l2cpd-crashes-CVE-2024-21618

#VU88444 Access of memory location after end of buffer in Junos OS Evolved and Juniper Junos OS - CVE-2024-21618

Description

Remediation

External links

Please verify you're human