Main Vulnerability Database SB2024101133

SB2024101133 - Denial of service in Junos OS and Junos OS Evolved rpd

Published: October 11, 2024

Security Bulletin ID SB2024101133

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper Check for Unusual or Exceptional Conditions (CVE-ID: CVE-2024-47507)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling in the routing protocol daemon (rpd) when handling BGP update messages. A remote attacker can send specially crafted BGP update message, which contains the aggregator attribute with an ASN value of zero (0), and cause issues for the downstream BGP peers receiving this.

Remediation

Install update from vendor's website.

References

https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-BGP-update-message-containing-aggregator-attribute-with-an-ASN-value-of-zero-0-is-accepted-CVE-2024-47507