CVE-2024-21596 (GCVE-0-2024-21596)
Vulnerability from cvelistv5
Published
2024-01-12 00:52
Modified
2024-09-25 19:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow
- Denial of Service (DoS)
Summary
A Heap-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS).
If an attacker sends a specific BGP UPDATE message to the device, this will cause a memory overwrite and therefore an RPD crash and restart in the backup Routing Engine (RE). Continued receipt of these packets will cause a sustained Denial of Service (DoS) condition in the backup RE.
The primary RE is not impacted by this issue and there is no impact on traffic.
This issue only affects devices with NSR enabled.
Note: NSR is not supported on the SRX Series and is therefore not affected by this vulnerability.
This issue requires an attacker to have an established BGP session to a system affected by the issue. This issue affects both eBGP and iBGP implementations.
This issue affects:
Juniper Networks Junos OS
* All versions earlier than 20.4R3-S9;
* 21.2 versions earlier than 21.2R3-S7;
* 21.3 versions earlier than 21.3R3-S5;
* 21.4 versions earlier than 21.4R3-S5;
* 22.1 versions earlier than 22.1R3-S4;
* 22.2 versions earlier than 22.2R3-S2;
* 22.3 versions earlier than 22.3R3-S1;
* 22.4 versions earlier than 22.4R2-S2, 22.4R3;
* 23.1 versions earlier than 23.1R2;
* 23.2 versions earlier than 23.2R1-S2, 23.2R2.
Juniper Networks Junos OS Evolved
* All versions earlier than 21.3R3-S5-EVO;
* 21.4-EVO versions earlier than 21.4R3-S5-EVO;
* 22.1-EVO versions earlier than 22.1R3-S4-EVO;
* 22.2-EVO versions earlier than 22.2R3-S2-EVO;
* 22.3-EVO versions later than 22.3R1-EVO;
* 22.4-EVO versions earlier than 22.4R2-S2-EVO, 22.4R3-EVO;
* 23.1-EVO versions earlier than 23.1R2-EVO;
* 23.2-EVO versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Juniper Networks | Junos OS |
Version: 0 ≤ Version: 21.2 ≤ Version: 21.3 ≤ Version: 21.4 ≤ Version: 22.1 ≤ Version: 22.2 ≤ Version: 22.3 ≤ Version: 22.4 ≤ Version: 23.1 ≤ Version: 23.2 ≤ |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:35.534Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA75735"
},
{
"tags": [
"technical-description",
"x_transferred"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21596",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T19:16:48.164675Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T19:17:45.753Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"MX Series",
"PTX Series",
"ACX Series",
"EX Series",
"QFX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S9",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.2R3-S7",
"status": "affected",
"version": "21.2",
"versionType": "semver"
},
{
"lessThan": "21.3R3-S5",
"status": "affected",
"version": "21.3",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S5",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S4",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S2",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S1",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R2-S2, 22.4R3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.1R2",
"status": "affected",
"version": "23.1",
"versionType": "semver"
},
{
"lessThan": "23.2R1-S2, 23.2R2",
"status": "affected",
"version": "23.2",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"PTX Series",
"ACX Series",
"QFX Series"
],
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.3R3-S5-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S5-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S4-EVO",
"status": "affected",
"version": "22.1-EVO",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S2-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R2-S2-EVO, 22.4R3-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
},
{
"lessThan": "23.1R2-EVO",
"status": "affected",
"version": "23.1-EVO",
"versionType": "semver"
},
{
"lessThan": "23.2R1-S2-EVO, 23.2R2-EVO",
"status": "affected",
"version": "23.2-EVO",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following minimal configuration is required:\u003c/p\u003e\u003ccode\u003e [protocols bgp]\u003c/code\u003e\u003cbr/\u003e"
