CVE-2024-39541

Summary

An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).

When conflicting information (IP or ISO addresses) about a node is added to the Traffic Engineering (TE) database and then a subsequent operation attempts to process these, rpd will crash and restart.

This issue affects:

Junos OS:

  • 22.4 versions before 22.4R3-S1,
  • 23.2 versions before 23.2R2, 
  • 23.4 versions before 23.4R1-S1, 23.4R2, 

This issue does not affect Junos OS versions earlier than 22.4R1.

Junos OS Evolved:

  • 22.4-EVO versions before 22.4R3-S2-EVO,
  • 23.2-EVO versions before 23.2R2-EVO,
  • 23.4-EVO versions before 23.4R1-S1-EVO, 23.4R2-EVO,

This issue does not affect Junos OS Evolved versions earlier than

before 22.4R1.

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksJunos OS22.4 < 22.4R3-S1affected
Juniper NetworksJunos OS23.2 < 23.2R2affected
Juniper NetworksJunos OS23.4 < 23.4R1-S1, 23.4R2affected
Juniper NetworksJunos OS0 < 22.4R1unaffected
Juniper NetworksJunos OS Evolved22.4-EVO < 22.4R3-S2-EVOaffected
Juniper NetworksJunos OS Evolved23.2-EVO < 23.2R2-EVOaffected
Juniper NetworksJunos OS Evolved23.4-EVO < 23.4R1-S1-EVO, 23.4R2-EVOaffected
Juniper NetworksJunos OS Evolved0 < 22.4R1unaffected

Weaknesses

  • CWE-755: CWE-755 Improper Handling of Exceptional Conditions

Workarounds

There are no known workarounds for this issue.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References