CVE-2024-39517
Junos OS and Junos OS Evolved: Upon processing specific L2 traffic, rpd can hang in devices with EVPN/VXLAN configured
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Layer 2 Address Learning Daemon (l2ald) on Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause Denial of Service (DoS).
In an EVPN/VXLAN scenario, when a high amount specific Layer 2 packets are processed by the device, it can cause the Routing Protocol Daemon (rpd) to utilize all CPU resources which causes the device to hang. A manual restart of the rpd is required to restore services.
This issue affects both IPv4 and IPv6 implementations.
This issue affects
Junos OS:
All versions earlier than 21.4R3-S7;
22.1 versions earlier than 22.1R3-S5;
22.2 versions earlier than 22.2R3-S3;
22.3 versions earlier than 22.3R3-S3;
22.4 versions earlier than 22.4R3-S2;
23.2 versions earlier than 23.2R2;
23.4 versions earlier than 23.4R1-S1.
Junos OS Evolved:
All versions earlier than 21.4R3-S7-EVO;
22.1-EVO versions earlier than 22.1R3-S5-EVO;
22.2-EVO versions earlier than 22.2R3-S3-EVO;
22.3-EVO versions earlier than 22.3R3-S3-EVO;
22.4-EVO versions earlier than 22.4R3-S2-EVO;
23.2-EVO versions earlier than 23.2R2-EVO;
23.4-EVO versions earlier than 23.4R1-S1-EVO, 23.4R2-EVO.
Una vulnerabilidad de comprobación inadecuada de las condiciones inusuales o excepcionales en el daemon de aprendizaje de direcciones de capa 2 (l2ald) en Juniper Networks Junos OS y Junos OS Evolved permite que un atacante adyacente no autenticado provoque una denegación de servicio (DoS). En un escenario EVPN/VXLAN, cuando el dispositivo procesa una gran cantidad de paquetes específicos de Capa 2, puede provocar que el daemon de protocolo de enrutamiento (rpd) utilice todos los recursos de la CPU, lo que provoca que el dispositivo se cuelgue. Es necesario reiniciar manualmente el rpd para restaurar los servicios. Este problema afecta tanto a las implementaciones de IPv4 como a las de IPv6. Este problema afecta a Junos OS: todas las versiones anteriores a 21.4R3-S7; Versiones 22.1 anteriores a 22.1R3-S5; Versiones 22.2 anteriores a 22.2R3-S3; Versiones 22.3 anteriores a 22.3R3-S3; Versiones 22.4 anteriores a 22.4R3-S2; Versiones 23.2 anteriores a 23.2R2; Versiones 23.4 anteriores a 23.4R1-S1. Junos OS Evolved: todas las versiones anteriores a 21.4R3-S7-EVO; Versiones 22.1-EVO anteriores a 22.1R3-S5-EVO; Versiones 22.2-EVO anteriores a 22.2R3-S3-EVO; Versiones 22.3-EVO anteriores a 22.3R3-S3-EVO; Versiones 22.4-EVO anteriores a 22.4R3-S2-EVO; Versiones 23.2-EVO anteriores a 23.2R2-EVO; Versiones 23.4-EVO anteriores a 23.4R1-S1-EVO, 23.4R2-EVO.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-06-25 CVE Reserved
- 2024-07-10 CVE Published
- 2024-07-11 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-754: Improper Check for Unusual or Exceptional Conditions
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://supportportal.juniper.net/JSA79175 | 2024-07-11 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Juniper Networks Search vendor "Juniper Networks" | Junos OS Search vendor "Juniper Networks" for product "Junos OS" | < 21.2R3-S8 Search vendor "Juniper Networks" for product "Junos OS" and version " < 21.2R3-S8" | en |
Affected
| ||||||
| Juniper Networks Search vendor "Juniper Networks" | Junos OS Search vendor "Juniper Networks" for product "Junos OS" | >= 21.4 < 21.4R3-S7 Search vendor "Juniper Networks" for product "Junos OS" and version " >= 21.4 < 21.4R3-S7" | en |
Affected
| ||||||
| Juniper Networks Search vendor "Juniper Networks" | Junos OS Search vendor "Juniper Networks" for product "Junos OS" | >= 22.1 < 22.1R3-S5 Search vendor "Juniper Networks" for product "Junos OS" and version " >= 22.1 < 22.1R3-S5" | en |