}
],
"value": "The following minimal configuration is required:\n\n [protocols bgp]\n"
}
],
"datePublic": "2024-01-10T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eA Heap-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS).\u003c/p\u003e\u003cp\u003eIf an attacker sends a specific BGP UPDATE message to the device, this will cause a memory overwrite and therefore an RPD crash and restart in the backup Routing Engine (RE). Continued receipt of these packets will cause a sustained Denial of Service (DoS) condition in the backup RE.\u003c/p\u003e\u003cp\u003eThe primary RE is not impacted by this issue and there is no impact on traffic.\u003c/p\u003e\u003cp\u003eThis issue only affects devices with NSR enabled.\u003c/p\u003eNote: NSR is not supported on the SRX Series and is therefore not affected by this vulnerability.\u003cbr\u003e\u003cp\u003eThis issue requires an attacker to have an established BGP session to a system affected by the issue. This issue affects both eBGP and iBGP implementations.\u003c/p\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJuniper Networks Junos OS\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions earlier than 20.4R3-S9;\u003c/li\u003e\u003cli\u003e21.2 versions earlier than 21.2R3-S7;\u003c/li\u003e\u003cli\u003e21.3 versions earlier than 21.3R3-S5;\u003c/li\u003e\u003cli\u003e21.4 versions earlier than 21.4R3-S5;\u003c/li\u003e\u003cli\u003e22.1 versions earlier than 22.1R3-S4;\u003c/li\u003e\u003cli\u003e22.2 versions earlier than 22.2R3-S2;\u003c/li\u003e\u003cli\u003e22.3 versions earlier than 22.3R3-S1;\u003c/li\u003e\u003cli\u003e22.4 versions earlier than 22.4R2-S2, 22.4R3;\u003c/li\u003e\u003cli\u003e23.1 versions earlier than 23.1R2;\u003c/li\u003e\u003cli\u003e23.2 versions earlier than 23.2R1-S2, 23.2R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eJuniper Networks Junos OS Evolved\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions earlier than 21.3R3-S5-EVO;\u003c/li\u003e\u003cli\u003e21.4-EVO versions earlier than 21.4R3-S5-EVO;\u003c/li\u003e\u003cli\u003e22.1-EVO versions earlier than 22.1R3-S4-EVO;\u003c/li\u003e\u003cli\u003e22.2-EVO versions earlier than 22.2R3-S2-EVO;\u003c/li\u003e\u003cli\u003e22.3-EVO versions later than 22.3R1-EVO;\u003c/li\u003e\u003cli\u003e22.4-EVO versions earlier than 22.4R2-S2-EVO, 22.4R3-EVO;\u003c/li\u003e\u003cli\u003e23.1-EVO versions earlier than 23.1R2-EVO;\u003c/li\u003e\u003cli\u003e23.2-EVO versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\n\n"
}
],
"value": "\nA Heap-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS).\n\nIf an attacker sends a specific BGP UPDATE message to the device, this will cause a memory overwrite and therefore an RPD crash and restart in the backup Routing Engine (RE). Continued receipt of these packets will cause a sustained Denial of Service (DoS) condition in the backup RE.\n\nThe primary RE is not impacted by this issue and there is no impact on traffic.\n\nThis issue only affects devices with NSR enabled.\n\nNote: NSR is not supported on the SRX Series and is therefore not affected by this vulnerability.\nThis issue requires an attacker to have an established BGP session to a system affected by the issue. This issue affects both eBGP and iBGP implementations.\n\nThis issue affects:\n\nJuniper Networks Junos OS\n\n\n\n * All versions earlier than 20.4R3-S9;\n * 21.2 versions earlier than 21.2R3-S7;\n * 21.3 versions earlier than 21.3R3-S5;\n * 21.4 versions earlier than 21.4R3-S5;\n * 22.1 versions earlier than 22.1R3-S4;\n * 22.2 versions earlier than 22.2R3-S2;\n * 22.3 versions earlier than 22.3R3-S1;\n * 22.4 versions earlier than 22.4R2-S2, 22.4R3;\n * 23.1 versions earlier than 23.1R2;\n * 23.2 versions earlier than 23.2R1-S2, 23.2R2.\n\n\n\n\nJuniper Networks Junos OS Evolved\n\n\n\n * All versions earlier than 21.3R3-S5-EVO;\n * 21.4-EVO versions earlier than 21.4R3-S5-EVO;\n * 22.1-EVO versions earlier than 22.1R3-S4-EVO;\n * 22.2-EVO versions earlier than 22.2R3-S2-EVO;\n * 22.3-EVO versions later than 22.3R1-EVO;\n * 22.4-EVO versions earlier than 22.4R2-S2-EVO, 22.4R3-EVO;\n * 23.1-EVO versions earlier than 23.1R2-EVO;\n * 23.2-EVO versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO.\n\n\n\n\n\n\n"
