Juniper Networks Junos OS and Junos OS Evolved BGP Session Reset Vulnerability Leading to Denial-of-Service

A vulnerability allowing improper input validation has been identified in Juniper Networks Junos OS and Junos OS Evolved. This vulnerability allows an unauthenticated, adjacent attacker to send a specific genuine BGP packet in an already established BGP session, causing a reset of that session and leading to a denial-of-service condition. The issue can be sustained by repeatedly sending the packet. This vulnerability affects Junos OS versions 25.2 prior to 25.2R2, as well as Junos OS Evolved versions 25.2-EVO prior to 25.2R2-EVO. Both eBGP and iBGP are affected, with impact on IPv4 and IPv6.

Impact

Exploitation of this vulnerability causes a denial-of-service condition by resetting BGP sessions, disrupting established connections and potentially causing routing instability.

Remediation

Users can upgrade to Junos OS 25.2R2, 25.4R1, or any subsequent release. For Junos OS Evolved, versions 25.2R2-EVO, 25.4R1-EVO, or any subsequent release can be used.