CVE-2024-39525

Name of the Vulnerable Software and Affected Versions Junos OS versions prior to 21.2R3-S8 Junos OS versions from 21.4 before 21.4R3-S8 Junos OS versions from 22.2 before 22.2R3-S4 Junos OS versions from 22.3 before 22.3R3-S4 Junos OS versions from 22.4 before 22.4R3-S3 Junos OS versions from 23.2 before 23.2R2-S1 Junos OS versions from 23.4 before 23.4R2 Junos OS Evolved versions prior to 21.2R3-S8-EVO Junos OS Evolved versions from 21.4-EVO before 21.4R3-S8-EVO Junos OS Evolved versions from 22.2-EVO before 22.2R3-S4-EVO Junos OS Evolved versions from 22.3-EVO before 22.3R3-S4-EVO Junos OS Evolved versions from 22.4-EVO before 22.4R3-S3-EVO Junos OS Evolved versions from 23.2-EVO before 23.2R2-S1-EVO Junos OS Evolved versions from 23.4-EVO before 23.4R2-EVO

Description The issue is related to an improper handling of exceptional conditions in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved. This allows an unauthenticated network-based attacker to cause a Denial of Service (DoS) by sending a specific BGP packet. The issue only affects systems with BGP traceoptions enabled and requires a BGP session to be already established. Both iBGP and eBGP, as well as IPv4 and IPv6, are affected by this issue.

Recommendations Update Junos OS to version 21.2R3-S8 or later Update Junos OS to version 21.4R3-S8 or later for versions from 21.4 Update Junos OS to version 22.2R3-S4 or later for versions from 22.2 Update Junos OS to version 22.3R3-S4 or later for versions from 22.3 Update Junos OS to version 22.4R3-S3 or later for versions from 22.4 Update Junos OS to version 23.2R2-S1 or later for versions from 23.2 Update Junos OS to version 23.4R2 or later for versions from 23.4 Update Junos OS Evolved to version 21.2R3-S8-EVO or later Update Junos OS Evolved to version 21.4R3-S8-EVO or later for versions from 21.4-EVO Update Junos OS Evolved to version 22.2R3-S4-EVO or later for versions from 22.2-EVO Update Junos OS Evolved to version 22.3R3-S4-EVO or later for versions from 22.3-EVO Update Junos OS Evolved to version 22.4R3-S3-EVO or later for versions from 22.4-EVO Update Junos OS Evolved to version 23.2R2-S1-EVO or later for versions from 23.2-EVO Update Junos OS Evolved to version 23.4R2-EVO or later for versions from 23.4-EVO As a temporary workaround, consider disabling BGP traceoptions until a patch is available.