FKIE_CVE-2024-39541

Vulnerability from fkie_nvd - Published: 2024-07-11 17:15 - Updated: 2026-01-23 19:24
Severity ?
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS). When conflicting information (IP or ISO addresses) about a node is added to the Traffic Engineering (TE) database and then a subsequent operation attempts to process these, rpd will crash and restart. This issue affects: Junos OS: * 22.4 versions before 22.4R3-S1, * 23.2 versions before 23.2R2,  * 23.4 versions before 23.4R1-S1, 23.4R2,  This issue does not affect Junos OS versions earlier than 22.4R1. Junos OS Evolved: * 22.4-EVO versions before 22.4R3-S2-EVO, * 23.2-EVO versions before 23.2R2-EVO, * 23.4-EVO versions before 23.4R1-S1-EVO, 23.4R2-EVO, This issue does not affect Junos OS Evolved versions earlier than before 22.4R1.
References
sirt@juniper.nethttps://supportportal.juniper.net/JSA83001Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://supportportal.juniper.net/JSA83001Vendor Advisory
Impacted products
Vendor Product Version
juniper junos 22.4
juniper junos 22.4
juniper junos 22.4
juniper junos 22.4
juniper junos 22.4
juniper junos 22.4
juniper junos 22.4
juniper junos 22.4
juniper junos 23.2
juniper junos 23.2
juniper junos 23.2
juniper junos 23.2
juniper junos 23.4
juniper junos 23.4
juniper junos 23.4
juniper junos_os_evolved 22.4
juniper junos_os_evolved 22.4
juniper junos_os_evolved 22.4
juniper junos_os_evolved 22.4
juniper junos_os_evolved 22.4
juniper junos_os_evolved 22.4
juniper junos_os_evolved 22.4
juniper junos_os_evolved 22.4
juniper junos_os_evolved 22.4
juniper junos_os_evolved 23.2
juniper junos_os_evolved 23.2
juniper junos_os_evolved 23.2
juniper junos_os_evolved 23.2
juniper junos_os_evolved 23.4
juniper junos_os_evolved 23.4
juniper junos_os_evolved 23.4
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1379EF30-AF04-4F98-8328-52A631F24737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.4:r1:*:*:*:*:*:*",
              "matchCriteriaId": "28E42A41-7965-456B-B0AF-9D3229CE4D4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.4:r1-s1:*:*:*:*:*:*",
              "matchCriteriaId": "CB1A77D6-D3AD-481B-979C-8F778530B175",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.4:r1-s2:*:*:*:*:*:*",
              "matchCriteriaId": "3A064B6B-A99B-4D8D-A62D-B00C7870BC30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.4:r2:*:*:*:*:*:*",
              "matchCriteriaId": "40813417-A938-4F74-A419-8C5188A35486",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.4:r2-s1:*:*:*:*:*:*",
              "matchCriteriaId": "7FC1BA1A-DF0E-4B15-86BA-24C60E546732",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.4:r2-s2:*:*:*:*:*:*",
              "matchCriteriaId": "EBB967BF-3495-476D-839A-9DBFCBE69F91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.4:r3:*:*:*:*:*:*",
              "matchCriteriaId": "7E5688D6-DCA4-4550-9CD1-A3D792252129",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:23.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "1A78CC80-E8B1-4CDA-BB35-A61833657FA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:23.2:r1:*:*:*:*:*:*",
              "matchCriteriaId": "4B3B2FE1-C228-46BE-AC76-70C2687050AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:23.2:r1-s1:*:*:*:*:*:*",
              "matchCriteriaId": "F1B16FF0-900F-4AEE-B670-A537139F6909",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:23.2:r1-s2:*:*:*:*:*:*",
              "matchCriteriaId": "B227E831-30FF-4BE1-B8B2-31829A5610A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:23.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "78481ABC-3620-410D-BC78-334657E0BB75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:23.4:r1:*:*:*:*:*:*",
              "matchCriteriaId": "BE8A5BA3-87BD-473A-B229-2AAB2C797005",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:23.4:r2:*:*:*:*:*:*",
              "matchCriteriaId": "175CCB13-76C0-44A4-A71D-41E22B92EB23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "0A33C425-921F-4795-B834-608C8F1597E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:r1:*:*:*:*:*:*",
              "matchCriteriaId": "93887799-F62C-4A4A-BCF5-004D0B4D4154",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s1:*:*:*:*:*:*",
              "matchCriteriaId": "62C473D2-2612-4480-82D8-8A24D0687BBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s2:*:*:*:*:*:*",
              "matchCriteriaId": "7FB4C5CA-A709-4B13-A9E0-372098A72AD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:r2:*:*:*:*:*:*",
