CVE-2024-39554 (GCVE-0-2024-39554)
Vulnerability from cvelistv5
Published
2024-07-10 22:32
Modified
2024-08-02 04:26
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
8.2 (High) - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
8.2 (High) - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
VLAI Severity ?
EPSS score ?
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Summary
A Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability the
Routing Protocol Daemon (rpd)
of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to inject incremental routing updates when BGP multipath is enabled, causing rpd to crash and restart, resulting in a Denial of Service (DoS). Since this is a timing issue (race condition), the successful exploitation of this vulnerability is outside the attacker's control. However, continued receipt and processing of this packet may create a sustained Denial of Service (DoS) condition.
On all Junos OS and Junos OS Evolved platforms with BGP multipath enabled, a specific multipath calculation removes the original next hop from the multipath lead routes nexthop-set. When this change happens, multipath relies on certain internal timing to record the update. Under certain circumstance and with specific timing, this could result in an rpd crash.
This issue only affects systems with BGP multipath enabled.
This issue affects:
Junos OS:
* All versions of 21.1
* from 21.2 before 21.2R3-S7,
* from 21.4 before 21.4R3-S6,
* from 22.1 before 22.1R3-S5,
* from 22.2 before 22.2R3-S3,
* from 22.3 before 22.3R3-S2,
* from 22.4 before 22.4R3,
* from 23.2 before 23.2R2.
Junos OS Evolved:
* All versions of 21.1-EVO,
* All versions of 21.2-EVO,
* from 21.4-EVO before 21.4R3-S6-EVO,
* from 22.1-EVO before 22.1R3-S5-EVO,
* from 22.2-EVO before 22.2R3-S3-EVO,
* from 22.3-EVO before 22.3R3-S2-EVO,
* from 22.4-EVO before 22.4R3-EVO,
* from 23.2-EVO before 23.2R2-EVO.
Versions of Junos OS before 21.1R1 are unaffected by this vulnerability.
Versions of Junos OS Evolved before 21.1R1-EVO are unaffected by this vulnerability.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Juniper Networks | Junos OS |
Version: 21.1 ≤ Version: 21.2 ≤ Version: 21.4 ≤ Version: 22.1 ≤ Version: 22.2 ≤ Version: 22.3 ≤ Version: 22.4 ≤ Version: 23.2 ≤ |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:juniper:junos:21.1:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "junos",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.1*",
"status": "affected",
"version": "21.1",
"versionType": "custom"
},
{
"lessThan": "21.2r3-s7",
"status": "affected",
"version": "21.2",
"versionType": "custom"
},
{
"lessThan": "21.4r3-s6",
"status": "affected",
"version": "21.4",
"versionType": "custom"
},
{
"lessThan": "22.1r3-s5",
"status": "affected",
"version": "22.1",
"versionType": "custom"
},
{
"lessThan": "22.2r3-s3",
"status": "affected",
"version": "22.2",
"versionType": "custom"
},
{
"lessThan": "22.3r3-s2",
"status": "affected",
"version": "22.3",
"versionType": "custom"
},
{
"lessThan": "22.4r3",
"status": "affected",
"version": "22.4",
"versionType": "custom"
},
{
"lessThan": "23.2r2",
"status": "affected",
"version": "23.2",
"versionType": "custom"
},
{
"lessThan": "21.1r1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "junos_os_evolved",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.1r1-evo",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "21.1*-evo",
"status": "affected",
"version": "21.1-evo",
"versionType": "custom"
},
{
"lessThan": "21.2*-evo",
"status": "affected",
"version": "21.2-evo",
"versionType": "custom"
},
{
"lessThan": "21.4r3-s6-evo",
"status": "affected",
"version": "21.4-evo",
"versionType": "custom"
},
{
"lessThan": "22.1r3-s5-evo",
"status": "affected",
"version": "22.1-evo",
"versionType": "custom"
},
{
"lessThan": "22.2r3-s3-evo",
"status": "affected",
"version": "22.2-evo",
"versionType": "custom"
},
{
"lessThan": "22.3r3-s2-evo",
"status": "affected",
"version": "22.3-evo",
"versionType": "custom"
},
{
"lessThan": "22.4r3-evo",
"status": "affected",
"version": "22.4-evo",
"versionType": "custom"
},
{
"lessThan": "23.2r2-evo",
"status": "affected",
