CVE-2024-39516 – Junos OS and Junos OS Evolved: With certain BGP options enabled, receipt of specifically malformed BGP update causes RPD crash
https://notcve.org/view.php?id=CVE-2024-39516
An Out-of-Bounds Read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue only affects systems with BGP traceoptions enabled. Systems without BGP traceoptions enabled are not affected by this issue. This issue affects iBGP and eBGP with any address family configured. This issue affects: Junos OS: * All versions before 21.4R3-S8, * 22.2 before 22.2R3-S5, * 22.3 before 22.3R3-S4, * 22.4 before 22.4R3-S3, * 23.2 before 23.2R2-S2, * 23.4 before 23.4R2; Junos OS Evolved: * All versions before 21.4R3-S8-EVO, * 22.2-EVO before 22.2R3-S5-EVO, * 22.3-EVO before 22.3R3-S4-EVO, * 22.4-EVO before 22.4R3-S3-EVO, * 23.2-EVO before 23.2R2-S2-EVO, * 23.4-EVO before 23.4R2-EVO. An Out-of-Bounds Read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue only affects systems configured in either of two ways: * systems with BGP traceoptions enabled * systems with BGP traffic engineering configured This issue can affect iBGP and eBGP with any address family configured. • https://supportportal.juniper.net/JSA88100 https://www.juniper.net/documentation/us/en/software/junos/cli-reference/topics/ref/statement/traceoptions-edit-protocols-bgp.html • CWE-125: Out-of-bounds Read •
CVE-2024-39515 – Junos OS and Junos OS Evolved: With BGP traceoptions enabled, receipt of specifically malformed BGP update causes RPD crash
https://notcve.org/view.php?id=CVE-2024-39515
An Improper Validation of Consistency within Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. In some cases, rpd fails to restart requiring a manual restart via the 'restart routing' CLI command. This issue only affects systems with BGP traceoptions enabled and requires a BGP session to be already established. Systems without BGP traceoptions enabled are not affected by this issue. This issue affects iBGP and eBGP, and both IPv4 and IPv6 are affected by this vulnerability. This issue affects: Junos OS: * All versions before 21.4R3-S8, * 22.2 before 22.2R3-S5, * 22.3 before 22.3R3-S4, * 22.4 before 22.4R3-S3, * 23.2 before 23.2R2-S2, * 23.4 before 23.4R2; Junos OS Evolved: * All versions before 21.4R3-S8-EVO, * 22.2-EVO before 22.2R3-S5-EVO, * 22.3-EVO before 22.3R3-S4-EVO, * 22.4-EVO before 22.4R3-S3-EVO, * 23.2-EVO before 23.2R2-S2-EVO, * 23.4-EVO before 23.4R2-EVO. • https://supportportal.juniper.net/JSA88099 https://www.juniper.net/documentation/us/en/software/junos/cli-reference/topics/ref/statement/traceoptions-edit-protocols-bgp.html • CWE-1288: Improper Validation of Consistency within Input •
CVE-2024-39552 – Junos OS and Junos OS Evolved: Malformed BGP UPDATE causes RPD crash
https://notcve.org/view.php?id=CVE-2024-39552
An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a network based, unauthenticated attacker to cause the RPD process to crash leading to a Denial of Service (DoS). When a malformed BGP UPDATE packet is received over an established BGP session, RPD crashes and restarts. Continuous receipt of the malformed BGP UPDATE messages will create a sustained Denial of Service (DoS) condition for impacted devices. This issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations. This issue requires a remote attacker to have at least one established BGP session. This issue affects: Juniper Networks Junos OS: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S6; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R2. Juniper Networks Junos OS Evolved: * All versions earlier than 21.2R3-S7; * 21.3-EVO versions earlier than 21.3R3-S5; * 21.4-EVO versions earlier than 21.4R3-S8; * 22.1-EVO versions earlier than 22.1R3-S4; * 22.2-EVO versions earlier than 22.2R3-S3; * 22.3-EVO versions earlier than 22.3R3-S2; * 22.4-EVO versions earlier than 22.4R3; * 23.2-EVO versions earlier than 23.2R2. • https://supportportal.juniper.net/JSA75726 • CWE-755: Improper Handling of Exceptional Conditions •
