CVE-2024-30378

{"id": "CVE-2024-30378", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "sirt@juniper.net", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}], "cvssMetricV40": [{"type": "Secondary", "source": "sirt@juniper.net", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 6.9, "automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "NONE", "vulnerableSystemIntegrity": "NONE", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "LOW", "vulnerableSystemAvailability": "HIGH", "subsequentSystemConfidentiality": "NONE", "vulnerableSystemConfidentiality": "NONE", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-04-16T20:15:09.680", "references": [{"url": "https://supportportal.juniper.net/JSA79109", "source": "sirt@juniper.net"}, {"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L", "source": "sirt@juniper.net"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "sirt@juniper.net", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "A Use After Free vulnerability in command processing of Juniper Networks Junos OS on MX Series allows a local, authenticated attacker to cause the broadband edge service manager daemon (bbe-smgd) to crash upon execution of specific CLI commands, creating a Denial of Service (DoS) condition.\u00a0 The process crashes and restarts automatically.\n\nWhen specific CLI commands are executed, the bbe-smgd daemon attempts to write into an area of memory (mgd socket) that was already closed, causing the process to crash.\u00a0 This process manages and controls the configuration of broadband subscriber sessions and services.\u00a0 While the process is unavailable, additional subscribers will not be able to connect to the device, causing a temporary Denial of Service condition.\n\nThis issue only occurs if\u00a0Graceful Routing Engine Switchover (GRES) and Subscriber Management are enabled.\nThis issue affects Junos OS:\n\n\n * All versions before 20.4R3-S5, \n * from 21.1 before 21.1R3-S4, \n * from 21.2 before 21.2R3-S3, \n * from 21.3 before 21.3R3-S5, \n * from 21.4 before 21.4R3-S5, \n * from 22.1 before 22.1R3, \n * from 22.2 before 22.2R3, \n * from 22.3 before 22.3R2;"}, {"lang": "es", "value": "Una vulnerabilidad Use After Free en el procesamiento de comandos de Juniper Networks Junos OS en la serie MX permite que un atacante local autenticado provoque que el demonio del administrador de servicios de banda ancha (bbe-smgd) se bloquee al ejecutar comandos CLI espec\u00edficos, creando una condici\u00f3n de denegaci\u00f3n de servicio ( DoS). El proceso falla y se reinicia autom\u00e1ticamente. Cuando se ejecutan comandos CLI espec\u00edficos, el demonio bbe-smgd intenta escribir en un \u00e1rea de la memoria (socket mgd) que ya estaba cerrada, lo que provoca que el proceso falle. Este proceso gestiona y controla la configuraci\u00f3n de las sesiones y servicios de los suscriptores de banda ancha. Mientras el proceso no est\u00e9 disponible, los suscriptores adicionales no podr\u00e1n conectarse al dispositivo, lo que provocar\u00e1 una condici\u00f3n temporal de denegaci\u00f3n de servicio. Este problema solo ocurre si est\u00e1n habilitados Graceful Routing Engine Switchover (GRES) y Subscriber Management. Este problema afecta a Junos OS: * Todas las versiones anteriores a 20.4R3-S5, * desde 21.1 anterior a 21.1R3-S4, * desde 21.2 anterior a 21.2R3-S3, * desde 21.3 anterior a 21.3R3-S5, * desde 21.4 anterior a 21.4R3-S5 , * desde 22.1 antes de 22.1R3, * desde 22.2 antes de 22.2R3, * desde 22.3 antes de 22.3R2;"}], "lastModified": "2024-05-16T18:15:09.407", "sourceIdentifier": "sirt@juniper.net"}