PT-2024-28524 · Juniper Networks · Junos+1
Published
2024-07-10
·
Updated
2024-07-11
·
CVE-2024-39543
CVSS v4.0
7.1
High
| Vector | AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:A/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Junos OS versions prior to 21.2R3-S8
Junos OS versions from 21.4 before 21.4R3-S8
Junos OS versions from 22.2 before 22.2R3-S4
Junos OS versions from 22.3 before 22.3R3-S3
Junos OS versions from 22.4 before 22.4R3-S2
Junos OS versions from 23.2 before 23.2R2-S1
Junos OS versions from 23.4 before 23.4R2
Junos OS Evolved versions prior to 21.2R3-S8-EVO
Junos OS Evolved versions from 21.4 before 21.4R3-S8-EVO
Junos OS Evolved versions from 22.2 before 22.2R3-S4-EVO
Junos OS Evolved versions from 22.3 before 22.3R3-S3-EVO
Junos OS Evolved versions from 22.4 before 22.4R3-S2-EVO
Junos OS Evolved versions from 23.2 before 23.2R2-S1-EVO
Junos OS Evolved versions from 23.4 before 23.4R2-EVO
Description
A Buffer Copy without Checking Size of Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to send specific RPKI-RTR packets resulting in a crash, creating a Denial of Service (DoS) condition. Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.
Recommendations
For Junos OS versions prior to 21.2R3-S8, update to version 21.2R3-S8 or later.
For Junos OS versions from 21.4 before 21.4R3-S8, update to version 21.4R3-S8 or later.
For Junos OS versions from 22.2 before 22.2R3-S4, update to version 22.2R3-S4 or later.
For Junos OS versions from 22.3 before 22.3R3-S3, update to version 22.3R3-S3 or later.
For Junos OS versions from 22.4 before 22.4R3-S2, update to version 22.4R3-S2 or later.
For Junos OS versions from 23.2 before 23.2R2-S1, update to version 23.2R2-S1 or later.
For Junos OS versions from 23.4 before 23.4R2, update to version 23.4R2 or later.
For Junos OS Evolved versions prior to 21.2R3-S8-EVO, update to version 21.2R3-S8-EVO or later.
For Junos OS Evolved versions from 21.4 before 21.4R3-S8-EVO, update to version 21.4R3-S8-EVO or later.
For Junos OS Evolved versions from 22.2 before 22.2R3-S4-EVO, update to version 22.2R3-S4-EVO or later.
For Junos OS Evolved versions from 22.3 before 22.3R3-S3-EVO, update to version 22.3R3-S3-EVO or later.
For Junos OS Evolved versions from 22.4 before 22.4R3-S2-EVO, update to version 22.4R3-S2-EVO or later.
For Junos OS Evolved versions from 23.2 before 23.2R2-S1-EVO, update to version 23.2R2-S1-EVO or later.
For Junos OS Evolved versions from 23.4 before 23.4R2-EVO, update to version 23.4R2-EVO or later.
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Junos
Junos Evolved