CVE-2024-47508 - Vulnerability Details

Vendors	Products
Juniper Networks	Junos Os Evolved

Vendors	Products
Juniper Networks	Junos Os Evolved

Source	ID	Title
EUVD	EUVD-2024-42511	An Allocation of Resources Without Limits or Throttling vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an authenticated, network-based attacker to cause an FPC crash leading to a Denial of Service (DoS).When specific SNMP GET operations or specific low-priviledged CLI commands are executed, a GUID resource leak will occur, eventually leading to exhaustion and resulting in FPCs to hang. Affected FPCs need to be manually restarted to recover. GUID exhaustion will trigger a syslog message like one of the following: evo-pfemand[<pid>]: get_next_guid: Ran out of Guid Space ... evo-aftmand-zx[<pid>]: get_next_guid: Ran out of Guid Space ... The leak can be monitored by running the following command and taking note of the values in the rightmost column labeled Guids: user@host> show platform application-info allocations app evo-pfemand/evo-pfemand In case one or more of these values are constantly increasing the leak is happening. This issue affects Junos OS Evolved: * All versions before 21.2R3-S8-EVO, * 21.3 versions before 21.3R3-EVO; * 21.4 versions before 22.1R2-EVO, * 22.1 versions before 22.1R1-S1-EVO, 22.1R2-EVO. Please note that this issue is similar to, but different from CVE-2024-47505 and CVE-2024-47509.

Link	Providers
https://supportportal.juniper.net/

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Type	Values Removed	Values Added
Description		An Allocation of Resources Without Limits or Throttling vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an authenticated, network-based attacker to cause an FPC crash leading to a Denial of Service (DoS).When specific SNMP GET operations or specific low-priviledged CLI commands are executed, a GUID resource leak will occur, eventually leading to exhaustion and resulting in FPCs to hang. Affected FPCs need to be manually restarted to recover. GUID exhaustion will trigger a syslog message like one of the following: evo-pfemand[<pid>]: get_next_guid: Ran out of Guid Space ... evo-aftmand-zx[<pid>]: get_next_guid: Ran out of Guid Space ... The leak can be monitored by running the following command and taking note of the values in the rightmost column labeled Guids: user@host> show platform application-info allocations app evo-pfemand/evo-pfemand In case one or more of these values are constantly increasing the leak is happening. This issue affects Junos OS Evolved: * All versions before 21.2R3-S8-EVO, * 21.3 versions before 21.3R3-EVO; * 21.4 versions before 22.1R2-EVO, * 22.1 versions before 22.1R1-S1-EVO, 22.1R2-EVO. Please note that this issue is similar to, but different from CVE-2024-47505 and CVE-2024-47509.
Title		Junos OS Evolved: Specific low privileged CLI commands and SNMP GET requests can trigger a resource leak #2
Weaknesses		CWE-770
References		https://supportportal.juniper.net/
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` cvssV4_0 `{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/RE:M'}`