"version": "23.2-evo",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39554",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T13:09:55.707497Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T13:40:38.794Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.931Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA83014"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.1*",
"status": "affected",
"version": "21.1",
"versionType": "semver"
},
{
"lessThan": "21.2R3-S7",
"status": "affected",
"version": "21.2",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S6",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S5",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S3",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S2",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "21.1R1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.1*-EVO",
"status": "affected",
"version": "21.1-EVO",
"versionType": "semver"
},
{
"lessThan": "21.2*-EVO",
"status": "affected",
"version": "21.2-EVO",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S6-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S5-EVO",
"status": "affected",
"version": "22.1-EVO",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S3-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S2-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R3-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
},
{
"lessThan": "23.2R2-EVO",
"status": "affected",
"version": "23.2-EVO",
"versionType": "semver"
},
{
"lessThan": "21.1R1-EVO",
"status": "unaffected",
"version": "0",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A sample BGP multipath configuration is shown below:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ protocols bgp group \u0026lt;name\u0026gt; multipath ]\u003c/tt\u003e"
}
],
"value": "A sample BGP multipath configuration is shown below:\n\n[ protocols bgp group \u003cname\u003e multipath ]"
}
],
"datePublic": "2024-07-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027) vulnerability the \n\nRouting Protocol Daemon (rpd)\n\n of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to inject incremental routing updates when BGP multipath is enabled, causing rpd to crash and restart, resulting in a Denial of Service (DoS). Since this is a timing issue (race condition), the successful exploitation of this vulnerability is outside the attacker\u0027s control.\u0026nbsp; However, continued receipt and processing of this packet may create a sustained Denial of Service (DoS) condition.\u003cbr\u003e\u003cbr\u003eOn all Junos OS and Junos OS Evolved platforms with BGP multipath enabled, a specific multipath calculation removes the original next hop from the multipath lead routes nexthop-set. When this change happens, multipath relies on certain internal timing to record the update.\u0026nbsp; Under certain circumstance and with specific timing, this could result in an rpd crash.\u003cbr\u003e\u003cbr\u003eThis issue only affects systems with BGP multipath enabled.\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJunos OS: \u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions of 21.1\u003c/li\u003e\u003cli\u003efrom 21.2 before 21.2R3-S7, \u003c/li\u003e\u003cli\u003efrom 21.4 before 21.4R3-S6, \u003c/li\u003e\u003cli\u003efrom 22.1 before 22.1R3-S5, \u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S3, \u003c/li\u003e\u003cli\u003efrom 22.3 before 22.3R3-S2, \u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3, \u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eJunos OS Evolved: \u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions of 21.1-EVO,\u003c/li\u003e\u003cli\u003eAll versions of 21.2-EVO,\u003c/li\u003e\u003cli\u003efrom 21.4-EVO before 21.4R3-S6-EVO, \u003c/li\u003e\u003cli\u003efrom 22.1-EVO before 22.1R3-S5-EVO, \u003c/li\u003e\u003cli\u003efrom 22.2-EVO before 22.2R3-S3-EVO, \u003c/li\u003e\u003cli\u003efrom 22.3-EVO before 22.3R3-S2-EVO, \u003c/li\u003e\u003cli\u003efrom 22.4-EVO before 22.4R3-EVO, \u003c/li\u003e\u003cli\u003efrom 23.2-EVO before 23.2R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003eVersions of Junos OS before 21.1R1 are unaffected by this vulnerability.\u003cbr\u003eVersions of Junos OS Evolved before 21.1R1-EVO are unaffected by this vulnerability."
