PT-2024-2852 · Juniper Networks · Junos+1

Published

2024-04-10

·

Updated

2024-05-16

·

CVE-2024-30395

CVSS v4.0

8.7

High

VectorAV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Name of the Vulnerable Software and Affected Versions Junos OS versions prior to 21.2R3-S7 Junos OS versions from 21.3 before 21.3R3-S5 Junos OS versions from 21.4 before 21.4R3-S5 Junos OS versions from 22.1 before 22.1R3-S5 Junos OS versions from 22.2 before 22.2R3-S3 Junos OS versions from 22.3 before 22.3R3-S2 Junos OS versions from 22.4 before 22.4R3 Junos OS versions from 23.2 before 23.2R1-S2, 23.2R2 Junos OS Evolved versions prior to 21.2R3-S7-EVO Junos OS Evolved versions from 21.3-EVO before 21.3R3-S5-EVO Junos OS Evolved versions from 21.4-EVO before 21.4R3-S5-EVO Junos OS Evolved versions from 22.2-EVO before 22.2R3-S3-EVO Junos OS Evolved versions from 22.3-EVO before 22.3R3-S2-EVO Junos OS Evolved versions from 22.4-EVO before 22.4R3-EVO Junos OS Evolved versions from 23.2-EVO before 23.2R1-S2-EVO, 23.2R2-EVO
Description The issue is related to an Improper Validation of Specified Type of Input vulnerability in the Routing Protocol Daemon (RPD) of Junos OS and Junos OS Evolved. This vulnerability allows an unauthenticated, network-based attacker to cause Denial of Service (DoS) by sending a BGP update with a specifically malformed TLV in the tunnel encapsulation attribute over an established BGP session, causing the rpd to crash and restart.
Recommendations For Junos OS versions prior to 21.2R3-S7, update to version 21.2R3-S7 or later. For Junos OS versions from 21.3 before 21.3R3-S5, update to version 21.3R3-S5 or later. For Junos OS versions from 21.4 before 21.4R3-S5, update to version 21.4R3-S5 or later. For Junos OS versions from 22.1 before 22.1R3-S5, update to version 22.1R3-S5 or later. For Junos OS versions from 22.2 before 22.2R3-S3, update to version 22.2R3-S3 or later. For Junos OS versions from 22.3 before 22.3R3-S2, update to version 22.3R3-S2 or later. For Junos OS versions from 22.4 before 22.4R3, update to version 22.4R3 or later. For Junos OS versions from 23.2 before 23.2R1-S2, 23.2R2, update to version 23.2R1-S2, 23.2R2 or later. For Junos OS Evolved versions prior to 21.2R3-S7-EVO, update to version 21.2R3-S7-EVO or later. For Junos OS Evolved versions from 21.3-EVO before 21.3R3-S5-EVO, update to version 21.3R3-S5-EVO or later. For Junos OS Evolved versions from 21.4-EVO before 21.4R3-S5-EVO, update to version 21.4R3-S5-EVO or later. For Junos OS Evolved versions from 22.2-EVO before 22.2R3-S3-EVO, update to version 22.2R3-S3-EVO or later. For Junos OS Evolved versions from 22.3-EVO before 22.3R3-S2-EVO, update to version 22.3R3-S2-EVO or later. For Junos OS Evolved versions from 22.4-EVO before 22.4R3-EVO, update to version 22.4R3-EVO or later. For Junos OS Evolved versions from 23.2-EVO before 23.2R1-S2-EVO, 23.2R2-EVO, update to version 23.2R1-S2-EVO, 23.2R2-EVO or later.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-1287

Related Identifiers

BDU:2024-03000
CVE-2024-30395

Affected Products

Junos
Junos Evolved