We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-39541

Junos OS and Junos OS Evolved: Inconsistent information in the TE database can lead to an rpd crash



Description

An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS). When conflicting information (IP or ISO addresses) about a node is added to the Traffic Engineering (TE) database and then a subsequent operation attempts to process these, rpd will crash and restart. This issue affects: Junos OS: * 22.4 versions before 22.4R3-S1, * 23.2 versions before 23.2R2,  * 23.4 versions before 23.4R1-S1, 23.4R2,  This issue does not affect Junos OS versions earlier than 22.4R1. Junos OS Evolved: * 22.4-EVO versions before 22.4R3-S2-EVO, * 23.2-EVO versions before 23.2R2-EVO, * 23.4-EVO versions before 23.4R1-S1-EVO, 23.4R2-EVO, This issue does not affect Junos OS Evolved versions earlier than before 22.4R1.

Reserved 2024-06-25 | Published 2024-07-11 | Updated 2024-08-02 | Assigner juniper


MEDIUM: 6.5CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

HIGH: 7.1CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

Problem types

CWE-755 Improper Handling of Exceptional Conditions

Product status

Default status
unaffected

22.4 before 22.4R3-S1
affected

23.2 before 23.2R2
affected

23.4 before 23.4R1-S1, 23.4R2
affected

Any version before 22.4R1
unaffected

Default status
unaffected

22.4-EVO before 22.4R3-S2-EVO
affected

23.2-EVO before 23.2R2-EVO
affected

23.4-EVO before 23.4R1-S1-EVO, 23.4R2-EVO
affected

Any version before 22.4R1
unaffected

References

supportportal.juniper.net/JSA83001 vendor-advisory

cve.org (CVE-2024-39541)

nvd.nist.gov (CVE-2024-39541)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-39541

Support options

Helpdesk Chat, Email, Knowledgebase
Subscribe to our newsletter to learn more about our work.