A vulnerability has been identified in the DHCP service (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved. This vulnerability allows a DHCP client in one subnet to deplete the address pools of other subnets, causing a Denial of Service (DoS) on the affected DHCP server. The issue arises because the DHCP relay agent forwards certain DHCP DISCOVER messages to the DHCP server without modification, despite these messages should be dropped under default conditions. This unmodified forwarding consumes addresses from the DHCP server's pool, leading to exhaustion. The vulnerability affects multiple versions of Junos OS and Junos OS Evolved, particularly when the DHCP relay is configured to 'forward-only' mode.
Exploitation of this vulnerability can exhaust the DHCP server's address pool, leading to a Denial of Service condition where clients are unable to obtain IP addresses.
Users can upgrade to Junos OS versions 21.2R3-S10, 21.4R3-S12, 22.4R3-S8, 23.2R2-S5, 23.4R2-S6, 24.2R2-S2, 24.4R2, 25.2R1-S1, 25.2R2, 25.4R1, and all subsequent releases. For Junos OS Evolved, users can upgrade to versions 21.4R3-S12-EVO, 22.4R3-S8-EVO, 23.2R2-S5-EVO, 23.4R2-S6-EVO, 24.2R2-S2-EVO, 24.4R2-EVO, 25.2R1-S1-EVO, 25.2R2-EVO, 25.4R1-EVO, and all subsequent releases.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
