Junos OS and Junos OS Evolved: Specific BGP EVPN update message causes rpd crash
Description
An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial-Of-Service (DoS).
When an affected system receives a specific BGP EVPN update message over an established BGP session, this causes an rpd crash and restart.
A BGP EVPN configuration is not necessary to be vulnerable. If peers are not configured to send BGP EVPN updates to a vulnerable device, then this issue can't occur.
This issue affects iBGP and eBGP, over IPv4 and IPv6.
This issue affects: Junos OS: * 23.4 versions from
23.4R2-S3 before 23.4R2-S5, * 24.2 versions from
24.2R2
before 24.2R2-S1, * 24.4 versions before 24.4R1-S3, 24.4R2;
Junos OS Evolved: * 23.4-EVO versions from 23.4R2-S2-EVO before 23.4R2-S5-EVO, * 24.2-EVO versions from 24.2R2-EVO before 24.2R2-S1-EVO, * 24.4-EVO versions before 24.4R1-S3-EVO, 24.4R2-EVO.
Affected products
323.4R2-S2-EVO to 23.4R2-S5-EVO, 24.2R2-EVO to 24.2R2-S1-EVO, 24.4-EVO before 24.4R1-S3-EVO and 24.4R2-EVO+ 1 more
- (no CPE)range: 23.4R2-S2-EVO to 23.4R2-S5-EVO, 24.2R2-EVO to 24.2R2-S1-EVO, 24.4-EVO before 24.4R1-S3-EVO and 24.4R2-EVO
- (no CPE)range: 23.4R2-S2-EVO
- Range: 23.4R2-S3 to 23.4R2-S5, 24.2R2 to 24.2R2-S1, 24.4 before 24.4R1-S3 and 24.4R2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- supportportal.juniper.net/JSA103165mitrevendor-advisory
News mentions
0No linked articles in our index yet.