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e"
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-26T00:09:12.040Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA75735"
},
{
"tags": [
"technical-description"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue:\u003c/p\u003e\u003cp\u003eJunos OS:\u00a021.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S2, 22.3R3-S1, 22.4R2-S2, 22.4R3, 23.1R2, 23.2R1-S2, 23.2R2, 23.3R1, 23.4R1, and all subsequent releases.\u003c/p\u003e\u003cp\u003eJunos OS Evolved:\u00a021.3R3-S5-EVO, 21.4R3-S5-EVO, 22.1R3-S4-EVO, 22.2R3-S2-EVO, 22.4R2-S2-EVO, 22.4R3-EVO, 23.1R2-EVO, 23.2R1-S2-EVO, 23.2R2-EVO, 23.3R1-EVO, 23.4R1-EVO, and all subsequent releases.\u003c/p\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS:\u00a021.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S2, 22.3R3-S1, 22.4R2-S2, 22.4R3, 23.1R2, 23.2R1-S2, 23.2R2, 23.3R1, 23.4R1, and all subsequent releases.\n\nJunos OS Evolved:\u00a021.3R3-S5-EVO, 21.4R3-S5-EVO, 22.1R3-S4-EVO, 22.2R3-S2-EVO, 22.4R2-S2-EVO, 22.4R3-EVO, 23.1R2-EVO, 23.2R1-S2-EVO, 23.2R2-EVO, 23.3R1-EVO, 23.4R1-EVO, and all subsequent releases.\n\n"
}
],
"source": {
"advisory": "JSA75735",
"defect": [
"1711727"
],
"discovery": "USER"
},
"timeline": [
{
"lang": "en",
"time": "2024-01-10T17:00:00.000Z",
"value": "Initial Publication"
},
{
"lang": "en",
"time": "2024-01-23T17:00:00.000Z",
"value": "Clarified that the SRX Series does not support NSR, and is therefore not affected by this vulnerability"
}
],
"title": "Junos OS and Junos OS Evolved: A specific BGP UPDATE message will cause a crash in the backup Routing Engine in NSR-enabled devices",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are no known workarounds for this issue.\u003c/p\u003e"
}
],
"value": "There are no known workarounds for this issue.\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-av217"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-21596",
"datePublished": "2024-01-12T00:52:52.522Z",
"dateReserved": "2023-12-27T19:38:25.704Z",
"dateUpdated": "2024-09-25T19:17:45.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://supportportal.juniper.net/JSA75735\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N\", \"tags\": [\"technical-description\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T22:27:35.534Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-21596\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-25T19:16:48.164675Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-25T19:17:28.988Z\"}}], \"cna\": {\"title\": \"Junos OS and Junos OS Evolved: A specific BGP UPDATE message will cause a crash in the backup Routing Engine in NSR-enabled devices\", \"source\": {\"defect\": [\"1711727\"], \"advisory\": \"JSA75735\", \"discovery\": \"USER\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Juniper Networks\", \"product\": \"Junos OS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"20.4R3-S9\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"21.2\", \"lessThan\": \"21.2R3-S7\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"21.3\", \"lessThan\": \"21.3R3-S5\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"21.4\", \"lessThan\": \"21.4R3-S5\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"22.1\", \"lessThan\": \"22.1R3-S4\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"22.2\", \"lessThan\": \"22.2R3-S2\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"22.3\", \"lessThan\": \"22.3R3-S1\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"22.4\", \"lessThan\": \"22.4R2-S2, 22.4R3\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"23.1\", \"lessThan\": \"23.1R2\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"23.2\", \"lessThan\": \"23.2R1-S2, 23.2R2\", \"versionType\": \"semver\"}], \"platforms\": [\"MX Series\", \"PTX Series\", \"ACX Series\", \"EX Series\", \"QFX