CVE-2024-47491

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions prior to 21.4R3-S8 Juniper Networks Junos OS versions from 22.2 before 22.2R3-S4 Juniper Networks Junos OS versions from 22.4 before 22.4R3-S3 Juniper Networks Junos OS versions from 23.2 before 23.2R2-S1 Juniper Networks Junos OS versions from 23.4 before 23.4R1-S2, 23.4R2 Juniper Networks Junos OS Evolved versions prior to 21.4R3-S8-EVO Juniper Networks Junos OS Evolved versions from 22.2 before 22.2R3-S4-EVO Juniper Networks Junos OS Evolved versions from 22.4 before 22.4R3-S3-EVO Juniper Networks Junos OS Evolved versions from 23.2 before 23.2R2-S1-EVO Juniper Networks Junos OS Evolved versions from 23.4 before 23.4R1-S2-EVO, 23.4R2-EVO

Description The issue is related to an Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved. This vulnerability allows a network-based, unauthenticated attacker to cause Denial of Service (DoS) by sending a BGP UPDATE with a malformed path attribute over an established BGP session, causing the rpd to crash and restart. Continuous receipt of such a BGP UPDATE will create a sustained Denial of Service (DoS) condition for impacted devices. The probability of impact on 64-bit systems is extremely low.

Recommendations For Juniper Networks Junos OS versions prior to 21.4R3-S8, update to version 21.4R3-S8 or later. For Juniper Networks Junos OS versions from 22.2 before 22.2R3-S4, update to version 22.2R3-S4 or later. For Juniper Networks Junos OS versions from 22.4 before 22.4R3-S3, update to version 22.4R3-S3 or later. For Juniper Networks Junos OS versions from 23.2 before 23.2R2-S1, update to version 23.2R2-S1 or later. For Juniper Networks Junos OS versions from 23.4 before 23.4R1-S2, 23.4R2, update to version 23.4R1-S2 or later. For Juniper Networks Junos OS Evolved versions prior to 21.4R3-S8-EVO, update to version 21.4R3-S8-EVO or later. For Juniper Networks Junos OS Evolved versions from 22.2 before 22.2R3-S4-EVO, update to version 22.2R3-S4-EVO or later. For Juniper Networks Junos OS Evolved versions from 22.4 before 22.4R3-S3-EVO, update to version 22.4R3-S3-EVO or later. For Juniper Networks Junos OS Evolved versions from 23.2 before 23.2R2-S1-EVO, update to version 23.2R2-S1-EVO or later. For Juniper Networks Junos OS Evolved versions from 23.4 before 23.4R1-S2-EVO, 23.4R2-EVO, update to version 23.4R1-S2-EVO or later.