CVE-2024-39536 - Vulnerability Details

A Missing Release of Memory after Effective Lifetime vulnerability in the Periodic Packet Management Daemon (ppmd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS). When a BFD session configured with authentication flaps, ppmd memory can leak. Whether the leak happens depends on a race condition which is outside the attackers control. This issue only affects BFD operating in distributed aka delegated (which is the default behavior) or inline mode. Whether the leak occurs can be monitored with the following CLI command: > show ppm request-queue FPC Pending-request fpc0 2 request-total-pending: 2 where a continuously increasing number of pending requests is indicative of the leak. This issue affects: Junos OS: * All versions before 21.2R3-S8, * 21.4 versions before 21.4R3-S7, * 22.1 versions before 22.1R3-S4, * 22.2 versions before 22.2R3-S4, * 22.3 versions before 22.3R3, * 22.4 versions before 22.4R2-S2, 22.4R3. Junos OS Evolved: * All versions before 21.2R3-S8-EVO, * 21.4-EVO versions before 21.4R3-S7-EVO, * 22.2-EVO versions before 22.2R3-S4-EVO, * 22.3-EVO versions before 22.3R3-EVO, * 22.4-EVO versions before 22.4R3-EVO.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Juniper	Junos Os Junos Os Evolved

No data.

References

Link	Providers
https://supportportal.juniper.net/JSA82996

History

No history.

MITRE

Status: PUBLISHED

Assigner: juniper

Published: 2024-07-11T16:13:24.485Z

Updated: 2024-08-02T04:26:15.613Z

Reserved: 2024-06-25T15:12:53.241Z

Link: CVE-2024-39536

Vulnrichment

Updated: 2024-07-16T18:50:48.166Z

NVD

Status : Awaiting Analysis

Published: 2024-07-11T17:15:11.190

Modified: 2024-11-21T09:27:57.373

Link: CVE-2024-39536

Redhat

No data.

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-39536", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "state": "PUBLISHED", "assignerShortName": "juniper", "dateReserved": "2024-06-25T15:12:53.241Z", "datePublished": "2024-07-11T16:13:24.485Z", "dateUpdated": "2024-08-02T04:26:15.613Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Junos OS", "vendor": "Juniper Networks", "versions": [{"lessThan": "21.2R3-S8", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThan": "21.4R3-S7", "status": "affected", "version": "21.4", "versionType": "semver"}, {"lessThan": "22.1R3-S4", "status": "affected", "version": "22.1", "versionType": "semver"}, {"lessThan": "22.2R3-S4", "status": "affected", "version": "22.2", "versionType": "semver"}, {"lessThan": "22.3R3", "status": "affected", "version": "22.3", "versionType": "semver"}, {"lessThan": "22.4R2-S2, 22.4R3", "status": "affected", "version": "22.4", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Junos OS Evolved", "vendor": "Juniper Networks", "versions": [{"lessThan": "21.2R3-S8-EVO", "status": "affected", "version": "21.2-EVO", "versionType": "semver"}, {"lessThan": "21.4R3-S7-EVO", "status": "affected", "version": "21.4-EVO", "versionType": "semver"}, {"lessThan": "22.2R3-S4-EVO", "status": "affected", "version": "22.2-EVO", "versionType": "semver"}, {"lessThan": "22.3R3-EVO", "status": "affected", "version": "22.3-EVO", "versionType": "semver"}, {"lessThan": "22.4R3-EVO", "status": "affected", "version": "22.4-EVO", "versionType": "semver"}, {"lessThan": "23.2R1-EVO", "status": "affected", "version": "23.2-EVO", "versionType": "semver"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "To be exposed to this issue, BFD with authentication like in the following examples needs to be \n\n<span style=\"background-color: rgb(255, 255, 255);\">configured</span>:<br><br><tt>[ protocols &lt;protocol&gt; ... bfd-liveness-detection&nbsp;authentication ]<br>[ routing-options ... bfd-liveness-detection authentication ]</tt>"}], "value": "To be exposed to this issue, BFD with authentication like in the following examples needs to be \n\nconfigured:\n\n[ protocols <protocol> ... bfd-liveness-detection\u00a0authentication ]\n[ routing-options ... bfd-liveness-detection authentication ]"}], "datePublic": "2024-07-10T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A Missing Release of Memory after Effective Lifetime vulnerability in the Periodic Packet Management Daemon (ppmd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a \n\n<span style=\"background-color: rgb(255, 255, 255);\">Denial-of-Service (DoS)</span>.<p><br></p><p><span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\">When a&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">BFD session configured with authentication </span>flaps,&nbsp;</span>ppmd memory can leak. Whether the leak happens depends on a&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">race condition which is outside the attackers control. This issue only affects BFD operating in distributed aka delegated (which is the default behavior) or inline mode.</span></span><br><span style=\"background-color: rgb(255, 255, 255);\"><br></span></p><p><span style=\"background-color: rgb(255, 255, 255);\">Whether the leak occurs can be monitored with the following CLI command:</span></p><p>&gt; show ppm request-queue<br></p><tt><span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\">FPC &nbsp; &nbsp; Pending-request</span><br><span style=\"background-color: rgb(255, 255, 255);\">fpc0&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;2</span><br><span style=\"background-color: rgb(255, 255, 255);\">request-total-pending: 2</span>\n\n<br></span></tt><p><span style=\"background-color: rgb(255, 255, 255);\">where a continuously increasing number of pending requests is indicative of the leak.&nbsp;</span></p><p><span style=\"background-color: rgb(255, 255, 255);\"><br></span></p><p></p>\n\n<p>This issue affects:</p><p>Junos OS:<br></p><ul><li>All versions before 21.2R3-S8,</li><li>21.4 versions before 21.4R3-S7,</li><li>22.1 versions before 22.1R3-S4,</li><li>22.2 versions before 22.2R3-S4, </li><li>22.3 versions before 22.3R3,</li><li>22.4 versions before 22.4R2-S2, 22.4R3.</li></ul><br>Junos OS Evolved:<br><ul><li>All versions before 21.2R3-S8-EVO,</li><li>21.4-EVO versions before 21.4R3-S7-EVO,</li><li>22.2-EVO versions before 22.2R3-S4-EVO,</li><li>22.3-EVO versions before 22.3R3-EVO,</li><li>22.4-EVO versions before 22.4R3-EVO.</li></ul>"}], "value": "A Missing Release of Memory after Effective Lifetime vulnerability in the Periodic Packet Management Daemon (ppmd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a \n\nDenial-of-Service (DoS).\n\n\nWhen a\u00a0BFD session configured with authentication flaps,\u00a0ppmd memory can leak. Whether the leak happens depends on a\u00a0race condition which is outside the attackers control. This issue only affects BFD operating in distributed aka delegated (which is the default behavior) or inline mode.\n\n\n\nWhether the leak occurs can be monitored with the following CLI command:\n\n> show ppm request-queue\n\n\nFPC \u00a0 \u00a0 Pending-request\nfpc0\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a02\nrequest-total-pending: 2\n\n\nwhere a continuously increasing number of pending requests is indicative of the leak.\u00a0\n\n\n\n\n\n\n\n\nThis issue affects:\n\nJunos OS:\n\n\n  *  All versions before 21.2R3-S8,\n  *  21.4 versions before 21.4R3-S7,\n  *  22.1 versions before 22.1R3-S4,\n  *  22.2 versions before 22.2R3-S4, \n  *  22.3 versions before 22.3R3,\n  *  22.4 versions before 22.4R2-S2, 22.4R3.\n\n\n\nJunos OS Evolved:\n  *  All versions before 21.2R3-S8-EVO,\n  *  21.4-EVO versions before 21.4R3-S7-EVO,\n  *  22.2-EVO versions before 22.2R3-S4-EVO,\n  *  22.3-EVO versions before 22.3R3-EVO,\n  *  22.4-EVO versions before 22.4R3-EVO."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "ADJACENT", "baseScore": 6, "baseSeverity": "MEDIUM", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-401", "description": "CWE-401 Missing Release of Memory after Effective Lifetime", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"description": "Denial-of-Service (DoS)", "lang": "en"}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2024-07-12T14:42:59.790Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://supportportal.juniper.net/JSA82996"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The following software releases have been updated to resolve this specific issue:<br>Junos OS: 21.2R3-S8, 21.4R3-S7, 22.1R3-S4, 22.2R3-S4, 22.3R3, 22.4R2-S2, 22.4R3, 23.2R1, and all subsequent releases;<br>Junos OS Evolved:&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">21.2R3-S8-EVO, 21.4R3-S7-EVO, 22.2R3-S4-EVO, 22.3R3-EVO, 22.4R3-EVO, 23.2R1-EVO,&nbsp;and all subsequent releases.</span>"}], "value": "The following software releases have been updated to resolve this specific issue:\nJunos OS: 21.2R3-S8, 21.4R3-S7, 22.1R3-S4, 22.2R3-S4, 22.3R3, 22.4R2-S2, 22.4R3, 23.2R1, and all subsequent releases;\nJunos OS Evolved:\u00a021.2R3-S8-EVO, 21.4R3-S7-EVO, 22.2R3-S4-EVO, 22.3R3-EVO, 22.4R3-EVO, 23.2R1-EVO,\u00a0and all subsequent releases."}], "source": {"advisory": "JSA82996", "defect": ["1480648"], "discovery": "USER"}, "title": "Junos OS and Junos OS Evolved: Flaps of BFD sessions with authentication cause a ppmd memory leak", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "There are no known workarounds for this issue."}], "value": "There are no known workarounds for this issue."}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "juniper", "product": "junos_os", "cpes": ["cpe:2.3:o:juniper:junos_os:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThan": "21.2R3-S8", "versionType": "semver"}, {"version": "21.4", "status": "affected", "lessThan": "21.4R3-S7", "versionType": "semver"}, {"version": "22.1", "status": "affected", "lessThan": "22.1R3-S4", "versionType": "semver"}, {"version": "22.2", "status": "affected", "lessThan": "22.2R3-S4", "versionType": "semver"}, {"version": "22.3", "status": "affected", "lessThan": "22.3R3", "versionType": "semver"}, {"version": "22.4", "status": "affected", "lessThan": "22.4R2-S2", "versionType": "semver"}, {"version": "22.4", "status": "affected", "lessThan": "22.4R3", "versionType": "semver"}]}, {"vendor": "juniper", "product": "junos_os_evolved", "cpes": ["cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "21.2-EVO", "status": "affected", "lessThan": "21.2R3-S8-EVO", "versionType": "semver"}, {"version": "21.4-EVO", "status": "affected", "lessThan": "21.4R3-S7-EVO", "versionType": "semver"}, {"version": "22.2-EVO", "status": "affected", "lessThan": "22.2R3-S4-EVO", "versionType": "semver"}, {"version": "22.3-EVO", "status": "affected", "lessThan": "22.3R3-EVO", "versionType": "semver"}, {"version": "22.4-EVO", "status": "affected", "lessThan": "22.4R3-EVO", "versionType": "semver"}, {"version": "23.2-EVO", "status": "affected", "lessThan": "23.2R1-EVO", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-16T18:38:58.684082Z", "id": "CVE-2024-39536", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-16T19:01:50.918Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:26:15.613Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://supportportal.juniper.net/JSA82996"}]}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2024-39536 (string)

