CVE-2024-39525 Junos OS and Junos OS Evolved: When BGP traceoptions is enabled, receipt of specially crafted BGP packet causes RPD crash

🗓️ 09 Oct 2024 20:01:20Reported by juniperType

Junos OS and Junos OS Evolved BGP vulnerability causing RPD crash and DoS

Reporter	Title	Published	Views	Family All 9
BDU FSTEC	The vulnerability of the routing protocol demon in Juniper Networks’ Junos OS and Junos OS Evolved systems allows a attacker to cause service interruptions.	14 Oct 202400:00	–	bdu_fstec
Circl	CVE-2024-39525	9 Oct 202423:11	–	circl
CNNVD	Juniper Networks Junos OS和Junos OS Evolved 安全漏洞	9 Oct 202400:00	–	cnnvd
CVE	CVE-2024-39525	9 Oct 202420:01	–	cve
EUVD	EUVD-2024-38051	3 Oct 202520:07	–	euvd
Tenable Nessus	Juniper Junos OS DoS (JSA88102)	18 Oct 202400:00	–	nessus
NCSC	Vulnerabilities fixed in Juniper JunOS and JunOS Evolved	10 Oct 202411:19	–	ncsc
NVD	CVE-2024-39525	9 Oct 202420:15	–	nvd
Vulnrichment	CVE-2024-39525 Junos OS and Junos OS Evolved: When BGP traceoptions is enabled, receipt of specially crafted BGP packet causes RPD crash	9 Oct 202420:01	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "21.2R3-S8",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThan": "21.4R3-S8",
        "status": "affected",
        "version": "21.4",
        "versionType": "semver"
      },
      {
        "lessThan": "22.2R3-S4",
        "status": "affected",
        "version": "22.2",
        "versionType": "semver"
      },
      {
        "lessThan": "22.3R3-S4",
        "status": "affected",
        "version": "22.3",
        "versionType": "semver"
      },
      {
        "lessThan": "22.4R3-S3",
        "status": "affected",
        "version": "22.4",
        "versionType": "semver"
      },
      {
        "lessThan": "23.2R2-S1",
        "status": "affected",
        "version": "23.2",
        "versionType": "semver"
      },
      {
        "lessThan": "23.4R2",
        "status": "affected",
        "version": "23.4",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Junos OS Evolved",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "21.2R3-S8-EVO",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThan": "21.4R3-S8-EVO",
        "status": "affected",
        "version": "21.4-EVO",
        "versionType": "semver"
      },
      {
        "lessThan": "22.2R3-S4-EVO",
        "status": "affected",
        "version": "22.2-EVO",
        "versionType": "semver"
      },
      {
        "lessThan": "22.3R3-S4-EVO",
        "status": "affected",
        "version": "22.3-EVO",
        "versionType": "semver"
      },
      {
        "lessThan": "22.4R3-S3-EVO",
        "status": "affected",
        "version": "22.4-EVO",
        "versionType": "semver"
      },
      {
        "lessThan": "23.2R2-S1-EVO",
        "status": "affected",
        "version": "23.2-EVO",
        "versionType": "semver"
      },
      {
        "lessThan": "23.4R2-EVO",
        "status": "affected",
        "version": "23.4-EVO",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
juniper	www.juniper.net/documentation/us/en/software/junos/cli-reference/topics/ref/statement/traceoptions-edit-protocols-bgp.html
supportportal	www.supportportal.juniper.net/JSA88102

11 Oct 2024 15:15Current

CVSS 3.17.5

CVSS 48.7

EPSS0.00437

CWE-755