CVE-2024-30384 - Vulnerability Details

Description

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on EX4300 Series allows a locally authenticated attacker with low privileges to cause a Denial-of-Service (Dos).

If a specific CLI command is issued, a PFE crash will occur. This will cause traffic forwarding to be interrupted until the system self-recovers.

This issue affects Junos OS:

All versions before 20.4R3-S10,

21.2 versions before 21.2R3-S7,

21.4 versions before 21.4R3-S6.

Published: 2024-04-12

Score: 6.8 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Juniper Networks

Junos OS

unaffected

Version	Status	Constraints
`0`	affected	< 20.4R3-S10
`21.2`	affected	< 21.2R3-S7
`21.4`	affected	< 21.4R3-S6

Configuration 1 [-]

AND

OR	cpe:2.3:o:juniper:junos::::::::
	cpe:2.3:o:juniper:junos:20.4:-::::::
	cpe:2.3:o:juniper:junos:20.4:r1::::::
	cpe:2.3:o:juniper:junos:20.4:r1-s1::::::
	cpe:2.3:o:juniper:junos:20.4:r2::::::
	cpe:2.3:o:juniper:junos:20.4:r2-s1::::::
	cpe:2.3:o:juniper:junos:20.4:r2-s2::::::
	cpe:2.3:o:juniper:junos:20.4:r3::::::
	cpe:2.3:o:juniper:junos:20.4:r3-s1::::::
	cpe:2.3:o:juniper:junos:20.4:r3-s2::::::
	cpe:2.3:o:juniper:junos:20.4:r3-s3::::::
	cpe:2.3:o:juniper:junos:20.4:r3-s4::::::
	cpe:2.3:o:juniper:junos:20.4:r3-s5::::::
	cpe:2.3:o:juniper:junos:20.4:r3-s6::::::
	cpe:2.3:o:juniper:junos:20.4:r3-s7::::::
	cpe:2.3:o:juniper:junos:20.4:r3-s8::::::
	cpe:2.3:o:juniper:junos:20.4:r3-s9::::::
	cpe:2.3:o:juniper:junos:21.2:-::::::
	cpe:2.3:o:juniper:junos:21.2:r1::::::
	cpe:2.3:o:juniper:junos:21.2:r1-s1::::::
	cpe:2.3:o:juniper:junos:21.2:r1-s2::::::
	cpe:2.3:o:juniper:junos:21.2:r2::::::
	cpe:2.3:o:juniper:junos:21.2:r2-s1::::::
	cpe:2.3:o:juniper:junos:21.2:r2-s2::::::
	cpe:2.3:o:juniper:junos:21.2:r3::::::
	cpe:2.3:o:juniper:junos:21.2:r3-s1::::::
	cpe:2.3:o:juniper:junos:21.2:r3-s2::::::
	cpe:2.3:o:juniper:junos:21.2:r3-s3::::::
	cpe:2.3:o:juniper:junos:21.2:r3-s4::::::
	cpe:2.3:o:juniper:junos:21.2:r3-s5::::::
	cpe:2.3:o:juniper:junos:21.2:r3-s6::::::
	cpe:2.3:o:juniper:junos:21.4:r1::::::
	cpe:2.3:o:juniper:junos:21.4:r1-s1::::::
	cpe:2.3:o:juniper:junos:21.4:r1-s2::::::
	cpe:2.3:o:juniper:junos:21.4:r2::::::
	cpe:2.3:o:juniper:junos:21.4:r2-s1::::::
	cpe:2.3:o:juniper:junos:21.4:r2-s2::::::
	cpe:2.3:o:juniper:junos:21.4:r3::::::
	cpe:2.3:o:juniper:junos:21.4:r3-s1::::::
	cpe:2.3:o:juniper:junos:21.4:r3-s2::::::
	cpe:2.3:o:juniper:junos:21.4:r3-s3::::::
	cpe:2.3:o:juniper:junos:21.4:r3-s4::::::
	cpe:2.3:o:juniper:junos:21.4:r3-s5::::::

