Denial of Service Vulnerability in Juniper Networks Junos OS and Junos OS Evolved
CVE-2025-21602

6.5MEDIUM

Key Information:

Vendor: Juniper Networks
Status: Junos OS and Junos OS Evolved
Vendor: CVE Published:; 9 January 2025

Summary

An Improper Handling of Exceptional Conditions vulnerability exists within the routing protocol daemon (rpd) of Juniper Networks’ Junos OS and Junos OS Evolved. By sending a specially crafted BGP update packet, an unauthenticated attacker can trigger a crash and subsequent restart of the rpd. This vulnerability is applicable to both iBGP and eBGP communications over IPv4 and IPv6. Continuous processing of this specific packet can lead to a sustained Denial of Service condition.

References

https://supportportal.juniper.net/JSA92872

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 9, 2025