DoS via Malformed BGP Update in Juniper Junos OS RPD Before 23.4R1-S2
CVE-2024-39555 Published on July 10, 2024
Junos OS and Junos OS Evolved: Receipt of a specific malformed BGP update causes the session to reset
An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker sending a specific malformed BGP update message to cause the session to reset, resulting in a Denial of Service (DoS). Continued receipt and processing of these malformed BGP update messages will create a sustained Denial of Service (DoS) condition.
Upon receipt of a BGP update message over an established BGP session containing a specifically malformed tunnel encapsulation attribute, when segment routing is enabled, internal processing of the malformed attributes within the update results in improper parsing of remaining attributes, leading to session reset:
BGP SEND Notification code 3 (Update Message Error) subcode 1 (invalid attribute list)
Only systems with segment routing enabled are vulnerable to this issue.
This issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations, and requires a remote attacker to have at least one established BGP session.
This issue affects:
Junos OS:
* All versions before 21.4R3-S8,
* from 22.2 before 22.2R3-S4,
* from 22.3 before 22.3R3-S3,
* from 22.4 before 22.4R3-S3,
* from 23.2 before 23.2R2-S1,
* from 23.4 before 23.4R1-S2, 23.4R2.
Junos OS Evolved:
* All versions before 21.4R3-S8-EVO,
* from 22.2-EVO before 22.2R3-S4-EVO,
* from 22.3-EVO before 22.3R3-S3-EVO,
* from 22.4-EVO before 22.4R3-S3-EVO,
* from 23.2-EVO before 23.2R2-S1-EVO,
* from 23.4-EVO before 23.4R1-S2-EVO, 23.4R2-EVO.
Vulnerability Analysis
CVE-2024-39555 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Weakness Type
Improper Handling of Exceptional Conditions
The software does not handle or incorrectly handles an exceptional condition.
Products Associated with CVE-2024-39555
stack.watch emails you whenever new vulnerabilities are published in Juniper Networks Junos or Juniper Networks Junos Os Evolved. Just hit a watch button to start following.
Affected Versions
Juniper Networks Junos OS:- Before 21.4R3-S8 is affected.
- Version 22.2 and below 22.2R3-S4 is affected.
- Version 22.3 and below 22.3R3-S3 is affected.
- Version 22.4 and below 22.4R3-S3 is affected.
- Version 23.2 and below 23.2R2-S1 is affected.
- Version 23.4 and below 23.4R1-S2, 23.4R2 is affected.
- Before 21.4R3-S8-EVO is affected.
- Version 22.2-EVO and below 22.2R3-S4-EVO is affected.
- Version 22.3-EVO and below 22.3R3-S3-EVO is affected.
- Version 22.4-EVO and below 22.4R3-S3-EVO is affected.
- Version 23.2-EVO and below 23.2R2-S1-EVO is affected.
- Version 23.4-EVO and below 23.4R1-S2-EVO, 23.4R2-EVO is affected.
- Before 21.4R3-S8 is affected.
- Version 22.2 and below 22.2R3-S4 is affected.
- Version 22.3 and below 22.3R3-S3 is affected.
- Version 22.4 and below 22.4R3-S3 is affected.
- Version 23.2 and below 23.2R2-S1 is affected.
- Version 23.4 and below 23.4R1-S2 is affected.
- Version 23.4 and below 23.4R2 is affected.
- Before 21.4R3-S8-EVO is affected.
- Version 22.2-EVO and below 22.2R3-S4-EVO is affected.
- Version 22.3-EVO and below 22.3R3-S3-EVO is affected.
- Version 22.4-EVO and below 22.4R3-S3-EVO is affected.
- Version 23.2-EVO and below 23.2R2-S1-EVO is affected.
- Version 23.4-EVO and below 23.4R1-S2-EVO is affected.
- Version 23.4-EVO and below 23.4R2-EVO is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.