assignerOrgId : 8cbe9d5a-a066-4c94-8978-4b15efeae968 (string)

state : PUBLISHED (string)

assignerShortName : juniper (string)

dateReserved : 2024-06-25T15:12:53.241Z (string)

datePublished : 2024-07-11T16:13:24.485Z (string)

dateUpdated : 2024-08-02T04:26:15.613Z (string)

}

containers : { »

cna : { »

affected : [ »

0 : { »

defaultStatus : unaffected (string)

product : Junos OS (string)

vendor : Juniper Networks (string)

versions : [ »

0 : { »

lessThan : 21.2R3-S8 (string)

status : affected (string)

version : 0 (string)

versionType : semver (string)

}

1 : { »

lessThan : 21.4R3-S7 (string)

status : affected (string)

version : 21.4 (string)

versionType : semver (string)

}

2 : { »

lessThan : 22.1R3-S4 (string)

status : affected (string)

version : 22.1 (string)

versionType : semver (string)

}

3 : { »

lessThan : 22.2R3-S4 (string)

status : affected (string)

version : 22.2 (string)

versionType : semver (string)

}

4 : { »

lessThan : 22.3R3 (string)

status : affected (string)

version : 22.3 (string)

versionType : semver (string)

}

5 : { »

lessThan : 22.4R2-S2, 22.4R3 (string)

status : affected (string)

version : 22.4 (string)

versionType : semver (string)

}

]

}

1 : { »

defaultStatus : unaffected (string)

product : Junos OS Evolved (string)

vendor : Juniper Networks (string)

versions : [ »

0 : { »

lessThan : 21.2R3-S8-EVO (string)

status : affected (string)

version : 21.2-EVO (string)

versionType : semver (string)

}

1 : { »

lessThan : 21.4R3-S7-EVO (string)

status : affected (string)

version : 21.4-EVO (string)

versionType : semver (string)

}

2 : { »

lessThan : 22.2R3-S4-EVO (string)

status : affected (string)

version : 22.2-EVO (string)

versionType : semver (string)

}

3 : { »

lessThan : 22.3R3-EVO (string)

status : affected (string)

version : 22.3-EVO (string)

versionType : semver (string)

