CVE-2024-39516

Summary

CVE-2024-39516 is an Out-of-Bounds Read vulnerability impacting Juniper Networks Junos OS and Junos OS Evolved. An unauthenticated attacker can send a malformed BGP packet, causing the routing protocol daemon (rpd) to crash and restart, leading to a Denial of Service (DoS) condition. This issue only affects systems with BGP traceoptions enabled or BGP traffic engineering configured. It can impact iBGP and eBGP with any address family, and the specific attribute involved is non-transitive and will not propagate across a network. Affected Junos OS versions include all before 21.4R3-S8, 22.2 before 22.2R3-S5, 22.3 before 22.3R3-S4, 22.4 before 22.4R3-S3, 23.2 before 23.2R2-S2, and 23.4 before 23.4R2. For Junos OS Evolved, affected versions include all before 21.4R3-S8-EVO, 22.2-EVO before 22.2R3-S5-EVO, 22.3-EVO before 22.3R3-S4-EVO, 22.4-EVO before 22.4R3-S3-EVO, 23.2-EVO before 23.2R2-S2-EVO, and 23.4-EVO before 23.4R2-EVO.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.