Juniper Networks Junos OS and Junos OS Evolved BGP Attribute Modification Vulnerability Leading to Routing Flap

A vulnerability has been identified in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved. This vulnerability allows an unauthenticated, network-based attacker to cause an availability impact on downstream devices. When an affected device receives a specific optional, transitive BGP attribute over an existing BGP session, the attribute is incorrectly modified before being sent to peers. If the peers detect the attribute as malformed, they are likely to terminate the BGP sessions with the affected device, causing a disruption in routing. This issue affects all versions of Junos OS prior to 22.4R3-S8, as well as several 23.x and 24.x versions. In Junos OS Evolved, all versions prior to 22.4R3-S8-EVO are affected, along with certain 23.x and 24.x versions.

Impact

Exploitation of this vulnerability leads to a disruption of BGP sessions, causing a routing churn that can impact network availability.

Remediation

Users can upgrade to Junos OS versions 22.4R3-S8, 23.2R2-S5, 23.4R2-S6, 24.2R2-S2, 24.4R2, 25.2R1, and all subsequent releases. For Junos OS Evolved, the updated versions are 22.4R3-S8-EVO, 23.2R2-S5-EVO, 23.4R2-S6-EVO, 24.2R2-S2-EVO, 24.4R2-EVO, 25.2R1-EVO, and all subsequent releases.