}
],
"value": "A Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027) vulnerability the \n\nRouting Protocol Daemon (rpd)\n\n of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to inject incremental routing updates when BGP multipath is enabled, causing rpd to crash and restart, resulting in a Denial of Service (DoS). Since this is a timing issue (race condition), the successful exploitation of this vulnerability is outside the attacker\u0027s control.\u00a0 However, continued receipt and processing of this packet may create a sustained Denial of Service (DoS) condition.\n\nOn all Junos OS and Junos OS Evolved platforms with BGP multipath enabled, a specific multipath calculation removes the original next hop from the multipath lead routes nexthop-set. When this change happens, multipath relies on certain internal timing to record the update.\u00a0 Under certain circumstance and with specific timing, this could result in an rpd crash.\n\nThis issue only affects systems with BGP multipath enabled.\n\n\nThis issue affects:\n\nJunos OS: \n\n\n * All versions of 21.1\n * from 21.2 before 21.2R3-S7, \n * from 21.4 before 21.4R3-S6, \n * from 22.1 before 22.1R3-S5, \n * from 22.2 before 22.2R3-S3, \n * from 22.3 before 22.3R3-S2, \n * from 22.4 before 22.4R3, \n * from 23.2 before 23.2R2.\n\n\n\n\nJunos OS Evolved: \n\n\n * All versions of 21.1-EVO,\n * All versions of 21.2-EVO,\n * from 21.4-EVO before 21.4R3-S6-EVO, \n * from 22.1-EVO before 22.1R3-S5-EVO, \n * from 22.2-EVO before 22.2R3-S3-EVO, \n * from 22.3-EVO before 22.3R3-S2-EVO, \n * from 22.4-EVO before 22.4R3-EVO, \n * from 23.2-EVO before 23.2R2-EVO.\n\n\n\nVersions of Junos OS before 21.1R1 are unaffected by this vulnerability.\nVersions of Junos OS Evolved before 21.1R1-EVO are unaffected by this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T23:23:10.774Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA83014"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue:\u003cbr\u003eJunos OS: 21.2R3-S7, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3, 23.2R2, 23.4R1, and all subsequent releases.\u003cbr\u003eJunos OS Evolved: 21.4R3-S6-EVO, 22.1R3-S5-EVO, 22.2R3-S3-EVO, 22.3R3-S2-EVO, 22.4R3-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases.\u003cbr\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue:\nJunos OS: 21.2R3-S7, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3, 23.2R2, 23.4R1, and all subsequent releases.\nJunos OS Evolved: 21.4R3-S6-EVO, 22.1R3-S5-EVO, 22.2R3-S3-EVO, 22.3R3-S2-EVO, 22.4R3-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA83014",
"defect": [
"1744801"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: BGP multipath incremental calculation is resulting in an rpd crash",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-39554",
"datePublished": "2024-07-10T22:32:34.310Z",
"dateReserved": "2024-06-25T15:12:53.246Z",
"dateUpdated": "2024-08-02T04:26:15.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-39554\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-11T13:09:55.707497Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:o:juniper:junos:21.1:-:*:*:*:*:*:*\"], \"vendor\": \"juniper\", \"product\": \"junos\", \"versions\": [{\"status\": \"affected\", \"version\": \"21.1\", \"lessThan\": \"21.1*\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"21.2\", \"lessThan\": \"21.2r3-s7\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"21.4\", \"lessThan\": \"21.4r3-s6\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"22.1\", \"lessThan\": \"22.1r3-s5\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"22.2\", \"lessThan\": \"22.2r3-s3\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"22.3\", \"lessThan\": \"22.3r3-s2\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"22.4\", \"lessThan\": \"22.4r3\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"23.2\", \"lessThan\": \"23.2r2\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"21.1r1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*\"], \"vendor\": \"juniper\", \"product\": \"junos_os_evolved\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"21.1r1-evo\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"21.1-evo\", \"lessThan\": \"21.1*-evo\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"21.2-evo\", \"lessThan\": \"21.2*-evo\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"21.4-evo\", \"lessThan\": \"21.4r3-s6-evo\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"22.1-evo\", \"lessThan\": \"22.1r3-s5-evo\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"22.2-evo\", \"lessThan\": \"22.2r3-s3-evo\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"22.3-evo\", \"lessThan\": \"22.3r3-s2-evo\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"22.4-evo\", \"lessThan\": \"22.4r3-evo\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"23.2-evo\", \"lessThan\": \"23.2r2-evo\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-11T13:33:53.541Z\"}}], \"cna\": {\"title\": \"Junos