CVE-2024-30402 in Junos OSinfo

Summary

by MITRE • 04/12/2024

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).

When telemetry requests are sent to the device, and the Dynamic Rendering Daemon (drend) is suspended, the l2ald crashes and restarts due to factors outside the attackers control. Repeated occurrences of these events causes a sustained DoS condition.


This issue affects: Junos OS: All versions earlier than 20.4R3-S10; 21.2 versions earlier than 21.2R3-S7; 21.4 versions earlier than 21.4R3-S5; 22.1 versions earlier than 22.1R3-S4; 22.2 versions earlier than 22.2R3-S3; 22.3 versions earlier than 22.3R3-S1; 22.4 versions earlier than 22.4R3; 23.2 versions earlier than 23.2R1-S2, 23.2R2.

Junos OS Evolved:

All versions earlier than 21.4R3-S5-EVO; 22.1-EVO versions earlier than 22.1R3-S4-EVO; 22.2-EVO versions earlier than 22.2R3-S3-EVO; 22.3-EVO versions earlier than 22.3R3-S1-EVO; 22.4-EVO versions earlier than 22.4R3-EVO; 23.2-EVO versions earlier than 23.2R2-EVO.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 02/07/2025

The vulnerability identified as CVE-2024-30402 represents a critical weakness in the Layer 2 Address Learning Daemon (l2ald) component of Juniper Networks Junos OS and Junos OS Evolved platforms. This issue manifests as an improper check for unusual or exceptional conditions, classified under CWE-459, which fundamentally undermines the system's ability to handle unexpected operational states gracefully. The vulnerability specifically targets the interaction between l2ald and the Dynamic Rendering Daemon (drend) during telemetry processing, creating a scenario where normal operational procedures can be exploited to trigger system instability.

The technical flaw occurs when telemetry requests are processed by the device while the Dynamic Rendering Daemon remains suspended. This particular condition triggers a cascade of events within the l2ald process that results in system crash and subsequent automatic restart. The vulnerability is particularly concerning because it requires minimal prerequisites for exploitation, as it can be triggered by unauthenticated adjacent attackers who simply need physical or network proximity to the affected device. The underlying mechanism involves the l2ald failing to properly handle exceptional conditions when drend is not actively processing, leading to an uncontrolled crash state that cannot be recovered from without manual intervention.

Operational impact of this vulnerability extends beyond simple service disruption to create sustained denial of service conditions that can severely compromise network infrastructure availability. The repeated triggering of the crash scenario causes the l2ald to continuously restart, creating a loop that prevents the device from maintaining stable Layer 2 forwarding operations. This disruption affects the device's ability to learn and maintain MAC address tables, which are fundamental to proper network switching operations. Network administrators face significant challenges as the device becomes unreliable for Layer 2 switching functions, potentially causing widespread network disruption for connected devices and applications that depend on stable switching operations. The vulnerability affects multiple product versions across different Junos OS releases, making it a widespread concern for organizations maintaining legacy systems.

Mitigation strategies for this vulnerability should focus on immediate patch application to affected versions, as outlined in Juniper's security advisories, which provide specific version numbers requiring updates. Network administrators should also implement monitoring solutions to detect unusual restart patterns in l2ald processes, enabling early identification of potential exploitation attempts. Additionally, implementing network segmentation and access controls to limit adjacent network access can reduce the attack surface for this vulnerability. The remediation process should include thorough testing of updated firmware in controlled environments before deployment to production networks. Organizations should also consider implementing automated alerting mechanisms for service restarts and process failures in the l2ald component, aligning with ATT&CK technique T1499.004 for network disruption attacks. Configuration reviews should ensure that telemetry services are properly secured and that unnecessary access to the device is restricted, reducing opportunities for exploitation. The vulnerability demonstrates the importance of robust error handling in network daemon processes and highlights the need for comprehensive testing of edge cases in network device software to prevent similar issues in the future.

Reservation

03/26/2024

Disclosure

04/12/2024

Moderation

accepted

CPE

ready

EPSS

0.00522

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!