CVE-2024-39555 — Improper Handling of Exceptional Conditions in Networks Junos OS

CWE-755 — Improper Handling of Exceptional Conditions4 documents4 sources

Severity

8.7HIGHNVD

EPSS

1.6%

top 18.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Networks Junos OS Evolved Juniper Junos +1 more

Timeline

PublishedJul 10

Latest updateJul 11

Description

An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker sending a specific malformed BGP update message to cause the session to reset, resulting in a Denial of Service (DoS). Continued receipt and processing of these malformed BGP update messages will create a sustained Denial of Service (DoS) condition. Upon receipt of a BGP update message over an established BGP session containing a …

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

Affected Packages4 packages

▶CVEListV5juniper_networks/junos_os_evolved22.2-EVO — 22.2R3-S4-EVO+5

▶NVDjuniper/junos_os_evolved< 21.4+6

▶CVEListV5juniper_networks/junos_os22.2 — 22.2R3-S4+5

▶NVDjuniper/junos< 21.4+6

🔴Vulnerability Details

GHSA

GHSA-93cc-g9p8-jrr7: An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved al↗2024-07-11

▶

CVEList

Junos OS and Junos OS Evolved: Receipt of a specific malformed BGP update causes the session to reset↗2024-07-10

▶

📋Vendor Advisories

Juniper

CVE-2024-39555: An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved al↗2024-07-10

▶