CVE-2024-39514 — Improper Check or Handling of Exceptional Conditions in Networks Junos OS

CWE-703 — Improper Check or Handling of Exceptional Conditions4 documents4 sources

Severity

7.1HIGHNVD

EPSS

0.1%

top 64.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Networks Junos OS Evolved Juniper Junos +1 more

Timeline

PublishedJul 10

Latest updateJul 11

Description

An Improper Check or Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). An attacker can send specific traffic to the device, which causes the rpd to crash and restart. Continued receipt of this traffic will result in a sustained DoS condition. This issue only affects devices with an EVPN-VPWS instance with IGMP-snooping enabled. Thi…

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

Affected Packages4 packages

▶CVEListV5juniper_networks/junos_os_evolved21.4-EVO — 21.4R3-S6-EVO+6

▶NVDjuniper/junos_os_evolved< 20.4+7

▶CVEListV5juniper_networks/junos_os21.4 — 21.4R3-S6+6

▶NVDjuniper/junos< 20.4+7

🔴Vulnerability Details

GHSA

GHSA-4388-wh4q-8vc6: An Improper Check or Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos and Junos OS Evol↗2024-07-11

▶

CVEList

Junos OS and Junos OS Evolved: Receiving specific traffic on devices with EVPN-VPWS with IGMP-snooping enabled will cause the rpd to crash↗2024-07-10

▶

📋Vendor Advisories

Juniper

CVE-2024-39514: An Improper Check or Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos and Junos OS Evol↗2024-07-10

▶