OS and Junos OS Evolved: BGP multipath incremental calculation is resulting in an rpd crash\", \"source\": {\"defect\": [\"1744801\"], \"advisory\": \"JSA83014\", \"discovery\": \"USER\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.9, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 8.2, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"LOW\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Juniper Networks\", \"product\": \"Junos OS\", \"versions\": [{\"status\": \"affected\", \"version\": \"21.1\", \"lessThan\": \"21.1*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"21.2\", \"lessThan\": \"21.2R3-S7\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"21.4\", \"lessThan\": \"21.4R3-S6\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"22.1\", \"lessThan\": \"22.1R3-S5\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"22.2\", \"lessThan\": \"22.2R3-S3\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"22.3\", \"lessThan\": \"22.3R3-S2\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"22.4\", \"lessThan\": \"22.4R3\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"23.2\", \"lessThan\": \"23.2R2\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"21.1R1\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Juniper Networks\", \"product\": \"Junos OS Evolved\", \"versions\": [{\"status\": \"affected\", \"version\": \"21.1-EVO\", \"lessThan\": \"21.1*-EVO\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"21.2-EVO\", \"lessThan\": \"21.2*-EVO\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"21.4-EVO\", \"lessThan\": \"21.4R3-S6-EVO\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"22.1-EVO\", \"lessThan\": \"22.1R3-S5-EVO\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"22.2-EVO\", \"lessThan\": \"22.2R3-S3-EVO\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"22.3-EVO\", \"lessThan\": \"22.3R3-S2-EVO\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"22.4-EVO\", \"lessThan\": \"22.4R3-EVO\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"23.2-EVO\", \"lessThan\": \"23.2R2-EVO\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"21.1R1-EVO\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\", \"base64\": false}]}], \"solutions\": [{\"lang\": \"en\", \"value\": \"The following software releases have been updated to resolve this specific issue:\\nJunos OS: 21.2R3-S7, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3, 23.2R2, 23.4R1, and all subsequent releases.\\nJunos OS Evolved: 21.4R3-S6-EVO, 22.1R3-S5-EVO, 22.2R3-S3-EVO, 22.3R3-S2-EVO, 22.4R3-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"The following software releases have been updated to resolve this specific issue:\u003cbr\u003eJunos OS: 21.2R3-S7, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3, 23.2R2, 23.4R1, and all subsequent releases.\u003cbr\u003eJunos OS Evolved: 21.4R3-S6-EVO, 22.1R3-S5-EVO, 22.2R3-S3-EVO, 22.3R3-S2-EVO, 22.4R3-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases.\u003cbr\u003e\", \"base64\": false}]}], \"datePublic\": \"2024-07-10T16:00:00.000Z\", \"references\": [{\"url\": \"https://supportportal.juniper.net/JSA83014\", \"tags\": [\"vendor-advisory\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"There are no known workarounds for this issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"There are no known workarounds for this issue.\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027) vulnerability the \\n\\nRouting Protocol Daemon (rpd)\\n\\n of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to inject incremental routing updates when BGP multipath is enabled, causing rpd to crash and restart, resulting in a Denial of Service (DoS). Since this is a timing issue (race condition), the successful exploitation of this vulnerability is outside the attacker\u0027s control.\\u00a0 However, continued receipt and processing of this packet may create a sustained Denial of Service (DoS) condition.\\n\\nOn all Junos OS and Junos OS Evolved platforms with BGP multipath enabled, a specific multipath calculation removes the original next hop from the multipath lead routes nexthop-set. When this change happens, multipath relies on certain internal timing to record the update.