fkie_cve-2024-39531
Vulnerability from fkie_nvd
Published
2024-07-11 17:15
Modified
2024-11-21 09:27
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
An Improper Handling of Values vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX 7000 Series allows a network-based, unauthenticated attacker to cause a Denial-of-Service (DoS). If a value is configured for DDoS bandwidth or burst parameters for any protocol in a queue, all protocols which share the same queue will have their bandwidth or burst value changed to the new value. If, for example, OSPF was configured with a certain bandwidth value, ISIS would also be limited to this value. So inadvertently either the control plane is open for a high level of specific traffic which was supposed to be limited to a lower value, or the limit for a certain protocol is so low that chances to succeed with a volumetric DoS attack are significantly increased.  This issue affects Junos OS Evolved on ACX 7000 Series: * All versions before 21.4R3-S7-EVO, * 22.1 versions before 22.1R3-S6-EVO,  * 22.2 versions before 22.2R3-S3-EVO, * 22.3 versions before 22.3R3-S3-EVO,  * 22.4 versions before 22.4R3-S2-EVO, * 23.2 versions before 23.2R2-EVO, * 23.4 versions before 23.4R1-S1-EVO, 23.4R2-EVO.
References
sirt@juniper.nethttps://supportportal.juniper.net/JSA82991
af854a3a-2127-422b-91ae-364da2661108https://supportportal.juniper.net/JSA82991
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An Improper Handling of Values vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX 7000 Series allows a network-based, unauthenticated attacker to cause a Denial-of-Service (DoS).\n\nIf a value is configured for DDoS bandwidth or burst parameters for any protocol in\na queue, all protocols which share the same queue will have\ntheir bandwidth or burst value changed to the new value. If, for example, OSPF was configured with a certain bandwidth value, ISIS would also be limited to this value. So inadvertently either the control plane is open for a high level of specific traffic which was supposed to be limited to a lower value, or the limit for a certain protocol is so low that chances to succeed with a volumetric DoS attack are significantly increased.\u00a0\n\n\n\n\nThis issue affects Junos OS Evolved on ACX 7000 Series:\n\n\n\n  *  All versions before 21.4R3-S7-EVO,\n  *  22.1 versions before 22.1R3-S6-EVO,\u00a0\n  *  22.2 versions before 22.2R3-S3-EVO,\n  *  22.3 versions before 22.3R3-S3-EVO,\u00a0\n  *  22.4 versions before 22.4R3-S2-EVO,\n  *  23.2 versions before 23.2R2-EVO,\n  *  23.4 \n\nversions \n\nbefore 23.4R1-S1-EVO, 23.4R2-EVO."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de manejo inadecuado de valores en Packet Forwarding Engine (PFE) de Juniper Networks Junos OS evolucionado en la serie ACX 7000 permite que un atacante no autenticado basado en red provoque una denegaci\u00f3n de servicio (DoS). Si se configura un valor para el ancho de banda DDoS o los par\u00e1metros de r\u00e1faga para cualquier protocolo en una cola, todos los protocolos que comparten la misma cola cambiar\u00e1n su ancho de banda o valor de r\u00e1faga al nuevo valor. Si, por ejemplo, OSPF estuviera configurado con un determinado valor de ancho de banda, ISIS tambi\u00e9n estar\u00eda limitado a este valor. Entonces, sin darse cuenta, o el plano de control est\u00e1 abierto para un alto nivel de tr\u00e1fico espec\u00edfico que se supon\u00eda estaba limitado a un valor m\u00e1s bajo, o el l\u00edmite para un determinado protocolo es tan bajo que las posibilidades de \u00e9xito con un ataque DoS volum\u00e9trico aumentan significativamente. Este problema afecta a Junos OS Evolved en la serie ACX 7000: * Todas las versiones anteriores a 21.4R3-S7-EVO, * Versiones 22.1 anteriores a 22.1R3-S6-EVO, * Versiones 22.2 anteriores a 22.2R3-S3-EVO, * Versiones 22.3 anteriores a 22.3R3 -S3-EVO, *22.4 versiones anteriores a 22.4R3-S2-EVO, *23.2 versiones anteriores a 23.2R2-EVO, *23.4 versiones anteriores a 23.4R1-S1-EVO, 23.4R2-EVO."
    }
  ],
  "id": "CVE-2024-39531",
  "lastModified": "2024-11-21T09:27:56.690",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "sirt@juniper.net",
        "type": "Secondary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "automatable": "NOT_DEFINED",
          "availabilityRequirements": "NOT_DEFINED",
          "baseScore": 8.7,
          "baseSeverity": "HIGH",
          "confidentialityRequirements": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirements": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubsequentSystemAvailability": "NOT_DEFINED",
          "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
          "modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnerableSystemAvailability": "NOT_DEFINED",
          "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
          "modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "recovery": "NOT_DEFINED",
          "safety": "NOT_DEFINED",
          "subsequentSystemAvailability": "LOW",
          "subsequentSystemConfidentiality": "NONE",
          "subsequentSystemIntegrity": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnerabilityResponseEffort": "NOT_DEFINED",
          "vulnerableSystemAvailability": "HIGH",
          "vulnerableSystemConfidentiality": "NONE",
          "vulnerableSystemIntegrity": "NONE"
        },
        "source": "sirt@juniper.net",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-07-11T17:15:10.150",
  "references": [
    {
      "source": "sirt@juniper.net",
      "url": "https://supportportal.juniper.net/JSA82991"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://supportportal.juniper.net/JSA82991"
    }
  ],
  "sourceIdentifier": "sirt@juniper.net",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-229"
        }
      ],
      "source": "sirt@juniper.net",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.