PT-2024-5543 · Juniper Networks · Junos+1
Published
2024-06-25
·
Updated
2024-07-11
·
CVE-2024-39514
CVSS v4.0
7.1
High
| Vector | AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Junos OS versions prior to 20.4R3-S10
Junos OS versions from 21.4 before 21.4R3-S6
Junos OS versions from 22.1 before 22.1R3-S5
Junos OS versions from 22.2 before 22.2R3-S3
Junos OS versions from 22.3 before 22.3R3-S2
Junos OS versions from 22.4 before 22.4R3
Junos OS versions from 23.2 before 23.2R2
Junos OS Evolved versions prior to 20.4R3-S10-EVO
Junos OS Evolved versions from 21.4-EVO before 21.4R3-S6-EVO
Junos OS Evolved versions from 22.1-EVO before 22.1R3-S5-EVO
Junos OS Evolved versions from 22.2-EVO before 22.2R3-S3-EVO
Junos OS Evolved versions from 22.3-EVO before 22.3R3-S2-EVO
Junos OS Evolved versions from 22.4-EVO before 22.4R3-EVO
Junos OS Evolved versions from 23.2-EVO before 23.2R2-EVO
Description
An Improper Check or Handling of Exceptional Conditions issue in the Routing Protocol Daemon (rpd) of Juniper Networks Junos and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS) by sending specific traffic to the device, which causes the rpd to crash and restart. This issue only affects devices with an EVPN-VPWS instance with IGMP-snooping enabled.
Recommendations
For Junos OS versions prior to 20.4R3-S10, update to version 20.4R3-S10 or later.
For Junos OS versions from 21.4 before 21.4R3-S6, update to version 21.4R3-S6 or later.
For Junos OS versions from 22.1 before 22.1R3-S5, update to version 22.1R3-S5 or later.
For Junos OS versions from 22.2 before 22.2R3-S3, update to version 22.2R3-S3 or later.
For Junos OS versions from 22.3 before 22.3R3-S2, update to version 22.3R3-S2 or later.
For Junos OS versions from 22.4 before 22.4R3, update to version 22.4R3 or later.
For Junos OS versions from 23.2 before 23.2R2, update to version 23.2R2 or later.
For Junos OS Evolved versions prior to 20.4R3-S10-EVO, update to version 20.4R3-S10-EVO or later.
For Junos OS Evolved versions from 21.4-EVO before 21.4R3-S6-EVO, update to version 21.4R3-S6-EVO or later.
For Junos OS Evolved versions from 22.1-EVO before 22.1R3-S5-EVO, update to version 22.1R3-S5-EVO or later.
For Junos OS Evolved versions from 22.2-EVO before 22.2R3-S3-EVO, update to version 22.2R3-S3-EVO or later.
For Junos OS Evolved versions from 22.3-EVO before 22.3R3-S2-EVO, update to version 22.3R3-S2-EVO or later.
For Junos OS Evolved versions from 22.4-EVO before 22.4R3-EVO, update to version 22.4R3-EVO or later.
For Junos OS Evolved versions from 23.2-EVO before 23.2R2-EVO, update to version 23.2R2-EVO or later.
Fix
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Junos
Junos Evolved