Improper Handling of Exceptional Conditions in Routing Protocol Daemon (rpd) Could Lead to Denial-of-Service (DoS)
CVE-2024-39541

6.5MEDIUM

Key Information:

Vendor: Juniper Networks
Status: Junos Os; Junos Os Evolved
Vendor: CVE Published:; 11 July 2024

🔔 Create Juniper Networks Vulnerability Alert

What is CVE-2024-39541?

An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).

When conflicting information (IP or ISO addresses) about a node is added to the Traffic Engineering (TE) database and then a subsequent operation attempts to process these, rpd will crash and restart.

This issue affects:

Junos OS:

22.4 versions before 22.4R3-S1,
23.2 versions before 23.2R2,
23.4 versions before 23.4R1-S1, 23.4R2,

This issue does not affect Junos OS versions earlier than 22.4R1.

Junos OS Evolved:

22.4-EVO versions before 22.4R3-S2-EVO,
23.2-EVO versions before 23.2R2-EVO,
23.4-EVO versions before 23.4R1-S1-EVO, 23.4R2-EVO,

This issue does not affect Junos OS Evolved versions earlier than

before 22.4R1.

Affected Version(s)

Junos OS 22.4 < 22.4R3-S1

Junos OS 23.2 < 23.2R2

Junos OS 23.4 < 23.4R1-S1, 23.4R2

References

https://supportportal.juniper.net/JSA83001

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 11, 2024
Vulnerability Reserved
Jun 25, 2024