CVE-2024-39555
Junos OS and Junos OS Evolved: Receipt of a specific malformed BGP update causes the session to reset
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker sending a specific malformed BGP update message to cause the session to reset, resulting in a Denial of Service (DoS). Continued receipt and processing of these malformed BGP update messages will create a sustained Denial of Service (DoS) condition.
Upon receipt of a BGP update message over an established BGP session containing a specifically malformed tunnel encapsulation attribute, when segment routing is enabled, internal processing of the malformed attributes within the update results in improper parsing of remaining attributes, leading to session reset:
BGP SEND Notification code 3 (Update Message Error) subcode 1 (invalid attribute list)
Only systems with segment routing enabled are vulnerable to this issue.
This issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations, and requires a remote attacker to have at least one established BGP session.
This issue affects:
Junos OS:
* All versions before 21.4R3-S8,
* from 22.2 before 22.2R3-S4,
* from 22.3 before 22.3R3-S3,
* from 22.4 before 22.4R3-S3,
* from 23.2 before 23.2R2-S1,
* from 23.4 before 23.4R1-S2, 23.4R2.
Junos OS Evolved:
* All versions before 21.4R3-S8-EVO,
* from 22.2-EVO before 22.2R3-S4-EVO,
* from 22.3-EVO before 22.3R3-S3-EVO,
* from 22.4-EVO before 22.4R3-S3-EVO,
* from 23.2-EVO before 23.2R2-S1-EVO,
* from 23.4-EVO before 23.4R1-S2-EVO, 23.4R2-EVO.
Una vulnerabilidad de manejo inadecuado de condiciones excepcionales en el daemon de protocolo de enrutamiento (RPD) de Juniper Networks Junos OS y Junos OS Evolved permite que un atacante envíe un mensaje específico de actualización de BGP con formato incorrecto para provocar que la sesión se reinicie, lo que resulta en una denegación de servicio (DoS). La recepción y el procesamiento continuos de estos mensajes de actualización de BGP con formato incorrecto crearán una condición sostenida de denegación de servicio (DoS). Al recibir un mensaje de actualización de BGP a través de una sesión BGP establecida que contiene un atributo de encapsulación de túnel específicamente mal formado, cuando el enrutamiento de segmento está habilitado, el procesamiento interno de los atributos mal formados dentro de la actualización da como resultado un análisis inadecuado de los atributos restantes, lo que lleva al restablecimiento de la sesión: BGP SEND Código de notificación 3 (Error de mensaje de actualización) subcódigo 1 (lista de atributos no válidos) Solo los sistemas con enrutamiento de segmentos habilitado son vulnerables a este problema. Este problema afecta a eBGP e iBGP, tanto en implementaciones IPv4 como IPv6, y requiere que un atacante remoto tenga al menos una sesión BGP establecida. Este problema afecta a: Junos OS: * Todas las versiones anteriores a 21.4R3-8, * desde 22.2 anterior a 22.2R3-S4, * desde 22.3 anterior a 22.3R3-S3, * desde 22.4 anterior a 22.4R3-S3, * desde 23.2 anterior a 23.2R2- S1, * de 23.4 antes de 23.4R1-S2, 23.4R2. Junos OS Evolved: * Todas las versiones anteriores a 21.4R3-S8-EVO, * desde 22.2-EVO antes de 22.2R3-S4-EVO, * desde 22.3-EVO antes de 22.3R3-S3-EVO, * desde 22.4-EVO antes de 22.4R3- S3-EVO, *de 23.2-EVO antes de 23.2R2-S1-EVO, *de 23.4-EVO antes de 23.4R1-S2-EVO, 23.4R2-EVO.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2024-06-25 CVE Reserved
- 2024-07-10 CVE Published
- 2024-07-11 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-755: Improper Handling of Exceptional Conditions
