Home

Description

An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a network based, unauthenticated attacker to cause the RPD process to crash leading to a Denial of Service (DoS). When a malformed BGP UPDATE packet is received over an established BGP session, RPD crashes and restarts. Continuous receipt of the malformed BGP UPDATE messages will create a sustained Denial of Service (DoS) condition for impacted devices. This issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations. This issue requires a remote attacker to have at least one established BGP session. This issue affects: Juniper Networks Junos OS: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S6; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R2. Juniper Networks Junos OS Evolved: * All versions earlier than 21.2R3-S7; * 21.3-EVO versions earlier than 21.3R3-S5; * 21.4-EVO versions earlier than 21.4R3-S8; * 22.1-EVO versions earlier than 22.1R3-S4; * 22.2-EVO versions earlier than 22.2R3-S3; * 22.3-EVO versions earlier than 22.3R3-S2; * 22.4-EVO versions earlier than 22.4R3; * 23.2-EVO versions earlier than 23.2R2.

PUBLISHED Reserved 2024-06-25 | Published 2024-07-11 | Updated 2024-08-02 | Assigner juniper




HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/R:A

Problem types

CWE-755 Improper Handling of Exceptional Conditions

Product status

Default status
unaffected

Any version before 20.4R3-S9
affected

21.2 (semver) before 21.2R3-S7
affected

21.3 (semver) before 21.3R3-S6
affected

21.4 (semver) before 21.4R3-S6
affected

22.1 (semver) before 22.1R3-S4
affected

22.2 (semver) before 22.2R3-S3
affected

22.3 (semver) before 22.3R3-S2
affected

22.4 (semver) before 22.4R3
affected

23.2 (semver) before 23.2R2
affected

Default status
unaffected

Any version before 21.2R3-S7-EVO
affected

21.3-EVO (semver) before 21.3R3-S5-EVO
affected

21.4-EVO (semver) before 21.4R3-S8-EVO
affected

22.1-EVO (semver) before 22.1R3-S4-EVO
affected

22.2-EVO (semver) before 22.2R3-S3-EVO
affected

22.3-EVO (semver) before 22.3R3-S2-EVO
affected

22.4-EVO (semver) before 22.4R3-EVO
affected

23.2-EVO (semver) before 23.2R2-EVO
affected

23.4-EVO (semver) before 23.4R1-EVO
affected

Credits

Juniper SIRT would like to acknowledge and thank Matteo Memilli (mmemelli@amazon.com) from Amazon for responsibly reporting this vulnerability. reporter

References

supportportal.juniper.net/JSA75726 vendor-advisory

supportportal.juniper.net/JSA75726 vendor-advisory

cve.org (CVE-2024-39552)

nvd.nist.gov (CVE-2024-39552)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.