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-47508", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "state": "PUBLISHED", "assignerShortName": "juniper", "dateReserved": "2024-09-25T15:26:52.610Z", "datePublished": "2024-10-11T15:35:58.736Z", "dateUpdated": "2024-10-11T17:18:06.811Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Junos OS Evolved", "vendor": "Juniper Networks", "versions": [{"lessThan": "21.2R3-S8-EVO", "status": "affected", "version": "21.2", "versionType": "semver"}, {"lessThan": "21.3R3-EVO", "status": "affected", "version": "21.3", "versionType": "semver"}, {"lessThan": "21.4R2-EVO,", "status": "affected", "version": "21.4", "versionType": "semver"}, {"lessThan": "22.1R1-S1-EVO, 22.1R2-EVO", "status": "affected", "version": "22.1", "versionType": "semver"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "For this issue to be exploitable from the CLI there is no minimal configuration required. For this issue to be exploited via SNMP minimal SNMP configuration with at least read access is required: <tt>[ snmp community <name> ]</tt> or <tt>[ snmp v3 ... ]</tt>\n\n "}], "value": "For this issue to be exploitable from the CLI there is no minimal configuration required. For this issue to be exploited via SNMP minimal SNMP configuration with at least read access is required:\n\n[ snmp community <name> ]\n\nor\n\n[ snmp v3 ... ]"}], "datePublic": "2024-10-09T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An Allocation of Resources Without Limits or Throttling vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an authenticated, network-based attacker to cause an FPC crash leading to a Denial of Service (DoS).When specific SNMP GET operations or specific low-priviledged CLI commands are executed, a GUID resource leak will occur, eventually leading to exhaustion and resulting in FPCs to hang. Affected FPCs need to be manually restarted to recover.GUID exhaustion will trigger a syslog message like one of the following:<code>evo-pfemand[<pid>]: get_next_guid: Ran out of Guid Space ...</code> <code>evo-aftmand-zx[<pid>]: get_next_guid: Ran out of Guid Space ...</code> The leak can be monitored by running the following command and taking note of the values in the rightmost column labeled Guids:\n\n\n\n<tt>user@host> show platform application-info allocations app evo-pfemand/evo-pfemand </tt>\n\n In case one or more of these values are constantly increasing the leak is happening. This issue affects Junos OS Evolved:<ul><li>All versions before 21.2R3-S8-EVO,</li><li>21.3 versions before 21.3R3-EVO;</li><li>21.4 versions before 22.1R2-EVO, </li><li>22.1 versions before 22.1R1-S1-EVO, 22.1R2-EVO.</li></ul> \n\nPlease note that this issue is similar to, but different from CVE-2024-47505 and CVE-2024-47509.\n\n "}], "value": "An Allocation of Resources Without Limits or Throttling\u00a0vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an authenticated, network-based attacker to cause an FPC crash leading to a Denial of Service (DoS).When specific SNMP GET operations or specific low-priviledged CLI commands are executed, a GUID resource leak will occur, eventually leading to exhaustion and resulting in FPCs to hang. Affected FPCs need to be manually restarted to recover.\n\nGUID exhaustion will trigger a syslog message like one of the following:\n\nevo-pfemand[<pid>]: get_next_guid: Ran out of Guid Space ...\nevo-aftmand-zx[<pid>]: get_next_guid: Ran out of Guid Space ...\nThe leak can be monitored by running the following command and taking note of the values in the rightmost column labeled Guids:\n\n\n\n\n\nuser@host> show platform application-info allocations app evo-pfemand/evo-pfemand\n\n\n\nIn case one or more of these values are constantly increasing the leak is happening.\n\nThis issue affects Junos OS Evolved:\n\n\n\n * All versions before 21.2R3-S8-EVO,\n * 21.3 versions before 21.3R3-EVO;\n * 21.4 versions before 22.1R2-EVO,\n\n * 22.1 versions before\u00a022.1R1-S1-EVO, 22.1R2-EVO.\n\n\n\n\n\nPlease note that this issue is similar to, but different from CVE-2024-47505 and CVE-2024-47509."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV4_0": {"Automatable": "YES", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 7.1, "baseSeverity": "HIGH", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/RE:M", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2024-10-11T15:35:58.736Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://supportportal.juniper.net/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The following software releases have been updated to resolve this specific issue: 21.2R3-S8-EVO, 21.3R3-EVO, 21.4R2-EVO, 22.1R1-S1-EVO, 22.1R2-EVO, 22.2R1-EVO, and all subsequent releases."}], "value": "The following software releases have been updated to resolve this specific issue: 21.2R3-S8-EVO, 21.3R3-EVO, 21.4R2-EVO, 22.1R1-S1-EVO, 22.1R2-EVO, 22.2R1-EVO, and all subsequent releases."}], "source": {"advisory": "JSA88136", "defect": ["1661578"], "discovery": "INTERNAL"}, "title": "Junos OS Evolved: Specific low privileged CLI commands and SNMP GET requests can trigger a resource leak #2", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "There are no known workarounds for this issue. \n\nTo reduce the risk of exploitation of this issue, use access lists or firewall filters to limit access to only trusted networks, hosts and users.