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://supportportal.juniper.net/JSA83015 | 2024-07-11 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Juniper Networks Search vendor "Juniper Networks" | Junos OS Search vendor "Juniper Networks" for product "Junos OS" | < 21.4R3-S8 Search vendor "Juniper Networks" for product "Junos OS" and version " < 21.4R3-S8" | en |
Affected
| ||||||
| Juniper Networks Search vendor "Juniper Networks" | Junos OS Search vendor "Juniper Networks" for product "Junos OS" | >= 22.2 < 22.2R3-S4 Search vendor "Juniper Networks" for product "Junos OS" and version " >= 22.2 < 22.2R3-S4" | en |
Affected
| ||||||
| Juniper Networks Search vendor "Juniper Networks" | Junos OS Search vendor "Juniper Networks" for product "Junos OS" | >= 22.3 < 22.3R3-S3 Search vendor "Juniper Networks" for product "Junos OS" and version " >= 22.3 < 22.3R3-S3" | en |
Affected
| ||||||
| Juniper Networks Search vendor "Juniper Networks" | Junos OS Search vendor "Juniper Networks" for product "Junos OS" | >= 22.4 < 22.4R3-S3 Search vendor "Juniper Networks" for product "Junos OS" and version " >= 22.4 < 22.4R3-S3" | en |
Affected
| ||||||
| Juniper Networks Search vendor "Juniper Networks" | Junos OS Search vendor "Juniper Networks" for product "Junos OS" | >= 23.2 < 23.2R2-S1 Search vendor "Juniper Networks" for product "Junos OS" and version " >= 23.2 < 23.2R2-S1" | en |
Affected
| ||||||
| Juniper Networks Search vendor "Juniper Networks" | Junos OS Search vendor "Juniper Networks" for product "Junos OS" | >= 23.4 < 23.4R1-S2 Search vendor "Juniper Networks" for product "Junos OS" and version " >= 23.4 < 23.4R1-S2" | en |
Affected
| ||||||
| Juniper Networks Search vendor "Juniper Networks" | Junos OS Search vendor "Juniper Networks" for product "Junos OS" | >= 23.4 < 23.4R2 Search vendor "Juniper Networks" for product "Junos OS" and version " >= 23.4 < 23.4R2" | en |
Affected
| ||||||
| Juniper Networks Search vendor "Juniper Networks" | Junos OS Evolved Search vendor "Juniper Networks" for product "Junos OS Evolved" | < 21.4R3-S8-EVO Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " < 21.4R3-S8-EVO" | en |
Affected
| ||||||
| Juniper Networks Search vendor "Juniper Networks" | Junos OS Evolved Search vendor "Juniper Networks" for product "Junos OS Evolved" | >= 22.2-EVO < 22.2R3-S4-EVO Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " >= 22.2-EVO < 22.2R3-S4-EVO" | en |
Affected
| ||||||
| Juniper Networks Search vendor "Juniper Networks" | Junos OS Evolved Search vendor "Juniper Networks" for product "Junos OS Evolved" | >= 22.3-EVO < 22.3R3-S3-EVO Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " >= 22.3-EVO < 22.3R3-S3-EVO" | en |
Affected
| ||||||
| Juniper Networks Search vendor "Juniper Networks" | Junos OS Evolved Search vendor "Juniper Networks" for product "Junos OS Evolved" | >= 22.4-EVO < 22.4R3-S3-EVO Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " >= 22.4-EVO < 22.4R3-S3-EVO" | en |
Affected
| ||||||
| Juniper Networks Search vendor "Juniper Networks" | Junos OS Evolved Search vendor "Juniper Networks" for product "Junos OS Evolved" | >= 23.2-EVO < 23.2R2-S1-EVO Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " >= 23.2-EVO < 23.2R2-S1-EVO" | en |
Affected
| ||||||
| Juniper Networks Search vendor "Juniper Networks" | Junos OS Evolved Search vendor "Juniper Networks" for product "Junos OS Evolved" | >= 23.4-EVO < 23.4R1-S2-EVO Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " >= 23.4-EVO < 23.4R1-S2-EVO" | en |
Affected
| ||||||
| Juniper Networks Search vendor "Juniper Networks" | Junos OS Evolved Search vendor "Juniper Networks" for product "Junos OS Evolved" | >= 23.4-EVO < 23.4R2-EVO Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " >= 23.4-EVO < 23.4R2-EVO" | en |
Affected
| ||||||