CVE-2024-30380

Summary

An Improper Handling of Exceptional Conditions vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an adjacent unauthenticated attacker to cause a Denial of Service (DoS), which causes the l2cpd process to crash by sending a specific TLV.

The l2cpd process is responsible for layer 2 control protocols, such as STP, RSTP, MSTP, VSTP, ERP, and LLDP.  The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP, leading to a Denial of Service.  Continued receipt and processing of this specific TLV will create a sustained Denial of Service (DoS) condition. This issue affects:

Junos OS: all versions before 20.4R3-S9, from 21.2 before 21.2R3-S7, from 21.3 before 21.3R3-S5, from 21.4 before 21.4R3-S4, from 22.1 before 22.1R3-S4, from 22.2 before 22.2R3-S2, from 22.3 before 22.3R2-S2, 22.3R3-S1, from 22.4 before 22.4R2-S2, 22.4R3, from 23.2 before 23.2R1-S1, 23.2R2;

Junos OS Evolved: all versions before 21.2R3-S7,

from 21.3 before 21.3R3-S5-EVO, from 21.4 before 21.4R3-S5-EVO, from 22.1 before 22.1R3-S4-EVO, from 22.2 before 22.2R3-S2-EVO, from 22.3 before 22.3R2-S2-EVO, 22.3R3-S1-EVO, from 22.4 before 22.4R2-S2-EVO, 22.4R3-EVO, from 23.2 before 23.2R1-S1-EVO, 23.2R2-EVO.

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksJunos OS0 < 20.4R3-S9affected
Juniper NetworksJunos OS21.2 < 21.2R3-S7affected
Juniper NetworksJunos OS21.3 < 21.3R3-S5affected
Juniper NetworksJunos OS21.4 < 21.4R3-S4affected
Juniper NetworksJunos OS22.1 < 22.1R3-S4affected
Juniper NetworksJunos OS22.2 < 22.2R3-S2affected
Juniper NetworksJunos OS22.3 < 22.3R2-S2, 22.3R3-S1affected
Juniper NetworksJunos OS22.4 < 22.4R2-S2, 22.4R3affected
Juniper NetworksJunos OS23.2 < 23.2R1-S1, 23.2R2affected
Juniper NetworksJunos OS Evolved0 < 21.2R3-S7-EVOaffected
Juniper NetworksJunos OS Evolved21.3 < 21.3R3-S5-EVOaffected
Juniper NetworksJunos OS Evolved21.4 < 21.4R3-S5-EVOaffected
Juniper NetworksJunos OS Evolved22.1 < 22.1R3-S4-EVOaffected
Juniper NetworksJunos OS Evolved22.2 < 22.2R3-S2-EVOaffected
Juniper NetworksJunos OS Evolved22.3 < 22.3R2-S2-EVO, 22.3R3-S1-EVOaffected
Juniper NetworksJunos OS Evolved22.4 < 22.4R2-S2-EVO, 22.4R3-EVOaffected
Juniper NetworksJunos OS Evolved23.2 < 23.2R1-S1-EVO, 23.2R2-EVOaffected

Weaknesses

  • CWE-755: CWE-755 Improper Handling of Exceptional Conditions
  • Denial of Service (DoS)

Workarounds

There are no known workarounds for this issue.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References