\\u00a0 Under certain circumstance and with specific timing, this could result in an rpd crash.\\n\\nThis issue only affects systems with BGP multipath enabled.\\n\\n\\nThis issue affects:\\n\\nJunos OS: \\n\\n\\n * All versions of 21.1\\n * from 21.2 before 21.2R3-S7, \\n * from 21.4 before 21.4R3-S6, \\n * from 22.1 before 22.1R3-S5, \\n * from 22.2 before 22.2R3-S3, \\n * from 22.3 before 22.3R3-S2, \\n * from 22.4 before 22.4R3, \\n * from 23.2 before 23.2R2.\\n\\n\\n\\n\\nJunos OS Evolved: \\n\\n\\n * All versions of 21.1-EVO,\\n * All versions of 21.2-EVO,\\n * from 21.4-EVO before 21.4R3-S6-EVO, \\n * from 22.1-EVO before 22.1R3-S5-EVO, \\n * from 22.2-EVO before 22.2R3-S3-EVO, \\n * from 22.3-EVO before 22.3R3-S2-EVO, \\n * from 22.4-EVO before 22.4R3-EVO, \\n * from 23.2-EVO before 23.2R2-EVO.\\n\\n\\n\\nVersions of Junos OS before 21.1R1 are unaffected by this vulnerability.\\nVersions of Junos OS Evolved before 21.1R1-EVO are unaffected by this vulnerability.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"A Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027) vulnerability the \\n\\nRouting Protocol Daemon (rpd)\\n\\n of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to inject incremental routing updates when BGP multipath is enabled, causing rpd to crash and restart, resulting in a Denial of Service (DoS). Since this is a timing issue (race condition), the successful exploitation of this vulnerability is outside the attacker\u0027s control.\u0026nbsp; However, continued receipt and processing of this packet may create a sustained Denial of Service (DoS) condition.\u003cbr\u003e\u003cbr\u003eOn all Junos OS and Junos OS Evolved platforms with BGP multipath enabled, a specific multipath calculation removes the original next hop from the multipath lead routes nexthop-set. When this change happens, multipath relies on certain internal timing to record the update.\u0026nbsp; Under certain circumstance and with specific timing, this could result in an rpd crash.\u003cbr\u003e\u003cbr\u003eThis issue only affects systems with BGP multipath enabled.\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJunos OS: \u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions of 21.1\u003c/li\u003e\u003cli\u003efrom 21.2 before 21.2R3-S7, \u003c/li\u003e\u003cli\u003efrom 21.4 before 21.4R3-S6, \u003c/li\u003e\u003cli\u003efrom 22.1 before 22.1R3-S5, \u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S3, \u003c/li\u003e\u003cli\u003efrom 22.3 before 22.3R3-S2, \u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3, \u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eJunos OS Evolved: \u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions of 21.1-EVO,\u003c/li\u003e\u003cli\u003eAll versions of 21.2-EVO,\u003c/li\u003e\u003cli\u003efrom 21.4-EVO before 21.4R3-S6-EVO, \u003c/li\u003e\u003cli\u003efrom 22.1-EVO before 22.1R3-S5-EVO, \u003c/li\u003e\u003cli\u003efrom 22.2-EVO before 22.2R3-S3-EVO, \u003c/li\u003e\u003cli\u003efrom 22.3-EVO before 22.3R3-S2-EVO, \u003c/li\u003e\u003cli\u003efrom 22.4-EVO before 22.4R3-EVO, \u003c/li\u003e\u003cli\u003efrom 23.2-EVO before 23.2R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003eVersions of Junos OS before 21.1R1 are unaffected by this vulnerability.\u003cbr\u003eVersions of Junos OS Evolved before 21.1R1-EVO are unaffected by this vulnerability.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-362\", \"description\": \"CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)\"}]}], \"configurations\": [{\"lang\": \"en\", \"value\": \"A sample BGP multipath configuration is shown below:\\n\\n[ protocols bgp group \u003cname\u003e multipath ]\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"A sample BGP multipath configuration is shown below:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ protocols bgp group \u0026lt;name\u0026gt; multipath ]\u003c/tt\u003e\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"8cbe9d5a-a066-4c94-8978-4b15efeae968\", \"shortName\": \"juniper\", \"dateUpdated\": \"2024-07-10T23:23:10.774Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-39554\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-07-11T13:40:38.794Z\", \"dateReserved\": \"2024-06-25T15:12:53.246Z\", \"assignerOrgId\": \"8cbe9d5a-a066-4c94-8978-4b15efeae968\", \"datePublished\": \"2024-07-10T22:32:34.310Z\", \"assignerShortName\": \"juniper\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…