{"{\"name\":\"Denial of Service (DoS) vulnerability in Routing Protocol Daemon (rpd)\",\"short_name\":\"DoS vulnerability in rpd\"}","{\"name\":\"All versions of Junos OS and Junos OS Evolved\",\"short_name\":\"All Junos versions\"}"}

CVE-2024-39528

5.7MEDIUM

Key Information

Vendor: Juniper Networks
Status: Junos Os; Junos Os Evolved
Vendor: CVE Published:; 11 July 2024

Badges

👾 Exploit Exists

Summary

A Use After Free vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an authenticated, network-based attacker to cause a Denial of Service (DoS).On all Junos OS and Junos Evolved platforms, if a routing-instance deactivation is triggered, and at the same time a specific SNMP request is received, a segmentation fault occurs which causes rpd to crash and restart. This issue affects: Junos OS: * All versions before 21.2R3-S8, * 21.4 versions before 21.4R3-S5, * 22.2 versions before 22.2R3-S3, * 22.3 versions before 22.3R3-S2, * 22.4 versions before 22.4R3, * 23.2 versions before 23.2R2. Junos OS Evolved: * All versions before 21.2R3-S8-EVO, * 21.4-EVO versions before 21.4R3-S5-EVO, * 22.2-EVO versions before 22.2R3-S3-EVO, * 22.3-EVO versions before 22.3R3-S2-EVO, * 22.4-EVO versions before 22.4R3-EVO, * 23.2-EVO versions before 23.2R2-EVO.

Affected Version(s)

Junos OS < 21.2R3-S8

Junos OS < 21.4R3-S5

Junos OS < 22.2R3-S3

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published.
Jul 11, 2024
Vulnerability Reserved.
Jun 25, 2024
👾
Exploit exists.
Jan 1, 1970

Collectors

NVD DatabaseMitre Database