A denial-of-service vulnerability has been identified in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved. This vulnerability allows a local, low-privileged attacker to cause a crash and restart of the rpd by executing a specific 'show route as-path' CLI command, when 'asregex-optimized' is configured. The rpd crash can be repeated, leading to a sustained denial-of-service condition. This issue affects all Junos OS versions prior to 21.2R3-S9, as well as certain versions in the 21.4, 22.2, 22.4, 23.2, 23.4, and 24.2 release series. In Junos OS Evolved, the vulnerability affects all versions prior to 21.2R3-S9-EVO, as well as specific versions in the 21.4-EVO, 22.2-EVO, 22.4-EVO, 23.2-EVO, 23.4-EVO, and 24.2-EVO release series.
Exploitation of this vulnerability causes the routing protocol daemon (rpd) to crash and restart, leading to a denial-of-service condition.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
