CVE-2024-39554Race Condition in Networks Junos OS

CWE-362Race Condition4 documents4 sources
Severity
8.2HIGHNVD
EPSS
0.4%
top 38.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Juniper Networks Junos OSJuniper Networks Junos OS EvolvedJuniper Junos+1 more
Timeline
PublishedJul 10
Latest updateJul 11

Description

A Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to inject incremental routing updates when BGP multipath is enabled, causing rpd to crash and restart, resulting in a Denial of Service (DoS). Since this is a timing issue (race condition), the successful exploitation of this vulnerability

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

Affected Packages4 packages

CVEListV5juniper_networks/junos_os_evolved21.1-EVO21.1*-EVO+7
NVDjuniper/junos_os_evolved21.121.3+6
CVEListV5juniper_networks/junos_os21.121.1*+7
NVDjuniper/junos21.121.2+7

🔴Vulnerability Details

2
GHSA
GHSA-9fwf-h53q-xxw3: A Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability the Routing Protocol Daemon (rpd) of Jun2024-07-11
CVEList
Junos OS and Junos OS Evolved: BGP multipath incremental calculation is resulting in an rpd crash2024-07-10

📋Vendor Advisories

1
Juniper
CVE-2024-39554: A Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability the Routing Protocol Daemon (rpd) of J2024-07-10
CVE-2024-39554 — Race Condition in Networks Junos OS | cvebase