{"Improper Handling of Exceptional Conditions leads to Denial of Service (DoS)","Juniper Networks Junos OS and Junos OS Evolved affected by DoS vulnerability"}
CVE-2024-47491

5.9MEDIUM

Key Information:

Vendor: Juniper Networks
Status: Junos Os; Junos Os Evolved
Vendor: CVE Published:; 11 October 2024

Summary

A vulnerability exists in Juniper Networks' Junos OS and Junos OS Evolved due to improper handling of exceptional conditions within the Routing Protocol Daemon (rpd). This flaw can be exploited by a network-based, unauthenticated attacker sending a specially crafted BGP UPDATE with malformed path attributes. When triggered, this vulnerability causes the Routing Protocol Daemon to crash and subsequently restart, leading to a sustained Denial of Service (DoS) condition. Both 32-bit and 64-bit systems are susceptible to this issue, with a notably lower occurrence on 64-bit systems. Users can verify their system architecture using the 'show version detail' command.

Affected Version(s)

Junos OS 0 < 21.4R3-S8

Junos OS 22.2 < 22.2R3-S4

Junos OS 22.4 < 22.4R3-S3

References

https://supportportal.juniper.net/

vendor-advisory

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 11, 2024
Vulnerability Reserved
Sep 25, 2024

Collectors

NVD DatabaseMitre Database