              "matchCriteriaId": "04CE952D-E3C1-4B34-9E65-EC52BFE887AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:r2-s1:*:*:*:*:*:*",
              "matchCriteriaId": "8AE9D1A7-4721-4E1D-B965-FDC38126B1DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:r2-s2:*:*:*:*:*:*",
              "matchCriteriaId": "A8643AA3-29EF-48A7-B033-CB60988E214B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:r3:*:*:*:*:*:*",
              "matchCriteriaId": "9800BA03-E6BF-4212-B2E7-69C0FD27D294",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:r3-s1:*:*:*:*:*:*",
              "matchCriteriaId": "ACCA655D-C542-44F1-B183-4C864CFF2D4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:23.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "6DEAA7FD-385F-4221-907E-65ABC16BE4BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:23.2:r1:*:*:*:*:*:*",
              "matchCriteriaId": "DDEC008A-3137-48D1-8ABC-6DB0EFC40E50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:23.2:r1-s1:*:*:*:*:*:*",
              "matchCriteriaId": "558D234D-BC50-415F-86D6-8E19D6C3ACE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:23.2:r1-s2:*:*:*:*:*:*",
              "matchCriteriaId": "33F4EEEE-77E9-4973-A770-99E7BA2F05F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:23.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "9D7F0D73-85EE-4A07-B51B-6BF52ECBA75E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:23.4:r1:*:*:*:*:*:*",
              "matchCriteriaId": "FE777A1F-9CD9-426E-AF1C-FBE01EB9A4A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:23.4:r2:*:*:*:*:*:*",
              "matchCriteriaId": "FB82B22F-9005-4EF0-A1E3-4261757783D4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).\n\nWhen conflicting information (IP or ISO addresses) about a node is added to the Traffic Engineering (TE) database and then a subsequent operation attempts to process these, rpd will crash and restart.\n\nThis issue affects:\n\nJunos OS:\n\n\n\n  *  22.4 versions before 22.4R3-S1,\n  *  23.2 versions before 23.2R2,\u00a0\n  *  23.4 versions before 23.4R1-S1, 23.4R2,\u00a0\n\n\n\n\nThis issue does not affect Junos OS versions earlier than 22.4R1.\n\nJunos OS Evolved:\n\n\n\n  *  22.4-EVO versions before 22.4R3-S2-EVO,\n  *  23.2-EVO versions before 23.2R2-EVO,\n  *  23.4-EVO versions before 23.4R1-S1-EVO, 23.4R2-EVO,\n\n\n\n\n\n\nThis issue does not affect Junos OS Evolved versions earlier than \n\nbefore 22.4R1."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de manejo inadecuado de condiciones excepcionales en Routing Protocol Daemon (rpd) de Juniper Networks Junos OS y Junos OS Evolved permite que un atacante adyacente no autenticado provoque una denegaci\u00f3n de servicio (DoS). Cuando se agrega informaci\u00f3n contradictoria (direcciones IP o ISO) sobre un nodo a la base de datos de Ingenier\u00eda de tr\u00e1fico (TE) y luego una operaci\u00f3n posterior intenta procesarla, rpd fallar\u00e1 y se reiniciar\u00e1. Este problema afecta a: Junos OS: * versiones 22.4 anteriores a 22.4R3-S1, * versiones 23.2 anteriores a 23.2R2, * versiones 23.4 anteriores a 23.4R1-S1, 23.4R2. Este problema no afecta a las versiones de Junos OS anteriores a 22.4R1. Junos OS Evolved: * Versiones 22.4-EVO anteriores a 22.4R3-S2-EVO, * Versiones 23.2-EVO anteriores a 23.2R2-EVO, * Versiones 23.4-EVO anteriores a 23.4R1-S1-EVO, 23.4R2-EVO. Este problema no Afecta a las versiones evolucionadas de Junos OS anteriores a la 22.4R1."
    }
  ],
  "id": "CVE-2024-39541",
  "lastModified": "2026-01-23T19:24:10.423",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "sirt@juniper.net",
        "type": "Secondary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "ADJACENT",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "LOW",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "HIGH",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "NONE",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "sirt@juniper.net",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-07-11T17:15:13.127",
  "references": [
    {
      "source": "sirt@juniper.net",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://supportportal.juniper.net/JSA83001"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://supportportal.juniper.net/JSA83001"
    }
  ],
  "sourceIdentifier": "sirt@juniper.net",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-755"
        }
      ],
      "source": "sirt@juniper.net",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.