Lucene search

JuniperCVELIST:CVE-2024-21598

HistoryApr 12, 2024 - 2:54 p.m.

CVE-2024-21598 Junos OS and Junos OS Evolved: A malformed BGP tunnel encapsulation attribute will lead to an rpd crash

2024-04-1214:54:23

CWE-1286

juniper

www.cve.org

cve-2024-21598; juniper networks; bgp tunnel encapsulation; rpd crash; dos; syntactic correctness; input validation; network-based attack; unauthenticated attacker; denial of service; junos os; junos os evolved; vulnerability; routing protocol daemon

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

8.7 High

CVSS4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/SC:N/VI:N/SI:N/VA:H/SA:L

0.0004 Low

EPSS

Percentile

9.0%

JSON

An Improper Validation of Syntactic Correctness of Input vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).

If a BGP update is received over an established BGP session which contains a tunnel encapsulation attribute with a specifically malformed TLV, rpd will crash and restart.

This issue affects Juniper Networks
Junos OS:

20.4 versions 20.4R1 and later versions earlier than 20.4R3-S9;
21.2 versions earlier than 21.2R3-S7;
21.3 versions earlier than 21.3R3-S5;
21.4 versions earlier than 21.4R3-S5;
22.1 versions earlier than 22.1R3-S4;
22.2 versions earlier than 22.2R3-S3;
22.3 versions earlier than 22.3R3-S1;
22.4 versions earlier than 22.4R3;
23.2 versions earlier than 23.2R1-S2, 23.2R2;

Junos OS Evolved:

20.4-EVO versions 20.4R1-EVO and later versions earlier than 20.4R3-S9-EVO;
21.2-EVO versions earlier than 21.2R3-S7-EVO;
21.3-EVO versions earlier than 21.3R3-S5-EVO;
21.4-EVO versions earlier than 21.4R3-S5-EVO;
22.1-EVO versions earlier than 22.1R3-S4-EVO;
22.2-EVO versions earlier than 22.2R3-S3-EVO;
22.3-EVO versions earlier than 22.3R3-S1-EVO;
22.4-EVO versions earlier than 22.4R3-EVO;
23.2-EVO versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO;

This issue does not affect Juniper Networks

Junos OS versions earlier than 20.4R1;
Junos OS Evolved versions earlier than 20.4R1-EVO.

This is a related but separate issue than the one described in JSA79095.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "20.4R3-S9",
        "status": "affected",
        "version": "20.4",
        "versionType": "semver"
      },
      {
        "lessThan": "21.2R3-S7",
        "status": "affected",
        "version": "21.2",
        "versionType": "semver"
      },
      {
        "lessThan": "21.3R3-S5",
        "status": "affected",
        "version": "21.3",
        "versionType": "semver"
      },
      {
        "lessThan": "21.4R3-S5",
        "status": "affected",
        "version": "21.4",
        "versionType": "semver"
      },
      {
        "lessThan": "22.1R3-S4",
        "status": "affected",
        "version": "22.1",
        "versionType": "semver"
      },
      {
        "lessThan": "22.2R3-S3",
        "status": "affected",
        "version": "22.2",
        "versionType": "semver"
      },
      {
        "lessThan": "22.3R3-S1",
        "status": "affected",
        "version": "22.3",
        "versionType": "semver"
      },
      {
        "lessThan": "22.4R3",
        "status": "affected",
        "version": "22.4",
        "versionType": "semver"
      },
      {
        "lessThan": "23.2R1-S2, 23.2R2",
        "status": "affected",
        "version": "23.2",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Junos OS Evolved",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "20.4R3-S9-EVO",
        "status": "affected",
        "version": "20.4-EVO",
        "versionType": "semver"
      },
      {
        "lessThan": "21.2R3-S7-EVO",
        "status": "affected",
        "version": "21.2-EVO",
        "versionType": "semver"
      },
      {
        "lessThan": "21.3R3-S5-EVO",
        "status": "affected",
        "version": "21.3-EVO",
        "versionType": "semver"
      },
      {
        "lessThan": "21.4R3-S5-EVO",
        "status": "affected",
        "version": "21.4-EVO",
        "versionType": "semver"
      },
      {
        "lessThan": "22.1R3-S4-EVO",
        "status": "affected",
        "version": "22.1-EVO",
        "versionType": "semver"
      },
      {
        "lessThan": "22.2R3-S3-EVO",
        "status": "affected",
        "version": "22.2-EVO",
        "versionType": "semver"
      },
      {
        "lessThan": "22.3R3-S1-EVO",
        "status": "affected",
        "version": "22.3-EVO",
        "versionType": "semver"
      },
      {
        "lessThan": "22.4R3-EVO",
        "status": "affected",
        "version": "22.4-EVO",
        "versionType": "semver"
      },
      {
        "lessThan": "23.2R1-S2-EVO, 23.2R2-EVO",
        "status": "affected",
        "version": "23.2-EVO",
        "versionType": "semver"
      }
    ]
  }
]

References

supportportal.juniper.net/JSA75739

www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

8.7 High

CVSS4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/SC:N/VI:N/SI:N/VA:H/SA:L

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2024-21598