VDB
CVE-2024-30378
CVE-2024-30378
PUBLISHED
Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.
EPSS 0.05% · 16.4th percentile
Risk Scores
EPSS Score
0.05%
16.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Juniper | Juniper QFX Series | |
| Juniper | Juniper JUNOS | |
| Juniper | Juniper SRX Series | |
| Juniper | Juniper MX Series | |
| Juniper | Juniper JUNOS Evolved | |
| Juniper | Juniper EX Series |
Timeline
- Apr 10, 2024 CVE Published
- Apr 17, 2024 EPSS Score
- May 12, 2024 EPSS Score
- Jun 7, 2024 EPSS Score
- Jul 2, 2024 EPSS Score
- Jul 26, 2024 EPSS Score
- Aug 20, 2024 EPSS Score
- Sep 14, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score
- Oct 9, 2024 EPSS Score
- Nov 3, 2024 EPSS Score
- Nov 28, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0855.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0855 advisory
- https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-Evolved-Packets-which-are-not-destined-to-the-device-can-reach-the-RE-CVE-2024-21590?language=en_US advisory
- https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-MX-Series-with-MPC10-MPC11-LC9600-and-MX304-A-specific-MPLS-packet-will-cause-a-PFE-crash-CVE-2024-21593?language=en_US advisory
- https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-malformed-BGP-tunnel-encapsulation-attribute-will-lead-to-an-rpd-crash-CVE-2024-21598?language=en_US advisory
- https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-SRX-300-Series-Specific-link-local-traffic-causes-a-control-plane-overload-CVE-2024-21605?language=en_US advisory
- https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-MX-Series-with-SPC3-and-SRX-Series-If-specific-IPsec-parameters-are-negotiated-iked-will-crash-due-to-a-memory-leak-CVE-2024-21609?language=en_US advisory
- https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-MX-Series-In-a-scaled-subscriber-scenario-if-CoS-information-is-gathered-mgd-processes-gets-stuck-CVE-2024-21610?language=en_US advisory
- https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-low-privileged-user-can-access-confidential-information-CVE-2024-21615?language=en_US advisory
- https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-When-LLDP-is-enabled-and-a-malformed-LLDP-packet-is-received-l2cpd-crashes-CVE-2024-21618?language=en_US advisory
- https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-QFX5000-Series-and-EX-Series-Specific-malformed-LACP-packets-will-cause-flaps-CVE-2024-30388?language=en_US advisory
- https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-SRX-Branch-Series-When-DNS-proxy-is-configured-and-specific-DNS-queries-are-received-resolver-s-performance-is-degraded-CVE-2022-2795?language=en_US advisory
- https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-MX-Series-with-SPC3-and-MS-MPC-MIC-When-URL-filtering-is-enabled-and-a-specific-URL-request-is-received-a-flowd-crash-occurs-CVE-2024-30392?language=en_US advisory
- https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-A-specific-EVPN-type-5-route-causes-rpd-crash-CVE-2024-30394?language=en_US advisory
- https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-malformed-BGP-tunnel-encapsulation-attribute-will-lead-to-an-rpd-crash-CVE-2024-30395?language=en_US advisory
- https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Higher-CPU-consumption-on-routing-engine-leads-to-Denial-of-Service-DoS-CVE-2024-30409?language=en_US advisory
- https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-EX4300-Series-Loopback-filter-not-blocking-traffic-despite-having-discard-term-CVE-2024-30410?language=en_US advisory
- https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-Evolved-libslax-Multiple-vulnerabilities-in-libslax-resolved?language=en_US advisory
- https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-Evolved-ACX-Series-with-Paragon-Active-Assurance-Test-Agent-A-local-high-privileged-attacker-can-recover-other-administrators-credentials-CVE-2024-30406?language=en_US advisory
- https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-SRX-5000-Series-with-SPC2-Processing-of-specific-crafted-packets-when-ALG-is-enabled-causes-a-transit-traffic-Denial-of-Service-CVE-2024-30405?language=en_US advisory
…and 15 more