\n\n "}], "value": "There are no known workarounds for this issue.\n\n\nTo reduce the risk of exploitation of this issue, use access lists or firewall filters to limit access to only trusted networks, hosts and users."}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-11T17:17:56.510770Z", "id": "CVE-2024-47508", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-11T17:18:06.811Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-47508", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-11T17:17:56.510770Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-11T17:18:00.745Z"}}], "cna": {"title": "Junos OS Evolved: Specific low privileged CLI commands and SNMP GET requests can trigger a resource leak #2", "source": {"defect": ["1661578"], "advisory": "JSA88136", "discovery": "INTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.1, "Automatable": "YES", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/RE:M", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Juniper Networks", "product": "Junos OS Evolved", "versions": [{"status": "affected", "version": "21.2", "lessThan": "21.2R3-S8-EVO", "versionType": "semver"}, {"status": "affected", "version": "21.3", "lessThan": "21.3R3-EVO", "versionType": "semver"}, {"status": "affected", "version": "21.4", "lessThan": "21.4R2-EVO,", "versionType": "semver"}, {"status": "affected", "version": "22.1", "lessThan": "22.1R1-S1-EVO, 22.1R2-EVO", "versionType": "semver"}], "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.", "supportingMedia": [{"type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.", "base64": false}]}], "solutions": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue: 21.2R3-S8-EVO, 21.3R3-EVO, 21.4R2-EVO, 22.1R1-S1-EVO, 22.1R2-EVO, 22.2R1-EVO, and all subsequent releases.", "supportingMedia": [{"type": "text/html", "value": "The following software releases have been updated to resolve this specific issue: 21.2R3-S8-EVO, 21.3R3-EVO, 21.4R2-EVO, 22.1R1-S1-EVO, 22.1R2-EVO, 22.2R1-EVO, and all subsequent releases.", "base64": false}]}], "datePublic": "2024-10-09T16:00:00.000Z", "references": [{"url": "https://supportportal.juniper.net/", "tags": ["vendor-advisory"]}], "workarounds": [{"lang": "en", "value": "There are no known workarounds for this issue.\n\n\nTo reduce the risk of exploitation of this issue, use access lists or firewall filters to limit access to only trusted networks, hosts and users.", "supportingMedia": [{"type": "text/html", "value": "There are no known workarounds for this issue. \n\nTo reduce the risk of exploitation of this issue, use access lists or firewall filters to limit access to only trusted networks, hosts and users.\n\n ", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "An Allocation of Resources Without Limits or Throttling\u00a0vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an authenticated, network-based attacker to cause an FPC crash leading to a Denial of Service (DoS).When specific SNMP GET operations or specific low-priviledged CLI commands are executed, a GUID resource leak will occur, eventually leading to exhaustion and resulting in FPCs to hang. Affected FPCs need to be manually restarted to recover.\n\nGUID exhaustion will trigger a syslog message like one of the following:\n\nevo-pfemand[<pid>]: get_next_guid: Ran out of Guid Space ...\nevo-aftmand-zx[<pid>]: get_next_guid: Ran out of Guid Space ...\nThe leak can be monitored by running the following command and taking note of the values in the rightmost column labeled Guids:\n\n\n\n\n\nuser@host> show platform application-info allocations app evo-pfemand/evo-pfemand\n\n\n\nIn case one or more of these values are constantly increasing the leak is happening.\n\nThis issue affects Junos OS Evolved:\n\n\n\n * All versions before 21.2R3-S8-EVO,\n * 21.3 versions before 21.3R3-EVO;\n * 21.4 versions before 22.1R2-EVO,\n\n * 22.1 versions before\u00a022.1R1-S1-EVO, 22.1R2-EVO.\n\n\n\n\n\nPlease note that this issue is similar to, but different from CVE-2024-47505 and CVE-2024-47509.", "supportingMedia": [{"type": "text/html", "value": "An Allocation of Resources Without Limits or Throttling vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an authenticated, network-based attacker to cause an FPC crash leading to a Denial of Service (DoS).When specific SNMP GET operations or specific low-priviledged CLI commands are executed, a GUID resource leak will occur, eventually leading to exhaustion and resulting in FPCs to hang. Affected FPCs need to be manually restarted to recover.GUID exhaustion will trigger a syslog message like one of the following:<code>evo-pfemand[<pid>]: get_next_guid: Ran out of Guid Space ...</code> <code>evo-aftmand-zx[<pid>]: get_next_guid: Ran out of Guid Space ...</code> The leak can be monitored by running the following command and taking note of the values in the rightmost column labeled Guids:\n\n\n\n<tt>user@host> show platform application-info allocations app evo-pfemand/evo-pfemand </tt>\n\n In case one or more of these values are constantly increasing the leak is happening. This issue affects Junos OS Evolved:<ul><li>All versions before 21.2R3-S8-EVO,</li><li>21.3 versions before 21.3R3-EVO;</li><li>21.4 versions before 22.1R2-EVO, </li><li>22.1 versions before 22.1R1-S1-EVO, 22.1R2-EVO.