Main Vulnerability Database Vulnerabilities #VU98406

Improper Check for Unusual or Exceptional Conditions in Juniper Junos OS and Junos OS Evolved - CVE-2024-47507

Published: October 11, 2024

Vulnerability identifier: #VU98406

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2024-47507

CWE-ID: CWE-754

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Juniper Networks, Inc.

Affected software:
Juniper Junos OS
Junos OS Evolved

Detailed vulnerability description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling in the routing protocol daemon (rpd) when handling BGP update messages. A remote attacker can send specially crafted BGP update message, which contains the aggregator attribute with an ASN value of zero (0), and cause issues for the downstream BGP peers receiving this.

How to mitigate CVE-2024-47507

Install updates from vendor's website.

Sources

https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-BGP-update-message-containing-aggregator-attribute-with-an-ASN-value-of-zero-0-is-accepted-CVE-2024-47507

Improper Check for Unusual or Exceptional Conditions in Juniper Junos OS and Junos OS Evolved - CVE-2024-47507

Detailed vulnerability description

How to mitigate CVE-2024-47507

Sources

Please verify you're human