OR	cpe:2.3:h:juniper:ex4300:-:::::::*
	cpe:2.3:h:juniper:ex4300-24p:-:::::::*
	cpe:2.3:h:juniper:ex4300-24p-s:-:::::::*
	cpe:2.3:h:juniper:ex4300-24t:-:::::::*
	cpe:2.3:h:juniper:ex4300-24t-s:-:::::::*
	cpe:2.3:h:juniper:ex4300-32f:-:::::::*
	cpe:2.3:h:juniper:ex4300-32f-dc:-:::::::*
	cpe:2.3:h:juniper:ex4300-32f-s:-:::::::*
	cpe:2.3:h:juniper:ex4300-48mp:-:::::::*
	cpe:2.3:h:juniper:ex4300-48mp-s:-:::::::*
	cpe:2.3:h:juniper:ex4300-48p:-:::::::*
	cpe:2.3:h:juniper:ex4300-48p-s:-:::::::*
	cpe:2.3:h:juniper:ex4300-48t:-:::::::*
	cpe:2.3:h:juniper:ex4300-48t-afi:-:::::::*
	cpe:2.3:h:juniper:ex4300-48t-dc:-:::::::*
	cpe:2.3:h:juniper:ex4300-48t-dc-afi:-:::::::*
	cpe:2.3:h:juniper:ex4300-48t-s:-:::::::*

No data.

No data available yet.

Remediation

Vendor Solution

The following software releases have been updated to resolve this specific issue: 20.4R3-S10, 21.2R3-S7, 21.4R3-S6, and all subsequent releases of these branches.

Vendor Workaround

There are no known workarounds for this issue.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2024-28305	An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on EX4300 Series allows a locally authenticated attacker with low privileges to cause a Denial-of-Service (Dos). If a specific CLI command is issued, a PFE crash will occur. This will cause traffic forwarding to be interrupted until the system self-recovers. This issue affects Junos OS: All versions before 20.4R3-S10, 21.2 versions before 21.2R3-S7, 21.4 versions before 21.4R3-S6.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact Low

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00048.

Key SSVC decision points have not yet been added.

References

Link	Providers
http://supportportal.juniper.net/JSA79186
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