</li></ul> \n\nPlease note that this issue is similar to, but different from CVE-2024-47505 and CVE-2024-47509.\n\n ", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling"}]}], "configurations": [{"lang": "en", "value": "For this issue to be exploitable from the CLI there is no minimal configuration required. For this issue to be exploited via SNMP minimal SNMP configuration with at least read access is required:\n\n[ snmp community <name> ]\n\nor\n\n[ snmp v3 ... ]", "supportingMedia": [{"type": "text/html", "value": "For this issue to be exploitable from the CLI there is no minimal configuration required. For this issue to be exploited via SNMP minimal SNMP configuration with at least read access is required: <tt>[ snmp community <name> ]</tt> or <tt>[ snmp v3 ... ]</tt>\n\n ", "base64": false}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2024-10-11T15:35:58.736Z"}}}, "cveMetadata": {"cveId": "CVE-2024-47508", "state": "PUBLISHED", "dateUpdated": "2024-10-11T17:18:06.811Z", "dateReserved": "2024-09-25T15:26:52.610Z", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "datePublished": "2024-10-11T15:35:58.736Z", "assignerShortName": "juniper"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An Allocation of Resources Without Limits or Throttling\u00a0vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an authenticated, network-based attacker to cause an FPC crash leading to a Denial of Service (DoS).When specific SNMP GET operations or specific low-priviledged CLI commands are executed, a GUID resource leak will occur, eventually leading to exhaustion and resulting in FPCs to hang. Affected FPCs need to be manually restarted to recover.\n\nGUID exhaustion will trigger a syslog message like one of the following:\n\nevo-pfemand[<pid>]: get_next_guid: Ran out of Guid Space ...\nevo-aftmand-zx[<pid>]: get_next_guid: Ran out of Guid Space ...\nThe leak can be monitored by running the following command and taking note of the values in the rightmost column labeled Guids:\n\n\n\n\n\nuser@host> show platform application-info allocations app evo-pfemand/evo-pfemand\n\n\n\nIn case one or more of these values are constantly increasing the leak is happening.\n\nThis issue affects Junos OS Evolved:\n\n\n\n * All versions before 21.2R3-S8-EVO,\n * 21.3 versions before 21.3R3-EVO;\n * 21.4 versions before 22.1R2-EVO,\n\n * 22.1 versions before\u00a022.1R1-S1-EVO, 22.1R2-EVO.\n\n\n\n\n\nPlease note that this issue is similar to, but different from CVE-2024-47505 and CVE-2024-47509."}, {"lang": "es", "value": "Una vulnerabilidad de asignaci\u00f3n de recursos sin l\u00edmites ni limitaci\u00f3n en el daemon de administraci\u00f3n PFE (evo-pfemand) de Juniper Networks Junos OS Evolved permite que un atacante autenticado basado en la red provoque un bloqueo de FPC que genere una denegaci\u00f3n de servicio (DoS). Cuando se ejecutan operaciones GET de SNMP espec\u00edficas o comandos CLI con privilegios bajos espec\u00edficos, se produce una p\u00e9rdida de recursos GUID que, con el tiempo, provoca el agotamiento y hace que los FPC se bloqueen. Los FPC afectados deben reiniciarse manualmente para recuperarse. El agotamiento de GUID activar\u00e1 un mensaje de syslog como uno de los siguientes: evo-pfemand[]: get_next_guid: Ran out of Guid Space ... evo-aftmand-zx[]: get_next_guid: Ran out of Guid Space ... La p\u00e9rdida se puede monitorear ejecutando el siguiente comando y tomando nota de los valores en la columna m\u00e1s a la derecha etiquetada Guids: user@host> show platform application-info assignments app evo-pfemand/evo-pfemand En caso de que uno o m\u00e1s de estos valores aumenten constantemente, la p\u00e9rdida est\u00e1 ocurriendo. Este problema afecta a Junos OS Evolved: * Todas las versiones anteriores a 21.2R3-S8-EVO, * 21.3 versiones anteriores a 21.3R3-EVO; * 21.4 versiones anteriores a 22.1R2-EVO, * 22.1 versiones anteriores a 22.1R1-S1-EVO, 22.1R2-EVO. Tenga en cuenta que este problema es similar, pero diferente de CVE-2024-47505 y CVE-2024-47509."}], "id": "CVE-2024-47508", "lastModified": "2024-10-15T12:58:51.050", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "sirt@juniper.net", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "automatable": "YES", "availabilityRequirements": "NOT_DEFINED", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "LOW", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:M/U:X", "version": "4.0", "vulnerabilityResponseEffort": "MODERATE", "vulnerableSystemAvailability": "HIGH", "vulnerableSystemConfidentiality": "NONE", "vulnerableSystemIntegrity": "NONE"}, "source": "sirt@juniper.net", "type": "Secondary"}]}, "published": "2024-10-11T16:15:12.957", "references": [{"source": "sirt@juniper.net", "url": "https://supportportal.juniper.net/"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "sirt@juniper.net", "type": "Primary"}]}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact Low

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact Low

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object