Juniper JunOS rpd DoS Vulnerability (All <20.4R3-S10, 21.4<21.4R3-S6)
CVE-2024-39514 Published on July 10, 2024
Junos OS and Junos OS Evolved: Receiving specific traffic on devices with EVPN-VPWS with IGMP-snooping enabled will cause the rpd to crash
An Improper Check or Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).
An attacker can send specific traffic to the device, which causes the rpd to crash and restart. Continued receipt of this traffic will result in a sustained DoS condition.
This issue only affects devices with an EVPN-VPWS instance with IGMP-snooping enabled.
This issue affects Junos OS:
* All versions before 20.4R3-S10,
* from 21.4 before 21.4R3-S6,
* from 22.1 before 22.1R3-S5,
* from 22.2 before 22.2R3-S3,
* from 22.3 before 22.3R3-S2,
* from 22.4 before 22.4R3,
* from 23.2 before 23.2R2;
Junos OS Evolved:
* All versions before 20.4R3-S10-EVO,
* from 21.4-EVO before 21.4R3-S6-EVO,
* from 22.1-EVO before 22.1R3-S5-EVO,
* from 22.2-EVO before 22.2R3-S3-EVO,
* from 22.3-EVO before 22.3R3-S2-EVO,
* from 22.4-EVO before 22.4R3-EVO,
* from 23.2-EVO before 23.2R2-EVO.
Vulnerability Analysis
Weakness Type
Improper Check or Handling of Exceptional Conditions
The software does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the software.
Products Associated with CVE-2024-39514
stack.watch emails you whenever new vulnerabilities are published in Juniper Networks Junos or Juniper Networks Junos Os Evolved. Just hit a watch button to start following.
Affected Versions
Juniper Networks Junos OS:- Before 20.4R3-S10 is affected.
- Version 21.4 and below 21.4R3-S6 is affected.
- Version 22.1 and below 22.1R3-S5 is affected.
- Version 22.2 and below 22.2R3-S3 is affected.
- Version 22.3 and below 22.3R3-S2 is affected.
- Version 22.4 and below 22.4R3 is affected.
- Version 23.2 and below 23.2R2 is affected.
- Before 20.4R3-S10-EVO is affected.
- Version 21.4-EVO and below 21.4R3-S6-EVO is affected.
- Version 22.1-EVO and below 22.1R3-S5-EVO is affected.
- Version 22.2-EVO and below 22.2R3-S3-EVO is affected.
- Version 22.3-EVO and below 22.3R3-S2-EVO is affected.
- Version 22.4-EVO and below 22.4R3-EVO is affected.
- Version 23.2-EVO and below 23.2R2-EVO is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.