Series\"], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Juniper Networks\", \"product\": \"Junos OS Evolved\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"21.3R3-S5-EVO\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"21.4-EVO\", \"lessThan\": \"21.4R3-S5-EVO\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"22.1-EVO\", \"lessThan\": \"22.1R3-S4-EVO\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"22.2-EVO\", \"lessThan\": \"22.2R3-S2-EVO\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"22.4-EVO\", \"lessThan\": \"22.4R2-S2-EVO, 22.4R3-EVO\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"23.1-EVO\", \"lessThan\": \"23.1R2-EVO\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"23.2-EVO\", \"lessThan\": \"23.2R1-S2-EVO, 23.2R2-EVO\", \"versionType\": \"semver\"}], \"platforms\": [\"PTX Series\", \"ACX Series\", \"QFX Series\"], \"defaultStatus\": \"unaffected\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e\", \"base64\": false}]}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2024-01-10T17:00:00.000Z\", \"value\": \"Initial Publication\"}, {\"lang\": \"en\", \"time\": \"2024-01-23T17:00:00.000Z\", \"value\": \"Clarified that the SRX Series does not support NSR, and is therefore not affected by this vulnerability\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"The following software releases have been updated to resolve this specific issue:\\n\\nJunos OS:\\u00a021.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S2, 22.3R3-S1, 22.4R2-S2, 22.4R3, 23.1R2, 23.2R1-S2, 23.2R2, 23.3R1, 23.4R1, and all subsequent releases.\\n\\nJunos OS Evolved:\\u00a021.3R3-S5-EVO, 21.4R3-S5-EVO, 22.1R3-S4-EVO, 22.2R3-S2-EVO, 22.4R2-S2-EVO, 22.4R3-EVO, 23.1R2-EVO, 23.2R1-S2-EVO, 23.2R2-EVO, 23.3R1-EVO, 23.4R1-EVO, and all subsequent releases.\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eThe following software releases have been updated to resolve this specific issue:\u003c/p\u003e\u003cp\u003eJunos OS:\\u00a021.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S2, 22.3R3-S1, 22.4R2-S2, 22.4R3, 23.1R2, 23.2R1-S2, 23.2R2, 23.3R1, 23.4R1, and all subsequent releases.\u003c/p\u003e\u003cp\u003eJunos OS Evolved:\\u00a021.3R3-S5-EVO, 21.4R3-S5-EVO, 22.1R3-S4-EVO, 22.2R3-S2-EVO, 22.4R2-S2-EVO, 22.4R3-EVO, 23.1R2-EVO, 23.2R1-S2-EVO, 23.2R2-EVO, 23.3R1-EVO, 23.4R1-EVO, and all subsequent releases.\u003c/p\u003e\", \"base64\": false}]}], \"datePublic\": \"2024-01-10T17:00:00.000Z\", \"references\": [{\"url\": \"https://supportportal.juniper.net/JSA75735\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N\", \"tags\": [\"technical-description\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"There are no known workarounds for this issue.\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eThere are no known workarounds for this issue.\u003c/p\u003e\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-av217\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"\\nA Heap-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS).\\n\\nIf an attacker sends a specific BGP UPDATE message to the device, this will cause a memory overwrite and therefore an RPD crash and restart in the backup Routing Engine (RE). Continued receipt of these packets will cause a sustained Denial of Service (DoS) condition in the backup RE.\\n\\nThe primary RE is not impacted by this issue and there is no impact on traffic.\\n\\nThis issue only affects devices with NSR enabled.\\n\\nNote: NSR is not supported on the SRX Series and is therefore not affected by this vulnerability.\\nThis issue requires an attacker to have an established BGP session to a system affected by the issue. This issue affects both eBGP and iBGP implementations.\\n\\nThis issue affects:\\n\\nJuniper Networks Junos OS\\n\\n\\n\\n * All versions earlier than 20.4R3-S9;\\n * 21.2 versions earlier than 21.2R3-S7;\\n * 21.3 versions earlier than 21.3R3-S5;\\n * 21.4 versions earlier than 21.4R3-S5;\\n * 22.1 versions earlier than 22.1R3-S4;\\n * 22.2 versions earlier than 22.2R3-S2;\\n * 22.3 versions earlier than 22.3R3-S1;\\n * 22.4 versions earlier than 22.4R2-S2, 22.4R3;\\n * 23.1 versions earlier than 23.1R2;\\n * 23.2 versions earlier than 23.2R1-S2, 23.2R2.