CVE-2024-39554

Name of the Vulnerable Software and Affected Versions Junos OS versions 21.1 through 23.2 before 23.2R2 Junos OS Evolved versions 21.1-EVO through 23.2-EVO before 23.2R2-EVO

Description The issue is related to a Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved. This vulnerability allows an unauthenticated, network-based attacker to inject incremental routing updates when BGP multipath is enabled, causing rpd to crash and restart, resulting in a Denial of Service (DoS). The successful exploitation of this vulnerability is outside the attacker's control, but continued receipt and processing of this packet may create a sustained Denial of Service (DoS) condition.

Recommendations For Junos OS versions 21.1 through 23.2 before 23.2R2, update to version 23.2R2 or later to resolve the issue. For Junos OS Evolved versions 21.1-EVO through 23.2-EVO before 23.2R2-EVO, update to version 23.2R2-EVO or later to resolve the issue. As a temporary workaround, consider disabling BGP multipath to minimize the risk of exploitation.