}

4 : { »

lessThan : 22.4R3-EVO (string)

status : affected (string)

version : 22.4-EVO (string)

versionType : semver (string)

}

5 : { »

lessThan : 23.2R1-EVO (string)

status : affected (string)

version : 23.2-EVO (string)

versionType : semver (string)

}

]

}

]

configurations : [ »

0 : { »

lang : en (string)

supportingMedia : [ »

0 : { »

base64 : false (boolean)

type : text/html (string)

value : To be exposed to this issue, BFD with authentication like in the following examples needs to be configured: <tt>[ protocols <protocol> ... bfd-liveness-detection authentication ] [ routing-options ... bfd-liveness-detection authentication ]</tt> (string)

}

]

value : To be exposed to this issue, BFD with authentication like in the following examples needs to be configured: [ protocols <protocol> ... bfd-liveness-detection authentication ] [ routing-options ... bfd-liveness-detection authentication ] (string)

}

]

datePublic : 2024-07-10T16:00:00.000Z (string)

descriptions : [ »

0 : { »

lang : en (string)

supportingMedia : [ »

0 : { »

base64 : false (boolean)

type : text/html (string)

value : A Missing Release of Memory after Effective Lifetime vulnerability in the Periodic Packet Management Daemon (ppmd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS). When a BFD session configured with authentication flaps, ppmd memory can leak. Whether the leak happens depends on a race condition which is outside the attackers control. This issue only affects BFD operating in distributed aka delegated (which is the default behavior) or inline mode. Whether the leak occurs can be monitored with the following CLI command:> show ppm request-queue <tt>FPC     Pending-request fpc0                   2 request-total-pending: 2 </tt>where a continuously increasing number of pending requests is indicative of the leak.  This issue affects:Junos OS: <ul><li>All versions before 21.2R3-S8,</li><li>21.4 versions before 21.4R3-S7,</li><li>22.1 versions before 22.1R3-S4,</li><li>22.2 versions before 22.2R3-S4, </li><li>22.3 versions before 22.3R3,</li><li>22.4 versions before 22.4R2-S2, 22.4R3.</li></ul> Junos OS Evolved: <ul><li>All versions before 21.2R3-S8-EVO,</li><li>21.4-EVO versions before 21.4R3-S7-EVO,</li><li>22.2-EVO versions before 22.2R3-S4-EVO,</li><li>22.3-EVO versions before 22.3R3-EVO,</li><li>22.4-EVO versions before 22.4R3-EVO.</li></ul> (string)

}

]

value : A Missing Release of Memory after Effective Lifetime vulnerability in the Periodic Packet Management Daemon (ppmd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS). When a BFD session configured with authentication flaps, ppmd memory can leak. Whether the leak happens depends on a race condition which is outside the attackers control. This issue only affects BFD operating in distributed aka delegated (which is the default behavior) or inline mode. Whether the leak occurs can be monitored with the following CLI command: > show ppm request-queue FPC Pending-request fpc0 2 request-total-pending: 2 where a continuously increasing number of pending requests is indicative of the leak. This issue affects: Junos OS: * All versions before 21.2R3-S8, * 21.4 versions before 21.4R3-S7, * 22.1 versions before 22.1R3-S4, * 22.2 versions before 22.2R3-S4, * 22.3 versions before 22.3R3, * 22.4 versions before 22.4R2-S2, 22.4R3. Junos OS Evolved: * All versions before 21.2R3-S8-EVO, * 21.4-EVO versions before 21.4R3-S7-EVO, * 22.2-EVO versions before 22.2R3-S4-EVO, * 22.3-EVO versions before 22.3R3-EVO, * 22.4-EVO versions before 22.4R3-EVO. (string)

}

]

exploits : [ »

0 : { »

lang : en (string)

supportingMedia : [ »

0 : { »

base64 : false (boolean)

type : text/html (string)

value : Juniper SIRT is not aware of any malicious exploitation of this vulnerability. (string)

}

]

value : Juniper SIRT is not aware of any malicious exploitation of this vulnerability. (string)

}

]

metrics : [ »

0 : { »

cvssV3_1 : { »

attackComplexity : HIGH (string)

attackVector : ADJACENT_NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 5.3 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H (string)

version : 3.1 (string)

}

format : CVSS (string)

scenarios : [ »

0 : { »

lang : en (string)

value : GENERAL (string)

}

]

}

1 : { »

cvssV4_0 : { »

Automatable : NOT_DEFINED (string)

Recovery : NOT_DEFINED (string)

Safety : NOT_DEFINED (string)

attackComplexity : LOW (string)

attackRequirements : PRESENT (string)

attackVector : ADJACENT (string)

baseScore : 6 (number)

baseSeverity : MEDIUM (string)

privilegesRequired : NONE (string)

providerUrgency : NOT_DEFINED (string)

subAvailabilityImpact : NONE (string)

subConfidentialityImpact : NONE (string)

subIntegrityImpact : NONE (string)

userInteraction : NONE (string)

valueDensity : NOT_DEFINED (string)

vectorString : CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N (string)

version : 4.0 (string)

vulnAvailabilityImpact : HIGH (string)

vulnConfidentialityImpact : NONE (string)

vulnIntegrityImpact : NONE (string)

vulnerabilityResponseEffort : NOT_DEFINED (string)

}

format : CVSS (string)

scenarios : [ »

0 : { »

lang : en (string)

value : GENERAL (string)

}

]

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

cweId : CWE-401 (string)

description : CWE-401 Missing Release of Memory after Effective Lifetime (string)

lang : en (string)

type : CWE (string)

}

]

}

1 : { »

descriptions : [ »

0 : { »

description : Denial-of-Service (DoS) (string)

lang : en (string)

}

]

}

]

providerMetadata : { »

orgId : 8cbe9d5a-a066-4c94-8978-4b15efeae968 (string)

shortName : juniper (string)

dateUpdated : 2024-07-12T14:42:59.790Z (string)

}

references : [ »

0 : { »

tags : [ »

0 : vendor-advisory (string)

]

url : https://supportportal.juniper.net/JSA82996 (string)

}

]

solutions : [ »

0 : { »

lang : en (string)

supportingMedia : [ »

0 : { »

base64 : false (boolean)

type : text/html (string)

value : The following software releases have been updated to resolve this specific issue: Junos OS: 21.2R3-S8, 21.4R3-S7, 22.1R3-S4, 22.2R3-S4, 22.3R3, 22.4R2-S2, 22.4R3, 23.2R1, and all subsequent releases; Junos OS Evolved: 21.2R3-S8-EVO, 21.4R3-S7-EVO, 22.2R3-S4-EVO, 22.3R3-EVO, 22.4R3-EVO, 23.2R1-EVO, and all subsequent releases. (string)

