CVE-2025-30646

April 9, 2025, 8:15 p.m.

6.5
Medium

Description

A Signed to Unsigned Conversion Error vulnerability in the Layer 2 Control Protocol daemon (l2cpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated adjacent attacker sending a specifically malformed LLDP TLV to cause the l2cpd process to crash and restart, causing a Denial of Service (DoS).  Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. When an LLDP telemetry subscription is active, receipt of a specifically malformed LLDP TLV causes the l2cpd process to crash and restart. This issue affects: Junos OS: * All versions before 21.2R3-S9,  * from 21.4 before 21.4R3-S10,  * from 22.2 before 22.2R3-S6,  * from 22.4 before 22.4R3-S6,  * from 23.2 before 23.2R2-S3,  * from 23.4 before 23.4R2-S4,  * from 24.2 before 24.2R2;  Junos OS Evolved:  * All versions before 21.4R3-S10-EVO, * from 22.2-EVO before 22.2R3-S6-EVO,  * from 22.4-EVO before 22.4R3-S6-EVO,  * from 23.2-EVO before 23.2R2-S3-EVO,  * from 23.4-EVO before 23.4R2-S4-EVO,  * from 24.2-EVO before 24.2R2-EVO.

Product(s) Impacted

Product Versions
junos_os
  • <21.2R3-S9
junos_os
  • <21.4R3-S10
junos_os
  • <22.2R3-S6
junos_os
  • <22.4R3-S6
junos_os
  • <23.2R2-S3
junos_os
  • <23.4R2-S4
junos_os
  • <24.2R2
junos_os_evolved
  • <21.4R3-S10-EVO
junos_os_evolved
  • <22.2R3-S6-EVO
junos_os_evolved
  • <22.4R3-S6-EVO
junos_os_evolved
  • <23.2R2-S3-EVO
junos_os_evolved
  • <23.4R2-S4-EVO
junos_os_evolved
  • <24.2R2-EVO

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-195
Signed to Unsigned Conversion Error
The product uses a signed primitive and performs a cast to an unsigned primitive, which can produce an unexpected value if the value of the signed primitive can not be represented using an unsigned primitive.

References

https://supportportal.juniper.net/JSA96456

Tags

sirt@juniper.net
CWE-195
2025-04-09
CVE-2025-30646

CVSS Score

6.5 / 10

CVSS Data - 3.1

  • Attack Vector: ADJACENT_NETWORK
  • Attack Complexity: LOW
  • Privileges Required: NONE
  • Scope: UNCHANGED
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: HIGH

    • CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

    View Vector String

Timeline

Published: April 9, 2025, 8:15 p.m.
Last Modified: April 9, 2025, 8:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

sirt@juniper.net

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.