CVE-2024-47509

{"id": "CVE-2024-47509", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "sirt@juniper.net", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}], "cvssMetricV40": [{"type": "Secondary", "source": "sirt@juniper.net", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 7.1, "automatable": "YES", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:M/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "NONE", "vulnerableSystemIntegrity": "NONE", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "MODERATE", "subsequentSystemAvailability": "LOW", "vulnerableSystemAvailability": "HIGH", "subsequentSystemConfidentiality": "NONE", "vulnerableSystemConfidentiality": "NONE", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-10-11T16:15:13.187", "references": [{"url": "https://supportportal.juniper.net/", "source": "sirt@juniper.net"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "sirt@juniper.net", "description": [{"lang": "en", "value": "CWE-770"}]}], "descriptions": [{"lang": "en", "value": "An Allocation of Resources Without Limits or Throttling\u00a0vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an authenticated, network-based attacker to cause an FPC crash leading to a Denial of Service (DoS).When specific SNMP GET operations or specific low-priviledged CLI commands are executed, a GUID resource leak will occur, eventually leading to exhaustion and resulting in FPCs to hang. Affected FPCs need to be manually restarted to recover.\n\nGUID exhaustion will trigger a syslog message like one of the following:\n\nevo-pfemand[<pid>]: get_next_guid: Ran out of Guid Space ...\nevo-aftmand-zx[<pid>]: get_next_guid: Ran out of Guid Space ...\nThe leak can be monitored by running the following command and taking note of the values in the rightmost column labeled Guids:\n\n\n\n\n\nuser@host> show platform application-info allocations app evo-pfemand/evo-pfemand\n\n\n\nIn case one or more of these values are constantly increasing the leak is happening.\n\nThis issue affects Junos OS Evolved:\n\n\n\n * All versions before 21.4R2-EVO,\n * 22.1 versions before 22.1R2-EVO.\n\n\n\n\n\nPlease note that this issue is similar to, but different from CVE-2024-47505 and CVE-2024-47508."}, {"lang": "es", "value": "Una vulnerabilidad de asignaci\u00f3n de recursos sin l\u00edmites ni limitaci\u00f3n en el daemon de administraci\u00f3n PFE (evo-pfemand) de Juniper Networks Junos OS Evolved permite que un atacante autenticado basado en la red provoque un bloqueo de FPC que genere una denegaci\u00f3n de servicio (DoS). Cuando se ejecutan operaciones GET de SNMP espec\u00edficas o comandos CLI con privilegios bajos espec\u00edficos, se produce una p\u00e9rdida de recursos GUID que, con el tiempo, provoca el agotamiento y hace que los FPC se bloqueen. Los FPC afectados deben reiniciarse manualmente para recuperarse. El agotamiento de GUID activar\u00e1 un mensaje de syslog como uno de los siguientes: evo-pfemand[]: get_next_guid: Ran out of Guid Space ... evo-aftmand-zx[]: get_next_guid: Ran out of Guid Space ... La p\u00e9rdida se puede monitorear ejecutando el siguiente comando y tomando nota de los valores en la columna m\u00e1s a la derecha etiquetada Guids: user@host&gt; show platform application-info assignments app evo-pfemand/evo-pfemand En caso de que uno o m\u00e1s de estos valores aumenten constantemente, la p\u00e9rdida est\u00e1 ocurriendo. Este problema afecta a Junos OS Evolved: * Todas las versiones anteriores a 21.4R2-EVO, * Versiones 22.1 anteriores a 22.1R2-EVO. Tenga en cuenta que este problema es similar a, pero diferente de CVE-2024-47505 y CVE-2024-47508."}], "lastModified": "2024-10-15T12:58:51.050", "sourceIdentifier": "sirt@juniper.net"}