Juniper Networks Junos OS and Junos OS Evolved Routing Protocol Daemon Denial-of-Service Vulnerability

A reachable assertion vulnerability has been identified in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved. This vulnerability allows an adjacent, unauthenticated attacker to cause a denial-of-service (DoS) condition. The issue arises when route validation is enabled, during the initial establishment of a BGP session. A rare error-handling scenario can cause the rpd to crash and restart. If the connection request fails repeatedly, it leads to a sustained DoS condition.

Impact

Exploitation of this vulnerability causes the routing protocol daemon (rpd) to crash and restart, disrupting BGP session establishment and causing a sustained denial-of-service condition.

Remediation

Users can upgrade to Junos OS versions 22.2R3-S6, 22.4R3-S6, 23.2R2-S3, 23.4R2-S4, 24.2R2, 24.4R1, and all subsequent releases. For Junos OS Evolved, the updated versions are 22.2R3-S6-EVO, 22.4R3-S6-EVO, 23.2R2-S3-EVO, 23.4R2-S4-EVO, 24.2R2-EVO, 24.4R1-EVO, and all subsequent releases.