}

]

value : The following software releases have been updated to resolve this specific issue: Junos OS: 21.2R3-S8, 21.4R3-S7, 22.1R3-S4, 22.2R3-S4, 22.3R3, 22.4R2-S2, 22.4R3, 23.2R1, and all subsequent releases; Junos OS Evolved: 21.2R3-S8-EVO, 21.4R3-S7-EVO, 22.2R3-S4-EVO, 22.3R3-EVO, 22.4R3-EVO, 23.2R1-EVO, and all subsequent releases. (string)

}

]

source : { »

advisory : JSA82996 (string)

defect : [ »

0 : 1480648 (string)

]

discovery : USER (string)

}

title : Junos OS and Junos OS Evolved: Flaps of BFD sessions with authentication cause a ppmd memory leak (string)

workarounds : [ »

0 : { »

lang : en (string)

supportingMedia : [ »

0 : { »

base64 : false (boolean)

type : text/html (string)

value : There are no known workarounds for this issue. (string)

}

]

value : There are no known workarounds for this issue. (string)

}

]

x_generator : { »

engine : Vulnogram 0.1.0-dev (string)

}

adp : [ »

0 : { »

affected : [ »

0 : { »

vendor : juniper (string)

product : junos_os (string)

cpes : [ »

0 : cpe:2.3:o:juniper:junos_os:*:*:*:*:*:*:*:* (string)

]

defaultStatus : unaffected (string)

versions : [ »

0 : { »

version : 0 (string)

status : affected (string)

lessThan : 21.2R3-S8 (string)

versionType : semver (string)

}

1 : { »

version : 21.4 (string)

status : affected (string)

lessThan : 21.4R3-S7 (string)

versionType : semver (string)

}

2 : { »

version : 22.1 (string)

status : affected (string)

lessThan : 22.1R3-S4 (string)

versionType : semver (string)

}

3 : { »

version : 22.2 (string)

status : affected (string)

lessThan : 22.2R3-S4 (string)

versionType : semver (string)

}

4 : { »

version : 22.3 (string)

status : affected (string)

lessThan : 22.3R3 (string)

versionType : semver (string)

}

5 : { »

version : 22.4 (string)

status : affected (string)

lessThan : 22.4R2-S2 (string)

versionType : semver (string)

}

6 : { »

version : 22.4 (string)

status : affected (string)

lessThan : 22.4R3 (string)

versionType : semver (string)

}

]

}

1 : { »

vendor : juniper (string)

product : junos_os_evolved (string)

cpes : [ »

0 : cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:* (string)

]

defaultStatus : unaffected (string)

versions : [ »

0 : { »

version : 21.2-EVO (string)

status : affected (string)

lessThan : 21.2R3-S8-EVO (string)

versionType : semver (string)

}

1 : { »

version : 21.4-EVO (string)

status : affected (string)

lessThan : 21.4R3-S7-EVO (string)

versionType : semver (string)

}

2 : { »

version : 22.2-EVO (string)

status : affected (string)

lessThan : 22.2R3-S4-EVO (string)

versionType : semver (string)

}

3 : { »

version : 22.3-EVO (string)

status : affected (string)

lessThan : 22.3R3-EVO (string)

versionType : semver (string)

}

4 : { »

version : 22.4-EVO (string)

status : affected (string)

lessThan : 22.4R3-EVO (string)

versionType : semver (string)

}

5 : { »

version : 23.2-EVO (string)

status : affected (string)

lessThan : 23.2R1-EVO (string)

versionType : semver (string)

}

]

}

]

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

timestamp : 2024-07-16T18:38:58.684082Z (string)

id : CVE-2024-39536 (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

role : CISA Coordinator (string)

version : 2.0.3 (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-07-16T19:01:50.918Z (string)

}

1 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T04:26:15.613Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : vendor-advisory (string)

1 : x_transferred (string)

]

url : https://supportportal.juniper.net/JSA82996 (string)

}

]

