CVE-2024-30390

An Improper Restriction of Excessive Authentication Attempts vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a limited Denial of Service (DoS) to the management plane.

When an incoming connection was blocked because it exceeded the connections-per-second rate-limit, the system doesn't consider existing connections anymore for subsequent connection attempts so that the connection limit can be exceeded. This issue affects Junos OS Evolved:

All versions before 21.4R3-S4-EVO,
22.1-EVO versions before 22.1R3-S3-EVO,
22.2-EVO versions before 22.2R3-S2-EVO,
22.3-EVO versions before 22.3R2-S1-EVO, 22.3R3-EVO.

Published: Apr 12, 2024
Updated: May 17, 2024
CVE: CVE-2024-30390
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWEs:

CWE-307

Affected Software
References

Software	From	Fixed in
juniper / junos_os_evolved	21.4-r1	21.4-r1.x
juniper / junos_os_evolved	21.4-r1-s1	21.4-r1-s1.x
juniper / junos_os_evolved	21.4	21.4.x
juniper / junos_os_evolved	22.1-r1	22.1-r1.x
juniper / junos_os_evolved	21.4-r2	21.4-r2.x
juniper / junos_os_evolved	21.4-r2-s1	21.4-r2-s1.x
juniper / junos_os_evolved	21.4-r1-s2	21.4-r1-s2.x
juniper / junos_os_evolved	21.4-r2-s2	21.4-r2-s2.x
juniper / junos_os_evolved	21.4-r3	21.4-r3.x
juniper / junos_os_evolved	21.4-r3-s1	21.4-r3-s1.x
juniper / junos_os_evolved	21.4-r3-s2	21.4-r3-s2.x
juniper / junos_os_evolved	22.1-r1-s1	22.1-r1-s1.x
juniper / junos_os_evolved	22.1-r1-s2	22.1-r1-s2.x
juniper / junos_os_evolved	22.1-r2	22.1-r2.x
juniper / junos_os_evolved	22.2-r1	22.2-r1.x
juniper / junos_os_evolved	22.2-r1-s1	22.2-r1-s1.x
juniper / junos_os_evolved	22.2-r2	22.2-r2.x
juniper / junos_os_evolved	22.3-r1	22.3-r1.x
juniper / junos_os_evolved	-	21.4
juniper / junos_os_evolved	21.4-r3-s3	21.4-r3-s3.x
juniper / junos_os_evolved	22.1	22.1.x
juniper / junos_os_evolved	22.1-r2-s1	22.1-r2-s1.x
juniper / junos_os_evolved	22.1-r3	22.1-r3.x
juniper / junos_os_evolved	22.1-r3-s1	22.1-r3-s1.x
juniper / junos_os_evolved	22.1-r3-s2	22.1-r3-s2.x
juniper / junos_os_evolved	22.2	22.2.x
juniper / junos_os_evolved	22.2-r1-s2	22.2-r1-s2.x
juniper / junos_os_evolved	22.2-r2-s1	22.2-r2-s1.x
juniper / junos_os_evolved	22.2-r2-s2	22.2-r2-s2.x
juniper / junos_os_evolved	22.2-r3	22.2-r3.x
juniper / junos_os_evolved	22.2-r3-s1	22.2-r3-s1.x
juniper / junos_os_evolved	22.3	22.3.x
juniper / junos_os_evolved	22.3-r1-s1	22.3-r1-s1.x
juniper / junos_os_evolved	22.3-r1-s2	22.3-r1-s2.x
juniper / junos_os_evolved	22.3-r2	22.3-r2.x

Vulnerability Database

289,697

CVE-2024-30390