CVE-2024-39558

Name of the Vulnerable Software and Affected Versions: Junos OS versions prior to 20.4R3-S10 Junos OS versions from 21.2 before 21.2R3-S7 Junos OS versions from 21.4 before 21.4R3-S6 Junos OS versions from 22.1 before 22.1R3-S5 Junos OS versions from 22.2 before 22.2R3-S3 Junos OS versions from 22.3 before 22.3R3 Junos OS versions from 22.4 before 22.4R2 Junos OS Evolved versions prior to 20.4R3-S10-EVO Junos OS Evolved versions of 21.2-EVO Junos OS Evolved versions from 21.4-EVO before 21.4R3-S9-EVO Junos OS Evolved versions from 22.1-EVO before 22.1R3-S5-EVO Junos OS Evolved versions from 22.2-EVO before 22.2R3-S3-EVO Junos OS Evolved versions from 22.3-EVO before 22.3R3-EVO Junos OS Evolved versions from 22.4-EVO before 22.4R2-EVO

Description: The issue is related to an Unchecked Return Value vulnerability in the Routing Protocol Daemon (rpd) on Juniper Networks Junos OS and Juniper Networks Junos OS Evolved. This vulnerability allows a logically adjacent, unauthenticated attacker to cause rpd to crash and restart by sending a specific PIM packet, resulting in a Denial of Service (DoS) when PIM is configured with Multicast-only Fast Reroute (MoFRR). Continued receipt and processing of this packet may create a sustained Denial of Service (DoS) condition. The issue is observed on Junos and Junos Evolved platforms where PIM is configured along with MoFRR, and it is caused by an internal timing issue that prevents rpd from selecting the forwarding next-hop towards the source.

Recommendations: For Junos OS versions prior to 20.4R3-S10, update to version 20.4R3-S10 or later. For Junos OS versions from 21.2 before 21.2R3-S7, update to version 21.2R3-S7 or later. For Junos OS versions from 21.4 before 21.4R3-S6, update to version 21.4R3-S6 or later. For Junos OS versions from 22.1 before 22.1R3-S5, update to version 22.1R3-S5 or later. For Junos OS versions from 22.2 before 22.2R3-S3, update to version 22.2R3-S3 or later. For Junos OS versions from 22.3 before 22.3R3, update to version 22.3R3 or later. For Junos OS versions from 22.4 before 22.4R2, update to version 22.4R2 or later. For Junos OS Evolved versions prior to 20.4R3-S10-EVO, update to version 20.4R3-S10-EVO or later. For Junos OS Evolved versions of 21.2-EVO, update to a version that is not affected. For Junos OS Evolved versions from 21.4-EVO before 21.4R3-S9-EVO, update to version 21.4R3-S9-EVO or later. For Junos OS Evolved versions from 22.1-EVO before 22.1R3-S5-EVO, update to version 22.1R3-S5-EVO or later. For Junos OS Evolved versions from 22.2-EVO before 22.2R3-S3-EVO, update to version 22.2R3-S3-EVO or later. For Junos OS Evolved versions from 22.3-EVO before 22.3R3-EVO, update to version 22.3R3-EVO or later. For Junos OS Evolved versions from 22.4-EVO before 22.4R2-EVO, update to version 22.4R2-EVO or later.