PT-2024-5062 · Juniper Networks · Junos+2
Published
2024-04-10
·
Updated
2024-05-16
·
CVE-2024-30387
CVSS v4.0
7.1
High
| Vector | AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions:
Junos OS versions prior to 20.4R3-S9
Junos OS versions 21.2 prior to 21.2R3-S5
Junos OS versions 21.3 prior to 21.3R3-S5
Junos OS versions 21.4 prior to 21.4R3-S4
Junos OS versions 22.1 prior to 22.1R3-S2
Junos OS versions 22.2 prior to 22.2R3-S2
Junos OS versions 22.3 prior to 22.3R3
Junos OS versions 22.4 prior to 22.4R2
Description:
A Missing Synchronization vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on ACX5448 and ACX710 allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS). If an interface flaps while the system gathers statistics on that interface, two processes simultaneously access a shared resource which leads to a PFE crash and restart.
Recommendations:
For versions prior to 20.4R3-S9, update to 20.4R3-S9 or later.
For versions 21.2 prior to 21.2R3-S5, update to 21.2R3-S5 or later.
For versions 21.3 prior to 21.3R3-S5, update to 21.3R3-S5 or later.
For versions 21.4 prior to 21.4R3-S4, update to 21.4R3-S4 or later.
For versions 22.1 prior to 22.1R3-S2, update to 22.1R3-S2 or later.
For versions 22.2 prior to 22.2R3-S2, update to 22.2R3-S2 or later.
For versions 22.3 prior to 22.3R3, update to 22.3R3 or later.
For versions 22.4 prior to 22.4R2, update to 22.4R2 or later.
Fix
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Acx5448
Acx710
Junos