Juniper Junos OS Vulnerability (JSA88099)

🗓️ 25 Nov 2024 00:00:00Reported by TenableType

Junos OS has a vulnerability allowing Denial of Service via malformed BGP packets.

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2024-39515	9 Oct 202423:11	–	circl
CNNVD	Juniper Networks Junos OS和Junos OS Evolved 安全漏洞	9 Oct 202400:00	–	cnnvd
CVE	CVE-2024-39515	9 Oct 202420:00	–	cve
Cvelist	CVE-2024-39515 Junos OS and Junos OS Evolved: With BGP traceoptions enabled, receipt of specifically malformed BGP update causes RPD crash	9 Oct 202420:00	–	cvelist
EUVD	EUVD-2024-38041	3 Oct 202520:07	–	euvd
NCSC	Vulnerabilities fixed in Juniper JunOS and JunOS Evolved	10 Oct 202411:19	–	ncsc
NVD	CVE-2024-39515	9 Oct 202420:15	–	nvd
Positive Technologies	PT-2024-7396 · Juniper Networks · Junos Evolved +1	25 Jun 202400:00	–	ptsecurity
Vulnrichment	CVE-2024-39515 Junos OS and Junos OS Evolved: With BGP traceoptions enabled, receipt of specifically malformed BGP update causes RPD crash	9 Oct 202420:00	–	vulnrichment

Source	Link
nessus	www.nessus.org/u
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#TRUSTED 4291f00e08e027d0fc35137afd579abf9fc4f1ba143fe529a4fda8c4ca48fbeb42f61bb331d3cf8e96d5a297e2dd7aef4048eaf225a6057dcdff8b31915069de0bb528234ca8bea667022f6734cdd7ee380489f5aa2fb8ac1cddda318668f63cc87320e43e06f7c29fbfd88f7cee6cfee911c6195d4aa66c450406500d62f6f6cf11f24473ff696f49d65dbf57a6293536eec810e1dcf5a0863b0828c3b56d12eb3e6fec79b10b4ba7f082ac9211b64cf1df5d1ac7ab6609fb2135efe431b3674abec9a8b0daa54590c536bc11d8219a74e153e218abf420e7b4eb2d02a584962ca414bfabb4f6281e6b2c2d6624132fa81400730ce30d3b01d194d4f96e5537f3bac836d81fb26e0eb79fb6a601110c9b3b9d33ba9c9e12585ed1b15a96a61800f9a1b1e40bc6ca5e57a7bd4195decb1e086980422bfd73484bb3e48f73900abc559f5cab8c621fc1f63a0c91323f38eaed0854e024e44d81253425999392fe24fae4b612cb491add4e4db725ea166063da41a22f6e95a52797015b3535ddaf31085696018823084385f793914c166e738f64e513f5816805f8477ea4a48a596c58e97e8ac449ed1429a543632c864a1dffcc623aa35220d47be870a62e2396a25deecb055356f4d502d32a9fa99d891cc2b1ffd70a2a0f5f6566dcb04f3932dc7716e969cae1e7dad1843d2424def6ac45bca356ac997d2888eeb2d2122950
#TRUST-RSA-SHA256 92f05fdf7d0bbdc8164f3a0db75ff4e191f3fc1192fa9e1a2d01c950d7e21c38892d600cde6b0dbfdb0a96977f797267320786abddd89690560baf01e28a8fb6fa2b704ded8fc7895859b8d31119613ad3cb133c6485f48ef4598f991d6ed71c17e2cac338de44cf518be690efc4e8502e60bb28175804c3f6e135d160620efa316c83d9661453892026fa61716327d215968f47918ba8ddf3fce9ef93fc5d435af1fea88ba751b273f5b9d54019e4585269d916b526df6843e6786cdb0ac918d266a55dbe1e32cb7ab2ef5c126cde4ec3e689dc32744d4c852232e839eb7abe660a49db76aa9c7c48203c5ab5a3eb451a9086ea4512d4e6a0281d4c4e5472d4f86b9d600afa518d34fa0f5f237ff0184ea7d4097b33c7a90f88efceedd02c89570cab33d6ab3b16a8d6a74134fed06087549a54df6fdaa505ad719600dd4ba275d7ea4cd92f88c6cc5f20d9ce5fb619472c678c254afcac049ec5d70bc7f5cdd72d23b47c3234d00a2e5253026056288354044be947fa806be07395fcfd0f9050b07809d5d1de5c0484f7880394b48feb03bbd165fd775719e308b43e7d2488715478ed9ec915e5c91f53a787b51d275948e0a515fd3b86fd761abe8d0e307cbcaa032b452a1ed1e094c57b764b9f91eacf3640f092c4038e3a8d8e74178f791e23e017f56411d7b8d8e0666953afc5e85ce3189e3421e8d5f8f4d26cfb423d
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(211813);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/26");

