CVE-2024-21618

Summary

CVE-2024-21618 is an Access of Memory Location After End of Buffer vulnerability in Juniper Networks' Layer-2 Control Protocols Daemon (l2cpd) found in Junos OS and Junos OS Evolved. This issue allows an unauthenticated, adjacent attacker to trigger a Denial of Service (DoS) event. Specifically, when LLDP is enabled on a vulnerable interface, a malformed LLDP packet can cause l2cpd to crash and restart, leading to the reinitialization of STP protocols (RSTP, MSTP, or VSTP), MVRP, and ERP. Additionally, any services that depend on LLDP state, such as PoE or VoIP device recognition, will also be affected. The vulnerability impacts various versions of Junos OS and Junos OS Evolved, but not Junos OS versions prior to 21.4R1 or Junos OS Evolved versions prior to 21.4R1-EVO.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.