CVE-2024-39551 – Junos OS: SRX Series and MX Series with SPC3 and MS-MPC/MIC: Receipt of specific packets in H.323 ALG causes traffic drop
https://notcve.org/view.php?id=CVE-2024-39551
An Uncontrolled Resource Consumption vulnerability in the H.323 ALG (Application Layer Gateway) of Juniper Networks Junos OS on SRX Series and MX Series with SPC3 and MS-MPC/MIC, allows an unauthenticated network-based attacker to send specific packets causing traffic loss leading to Denial of Service (DoS). Continued receipt and processing of these specific packets will sustain the Denial of Service condition. The memory usage can be monitored using the below command. user@host> show usp memory segment sha data objcache jsf This issue affects SRX Series and MX Series with SPC3 and MS-MPC/MIC: * 20.4 before 20.4R3-S10, * 21.2 before 21.2R3-S6, * 21.3 before 21.3R3-S5, * 21.4 before 21.4R3-S6, * 22.1 before 22.1R3-S4, * 22.2 before 22.2R3-S2, * 22.3 before 22.3R3-S1, * 22.4 before 22.4R3, * 23.2 before 23.2R2. Una vulnerabilidad de consumo de recursos no controlado en H.323 ALG (Application Layer Gateway) de Juniper Networks Junos OS en las series SRX y MX con SPC3 y MS-MPC/MIC, permite que un atacante basado en red no autenticado envíe paquetes específicos que causen pérdida de tráfico. lo que lleva a una denegación de servicio (DoS). La recepción y el procesamiento continuo de estos paquetes específicos mantendrán la condición de Denegación de Servicio. El uso de la memoria se puede monitorear usando el siguiente comando. usuario@host> show usp memory segment sha data objcache jsf Este problema afecta a las series SRX y MX con SPC3 y MS-MPC/MIC: * 20.4 antes de 20.4R3-S10, * 21.2 antes de 21.2R3-S6, * 21.3 antes de 21.3R3 -S5, *21.4 antes de 21.4R3-S6, *22.1 antes de 22.1R3-S4, *22.2 antes de 22.2R3-S2, *22.3 antes de 22.3R3-S1, *22.4 antes de 22.4R3, *23.2 antes de 23.2R2. • https://supportportal.juniper.net/JSA83013 • CWE-400: Uncontrolled Resource Consumption •
CVE-2024-39550 – Junos OS: MX Series with SPC3 line card: Port flaps causes rtlogd memory leak leading to Denial of Service
https://notcve.org/view.php?id=CVE-2024-39550
A Missing Release of Memory after Effective Lifetime vulnerability in the rtlogd process of Juniper Networks Junos OS on MX Series with SPC3 allows an unauthenticated, adjacent attacker to trigger internal events cause ( which can be done by repeated port flaps) to cause a slow memory leak, ultimately leading to a Denial of Service (DoS). Memory can only be recovered by manually restarting rtlogd process. The memory usage can be monitored using the below command. user@host> show system processes extensive | match rtlog This issue affects Junos OS on MX Series with SPC3 line card: * from 21.2R3 before 21.2R3-S8, * from 21.4R2 before 21.4R3-S6, * from 22.1 before 22.1R3-S5, * from 22.2 before 22.2R3-S3, * from 22.3 before 22.3R3-S2, * from 22.4 before 22.4R3-S1, * from 23.2 before 23.2R2, * from 23.4 before 23.4R2. Una vulnerabilidad de liberación de memoria faltante después de la vida útil efectiva en el proceso rtlogd de Juniper Networks Junos OS en la serie MX con SPC3 permite que un atacante adyacente no autenticado desencadene una causa de eventos internos (que se puede lograr mediante solapas repetidas de puertos) para causar una pérdida de memoria lenta. , lo que en última instancia conduce a una denegación de servicio (DoS). La memoria sólo se puede recuperar reiniciando manualmente el proceso rtlogd. El uso de la memoria se puede monitorear usando el siguiente comando. usuario@host> show system processes extensive | match rtlog Este problema afecta a Junos OS en la serie MX con tarjeta de línea SPC3: * desde 21.2R3 antes de 21.2R3-S8, * desde 21.4R2 antes de 21.4R3-S6, * desde 22.1 antes de 22.1R3-S5, * desde 22.2 antes de 22.2R3 -S3, * de 22.3 antes de 22.3R3-S2, * de 22.4 antes de 22.4R3-S1, * de 23.2 antes de 23.2R2, * de 23.4 antes de 23.4R2. • https://supportportal.juniper.net/JSA83012 • CWE-401: Missing Release of Memory after Effective Lifetime •