Juniper Networks Junos OS and Junos OS Evolved Routing Protocol Daemon Denial-of-Service Vulnerability

A reachable assertion vulnerability has been identified in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved. This vulnerability allows an unauthenticated, network-based attacker to cause a denial-of-service (DoS) condition. The issue arises when the device receives a specific BGP UPDATE packet, causing the rpd to crash and restart. Continuous receipt of this packet leads to a sustained DoS condition. For exploitation, BGP multipath with 'pause-computation-during-churn' must be configured, and the attacker must send the paths via a BGP UPDATE from an established BGP peer.

Impact

Exploitation of this vulnerability causes the Routing Protocol Daemon (rpd) to crash and restart, leading to a denial-of-service condition on the affected device.

Remediation

Users can upgrade to Junos OS versions 21.4R3-S7, 22.3R3-S3, 22.4R3-S5, 23.2R2, 23.4R2, 24.2R1, and all subsequent releases. For Junos OS Evolved, versions 21.4R3-S7-EVO, 22.3R3-S3-EVO, 22.4R3-S5-EVO, 23.2R2-EVO, 23.4R2-EVO, 24.2R1-EVO, and all subsequent releases are available. This issue can also be mitigated by disabling the 'pause-computation-during-churn' command in the BGP multipath configuration.