5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.3 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
20.3%
The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA75735 advisory.
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#TRUSTED 3636b9a011af3793fb3585554878649b237a1fad78837f552906d2113769fd039c5e165dfa0418e349c409ae72f88deb12b42262cee817b60747492fd5be646b81a8a11e32371d60cd7fd67448c15eef8acb100d1be750fc1d053b896d07311df0c6b98b3b22a7b1e8790e0785d7bf916bf29326361f54b42f10ce8c34230dd83b717cbf3569bd6f11c2f80625bd18c0232b49447946b0e67780c58bf11206595321c467d4b013c626a9b93c1118620e06281655cf3ba0685cca68ddf1445bc8291d8bf2eb56cbd71b515350c6914011e7143e4e38f868424b1c099ccd202225256123919cc4c46af64e5bf180c6108aa27431fa04cedf94e0b0bb92888ece2d1a94a17093111a54a0333297d358de536e2c57635232947a32215f80208b2f766992d488e9f119ae3d126576a32259584e5a962ebd03e6d6125ca8097e3f65139c7714ac20dd6e59d5e7c9074fd2004610df58dec365c196885ec0eb2730d850849e5e9204f47733993276b3c28a8918f8aaacedac51fd544d90de8b55ce4b8415d943fbd6b7df228f7cf8548e7b8d8fd7fd218c98dc4ebc7a8dcd4d94aedf7438451f200540a98933708dd34397d1e0ba3687c82882169e1fa1b81fd67467f65aa2033f1e13701a6ce18d7cc32dfecf2d6ea85d8a28075cad12aa7c7115b4a69ee1df194304ec201cf87c63a0dc679e0ee6758e8fd3d5a7589b277e8518f41c
#TRUST-RSA-SHA256 6b467a946bad697330e23638d1082a8bad8467192f23769d875690906c4bc46a35dd27b950832fd888b7db4dfd010076b07558093a11323f9d833c2d9936f13ab9ac59b81130b5918005511bb82a624f888db3df0a14cd076302df97ca39d6639bcbd13bee880892b44d120fde9d0e3f84f40af9202fb967afea8084fd182f4bbbe20a55b79151c6273829b59eeba0a012e6b16a781d7514b13b8daf88e12464fcf0d4564a69ca5d27cf582b53a58cb69e870799d8b439818f1460e20c6b8a043ea22c02f1de00794efc4496d89ec7063cf83d7efb79146f18c7af7da2671c696ef270d9acf2949f0f9146a3a97b366bbbd4f276378c62e235f4ee239491e62eae2cff1651dc02179f55fafdf2dac70089ab9217df8467ca0f0fc7c16862112946bce073278e5f3ca6124de5a3ed880854f1c9b3375da7d8e0ba381447cfde7dc4a8415aa74fa032a0a25184c98ed90dabf4630848fccd560e53057bff4e1d18bf44c5200281e2befe8b8241a43fa836cc1f7abebe7821e3cc4a3791053e07a73753d61da50dde629deb0e0a334c5ca09eac7fbf8425ee54b2a6ad663cea0b944264e47f670242d4bfa18d95b97de9f2e049cd909b1c08783cbe735447511742b0372ad8a80d25480378ca66801ada162e92aa1fa99acc36fb255291defee2559d4c8af4a5ddfd3d3d8035b50262ebcb93de2f8b0d7b41c23ce9f506839a1a63
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(189763);
script_version("1.0");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/30");
script_cve_id("CVE-2024-21596");
script_xref(name:"JSA", value:"JSA75735");
script_name(english:"Juniper Junos OS Vulnerability (JSA75735)");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
script_set_attribute(attribute:"description", value:
"The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA75735
advisory.
- A Heap-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos
OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service
(DoS). If an attacker sends a specific BGP UPDATE message to the device, this will cause a memory
overwrite and therefore an RPD crash and restart in the backup Routing Engine (RE). Continued receipt of
these packets will cause a sustained Denial of Service (DoS) condition in the backup RE. The primary RE is
not impacted by this issue and there is no impact on traffic. This issue only affects devices with NSR
enabled. This issue requires an attacker to have an established BGP session to a system affected by the
issue. This issue affects both eBGP and iBGP implementations. This issue affects: Juniper Networks Junos
OS * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier
than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2
versions earlier than 22.2R3-S2; * 22.3 versions earlier than 22.3R3-S1; * 22.4 versions earlier than
22.4R2-S2, 22.4R3; * 23.1 versions earlier than 23.1R2; * 23.2 versions earlier than 23.2R1-S2, 23.2R2.
