Improper Handling of Exceptional Conditions in Routing Protocol Daemon (rpd) Could Lead to Denial-of-Service (DoS)
CVE-2024-39541

6.5MEDIUM

Key Information:

Vendor

Juniper Networks
Status
Junos Os
Junos Os Evolved
Vendor
CVE Published:
11 July 2024

What is CVE-2024-39541?

An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).

When conflicting information (IP or ISO addresses) about a node is added to the Traffic Engineering (TE) database and then a subsequent operation attempts to process these, rpd will crash and restart.

This issue affects:

Junos OS:

  • 22.4 versions before 22.4R3-S1,
  • 23.2 versions before 23.2R2, 
  • 23.4 versions before 23.4R1-S1, 23.4R2, 

This issue does not affect Junos OS versions earlier than 22.4R1.

Junos OS Evolved:

  • 22.4-EVO versions before 22.4R3-S2-EVO,
  • 23.2-EVO versions before 23.2R2-EVO,
  • 23.4-EVO versions before 23.4R1-S1-EVO, 23.4R2-EVO,

This issue does not affect Junos OS Evolved versions earlier than

before 22.4R1.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Junos OS 22.4 < 22.4R3-S1

Junos OS 23.2 < 23.2R2

Junos OS 23.4 < 23.4R1-S1, 23.4R2

References

https://supportportal.juniper.net/JSA83001
vendor-advisory

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.