A vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a logically adjacent BGP peer to cause a denial-of-service (DoS) condition. This is achieved by sending a specifically malformed BGP packet, which causes rpd to crash and restart. The issue persists as long as the malformed packet is received and processed, creating a sustained DoS condition. The vulnerability only affects systems configured for Ethernet Virtual Private Networking (EVPN) signaling, impacting both iBGP and eBGP, as well as IPv4 and IPv6. Affected versions include all Junos OS versions prior to 21.4R3-S11, versions from 22.2 prior to 22.2R3-S7, from 22.4 prior to 22.4R3-S7, from 23.2 prior to 23.2R2-S4, from 23.4 prior to 23.4R2-S5, from 24.2 prior to 24.2R2-S1, and from 24.4 prior to 24.4R1-S3 and 24.4R2. In Junos OS Evolved, all versions prior to 22.2R3-S7-EVO, versions from 22.4-EVO prior to 22.4R3-S7-EVO, from 23.2-EVO prior to 23.2R2-S4-EVO, from 23.4-EVO prior to 23.4R2-S5-EVO, from 24.2-EVO prior to 24.2R2-S1-EVO, and from 24.4-EVO prior to 24.4R1-S3-EVO and 24.4R2-EVO are affected.
Exploitation of this vulnerability leads to a crash of the routing protocol daemon (rpd), causing it to restart and create a denial-of-service condition. This disruption can be sustained by the continued receipt and processing of the malformed BGP packets.
Users can upgrade to Junos OS versions 21.4R3-S11, 22.2R3-S7, 22.4R3-S7, 23.2R2-S4, 23.4R2-S5, 24.2R2-S1, 24.4R1-S3, 24.4R2, 25.2R1, and all subsequent releases. For Junos OS Evolved, upgrade to versions 22.2R3-S7-EVO, 22.4R3-S7-EVO, 23.2R2-S4-EVO, 23.4R2-S5-EVO, 24.2R2-S1-EVO, 24.4R1-S3-EVO, 24.4R2-EVO, 25.2R1-EVO, and all subsequent releases.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
