THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Fathom (Privacy friendly web analytics)
Zendesk (Helpdesk and Chat)

Ok

Home | EN
Support
CVE
PUBLISHED

CVE-2024-21598

Junos OS and Junos OS Evolved: A malformed BGP tunnel encapsulation attribute will lead to an rpd crash

Assignerjuniper
Reserved2023-12-27
Published2024-04-12
Updated2024-05-16

Description

An Improper Validation of Syntactic Correctness of Input vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). If a BGP update is received over an established BGP session which contains a tunnel encapsulation attribute with a specifically malformed TLV, rpd will crash and restart. This issue affects Juniper Networks Junos OS: * 20.4 versions 20.4R1 and later versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R1-S2, 23.2R2; Junos OS Evolved: * 20.4-EVO versions 20.4R1-EVO and later versions earlier than 20.4R3-S9-EVO; * 21.2-EVO versions earlier than 21.2R3-S7-EVO; * 21.3-EVO versions earlier than 21.3R3-S5-EVO; * 21.4-EVO versions earlier than 21.4R3-S5-EVO; * 22.1-EVO versions earlier than 22.1R3-S4-EVO; * 22.2-EVO versions earlier than 22.2R3-S3-EVO; * 22.3-EVO versions earlier than 22.3R3-S1-EVO; * 22.4-EVO versions earlier than 22.4R3-EVO; * 23.2-EVO versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO; This issue does not affect Juniper Networks * Junos OS versions earlier than 20.4R1; * Junos OS Evolved versions earlier than 20.4R1-EVO. This is a related but separate issue than the one described in JSA79095.



HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

Problem types

CWE-1286 Improper Validation of Syntactic Correctness of Input

Denial of Service (DoS)

Product status

Default status
unaffected

20.4 before 20.4R3-S9
affected

21.2 before 21.2R3-S7
affected

21.3 before 21.3R3-S5
affected

21.4 before 21.4R3-S5
affected

22.1 before 22.1R3-S4
affected

22.2 before 22.2R3-S3
affected

22.3 before 22.3R3-S1
affected

22.4 before 22.4R3
affected

23.2 before 23.2R1-S2, 23.2R2
affected

Default status
unaffected

20.4-EVO before 20.4R3-S9-EVO
affected

21.2-EVO before 21.2R3-S7-EVO
affected

21.3-EVO before 21.3R3-S5-EVO
affected

21.4-EVO before 21.4R3-S5-EVO
affected

22.1-EVO before 22.1R3-S4-EVO
affected

22.2-EVO before 22.2R3-S3-EVO
affected

22.3-EVO before 22.3R3-S1-EVO
affected

22.4-EVO before 22.4R3-EVO
affected

23.2-EVO before 23.2R1-S2-EVO, 23.2R2-EVO
affected

Timeline

2024-04-10:Initial Publication

Credits

Juniper SIRT would like to acknowledge and thank Matteo Memelli from Amazon for responsibly reporting this vulnerability. finder

References

http://supportportal.juniper.net/JSA75739 vendor-advisory

https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L technical-description

cve.org CVE-2024-21598

nvd.nist.gov CVE-2024-21598

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-21598
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
© Copyright 2024 THREATINT. Made in Cyprus with +