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-39536", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-16T18:38:58.684082Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:juniper:junos_os:*:*:*:*:*:*:*:*"], "vendor": "juniper", "product": "junos_os", "versions": [{"status": "affected", "version": "0", "lessThan": "21.2R3-S8", "versionType": "semver"}, {"status": "affected", "version": "21.4", "lessThan": "21.4R3-S7", "versionType": "semver"}, {"status": "affected", "version": "22.1", "lessThan": "22.1R3-S4", "versionType": "semver"}, {"status": "affected", "version": "22.2", "lessThan": "22.2R3-S4", "versionType": "semver"}, {"status": "affected", "version": "22.3", "lessThan": "22.3R3", "versionType": "semver"}, {"status": "affected", "version": "22.4", "lessThan": "22.4R2-S2", "versionType": "semver"}, {"status": "affected", "version": "22.4", "lessThan": "22.4R3", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*"], "vendor": "juniper", "product": "junos_os_evolved", "versions": [{"status": "affected", "version": "21.2-EVO", "lessThan": "21.2R3-S8-EVO", "versionType": "semver"}, {"status": "affected", "version": "21.4-EVO", "lessThan": "21.4R3-S7-EVO", "versionType": "semver"}, {"status": "affected", "version": "22.2-EVO", "lessThan": "22.2R3-S4-EVO", "versionType": "semver"}, {"status": "affected", "version": "22.3-EVO", "lessThan": "22.3R3-EVO", "versionType": "semver"}, {"status": "affected", "version": "22.4-EVO", "lessThan": "22.4R3-EVO", "versionType": "semver"}, {"status": "affected", "version": "23.2-EVO", "lessThan": "23.2R1-EVO", "versionType": "semver"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-16T18:50:48.166Z"}}], "cna": {"title": "Junos OS and Junos OS Evolved: Flaps of BFD sessions with authentication cause a ppmd memory leak", "source": {"defect": ["1480648"], "advisory": "JSA82996", "discovery": "USER"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Juniper Networks", "product": "Junos OS", "versions": [{"status": "affected", "version": "0", "lessThan": "21.2R3-S8", "versionType": "semver"}, {"status": "affected", "version": "21.4", "lessThan": "21.4R3-S7", "versionType": "semver"}, {"status": "affected", "version": "22.1", "lessThan": "22.1R3-S4", "versionType": "semver"}, {"status": "affected", "version": "22.2", "lessThan": "22.2R3-S4", "versionType": "semver"}, {"status": "affected", "version": "22.3", "lessThan": "22.3R3", "versionType": "semver"}, {"status": "affected", "version": "22.4", "lessThan": "22.4R2-S2, 22.4R3", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Juniper Networks", "product": "Junos OS Evolved", "versions": [{"status": "affected", "version": "21.2-EVO", "lessThan": "21.2R3-S8-EVO", "versionType": "semver"}, {"status": "affected", "version": "21.4-EVO", "lessThan": "21.4R3-S7-EVO", "versionType": "semver"}, {"status": "affected", "version": "22.2-EVO", "lessThan": "22.2R3-S4-EVO", "versionType": "semver"}, {"status": "affected", "version": "22.3-EVO", "lessThan": "22.3R3-EVO", "versionType": "semver"}, {"status": "affected", "version": "22.4-EVO", "lessThan": "22.4R3-EVO", "versionType": "semver"}, {"status": "affected", "version": "23.2-EVO", "lessThan": "23.2R1-EVO", "versionType": "semver"}], "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.", "supportingMedia": [{"type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.", "base64": false}]}], "solutions": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue:\nJunos OS: 21.2R3-S8, 21.4R3-S7, 22.1R3-S4, 22.2R3-S4, 22.3R3, 22.4R2-S2, 22.4R3, 23.2R1, and all subsequent releases;\nJunos OS Evolved:\u00a021.2R3-S8-EVO, 21.4R3-S7-EVO, 22.2R3-S4-EVO, 22.3R3-EVO, 22.4R3-EVO, 23.2R1-EVO,\u00a0and all subsequent releases.", "supportingMedia": [{"type": "text/html", "value": "The following software releases have been updated to resolve this specific issue:<br>Junos OS: 21.2R3-S8, 21.4R3-S7, 22.1R3-S4, 22.2R3-S4, 22.3R3, 22.4R2-S2, 22.4R3, 23.2R1, and all subsequent releases;<br>Junos OS Evolved:&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">21.2R3-S8-EVO, 21.4R3-S7-EVO, 22.2R3-S4-EVO, 22.3R3-EVO, 22.4R3-EVO, 23.2R1-EVO,&nbsp;and all subsequent releases.</span>", "base64": false}]}], "datePublic": "2024-07-10T16:00:00.000Z", "references": [{"url": "https://supportportal.juniper.net/JSA82996", "tags": ["vendor-advisory"]}], "workarounds": [{"lang": "en", "value": "There are no known workarounds for this issue.", "supportingMedia": [{"type": "text/html", "value": "There are no known workarounds for this issue.", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A Missing Release of Memory after Effective Lifetime vulnerability in the Periodic Packet Management Daemon (ppmd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a \n\nDenial-of-Service (DoS).\n\n\nWhen a\u00a0BFD session configured with authentication flaps,\u00a0ppmd memory can leak. Whether the leak happens depends on a\u00a0race condition which is outside the attackers control. This issue only affects BFD operating in distributed aka delegated (which is the default behavior) or inline mode.\n\n\n\nWhether the leak occurs can be monitored with the following CLI command:\n\n> show ppm request-queue\n\n\nFPC \u00a0 \u00a0 Pending-request\nfpc0\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a02\nrequest-total-pending: 2\n\n\nwhere a continuously increasing number of pending requests is indicative of the leak.\u00a0\n\n\n\n\n\n\n\n\nThis issue affects:\n\nJunos OS:\n\n\n  *  All versions before 21.2R3-S8,\n  *  21.4 versions before 21.4R3-S7,\n  *  22.1 versions before 22.1R3-S4,\n  *  22.2 versions before 22.2R3-S4, \n  *  22.3 versions before 22.3R3,\n  *  22.4 versions before 22.4R2-S2, 22.4R3.\n\n\n\nJunos OS Evolved:\n  *  All versions before 21.2R3-S8-EVO,\n  *  21.4-EVO versions before 21.4R3-S7-EVO,\n  *  22.2-EVO versions before 22.2R3-S4-EVO,\n  *  22.3-EVO versions before 22.3R3-EVO,\n  *  22.4-EVO versions before 22.4R3-EVO.", "supportingMedia": [{"type": "text/html", "value": "A Missing Release of Memory after Effective Lifetime vulnerability in the Periodic Packet Management Daemon (ppmd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a \n\n<span style=\"background-color: rgb(255, 255, 255);\">Denial-of-Service (DoS)</span>.<p><br></p><p><span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\">When a&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">BFD session configured with authentication </span>flaps,&nbsp;</span>ppmd memory can leak. Whether the leak happens depends on a&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">race condition which is outside the attackers control. This issue only affects BFD operating in distributed aka delegated (which is the default behavior) or inline mode.</span></span><br><span style=\"background-color: rgb(255, 255, 255);\"><br></span></p><p><span style=\"background-color: rgb(255, 255, 255);\">Whether the leak occurs can be monitored with the following CLI command:</span></p><p>&gt; show ppm request-queue<br></p><tt><span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\">FPC &nbsp; &nbsp; Pending-request</span><br><span style=\"background-color: rgb(255, 255, 255);\">fpc0&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;2</span><br><span style=\"background-color: rgb(255, 255, 255);\">request-total-pending: 2</span>\n\n<br></span></tt><p><span style=\"background-color: rgb(255, 255, 255);\">where a continuously increasing number of pending requests is indicative of the leak.&nbsp;</span></p><p><span style=\"background-color: rgb(255, 255, 255);\"><br></span></p><p></p>\n\n<p>This issue affects:</p><p>Junos OS:<br></p><ul><li>All versions before 21.2R3-S8,</li><li>21.4 versions before 21.4R3-S7,</li><li>22.1 versions before 22.1R3-S4,</li><li>22.2 versions before 22.2R3-S4, </li><li>22.3 versions before 22.3R3,</li><li>22.4 versions before 22.4R2-S2, 22.4R3.</li></ul><br>Junos OS Evolved:<br><ul><li>All versions before 21.2R3-S8-EVO,</li><li>21.4-EVO versions before 21.4R3-S7-EVO,</li><li>22.2-EVO versions before 22.2R3-S4-EVO,</li><li>22.3-EVO versions before 22.3R3-EVO,</li><li>22.4-EVO versions before 22.4R3-EVO.</li></ul>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-401", "description": "CWE-401 Missing Release of Memory after Effective Lifetime"}]}, {"descriptions": [{"lang": "en", "description": "Denial-of-Service (DoS)"}]}], "configurations": [{"lang": "en", "value": "To be exposed to this issue, BFD with authentication like in the following examples needs to be \n\nconfigured:\n\n[ protocols <protocol> ... bfd-liveness-detection\u00a0authentication ]\n[ routing-options ... bfd-liveness-detection authentication ]", "supportingMedia": [{"type": "text/html", "value": "To be exposed to this issue, BFD with authentication like in the following examples needs to be \n\n<span style=\"background-color: rgb(255, 255, 255);\">configured</span>:<br><br><tt>[ protocols &lt;protocol&gt; ... bfd-liveness-detection&nbsp;authentication ]<br>[ routing-options ... bfd-liveness-detection authentication ]</tt>", "base64": false}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2024-07-12T14:42:59.790Z"}}}, "cveMetadata": {"cveId": "CVE-2024-39536", "state": "PUBLISHED", "dateUpdated": "2024-07-16T19:01:50.918Z", "dateReserved": "2024-06-25T15:12:53.241Z", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "datePublished": "2024-07-11T16:13:24.485Z", "assignerShortName": "juniper"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2024-39536 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-07-16T18:38:58.684082Z (string)

