CVE-2024-39547

EPSS 0.05%
Veröffentlicht 11.10.2024 16:15:07
Zuletzt bearbeitet 15.10.2024 12:58:51
Quelle sirt@juniper.net
Teams Watchlist Login
Unerledigt Login

An Improper Handling of Exceptional Conditions vulnerability in the rpd-server of Juniper Networks Junos OS and Junos OS Evolved within cRPD allows an unauthenticated network-based attacker sending crafted TCP traffic to the routing engine (RE) to cause a CPU-based Denial of Service (DoS).

If specially crafted TCP traffic is received by the control plane, or a TCP session terminates unexpectedly, it will cause increased control plane CPU utilization by the rpd-server process.

While not explicitly required, the impact is more severe when RIB sharding is enabled.

Task accounting shows unexpected reads by the RPD Server jobs for shards:

user@junos> show task accounting detail
...
read:RPD Server.0.0.0.0+780.192.168.0.78+48886 TOT:00000003.00379787 MAX:00000000.00080516 RUNS: 233888\
read:RPD Server.0.0.0.0+780.192.168.0.78+49144 TOT:00000004.00007565 MAX:00000000.00080360 RUNS: 233888\
read:RPD Server.0.0.0.0+780.192.168.0.78+49694 TOT:00000003.00600584 MAX:00000000.00080463 RUNS: 233888\
read:RPD Server.0.0.0.0+780.192.168.0.78+50246 TOT:00000004.00346998 MAX:00000000.00080338 RUNS: 233888\



This issue affects:

Junos OS with cRPD: 

  *  All versions before 21.2R3-S8, 
  *  21.4 before 21.4R3-S7, 
  *  22.1 before 22.1R3-S6, 
  *  22.2 before 22.2R3-S4, 
  *  22.3 before 22.3R3-S3, 
  *  22.4 before 22.4R3-S2, 
  *  23.2 before 23.2R2-S2, 
  *  24.2 before 24.2R2; 


Junos OS Evolved with cRPD: 

  *  All versions before 21.4R3-S7-EVO, 
  *  22.2 before 22.2R3-S4-EVO, 
  *  22.3 before 22.3R3-S3-EVO, 
  *  22.4 before 22.4R3-S2-EVO, 
  *  23.2 before 23.2R2-EVO.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)

Herstellerjuniper

≫

Produkt junos

Default Statusunaffected

Version < 21.2r3-s8

Version 0

Status affected

Version < 21.4r3-s7

Version 21.4

Status affected

Version < 22.1r3-s6

Version 22.1

Status affected

Version < 22.2r3-s4

Version 22.2

Status affected

Version < 22.3r3-s3

Version 22.3

Status affected

Version < 22.4r3-s2

Version 22.4

Status affected

Version < 23.2r2-s2

Version 23.2

Status affected

Version < 24.2r2

Version 24.2

Status affected

Herstellerjuniper

≫

Produkt junos_evolved

Default Statusunaffected

Version < 21.4r3-s7-evo

Version 0

Status affected

Version < 22.2r3-s4-evo

Version 22.2-evo

Status affected

Version < 22.3r3-s3-evo

Version 22.3-evo

Status affected

Version < 22.4r3-s2-evo

Version 22.4-evo

Status affected

Version < 23.2r2-evo

Version 23.2-evo

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.146

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
sirt@juniper.net	8.7	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:X/U:X
sirt@juniper.net	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-755 Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles an exceptional condition.

https://supportportal.juniper.net/JSA88108

https://nvd.nist.gov/vuln/detail/CVE-2024-39547

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-39547

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-39547

EUVD