Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
0

CVE-2024-47499

Disclosure Date: October 11, 2024
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS). 

In a scenario where BGP Monitoring Protocol (BMP) is configured with rib-in pre-policy monitoring, receiving a BGP update with a specifically malformed AS PATH attribute over an established BGP session, can cause an RPD crash and restart.

This issue affects:

Junos OS: 

  • All versions before 21.2R3-S8,
  • 21.4 versions before 21.4R3-S8,
  • 22.2 versions before 22.2R3-S4,
  • 22.3 versions before 22.3R3-S3,
  • 22.4 versions before 22.4R3-S2,
  • 23.2 versions before 23.2R2-S1,
  • 23.4 versions before 23.4R1-S2, 23.4R2;

Junos OS Evolved:

  • All versions before 21.2R3-S8-EVO,
  • 21.4 versions before 21.4R3-S8-EVO,
  • 22.2 versions before 22.2R3-S4-EVO,
  • 22.3 versions before 22.3R3-S3-EVO,
  • 22.4 versions before 22.4R3-S2-EVO,
  • 23.2 versions before 23.2R2-S1-EVO,
  • 23.4 versions before 23.4R1-S2-EVO, 23.4R2-EVO.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
7.5 High
Impact Score:
3.6
Exploitability Score:
3.9
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
None
Integrity (I):
None
Availability (A):
High

General Information

Vendors

  • Juniper Networks

Products

  • Junos OS,
  • Junos OS Evolved

Additional Info

Technical Analysis