#VU98406 Improper Check for Unusual or Exceptional Conditions in Juniper Junos OS and Junos OS Evolved - CVE-2024-47507
Published: October 11, 2024
Vulnerability identifier: #VU98406
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2024-47507
CWE-ID: CWE-754
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Juniper Junos OS
Junos OS Evolved
Juniper Junos OS
Junos OS Evolved
Software vendor:
Juniper Networks, Inc.
Juniper Networks, Inc.
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling in the routing protocol daemon (rpd) when handling BGP update messages. A remote attacker can send specially crafted BGP update message, which contains the aggregator attribute with an ASN value of zero (0), and cause issues for the downstream BGP peers receiving this.
Remediation
Install updates from vendor's website.