Juniper Networks Junos OS Evolved * All versions earlier than 21.3R3-S5-EVO; * 21.4-EVO versions earlier
than 21.4R3-S5-EVO; * 22.1-EVO versions earlier than 22.1R3-S4-EVO; * 22.2-EVO versions earlier than
22.2R3-S2-EVO; * 22.3-EVO versions later than 22.3R1-EVO; * 22.4-EVO versions earlier than 22.4R2-S2-EVO,
22.4R3-EVO; * 23.1-EVO versions earlier than 23.1R2-EVO; * 23.2-EVO versions earlier than 23.2R1-S2-EVO,
23.2R2-EVO. (CVE-2024-21596)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
# https://supportportal.juniper.net/s/article/Overview-of-the-Juniper-Networks-SIRT-Quarterly-Security-Bulletin-Publication-Process?r=40&ui-knowledge-components-aura-actions.KnowledgeArticleVersionCreateDraftFromOnlineAction.createDraftFromOnlineArticle=1
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f52ed971");
# https://supportportal.juniper.net/s/article/In-which-releases-are-vulnerabilities-fixed?r=40&ui-knowledge-components-aura-actions.KnowledgeArticleVersionCreateDraftFromOnlineAction.createDraftFromOnlineArticle=1
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f121aca9");
# https://supportportal.juniper.net/s/article/Common-Vulnerability-Scoring-System-CVSS-and-Juniper-s-Security-Advisories?r=40&ui-knowledge-components-aura-actions.KnowledgeArticleVersionCreateDraftFromOnlineAction.createDraftFromOnlineArticle=1
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a73cfa7d");
# https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-specific-BGP-UPDATE-message-will-cause-a-crash-in-the-backup-Routing-Engine-CVE-2024-21596
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0ba27a10");
script_set_attribute(attribute:"solution", value:
"Apply the relevant Junos software release referenced in Juniper advisory JSA75735");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-21596");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2024/01/10");
script_set_attribute(attribute:"patch_publication_date", value:"2024/01/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/01/30");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/o:juniper:junos");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Junos Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("junos_version.nasl");
script_require_keys("Host/Juniper/JUNOS/Version");
exit(0);
}
include('junos.inc');
include('junos_kb_cmd_func.inc');
var ver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version');
var vuln_ranges = [
{'min_ver':'0.0', 'fixed_ver':'20.4R3-S9'},
{'min_ver':'0.0', 'fixed_ver':'21.3R3-S5-EVO'},
{'min_ver':'21.2', 'fixed_ver':'21.2R3-S7'},
{'min_ver':'21.3', 'fixed_ver':'21.3R3-S5'},
{'min_ver':'21.4', 'fixed_ver':'21.4R3-S5'},
{'min_ver':'21.4', 'fixed_ver':'21.4R3-S5-EVO'},
{'min_ver':'22.1', 'fixed_ver':'22.1R3-S4'},
{'min_ver':'22.1', 'fixed_ver':'22.1R3-S4-EVO'},
{'min_ver':'22.2', 'fixed_ver':'22.2R3-S2'},
{'min_ver':'22.2', 'fixed_ver':'22.2R3-S2-EVO'},
{'min_ver':'22.3', 'fixed_ver':'22.3R3-S1'},
{'min_ver':'22.3', 'fixed_ver':'22.3R1-EVO'},
{'min_ver':'22.4', 'fixed_ver':'22.4R2-S2', 'fixed_display':'22.4R2-S2, 22.4R3'},
{'min_ver':'22.4', 'fixed_ver':'22.4R2-S2-EVO', 'fixed_display':'22.4R2-S2-EVO, 22.4R3-EVO'},
{'min_ver':'23.2', 'fixed_ver':'23.2R1-S2', 'fixed_display':'23.2R1-S2, 23.2R2'},
{'min_ver':'23.2', 'fixed_ver':'23.2R1-S2-EVO', 'fixed_display':'23.2R1-S2-EVO, 23.2R2-EVO'}
];
var override = TRUE;
var buf = junos_command_kb_item(cmd:'show configuration | display set');
if (buf)
{
override = FALSE;
if (!preg(string:buf, pattern:"^set protocols bgp", multiline:TRUE))
audit(AUDIT_HOST_NOT, 'using a vulnerable configuration');
if (!preg(string:buf, pattern:"^set routing-options nonstop-routing", multiline:TRUE))
audit(AUDIT_HOST_NOT, 'affected because the Nonstop Active Routing (NSR) feature is not enabled');
}
var fix = junos_compare_range(target_version:ver, vuln_ranges:vuln_ranges);
if (empty_or_null(fix)) audit(AUDIT_INST_VER_NOT_VULN, 'Junos OS', ver);
junos_report(ver:ver, fix:fix, override:override, severity:SECURITY_WARNING);
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.3 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
20.3%