CVE-2024-39541 Information

Description

An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS).

When conflicting information (IP or ISO addresses) about a node is added to the Traffic Engineering (TE) database and then a subsequent operation attempts to process these rpd will crash and restart.

This issue affects:

Junos OS:

22.4 versions before 22.4R3-S1
23.2 versions before 23.2R2 
23.4 versions before 23.4R1-S1 23.4R2 

This issue does not affect Junos OS versions earlier than 22.4R1.

Junos OS Evolved:

22.4-EVO versions before 22.4R3-S2-EVO
23.2-EVO versions before 23.2R2-EVO
23.4-EVO versions before 23.4R1-S1-EVO 23.4R2-EVO

This issue does not affect Junos OS Evolved versions earlier than

before 22.4R1.

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Reference

https://supportportal.juniper.net/JSA83001

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

6.5