CVE-2024-39547

Oct 12, 2024

Published Date: 2024-10-11T16:15:07.483
Last Modified: 2024-10-11T16:15:07.483

CVSS Score: 7.5 (HIGH)

EPSS Score: N/A

Risk Score: N/A

Risk Score based on CVSS score and EPSS. This score is for reference purposes and is not internationally recognized.

Meter Needle
CVSS: 7.5  |  EPSS: 0%
NVD Links:

Description: An Improper Handling of Exceptional Conditions vulnerability in the rpd-server of Juniper Networks Junos OS and Junos OS Evolved within cRPD allows an unauthenticated network-based attacker sending crafted TCP traffic to the routing engine (RE) to cause a CPU-based Denial of Service (DoS).

If specially crafted TCP traffic is received by the control plane, or a TCP session terminates unexpectedly, it will cause increased control plane CPU utilization by the rpd-server process.

While not explicitly required, the impact is more severe when RIB sharding is enabled.

Task accounting shows unexpected reads by the RPD Server jobs for shards:

user@junos> show task accounting detail

read:RPD Server.0.0.0.0+780.192.168.0.78+48886 TOT:00000003.00379787 MAX:00000000.00080516 RUNS: 233888
read:RPD Server.0.0.0.0+780.192.168.0.78+49144 TOT:00000004.00007565 MAX:00000000.00080360 RUNS: 233888
read:RPD Server.0.0.0.0+780.192.168.0.78+49694 TOT:00000003.00600584 MAX:00000000.00080463 RUNS: 233888
read:RPD Server.0.0.0.0+780.192.168.0.78+50246 TOT:00000004.00346998 MAX:00000000.00080338 RUNS: 233888

This issue affects:

Junos OS with cRPD: 

* All versions before 21.2R3-S8, 
* 21.4 before 21.4R3-S7, 
* 22.1 before 22.1R3-S6, 
* 22.2 before 22.2R3-S4, 
* 22.3 before 22.3R3-S3, 
* 22.4 before 22.4R3-S2, 
* 23.2 before 23.2R2-S2, 
* 24.2 before 24.2R2; 

Junos OS Evolved with cRPD: 

* All versions before 21.4R3-S7-EVO, 
* 22.2 before 22.2R3-S4-EVO, 
* 22.3 before 22.3R3-S3-EVO, 
* 22.4 before 22.4R3-S2-EVO, 
* 23.2 before 23.2R2-EVO.

Mitre ATT&CK Technical v15.1

T1583.004 – Server
T1584.004 – Server
T1053.002 – At

Technical Analysis & Mitigation Measures

1. Technical Attack Analysis:
The vulnerability CVE-2024-39547 in Juniper Networks Junos OS and Junos OS Evolved presents an opportunity for unauthenticated attackers to exploit improper handling of exceptional conditions within the rpd-server. By sending crafted TCP traffic to the routing engine, attackers can induce high CPU utilization in the control plane, leading to a Denial of Service (DoS).

Attack Techniques:
– T1583.004 – Server : Attackers can utilize this technique to establish infrastructure for sending crafted TCP packets to the vulnerable rpd-server.
– T1584.004 – Server : Malicious actors may leverage this technique to acquire or maintain access to the rpd-server, potentially using compromised systems to orchestrate the attack.
– T1053.002 – At : The exploitation of this vulnerability can be automated, allowing for repeated attempts to send malformed traffic strategically to degrade the performance of the affected systems.

Possible Outcomes of Exploitation:
– Increased CPU usage leading to degradation or complete unavailability of routing services.
– Potential for cascading failures in network performance due to control plane overload.
– Exploitation can be more impactful, especially when RIB sharding is enabled, possibly affecting related routing protocols and services.

2. Mitigation Measures:
– Upgrade to the latest versions of Junos OS and Junos OS Evolved that are not affected by CVE-2024-39547.
– Implement access control lists (ACLs) to restrict traffic to the rpd-server.
– Monitor network traffic for unusual patterns indicative of crafted TCP attacks.
– Enable rate limiting on TCP traffic to the control plane.
– Apply intrusion detection systems (IDS) to identify and alert on abnormal traffic patterns.
– Regularly review and apply security patches provided by Juniper Networks.
– Disable RIB sharding if not required for network operations to reduce the impact of the vulnerability.
– Conduct regular security assessments and penetration testing to identify potential vulnerabilities.

The content above is generated by AI. Please review and consider carefully before applying!

Reference Links

Vendor - Produce - Version

None

Disclaimer

The content on this website is automatically sourced from external websites such as the National Vulnerability Database (NVD), GitHub, and other security-related sources. This content is for reference purposes only, and we are not responsible for the accuracy or integrity of the information linked or displayed from these sources.