Affected
| ||||||
| Juniper Networks Search vendor "Juniper Networks" | Junos OS Search vendor "Juniper Networks" for product "Junos OS" | >= 22.2 < 22.2R3-S3 Search vendor "Juniper Networks" for product "Junos OS" and version " >= 22.2 < 22.2R3-S3" | en |
Affected
| ||||||
| Juniper Networks Search vendor "Juniper Networks" | Junos OS Search vendor "Juniper Networks" for product "Junos OS" | >= 22.3 < 22.3R3-S3 Search vendor "Juniper Networks" for product "Junos OS" and version " >= 22.3 < 22.3R3-S3" | en |
Affected
| ||||||
| Juniper Networks Search vendor "Juniper Networks" | Junos OS Search vendor "Juniper Networks" for product "Junos OS" | >= 22.4 < 22.4R3-S2 Search vendor "Juniper Networks" for product "Junos OS" and version " >= 22.4 < 22.4R3-S2" | en |
Affected
| ||||||
| Juniper Networks Search vendor "Juniper Networks" | Junos OS Search vendor "Juniper Networks" for product "Junos OS" | >= 23.2 < 23.2R2 Search vendor "Juniper Networks" for product "Junos OS" and version " >= 23.2 < 23.2R2" | en |
Affected
| ||||||
| Juniper Networks Search vendor "Juniper Networks" | Junos OS Search vendor "Juniper Networks" for product "Junos OS" | >= 23.4 < 23.4R1-S1 Search vendor "Juniper Networks" for product "Junos OS" and version " >= 23.4 < 23.4R1-S1" | en |
Affected
| ||||||
| Juniper Networks Search vendor "Juniper Networks" | Junos OS Evolved Search vendor "Juniper Networks" for product "Junos OS Evolved" | < 21.2R3-S8-EVO Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " < 21.2R3-S8-EVO" | en |
Affected
| ||||||
| Juniper Networks Search vendor "Juniper Networks" | Junos OS Evolved Search vendor "Juniper Networks" for product "Junos OS Evolved" | >= 21.4-EVO < 21.4R3-S7-EVO Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " >= 21.4-EVO < 21.4R3-S7-EVO" | en |
Affected
| ||||||
| Juniper Networks Search vendor "Juniper Networks" | Junos OS Evolved Search vendor "Juniper Networks" for product "Junos OS Evolved" | >= 22.1-EVO < 22.1R3-S5-EVO Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " >= 22.1-EVO < 22.1R3-S5-EVO" | en |
Affected
| ||||||
| Juniper Networks Search vendor "Juniper Networks" | Junos OS Evolved Search vendor "Juniper Networks" for product "Junos OS Evolved" | >= 22.2-EVO < 22.2R3-S3-EVO Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " >= 22.2-EVO < 22.2R3-S3-EVO" | en |
Affected
| ||||||
| Juniper Networks Search vendor "Juniper Networks" | Junos OS Evolved Search vendor "Juniper Networks" for product "Junos OS Evolved" | >= 22.3-EVO < 22.3R3-S3-EVO Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " >= 22.3-EVO < 22.3R3-S3-EVO" | en |
Affected
| ||||||
| Juniper Networks Search vendor "Juniper Networks" | Junos OS Evolved Search vendor "Juniper Networks" for product "Junos OS Evolved" | >= 22.4-EVO < 22.4R3-S2-EVO Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " >= 22.4-EVO < 22.4R3-S2-EVO" | en |
Affected
| ||||||
| Juniper Networks Search vendor "Juniper Networks" | Junos OS Evolved Search vendor "Juniper Networks" for product "Junos OS Evolved" | >= 23.2-EVO < 23.2R2-EVO Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " >= 23.2-EVO < 23.2R2-EVO" | en |
Affected
| ||||||
| Juniper Networks Search vendor "Juniper Networks" | Junos OS Evolved Search vendor "Juniper Networks" for product "Junos OS Evolved" | >= 23.4-EVO < 23.4R1-S1-EVO Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " >= 23.4-EVO < 23.4R1-S1-EVO" | en |
Affected
| ||||||
| Juniper Networks Search vendor "Juniper Networks" | Junos OS Evolved Search vendor "Juniper Networks" for product "Junos OS Evolved" | >= 23.4-EVO < 23.4R2-EVO Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " >= 23.4-EVO < 23.4R2-EVO" | en |
Affected
| ||||||