}

]

affected : [ »

0 : { »

cpes : [ »

0 : cpe:2.3:o:juniper:junos_os:*:*:*:*:*:*:*:* (string)

]

vendor : juniper (string)

product : junos_os (string)

versions : [ »

0 : { »

status : affected (string)

version : 0 (string)

lessThan : 21.2R3-S8 (string)

versionType : semver (string)

}

1 : { »

status : affected (string)

version : 21.4 (string)

lessThan : 21.4R3-S7 (string)

versionType : semver (string)

}

2 : { »

status : affected (string)

version : 22.1 (string)

lessThan : 22.1R3-S4 (string)

versionType : semver (string)

}

3 : { »

status : affected (string)

version : 22.2 (string)

lessThan : 22.2R3-S4 (string)

versionType : semver (string)

}

4 : { »

status : affected (string)

version : 22.3 (string)

lessThan : 22.3R3 (string)

versionType : semver (string)

}

5 : { »

status : affected (string)

version : 22.4 (string)

lessThan : 22.4R2-S2 (string)

versionType : semver (string)

}

6 : { »

status : affected (string)

version : 22.4 (string)

lessThan : 22.4R3 (string)

versionType : semver (string)

}

]

defaultStatus : unaffected (string)

}

1 : { »

cpes : [ »

0 : cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:* (string)

]

vendor : juniper (string)

product : junos_os_evolved (string)

versions : [ »

0 : { »

status : affected (string)

version : 21.2-EVO (string)

lessThan : 21.2R3-S8-EVO (string)

versionType : semver (string)

}

1 : { »

status : affected (string)

version : 21.4-EVO (string)

lessThan : 21.4R3-S7-EVO (string)

versionType : semver (string)

}

2 : { »

status : affected (string)

version : 22.2-EVO (string)

lessThan : 22.2R3-S4-EVO (string)

versionType : semver (string)

}

3 : { »

status : affected (string)

version : 22.3-EVO (string)

lessThan : 22.3R3-EVO (string)

versionType : semver (string)

}

4 : { »

status : affected (string)

version : 22.4-EVO (string)

lessThan : 22.4R3-EVO (string)

versionType : semver (string)

}

5 : { »

status : affected (string)

version : 23.2-EVO (string)

lessThan : 23.2R1-EVO (string)

versionType : semver (string)

}

]

defaultStatus : unaffected (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-07-16T18:50:48.166Z (string)

}

]

cna : { »

title : Junos OS and Junos OS Evolved: Flaps of BFD sessions with authentication cause a ppmd memory leak (string)

source : { »

defect : [ »

0 : 1480648 (string)

]

advisory : JSA82996 (string)

discovery : USER (string)

}

metrics : [ »

0 : { »

format : CVSS (string)

cvssV3_1 : { »

scope : UNCHANGED (string)

version : 3.1 (string)

baseScore : 5.3 (number)

attackVector : ADJACENT_NETWORK (string)

baseSeverity : MEDIUM (string)

vectorString : CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H (string)

integrityImpact : NONE (string)

userInteraction : NONE (string)

attackComplexity : HIGH (string)

availabilityImpact : HIGH (string)

privilegesRequired : NONE (string)

confidentialityImpact : NONE (string)

}

scenarios : [ »

0 : { »

lang : en (string)

value : GENERAL (string)

}

]

}

1 : { »

format : CVSS (string)

cvssV4_0 : { »

Safety : NOT_DEFINED (string)

version : 4.0 (string)

Recovery : NOT_DEFINED (string)

baseScore : 6 (number)

Automatable : NOT_DEFINED (string)

attackVector : ADJACENT (string)

baseSeverity : MEDIUM (string)

valueDensity : NOT_DEFINED (string)

vectorString : CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N (string)

providerUrgency : NOT_DEFINED (string)

userInteraction : NONE (string)

attackComplexity : LOW (string)

attackRequirements : PRESENT (string)

privilegesRequired : NONE (string)

subIntegrityImpact : NONE (string)

vulnIntegrityImpact : NONE (string)

subAvailabilityImpact : NONE (string)

vulnAvailabilityImpact : HIGH (string)

subConfidentialityImpact : NONE (string)

vulnConfidentialityImpact : NONE (string)

vulnerabilityResponseEffort : NOT_DEFINED (string)

}

scenarios : [ »

0 : { »

lang : en (string)

value : GENERAL (string)

}

]

}

]

affected : [ »

0 : { »

vendor : Juniper Networks (string)

product : Junos OS (string)

versions : [ »

0 : { »

status : affected (string)

version : 0 (string)

lessThan : 21.2R3-S8 (string)

versionType : semver (string)

}

1 : { »

status : affected (string)

version : 21.4 (string)

lessThan : 21.4R3-S7 (string)

versionType : semver (string)

}

2 : { »

status : affected (string)

version : 22.1 (string)

lessThan : 22.1R3-S4 (string)

versionType : semver (string)

}

3 : { »

status : affected (string)

version : 22.2 (string)

lessThan : 22.2R3-S4 (string)

versionType : semver (string)

}

4 : { »

status : affected (string)

version : 22.3 (string)

lessThan : 22.3R3 (string)

versionType : semver (string)

}

5 : { »

status : affected (string)

version : 22.4 (string)

lessThan : 22.4R2-S2, 22.4R3 (string)

versionType : semver (string)

}

]

defaultStatus : unaffected (string)

}

1 : { »

vendor : Juniper Networks (string)

product : Junos OS Evolved (string)

versions : [ »

0 : { »

status : affected (string)

version : 21.2-EVO (string)

lessThan : 21.2R3-S8-EVO (string)

versionType : semver (string)

}

1 : { »

status : affected (string)

version : 21.4-EVO (string)

lessThan : 21.4R3-S7-EVO (string)

versionType : semver (string)

}

2 : { »

status : affected (string)

version : 22.2-EVO (string)

lessThan : 22.2R3-S4-EVO (string)

versionType : semver (string)

}

3 : { »

status : affected (string)

version : 22.3-EVO (string)

lessThan : 22.3R3-EVO (string)

versionType : semver (string)

}

4 : { »

status : affected (string)

version : 22.4-EVO (string)

lessThan : 22.4R3-EVO (string)

versionType : semver (string)

}

5 : { »

status : affected (string)

version : 23.2-EVO (string)

lessThan : 23.2R1-EVO (string)

versionType : semver (string)

