#VU88444 Access of memory location after end of buffer in Junos OS Evolved and Juniper Junos OS
Vulnerability identifier: #VU88444
Vulnerability risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-788
Exploitation vector: Local network
Exploit availability: No
Vulnerable software:
Junos OS Evolved
Operating systems & Components /
Operating system
Juniper Junos OS
Operating systems & Components /
Operating system
Vendor: Juniper Networks, Inc.
Description
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to access of memory location after end of buffer error in the Layer-2 Control Protocols Daemon (l2cpd). A remote non-authenticated attacker can cause Denial of Service (DoS).
On all Junos OS and Junos OS Evolved platforms, when LLDP is enabled on a specific interface, and a malformed LLDP packet is received, l2cpd crashes and restarts.
The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Junos OS Evolved: 21.4R1-EVO - 21.4R3-S4-EVO, 22.1-EVO - 22.1R3-S3-EVO, 22.2-EVO - 22.2R3-S1-EVO, 22.3R1-EVO - 22.3R2-S1-EVO, 22.4R1-EVO - 22.4R2-S1-EVO, 22.4R2-S2-EVO, 23.2R1-EVO - 23.2R1-S1-EVO, 23.2R1-S2-EVO
Juniper Junos OS: 21.4R1 - 21.4R3-S3, 22.1R1 - 22.1R3-S3, 22.2R1 - 22.2R3-S1, 22.3R1 - 22.3R2-S1, 22.4R1 - 22.4R2-S2, 22.4R3-S1, 23.2R1 - 23.2R1-S1, 23.2R1-S2, 23.4R1-S1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
