CVE-2024-39516 Junos OS and Junos OS Evolved: With certain BGP options enabled, receipt of specifically malformed BGP update causes RPD crash

🗓️ 09 Oct 2024 20:00:59Reported by juniperType

Junos OS and Junos OS Evolved: Out-of-Bounds Read vulnerability in routing protocol daemon allows unauthenticated attacker to cause Denial of Servic

Reporter	Title	Published	Views	Family All 10
BDU FSTEC	The vulnerability in the configuration of the traceoptions feature of the BGP protocol in the routing protocol rpd of Juniper Networks’ Junos OS and Junos OS Evolved allows a attacker to cause a service failure.	30 Oct 202400:00	–	bdu_fstec
Circl	CVE-2024-39516	9 Oct 202423:11	–	circl
CNNVD	Juniper Networks Junos OS和Juniper Networks Junos OS Evolved 缓冲区错误漏洞	9 Oct 202400:00	–	cnnvd
CVE	CVE-2024-39516	9 Oct 202420:00	–	cve
EUVD	EUVD-2024-38042	3 Oct 202520:07	–	euvd
Tenable Nessus	Juniper Junos OS DoS (JSA88100)	14 Mar 202500:00	–	nessus
NCSC	Vulnerabilities fixed in Juniper JunOS and JunOS Evolved	10 Oct 202411:19	–	ncsc
NVD	CVE-2024-39516	9 Oct 202420:15	–	nvd
Positive Technologies	PT-2024-7397	25 Jun 202400:00	–	ptsecurity
Vulnrichment	CVE-2024-39516 Junos OS and Junos OS Evolved: With certain BGP options enabled, receipt of specifically malformed BGP update causes RPD crash	9 Oct 202420:00	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "21.4R3-S8",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThan": "22.2R3-S5",
        "status": "affected",
        "version": "22.2",
        "versionType": "semver"
      },
      {
        "lessThan": "22.3R3-S4",
        "status": "affected",
        "version": "22.3",
        "versionType": "semver"
      },
      {
        "lessThan": "22.4R3-S3",
        "status": "affected",
        "version": "22.4",
        "versionType": "semver"
      },
      {
        "lessThan": "23.2R2-S2",
        "status": "affected",
        "version": "23.2",
        "versionType": "semver"
      },
      {
        "lessThan": "23.4R2",
        "status": "affected",
        "version": "23.4",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Junos OS Evolved",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "21.4R3-S8-EVO",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThan": "22.2R3-S5-EVO",
        "status": "affected",
        "version": "22.2-EVO",
        "versionType": "semver"
      },
      {
        "lessThan": "22.3R3-S4-EVO",
        "status": "affected",
        "version": "22.3-EVO",
        "versionType": "semver"
      },
      {
        "lessThan": "22.4R3-S3-EVO",
        "status": "affected",
        "version": "22.4-EVO",
        "versionType": "semver"
      },
      {
        "lessThan": "23.2R2-S2-EVO",
        "status": "affected",
        "version": "23.2-EVO",
        "versionType": "semver"
      },
      {
        "lessThan": "23.4R2-EVO",
        "status": "affected",
        "version": "23.4-EVO",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
juniper	www.juniper.net/documentation/us/en/software/junos/cli-reference/topics/ref/statement/traceoptions-edit-protocols-bgp.html
supportportal	www.supportportal.juniper.net/JSA88100

16 Oct 2024 21:11Current

CVSS 3.17.5

CVSS 48.7

EPSS0.00433

CWE-125