  script_cve_id("CVE-2024-39515");
  script_xref(name:"JSA", value:"JSA88099");

  script_name(english:"Juniper Junos OS Vulnerability (JSA88099)");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
  script_set_attribute(attribute:"description", value:
"The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA88099
advisory.

  - An Improper Validation of Consistency within Input vulnerability in the routing protocol daemon (rpd) of
    Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker sending a
    specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service
    (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS)
    condition. (CVE-2024-39515)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  # https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-With-BGP-traceoptions-enabled-receipt-of-specially-crafted-BGP-update-causes-RPD-crash-CVE-2024-39515
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?01660f35");
  script_set_attribute(attribute:"solution", value:
"Apply the relevant Junos software release referenced in Juniper advisory JSA88099");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L");
  script_set_attribute(attribute:"cvss4_supplemental", value:"CVSS:4.0/R:U");
  script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:U");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-39515");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/10/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/10/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/11/25");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:juniper:junos");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Junos Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("junos_version.nasl");
  script_require_keys("Host/Juniper/JUNOS/Version");

  exit(0);
}

include('junos.inc');
include('junos_kb_cmd_func.inc');

var ver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version');

var vuln_ranges = [
  {'min_ver':'0.0', 'fixed_ver':'21.4R3-S8'},
  {'min_ver':'0.0-EVO', 'fixed_ver':'21.4R3-S8-EVO'},
  {'min_ver':'22.2', 'fixed_ver':'22.2R3-S5'},
  {'min_ver':'22.2-EVO', 'fixed_ver':'22.2R3-S5-EVO'},
  {'min_ver':'22.3', 'fixed_ver':'22.3R3-S4'},
  {'min_ver':'22.3-EVO', 'fixed_ver':'22.3R3-S4-EVO'},
  {'min_ver':'22.4', 'fixed_ver':'22.4R3-S3'},
  {'min_ver':'22.4-EVO', 'fixed_ver':'22.4R3-S3-EVO'},
  {'min_ver':'23.2', 'fixed_ver':'23.2R2-S2'},
  {'min_ver':'23.2-EVO', 'fixed_ver':'23.2R2-S2-EVO'},
  {'min_ver':'23.4', 'fixed_ver':'23.4R2'},
  {'min_ver':'23.4-EVO', 'fixed_ver':'23.4R2-EVO'}
];

var override = TRUE;
var buf = junos_command_kb_item(cmd:'show configuration | display set');
if (buf)
{
  override = FALSE;
  if (!preg(string:buf, pattern:"^set protocols bgp group.*neighbor", multiline:TRUE))
    audit(AUDIT_HOST_NOT, 'using a vulnerable configuration');
}

var fix = junos_compare_range(target_version:ver, vuln_ranges:vuln_ranges);
if (empty_or_null(fix)) audit(AUDIT_INST_VER_NOT_VULN, 'Junos OS', ver);
junos_report(ver:ver, fix:fix, override:override, severity:SECURITY_HOLE);

26 Jan 2026 00:00Current

6Medium risk

Vulners AI Score6

CVSS 3.17.5

CVSS 48.7

EPSS0.00281

SSVC