Main Vulnerability Database Vulnerabilities #VU88444

Access of memory location after end of buffer in Junos OS Evolved and Juniper Junos OS - CVE-2024-21618

Published: April 11, 2024

Vulnerability identifier: #VU88444

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2024-21618

CWE-ID: CWE-788

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: Juniper Networks, Inc.

Affected software:
Junos OS Evolved
Juniper Junos OS

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to access of memory location after end of buffer error in the Layer-2 Control Protocols Daemon (l2cpd). A remote non-authenticated attacker can cause Denial of Service (DoS).

On all Junos OS and Junos OS Evolved platforms, when LLDP is enabled on a specific interface, and a malformed LLDP packet is received, l2cpd crashes and restarts.

The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP.

How to mitigate CVE-2024-21618

Install updates from vendor's website.

Sources

https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-When-LLDP-is-enabled-and-a-malformed-LLDP-packet-is-received-l2cpd-crashes-CVE-2024-21618

Access of memory location after end of buffer in Junos OS Evolved and Juniper Junos OS - CVE-2024-21618

Detailed vulnerability description

How to mitigate CVE-2024-21618

Sources

Please verify you're human