}

]

defaultStatus : unaffected (string)

}

]

exploits : [ »

0 : { »

lang : en (string)

value : Juniper SIRT is not aware of any malicious exploitation of this vulnerability. (string)

supportingMedia : [ »

0 : { »

type : text/html (string)

value : Juniper SIRT is not aware of any malicious exploitation of this vulnerability. (string)

base64 : false (boolean)

}

]

}

]

solutions : [ »

0 : { »

lang : en (string)

supportingMedia : [ »

0 : { »

type : text/html (string)

base64 : false (boolean)

}

]

}

]

datePublic : 2024-07-10T16:00:00.000Z (string)

references : [ »

0 : { »

url : https://supportportal.juniper.net/JSA82996 (string)

tags : [ »

0 : vendor-advisory (string)

]

}

]

workarounds : [ »

0 : { »

lang : en (string)

value : There are no known workarounds for this issue. (string)

supportingMedia : [ »

0 : { »

type : text/html (string)

value : There are no known workarounds for this issue. (string)

base64 : false (boolean)

}

]

}

]

x_generator : { »

engine : Vulnogram 0.1.0-dev (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : A Missing Release of Memory after Effective Lifetime vulnerability in the Periodic Packet Management Daemon (ppmd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS). When a BFD session configured with authentication flaps, ppmd memory can leak. Whether the leak happens depends on a race condition which is outside the attackers control. This issue only affects BFD operating in distributed aka delegated (which is the default behavior) or inline mode. Whether the leak occurs can be monitored with the following CLI command: > show ppm request-queue FPC Pending-request fpc0 2 request-total-pending: 2 where a continuously increasing number of pending requests is indicative of the leak. This issue affects: Junos OS: * All versions before 21.2R3-S8, * 21.4 versions before 21.4R3-S7, * 22.1 versions before 22.1R3-S4, * 22.2 versions before 22.2R3-S4, * 22.3 versions before 22.3R3, * 22.4 versions before 22.4R2-S2, 22.4R3. Junos OS Evolved: * All versions before 21.2R3-S8-EVO, * 21.4-EVO versions before 21.4R3-S7-EVO, * 22.2-EVO versions before 22.2R3-S4-EVO, * 22.3-EVO versions before 22.3R3-EVO, * 22.4-EVO versions before 22.4R3-EVO. (string)

supportingMedia : [ »

0 : { »

type : text/html (string)

base64 : false (boolean)

}

]

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

type : CWE (string)

cweId : CWE-401 (string)

description : CWE-401 Missing Release of Memory after Effective Lifetime (string)

}

]

}

1 : { »

descriptions : [ »

0 : { »

lang : en (string)

description : Denial-of-Service (DoS) (string)

}

]

}

]

configurations : [ »

0 : { »

lang : en (string)

supportingMedia : [ »

0 : { »

type : text/html (string)

base64 : false (boolean)

}

]

}

]

providerMetadata : { »

orgId : 8cbe9d5a-a066-4c94-8978-4b15efeae968 (string)

shortName : juniper (string)

dateUpdated : 2024-07-12T14:42:59.790Z (string)

}

cveMetadata : { »

cveId : CVE-2024-39536 (string)

state : PUBLISHED (string)

dateUpdated : 2024-07-16T19:01:50.918Z (string)

dateReserved : 2024-06-25T15:12:53.241Z (string)

assignerOrgId : 8cbe9d5a-a066-4c94-8978-4b15efeae968 (string)

datePublished : 2024-07-11T16:13:24.485Z (string)

assignerShortName : juniper (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"descriptions": [{"lang": "en", "value": "A Missing Release of Memory after Effective Lifetime vulnerability in the Periodic Packet Management Daemon (ppmd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a \n\nDenial-of-Service (DoS).\n\n\nWhen a\u00a0BFD session configured with authentication flaps,\u00a0ppmd memory can leak. Whether the leak happens depends on a\u00a0race condition which is outside the attackers control. This issue only affects BFD operating in distributed aka delegated (which is the default behavior) or inline mode.\n\n\n\nWhether the leak occurs can be monitored with the following CLI command:\n\n> show ppm request-queue\n\n\nFPC \u00a0 \u00a0 Pending-request\nfpc0\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a02\nrequest-total-pending: 2\n\n\nwhere a continuously increasing number of pending requests is indicative of the leak.\u00a0\n\n\n\n\n\n\n\n\nThis issue affects:\n\nJunos OS:\n\n\n  *  All versions before 21.2R3-S8,\n  *  21.4 versions before 21.4R3-S7,\n  *  22.1 versions before 22.1R3-S4,\n  *  22.2 versions before 22.2R3-S4, \n  *  22.3 versions before 22.3R3,\n  *  22.4 versions before 22.4R2-S2, 22.4R3.\n\n\n\nJunos OS Evolved:\n  *  All versions before 21.2R3-S8-EVO,\n  *  21.4-EVO versions before 21.4R3-S7-EVO,\n  *  22.2-EVO versions before 22.2R3-S4-EVO,\n  *  22.3-EVO versions before 22.3R3-EVO,\n  *  22.4-EVO versions before 22.4R3-EVO."}, {"lang": "es", "value": "Una vulnerabilidad de liberaci\u00f3n de memoria faltante despu\u00e9s de la vida \u00fatil efectiva en Periodic Packet Management Daemon (ppmd) de Juniper Networks Junos OS y Junos OS Evolved permite que un atacante adyacente no autenticado provoque una denegaci\u00f3n de servicio (DoS). Cuando una sesi\u00f3n BFD se configura con solapas de autenticaci\u00f3n, la memoria ppmd puede perderse. Que se produzca la fuga depende de una condici\u00f3n de ejecuci\u00f3n que est\u00e1 fuera del control de los atacantes. Este problema solo afecta a BFD que opera en modo distribuido, tambi\u00e9n conocido como delegado (que es el comportamiento predeterminado) o en l\u00ednea. Si se produce la fuga se puede monitorear con el siguiente comando CLI: &gt; show ppm request-queue FPC Pending-request fpc0 2 request-total-pending: 2 donde un n\u00famero continuamente creciente de solicitudes pendientes es indicativo de la fuga. Este problema afecta a: Junos OS: * Todas las versiones anteriores a 21.2R3-S8, * Versiones 21.4 anteriores a 21.4R3-S7, * Versiones 22.1 anteriores a 22.1R3-S4, * Versiones 22.2 anteriores a 22.2R3-S4, * Versiones 22.3 anteriores a 22.3R3, * Versiones 22.4 anteriores a 22.4R2-S2, 22.4R3, * Versiones 23.1 anteriores a 23.1R2. Junos OS Evolved: * Todas las versiones anteriores a 21.2R3-S8-EVO, * Versiones 21.4-EVO anteriores a 21.4R3-S7-EVO, * Versiones 22.2-EVO anteriores a 22.2R3-S4-EVO, * Versiones 22.3-EVO anteriores a 22.3R3- EVO, *versiones 22.4-EVO anteriores a 22.4R3-EVO, *versiones 23.2-EVO anteriores a 23.2R1-EVO."}], "id": "CVE-2024-39536", "lastModified": "2024-11-21T09:27:57.373", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "sirt@juniper.net", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "ADJACENT", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "HIGH", "vulnerableSystemConfidentiality": "NONE", "vulnerableSystemIntegrity": "NONE"}, "source": "sirt@juniper.net", "type": "Secondary"}]}, "published": "2024-07-11T17:15:11.190", "references": [{"source": "sirt@juniper.net", "url": "https://supportportal.juniper.net/JSA82996"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://supportportal.juniper.net/JSA82996"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "sirt@juniper.net", "type": "Secondary"}]}