\\n\\n\\n\\n\\nJuniper Networks Junos OS Evolved\\n\\n\\n\\n * All versions earlier than 21.3R3-S5-EVO;\\n * 21.4-EVO versions earlier than 21.4R3-S5-EVO;\\n * 22.1-EVO versions earlier than 22.1R3-S4-EVO;\\n * 22.2-EVO versions earlier than 22.2R3-S2-EVO;\\n * 22.3-EVO versions later than 22.3R1-EVO;\\n * 22.4-EVO versions earlier than 22.4R2-S2-EVO, 22.4R3-EVO;\\n * 23.1-EVO versions earlier than 23.1R2-EVO;\\n * 23.2-EVO versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO.\\n\\n\\n\\n\\n\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\\n\\n\u003cp\u003eA Heap-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS).\u003c/p\u003e\u003cp\u003eIf an attacker sends a specific BGP UPDATE message to the device, this will cause a memory overwrite and therefore an RPD crash and restart in the backup Routing Engine (RE). Continued receipt of these packets will cause a sustained Denial of Service (DoS) condition in the backup RE.\u003c/p\u003e\u003cp\u003eThe primary RE is not impacted by this issue and there is no impact on traffic.\u003c/p\u003e\u003cp\u003eThis issue only affects devices with NSR enabled.\u003c/p\u003eNote: NSR is not supported on the SRX Series and is therefore not affected by this vulnerability.\u003cbr\u003e\u003cp\u003eThis issue requires an attacker to have an established BGP session to a system affected by the issue. This issue affects both eBGP and iBGP implementations.\u003c/p\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJuniper Networks Junos OS\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions earlier than 20.4R3-S9;\u003c/li\u003e\u003cli\u003e21.2 versions earlier than 21.2R3-S7;\u003c/li\u003e\u003cli\u003e21.3 versions earlier than 21.3R3-S5;\u003c/li\u003e\u003cli\u003e21.4 versions earlier than 21.4R3-S5;\u003c/li\u003e\u003cli\u003e22.1 versions earlier than 22.1R3-S4;\u003c/li\u003e\u003cli\u003e22.2 versions earlier than 22.2R3-S2;\u003c/li\u003e\u003cli\u003e22.3 versions earlier than 22.3R3-S1;\u003c/li\u003e\u003cli\u003e22.4 versions earlier than 22.4R2-S2, 22.4R3;\u003c/li\u003e\u003cli\u003e23.1 versions earlier than 23.1R2;\u003c/li\u003e\u003cli\u003e23.2 versions earlier than 23.2R1-S2, 23.2R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eJuniper Networks Junos OS Evolved\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions earlier than 21.3R3-S5-EVO;\u003c/li\u003e\u003cli\u003e21.4-EVO versions earlier than 21.4R3-S5-EVO;\u003c/li\u003e\u003cli\u003e22.1-EVO versions earlier than 22.1R3-S4-EVO;\u003c/li\u003e\u003cli\u003e22.2-EVO versions earlier than 22.2R3-S2-EVO;\u003c/li\u003e\u003cli\u003e22.3-EVO versions later than 22.3R1-EVO;\u003c/li\u003e\u003cli\u003e22.4-EVO versions earlier than 22.4R2-S2-EVO, 22.4R3-EVO;\u003c/li\u003e\u003cli\u003e23.1-EVO versions earlier than 23.1R2-EVO;\u003c/li\u003e\u003cli\u003e23.2-EVO versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\\n\\n\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-122\", \"description\": \"CWE-122 Heap-based Buffer Overflow\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"description\": \"Denial of Service (DoS)\"}]}], \"configurations\": [{\"lang\": \"en\", \"value\": \"The following minimal configuration is required:\\n\\n [protocols bgp]\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eThe following minimal configuration is required:\u003c/p\u003e\u003ccode\u003e [protocols bgp]\u003c/code\u003e\u003cbr/\u003e\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"8cbe9d5a-a066-4c94-8978-4b15efeae968\", \"shortName\": \"juniper\", \"dateUpdated\": \"2024-01-26T00:09:12.040Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-21596\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-25T19:17:45.753Z\", \"dateReserved\": \"2023-12-27T19:38:25.704Z\", \"assignerOrgId\": \"8cbe9d5a-a066-4c94-8978-4b15efeae968\", \"datePublished\": \"2024-01-12T00:52:52.522Z\", \"assignerShortName\": \"juniper\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…