Rapid7 Vulnerability & Exploit Database

Juniper Junos OS: Crafted BGP UPDATE messages can cause slave Routing Engines to crash (JSA10387)

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

Juniper Junos OS: Crafted BGP UPDATE messages can cause slave Routing Engines to crash (JSA10387)

Severity

CVSS

(AV:L/AC:M/Au:N/C:P/I:P/A:P)

Published

09/01/2008

Created

07/25/2018

Added

05/07/2014

Modified

09/30/2014

Description

Under certain conditions, receipt of a BGP UPDATE message with an invalid NEXT_HOP attribute can cause slave routing Engines to crash. The master Routing Engine may successfully install routes with the invalid NEXT_HOP (depending on normal BGP route selection criteria), and may propagate the invalid NEXT_HOP attribute to other BGP peers if the NEXT_HOP is not rewritten by local BGP export policy.

Solution(s)

juniper-junos-os-upgrade-latest

References

JSA10387

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Juniper Junos OS: Crafted BGP UPDATE messages can cause slave Routing Engines to crash (JSA10387)

Juniper Junos OS: Crafted BGP UPDATE messages can cause slave Routing Engines to crash (JSA10387)

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.