History

Thu, 06 Feb 2025 21:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Juniper Juniper ex4300 Juniper ex4300-24p Juniper ex4300-24p-s Juniper ex4300-24t Juniper ex4300-24t-s Juniper ex4300-32f Juniper ex4300-32f-dc Juniper ex4300-32f-s Juniper ex4300-48mp Juniper ex4300-48mp-s Juniper ex4300-48p Juniper ex4300-48p-s Juniper ex4300-48t Juniper ex4300-48t-afi Juniper ex4300-48t-dc Juniper ex4300-48t-dc-afi Juniper ex4300-48t-s Juniper junos
CPEs		cpe:2.3:h:juniper:ex4300-24p-s:-:::::::* cpe:2.3:h:juniper:ex4300-24p:-:::::::* cpe:2.3:h:juniper:ex4300-24t-s:-:::::::* cpe:2.3:h:juniper:ex4300-24t:-:::::::* cpe:2.3:h:juniper:ex4300-32f-dc:-:::::::* cpe:2.3:h:juniper:ex4300-32f-s:-:::::::* cpe:2.3:h:juniper:ex4300-32f:-:::::::* cpe:2.3:h:juniper:ex4300-48mp-s:-:::::::* cpe:2.3:h:juniper:ex4300-48mp:-:::::::* cpe:2.3:h:juniper:ex4300-48p-s:-:::::::* cpe:2.3:h:juniper:ex4300-48p:-:::::::* cpe:2.3:h:juniper:ex4300-48t-afi:-:::::::* cpe:2.3:h:juniper:ex4300-48t-dc-afi:-:::::::* cpe:2.3:h:juniper:ex4300-48t-dc:-:::::::* cpe:2.3:h:juniper:ex4300-48t-s:-:::::::* cpe:2.3:h:juniper:ex4300-48t:-:::::::* cpe:2.3:h:juniper:ex4300:-:::::::* cpe:2.3:o:juniper:junos:::::::: cpe:2.3:o:juniper:junos:20.4:-:::::: cpe:2.3:o:juniper:junos:20.4:r1-s1:::::: cpe:2.3:o:juniper:junos:20.4:r1:::::: cpe:2.3:o:juniper:junos:20.4:r2-s1:::::: cpe:2.3:o:juniper:junos:20.4:r2-s2:::::: cpe:2.3:o:juniper:junos:20.4:r2:::::: cpe:2.3:o:juniper:junos:20.4:r3-s1:::::: cpe:2.3:o:juniper:junos:20.4:r3-s2:::::: cpe:2.3:o:juniper:junos:20.4:r3-s3:::::: cpe:2.3:o:juniper:junos:20.4:r3-s4:::::: cpe:2.3:o:juniper:junos:20.4:r3-s5:::::: cpe:2.3:o:juniper:junos:20.4:r3-s6:::::: cpe:2.3:o:juniper:junos:20.4:r3-s7:::::: cpe:2.3:o:juniper:junos:20.4:r3-s8:::::: cpe:2.3:o:juniper:junos:20.4:r3-s9:::::: cpe:2.3:o:juniper:junos:20.4:r3:::::: cpe:2.3:o:juniper:junos:21.2:-:::::: cpe:2.3:o:juniper:junos:21.2:r1-s1:::::: cpe:2.3:o:juniper:junos:21.2:r1-s2:::::: cpe:2.3:o:juniper:junos:21.2:r1:::::: cpe:2.3:o:juniper:junos:21.2:r2-s1:::::: cpe:2.3:o:juniper:junos:21.2:r2-s2:::::: cpe:2.3:o:juniper:junos:21.2:r2:::::: cpe:2.3:o:juniper:junos:21.2:r3-s1:::::: cpe:2.3:o:juniper:junos:21.2:r3-s2:::::: cpe:2.3:o:juniper:junos:21.2:r3-s3:::::: cpe:2.3:o:juniper:junos:21.2:r3-s4:::::: cpe:2.3:o:juniper:junos:21.2:r3-s5:::::: cpe:2.3:o:juniper:junos:21.2:r3-s6:::::: cpe:2.3:o:juniper:junos:21.2:r3:::::: cpe:2.3:o:juniper:junos:21.4:r1-s1:::::: cpe:2.3:o:juniper:junos:21.4:r1-s2:::::: cpe:2.3:o:juniper:junos:21.4:r1:::::: cpe:2.3:o:juniper:junos:21.4:r2-s1:::::: cpe:2.3:o:juniper:junos:21.4:r2-s2:::::: cpe:2.3:o:juniper:junos:21.4:r2:::::: cpe:2.3:o:juniper:junos:21.4:r3-s1:::::: cpe:2.3:o:juniper:junos:21.4:r3-s2:::::: cpe:2.3:o:juniper:junos:21.4:r3-s3:::::: cpe:2.3:o:juniper:junos:21.4:r3-s4:::::: cpe:2.3:o:juniper:junos:21.4:r3-s5:::::: cpe:2.3:o:juniper:junos:21.4:r3::::::
Vendors & Products		Juniper Juniper ex4300 Juniper ex4300-24p Juniper ex4300-24p-s Juniper ex4300-24t Juniper ex4300-24t-s Juniper ex4300-32f Juniper ex4300-32f-dc Juniper ex4300-32f-s Juniper ex4300-48mp Juniper ex4300-48mp-s Juniper ex4300-48p Juniper ex4300-48p-s Juniper ex4300-48t Juniper ex4300-48t-afi Juniper ex4300-48t-dc Juniper ex4300-48t-dc-afi Juniper ex4300-48t-s Juniper junos

Subscriptions

Juniper Ex4300 Ex4300-24p Ex4300-24p-s Ex4300-24t Ex4300-24t-s Ex4300-32f Ex4300-32f-dc Ex4300-32f-s Ex4300-48mp Ex4300-48mp-s Ex4300-48p Ex4300-48p-s Ex4300-48t Ex4300-48t-afi Ex4300-48t-dc Ex4300-48t-dc-afi Ex4300-48t-s Junos

MITRE

Status: PUBLISHED

Assigner: juniper

Published: 2024-04-12T15:22:40.490Z

Updated: 2024-08-02T01:32:07.095Z

Reserved: 2024-03-26T23:06:12.475Z

Link: CVE-2024-30384

Vulnrichment

Updated: 2024-08-02T01:32:07.095Z

NVD

Status : Analyzed

Published: 2024-04-12T16:15:37.440

Modified: 2025-02-06T20:36:55.430

Link: CVE-2024-30384

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-754

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact Low

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object