Juniper Junos OS Vulnerability (JSA83004)

🗓️ 10 Jul 2024 00:00:00Reported by TenableType

The Juniper Junos OS is vulnerable to a buffer copy without checking size of input, allowing for a denial of service (DoS) attack

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2024-39543	11 Jul 202420:00	–	circl
CNNVD	Juniper Networks Junos OS and Juniper Networks Junos OS Evolved Security Vulnerabilities	11 Jul 202400:00	–	cnnvd
CVE	CVE-2024-39543	11 Jul 202416:21	–	cve
Cvelist	CVE-2024-39543 Junos OS and Junos OS Evolved: Receipt of a large RPKI-RTR PDU packet can cause rpd to crash	11 Jul 202416:21	–	cvelist
EUVD	EUVD-2024-38069	3 Oct 202520:07	–	euvd
NCSC	Vulnerabilities fixed in Juniper Junos OS and Junos OS Evolved	12 Jul 202411:43	–	ncsc
NVD	CVE-2024-39543	11 Jul 202417:15	–	nvd
Positive Technologies	PT-2024-28524 · Juniper Networks · Junos Evolved +1	10 Jul 202400:00	–	ptsecurity
Vulnrichment	CVE-2024-39543 Junos OS and Junos OS Evolved: Receipt of a large RPKI-RTR PDU packet can cause rpd to crash	11 Jul 202416:21	–	vulnrichment

Source	Link
nessus	www.nessus.org/u
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(202116);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/26");

  script_cve_id("CVE-2024-39543");
  script_xref(name:"JSA", value:"JSA83004");

  script_name(english:"Juniper Junos OS Vulnerability (JSA83004)");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
  script_set_attribute(attribute:"description", value:
"The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA83004
advisory.

  - A Buffer Copy without Checking Size of Input vulnerability in the routing protocol daemon (rpd) of Juniper
    Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to
    send specific RPKI-RTR packets resulting in a crash, creating a Denial of Service (DoS) condition.
    Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.
    (CVE-2024-39543)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  # https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-large-RPKI-RTR-PDU-packet-can-cause-rpd-to-crash-CVE-2024-39543
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a956d7f5");
  script_set_attribute(attribute:"solution", value:
"Apply the relevant Junos software release referenced in Juniper advisory JSA83004");
  script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L");
  script_set_attribute(attribute:"cvss4_supplemental", value:"CVSS:4.0/R:A/U:Green");
  script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:U");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-39543");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/07/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/07/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/07/10");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:juniper:junos");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Junos Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("junos_version.nasl");
  script_require_keys("Host/Juniper/JUNOS/Version");

  exit(0);
}

include('junos.inc');


var ver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version');

var vuln_ranges = [
  {'min_ver':'0.0', 'fixed_ver':'21.2R3-S8'},
  {'min_ver':'0.0-EVO', 'fixed_ver':'21.2R3-S8-EVO'},
  {'min_ver':'21.4', 'fixed_ver':'21.4R3-S8'},
  {'min_ver':'21.4-EVO', 'fixed_ver':'21.4R3-S8-EVO'},
  {'min_ver':'22.2', 'fixed_ver':'22.2R3-S4'},
  {'min_ver':'22.2-EVO', 'fixed_ver':'22.2R3-S4-EVO'},
  {'min_ver':'22.3', 'fixed_ver':'22.3R3-S3'},
  {'min_ver':'22.3-EVO', 'fixed_ver':'22.3R3-S3-EVO'},
  {'min_ver':'22.4', 'fixed_ver':'22.4R3-S2'},
  {'min_ver':'22.4-EVO', 'fixed_ver':'22.4R3-S2-EVO'},
  {'min_ver':'23.2', 'fixed_ver':'23.2R2-S1'},
  {'min_ver':'23.2-EVO', 'fixed_ver':'23.2R2-S1-EVO'},
  {'min_ver':'23.4', 'fixed_ver':'23.4R2'},
  {'min_ver':'23.4-EVO', 'fixed_ver':'23.4R2-EVO'}
];

var fix = junos_compare_range(target_version:ver, vuln_ranges:vuln_ranges);
if (empty_or_null(fix)) audit(AUDIT_INST_VER_NOT_VULN, 'Junos OS', ver);
var report = get_report(ver:ver, fix:fix);
security_report_v4(severity:SECURITY_WARNING, port:0, extra:report);

26 Jan 2026 00:00Current

5.9Medium risk

Vulners AI Score5.9

CVSS 3.16.5

CVSS 47.1

EPSS0.00148

SSVC

juniper junos os vulnerability buffer copy denial of service cve-2024-39543 routing protocol daemon rpki-rtr packets adjacent attacker