CVE-2024-39554
Severity CVSS v4.0:
HIGH
Type:
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Publication date:
10/07/2024
Last modified:
07/02/2025
Description
A Concurrent Execution using Shared Resource with Improper Synchronization (&#39;Race Condition&#39;) vulnerability the <br />
<br />
Routing Protocol Daemon (rpd)<br />
<br />
of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to inject incremental routing updates when BGP multipath is enabled, causing rpd to crash and restart, resulting in a Denial of Service (DoS). Since this is a timing issue (race condition), the successful exploitation of this vulnerability is outside the attacker&#39;s control. However, continued receipt and processing of this packet may create a sustained Denial of Service (DoS) condition.<br />
<br />
On all Junos OS and Junos OS Evolved platforms with BGP multipath enabled, a specific multipath calculation removes the original next hop from the multipath lead routes nexthop-set. When this change happens, multipath relies on certain internal timing to record the update. Under certain circumstance and with specific timing, this could result in an rpd crash.<br />
<br />
This issue only affects systems with BGP multipath enabled.<br />
<br />
<br />
This issue affects:<br />
<br />
Junos OS: <br />
<br />
<br />
* All versions of 21.1<br />
* from 21.2 before 21.2R3-S7, <br />
* from 21.4 before 21.4R3-S6, <br />
* from 22.1 before 22.1R3-S5, <br />
* from 22.2 before 22.2R3-S3, <br />
* from 22.3 before 22.3R3-S2, <br />
* from 22.4 before 22.4R3, <br />
* from 23.2 before 23.2R2.<br />
<br />
<br />
<br />
<br />
Junos OS Evolved: <br />
<br />
<br />
* All versions of 21.1-EVO,<br />
* All versions of 21.2-EVO,<br />
* from 21.4-EVO before 21.4R3-S6-EVO, <br />
* from 22.1-EVO before 22.1R3-S5-EVO, <br />
* from 22.2-EVO before 22.2R3-S3-EVO, <br />
* from 22.3-EVO before 22.3R3-S2-EVO, <br />
* from 22.4-EVO before 22.4R3-EVO, <br />
* from 23.2-EVO before 23.2R2-EVO.<br />
<br />
<br />
<br />
Versions of Junos OS before 21.1R1 are unaffected by this vulnerability.<br />
Versions of Junos OS Evolved before 21.1R1-EVO are unaffected by this vulnerability.
Impact
Base Score 4.0
8.20
Severity 4.0
HIGH
Base Score 3.x
5.90
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:* | 21.1 (including) | 21.2 (excluding) |
| cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:21.2:r1:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:21.2:r1-s1:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:21.2:r1-s2:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:21.2:r2:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:21.2:r2-s1:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:21.2:r2-s2:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:21.2:r3:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:21.2:r3-s1:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:21.2:r3-s2:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:21.2:r3-s3:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:21.2:r3-s4:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:21.2:r3-s5:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:21.2:r3-s6:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page