7.5 - CVE-2024-30394

Executive Summary

Informations
Name	CVE-2024-30394	First vendor Publication	2024-04-12
Vendor	Cve	Last vendor Modification	2024-04-15

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Overall CVSS Score	7.5
Base Score	7.5	Environmental Score	7.5
impact SubScore	3.6	Temporal Score	7.5
Exploitabality Sub Score	3.9

Attack Vector	Network	Attack Complexity	Low
Privileges Required	None	User Interaction	None
Scope	Unchanged	Confidentiality Impact	None
Integrity Impact	None	Availability Impact	High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score	N/A	Attack Range	N/A
Cvss Impact Score	N/A	Attack Complexity	N/A
Cvss Expoit Score	N/A	Authentication	N/A
Calculate full CVSS 2.0 Vectors scores

Detail

A� Stack-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) component of Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an rpd crash, leading to Denial of Service (DoS).

On all Junos OS and Junos OS Evolved platforms, when EVPN is configured, and a specific EVPN type-5 route is received via BGP, rpd crashes and restarts. Continuous receipt of this specific route will lead to a sustained Denial of Service (DoS) condition.

This issue affects: Junos OS:

* all versions before 21.2R3-S7,

* from 21.4 before 21.4R3-S5,

* from 22.1 before 22.1R3-S4,

* from 22.2 before 22.2R3-S2,

* from 22.3 before 22.3R3-S1,

* from 22.4 before 22.4R3,

* from 23.2 before 23.2R2.

Junos OS Evolved:

* all versions before 21.4R3-S5-EVO,

* from 22.1-EVO before 22.1R3-S4-EVO,

* from 22.2-EVO before 22.2R3-S2-EVO,