8.7
CVE-2024-39552
- EPSS 0.81%
- Published 11.07.2024 17:15:16
- Last modified 21.11.2024 09:27:59
- Source sirt@juniper.net
- Teams watchlist Login
- Open Login
An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a network based, unauthenticated attacker to cause the RPD process to crash leading to a Denial of Service (DoS). When a malformed BGP UPDATE packet is received over an established BGP session, RPD crashes and restarts. Continuous receipt of the malformed BGP UPDATE messages will create a sustained Denial of Service (DoS) condition for impacted devices. This issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations. This issue requires a remote attacker to have at least one established BGP session. This issue affects: Juniper Networks Junos OS: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S6; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R2. Juniper Networks Junos OS Evolved: * All versions earlier than 21.2R3-S7; * 21.3-EVO versions earlier than 21.3R3-S5; * 21.4-EVO versions earlier than 21.4R3-S8; * 22.1-EVO versions earlier than 22.1R3-S4; * 22.2-EVO versions earlier than 22.2R3-S3; * 22.3-EVO versions earlier than 22.3R3-S2; * 22.4-EVO versions earlier than 22.4R3; * 23.2-EVO versions earlier than 23.2R2.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Vendorjuniper
≫
Product
junos
Default Statusunknown
Version <
21.2r3-s7
Version
21.2
Status
affected
Version <
21.3r3-s6
Version
21.3
Status
affected
Version <
21.4r3-s6
Version
21.4
Status
affected
Version <
22.2r3-s3
Version
22.2
Status
affected
Version <
22.3r3-s2
Version
22.3
Status
affected
Version <
22.4r3
Version
22.4
Status
affected
Version <
23.2r2
Version
23.2
Status
affected
Vendorjuniper
≫
Product
junos
Default Statusunaffected
Version <
20.4r3-s9
Version
0
Status
affected
Vendorjuniper
≫
Product
junos
Default Statusunaffected
Version <
22.1r3-s4
Version
22.1
Status
affected
Vendorjuniper
≫
Product
junos_os_evolved
Default Statusunknown
Version <
21.3r3-s5
Version
21.3
Status
affected
Version <
21.4r3-s8
Version
21.4
Status
affected
Version <
22.1r3-s4
Version
22.1
Status
affected
Version <
22.2r3-s3
Version
22.2
Status
affected
Version <
22.3r3-s2
Version
22.3
Status
affected
Version <
22.4r3
Version
22.4
Status
affected
Version <
23.2r2
Version
23.2
Status
affected
Version <
23.4r1
Version
23.4
Status
affected
Vendorjuniper
≫
Product
junos_os_evolved
Default Statusunaffected
Version <
21.2r3-s7
Version
0
Status
affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.81% | 0.733 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| sirt@juniper.net | 8.7 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:A/V:X/RE:X/U:X
|
| sirt@juniper.net | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-755 Improper Handling of Exceptional Conditions
The product does not handle or incorrectly handles an exceptional condition.