CVE-2024-21614 — Improper Check for Unusual or Exceptional Conditions in Networks Junos OS

CWE-754 — Improper Check for Unusual or Exceptional Conditions4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.5%

top 33.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Networks Junos OS Evolved Juniper Junos +1 more

Timeline

PublishedJan 12

Description

An Improper Check for Unusual or Exceptional Conditions vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause rpd to crash, leading to Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, when NETCONF and gRPC are enabled, and a specific query is executed via Dynamic Rendering (DREND), rpd will crash and restart. Continuous execution of this specific query will cause a sustai…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5juniper_networks/junos_os_evolved22.2 — 22.2R2-S2-EVO, 22.2R3-EVO+1

▶CVEListV5juniper_networks/junos_os22.2 — 22.2R2-S2, 22.2R3+1

▶NVDjuniper/junos_os_evolved22.2, 22.3+1

▶NVDjuniper/junos22.2, 22.3+1

🔴Vulnerability Details

GHSA

GHSA-v9j6-rmvq-8674: An Improper Check for Unusual or Exceptional Conditions vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolv↗2024-01-12

▶

CVEList

Junos OS and Junos OS Evolved: A specific query via DREND causes rpd crash↗2024-01-12

▶

📋Vendor Advisories

Juniper

CVE-2024-21614: An Improper Check for Unusual or Exceptional Conditions vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evol↗2024-01-12

▶