Thursday, January 23, 2025
HomeCVE/vulnerabilityJuniper Networks Vulnerability Let Remote Attacker Execute Network Attacks

Juniper Networks Vulnerability Let Remote Attacker Execute Network Attacks

Published on

SIEM as a Service

Follow Us on Google News

Juniper Networks has disclosed a significant vulnerability affecting its Junos OS and Junos OS Evolved platforms.

Identified as CVE-2025-21598, this flaw allows unauthenticated remote attackers to exploit a critical out-of-bounds read vulnerability in the routing protocol daemon (rpd).

The vulnerability is triggered when devices are configured with Border Gateway Protocol (BGP) options enabled, leading to potential crashes and broader network disruptions.

Overview of the Vulnerability

The affected versions of Junos OS include 21.2R3-S8, 21.4R3-S7, 22.2R3-S4, 22.3R3-S2, 22.4R3, 23.2R2, 23.4R1, and 24.2R1, as well as the corresponding versions of Junos OS Evolved.

The vulnerability has been assigned a high severity score of 7.5 under the CVSS v3.1—indicating a critical risk that could lead to serious ramifications for network integrity.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free

The core issue arises from the ability of attackers to send malformed BGP packets to devices enabled with specific packet trace options.

This malfunction can cause the rpd to crash, interrupting BGP sessions and potentially spreading the issue across Autonomous Systems (ASes). Both Internal BGP (iBGP) and External BGP (eBGP) are affected, risking the stability of IPv4 and IPv6 networks alike.

According to the Juniper report, Network administrators are advised to monitor their systems for signs of this vulnerability. An indicator of compromise might be detecting malformed update messages from neighboring ASes.

Relevant log messages may include alerts about received malformed updates and malformed attributes, which indicate that the issue is propagating.

To address the vulnerability, Juniper Networks has released updated software versions that remedy the issue.

Users are encouraged to upgrade to the following patched versions: for Junos OS, 21.2R3-S9, 21.4R3-S9, 22.2R3-S5, 22.3R3-S4, 22.4R3-S5, 23.2R2-S2, 23.4R2-S1, 24.2R1-S1, 24.2R2, and subsequent releases.

Similarly, for Junos OS Evolved, users should upgrade to versions 21.4R3-S9-EVO, 22.2R3-S5-EVO, 22.3R3-S4-EVO, 22.4R3-S5-EVO, 23.2R2-S2-EVO, 23.4R2-S1-EVO, 24.2R1-S2-EVO, 24.2R2-EVO, and all subsequent releases.

For immediate risk mitigation while awaiting updates, disabling the BGP packet tracing options is recommended as a workaround.

The emergence of CVE-2025-21598 serves as a reminder for organizations to regularly patch their networking equipment and remain vigilant against vulnerabilities that could be exploited for remote network attacks.

Juniper Networks’ prompt disclosure and provision of solutions underscore the importance of proactive cybersecurity measures in maintaining network integrity.

Find this News Interesting! Follow us on Google NewsLinkedIn, and X to Get Instant Updates!

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Critical Vulnerability in Next.js Framework Exposes Websites to Cache Poisoning and XSS Attacks

A new report has put the spotlight on potential security vulnerabilities within the popular...

New Cookie Sandwich Technique Allows Stealing of HttpOnly Cookies

The "Cookie Sandwich Attack" showcases a sophisticated way of exploiting inconsistencies in cookie parsing...

GhostGPT – Jailbreaked ChatGPT that Creates Malware & Exploits

Artificial intelligence (AI) tools have revolutionized how we approach everyday tasks, but they also...

Tycoon 2FA Phishing Kit Using Specially Crafted Code to Evade Detection

The rapid evolution of Phishing-as-a-Service (PhaaS) platforms is reshaping the threat landscape, enabling attackers...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

More like this

Critical Vulnerability in Next.js Framework Exposes Websites to Cache Poisoning and XSS Attacks

A new report has put the spotlight on potential security vulnerabilities within the popular...

GhostGPT – Jailbreaked ChatGPT that Creates Malware & Exploits

Artificial intelligence (AI) tools have revolutionized how we approach everyday tasks, but they also...

Tycoon 2FA Phishing Kit Using Specially Crafted Code to Evade Detection

The rapid evolution of Phishing-as-a-Service (PhaaS) platforms is reshaping the threat landscape, enabling attackers...