{

descriptions : [ »

0 : { »

lang : en (string)

value : A Missing Release of Memory after Effective Lifetime vulnerability in the Periodic Packet Management Daemon (ppmd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS). When a BFD session configured with authentication flaps, ppmd memory can leak. Whether the leak happens depends on a race condition which is outside the attackers control. This issue only affects BFD operating in distributed aka delegated (which is the default behavior) or inline mode. Whether the leak occurs can be monitored with the following CLI command: > show ppm request-queue FPC Pending-request fpc0 2 request-total-pending: 2 where a continuously increasing number of pending requests is indicative of the leak. This issue affects: Junos OS: * All versions before 21.2R3-S8, * 21.4 versions before 21.4R3-S7, * 22.1 versions before 22.1R3-S4, * 22.2 versions before 22.2R3-S4, * 22.3 versions before 22.3R3, * 22.4 versions before 22.4R2-S2, 22.4R3. Junos OS Evolved: * All versions before 21.2R3-S8-EVO, * 21.4-EVO versions before 21.4R3-S7-EVO, * 22.2-EVO versions before 22.2R3-S4-EVO, * 22.3-EVO versions before 22.3R3-EVO, * 22.4-EVO versions before 22.4R3-EVO. (string)

}

1 : { »

lang : es (string)

value : Una vulnerabilidad de liberación de memoria faltante después de la vida útil efectiva en Periodic Packet Management Daemon (ppmd) de Juniper Networks Junos OS y Junos OS Evolved permite que un atacante adyacente no autenticado provoque una denegación de servicio (DoS). Cuando una sesión BFD se configura con solapas de autenticación, la memoria ppmd puede perderse. Que se produzca la fuga depende de una condición de ejecución que está fuera del control de los atacantes. Este problema solo afecta a BFD que opera en modo distribuido, también conocido como delegado (que es el comportamiento predeterminado) o en línea. Si se produce la fuga se puede monitorear con el siguiente comando CLI: > show ppm request-queue FPC Pending-request fpc0 2 request-total-pending: 2 donde un número continuamente creciente de solicitudes pendientes es indicativo de la fuga. Este problema afecta a: Junos OS: * Todas las versiones anteriores a 21.2R3-S8, * Versiones 21.4 anteriores a 21.4R3-S7, * Versiones 22.1 anteriores a 22.1R3-S4, * Versiones 22.2 anteriores a 22.2R3-S4, * Versiones 22.3 anteriores a 22.3R3, * Versiones 22.4 anteriores a 22.4R2-S2, 22.4R3, * Versiones 23.1 anteriores a 23.1R2. Junos OS Evolved: * Todas las versiones anteriores a 21.2R3-S8-EVO, * Versiones 21.4-EVO anteriores a 21.4R3-S7-EVO, * Versiones 22.2-EVO anteriores a 22.2R3-S4-EVO, * Versiones 22.3-EVO anteriores a 22.3R3- EVO, *versiones 22.4-EVO anteriores a 22.4R3-EVO, *versiones 23.2-EVO anteriores a 23.2R1-EVO. (string)

}

]

id : CVE-2024-39536 (string)

lastModified : 2024-11-21T09:27:57.373 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : HIGH (string)

attackVector : ADJACENT_NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 5.3 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 1.6 (number)

impactScore : 3.6 (number)

source : sirt@juniper.net (string)

type : Secondary (string)

}

]

cvssMetricV40 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackRequirements : PRESENT (string)

attackVector : ADJACENT (string)

automatable : NOT_DEFINED (string)

availabilityRequirements : NOT_DEFINED (string)

baseScore : 6 (number)

baseSeverity : MEDIUM (string)

confidentialityRequirements : NOT_DEFINED (string)

exploitMaturity : NOT_DEFINED (string)

integrityRequirements : NOT_DEFINED (string)

modifiedAttackComplexity : NOT_DEFINED (string)

modifiedAttackRequirements : NOT_DEFINED (string)

modifiedAttackVector : NOT_DEFINED (string)

modifiedPrivilegesRequired : NOT_DEFINED (string)

modifiedSubsequentSystemAvailability : NOT_DEFINED (string)

modifiedSubsequentSystemConfidentiality : NOT_DEFINED (string)

modifiedSubsequentSystemIntegrity : NOT_DEFINED (string)

modifiedUserInteraction : NOT_DEFINED (string)

modifiedVulnerableSystemAvailability : NOT_DEFINED (string)

modifiedVulnerableSystemConfidentiality : NOT_DEFINED (string)

modifiedVulnerableSystemIntegrity : NOT_DEFINED (string)

privilegesRequired : NONE (string)

providerUrgency : NOT_DEFINED (string)

recovery : NOT_DEFINED (string)

safety : NOT_DEFINED (string)

subsequentSystemAvailability : NONE (string)

subsequentSystemConfidentiality : NONE (string)

subsequentSystemIntegrity : NONE (string)

userInteraction : NONE (string)

valueDensity : NOT_DEFINED (string)

vectorString : CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X (string)

version : 4.0 (string)

vulnerabilityResponseEffort : NOT_DEFINED (string)

vulnerableSystemAvailability : HIGH (string)

vulnerableSystemConfidentiality : NONE (string)

vulnerableSystemIntegrity : NONE (string)

}

source : sirt@juniper.net (string)

type : Secondary (string)

}

]

}

published : 2024-07-11T17:15:11.190 (string)

references : [ »

0 : { »

source : sirt@juniper.net (string)

url : https://supportportal.juniper.net/JSA82996 (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://supportportal.juniper.net/JSA82996 (string)

}

]

sourceIdentifier : sirt@juniper.net (string)

vulnStatus : Awaiting Analysis (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-401 (string)

}

]

source : sirt@juniper.net (string)

type : Secondary (string)

}

]

}

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object