{"{\"name\":\"Denial of Service (DoS) vulnerability in Routing Protocol Daemon (rpd)\",\"short_name\":\"DoS vulnerability in rpd\"}","{\"name\":\"All versions of Junos OS and Junos OS Evolved\",\"short_name\":\"All Junos versions\"}"}
CVE-2024-39528

5.7MEDIUM

Key Information:

Vendor: Juniper Networks
Status: Junos Os; Junos Os Evolved
Vendor: CVE Published:; 11 July 2024

Summary

A Use After Free vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an authenticated, network-based attacker to cause a Denial of Service (DoS).On all Junos OS and Junos Evolved platforms, if a routing-instance deactivation is triggered, and at the same time a specific SNMP request is received, a segmentation fault occurs which causes rpd to crash and restart.

This issue affects:

Junos OS:

All versions before 21.2R3-S8,
21.4 versions before 21.4R3-S5,
22.2 versions before 22.2R3-S3,
22.3 versions before 22.3R3-S2,
22.4 versions before 22.4R3,
23.2 versions before 23.2R2.

Junos OS Evolved:

All versions before 21.2R3-S8-EVO,
21.4-EVO versions before 21.4R3-S5-EVO,
22.2-EVO versions before 22.2R3-S3-EVO,
22.3-EVO versions before 22.3R3-S2-EVO,
22.4-EVO versions before 22.4R3-EVO,
23.2-EVO versions before 23.2R2-EVO.

Affected Version(s)

Junos OS 0 < 21.2R3-S8

Junos OS 21.4 < 21.4R3-S5

Junos OS 22.2 < 22.2R3-S3

References

https://supportportal.juniper.net/JSA82987

vendor-advisory

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 11, 2024
Vulnerability Reserved
Jun 25, 2024