A denial-of-service vulnerability has been identified in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved. This vulnerability allows an unauthenticated, logically adjacent BGP peer to cause a crash and restart of the rpd process. The issue arises when BGP rib-sharding and update-threading are configured, and a BGP peer flaps with specific timing, leading to a sustained denial-of-service condition. The vulnerability affects both eBGP and iBGP, in IPv4 and IPv6 implementations, and requires at least one established BGP session.
Exploitation of this vulnerability causes the rpd process to crash and restart, disrupting BGP operations and causing a denial-of-service condition on the affected device.
Users can upgrade to Junos OS versions 20.4R3-S8, 21.2R3-S6, 21.3R3-S5, 21.4R3-S4, 22.1R3-S3, 22.2R3-S1, 22.3R3 or 22.4R3. For Junos OS Evolved, users can upgrade to versions 21.2R3-S6-EVO, 21.3R3-S5-EVO, 21.4R3-S4-EVO, 22.1R3-S3-EVO, 22.2R3-S1-EVO, 22.3R3-EVO or 22.4R3-EVO.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
