CVE-2024-21614
📋 TL;DR
An unauthenticated network attacker can crash the Routing Protocol Daemon (RPD) on Juniper Junos OS and Junos OS Evolved by sending a specific Dynamic Rendering query when NETCONF and gRPC are enabled. This causes a denial of service, and repeated attacks can sustain the DoS condition. Affected systems are Junos OS 22.2-22.3 and Junos OS Evolved 22.2-22.3 with specific vulnerable versions.
💻 Affected Systems
- Juniper Networks Junos OS
- Juniper Networks Junos OS Evolved
📦 What is this software?
Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →⚠️ Risk & Real-World Impact
Worst Case
Sustained denial of service affecting all routing functionality, potentially causing network-wide outages and service disruption.
Likely Case
Intermittent RPD crashes leading to routing instability, packet loss, and temporary network disruption until the daemon restarts.
If Mitigated
Limited to isolated RPD restarts with minimal impact if proper network segmentation and access controls are implemented.
🎯 Exploit Status
Exploitation requires sending a specific Dynamic Rendering query via NETCONF/gRPC interface. No authentication needed, making it straightforward for attackers with network access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Junos OS: 22.2R2-S2, 22.2R3, 22.3R2, 22.3R3; Junos OS Evolved: 22.2R2-S2-EVO, 22.2R3-EVO, 22.3R2-EVO, 22.3R3-EVO
Vendor Advisory: https://supportportal.juniper.net/JSA75755
Restart Required: Yes
Instructions:
1. Download appropriate fixed version from Juniper support portal. 2. Backup current configuration. 3. Install update using 'request system software add' command. 4. Reboot device to complete installation.
🔧 Temporary Workarounds
Disable NETCONF and gRPC
allDisables the vulnerable services required for exploitation
set system services netconf disabled
set system services extension-service request-response grpc disable
commit
Restrict NETCONF/gRPC access
allLimit access to NETCONF and gRPC services to trusted networks only
set system services netconf ssh client-alive-count-max 0
set firewall family inet filter PROTECT-NETCONF term ALLOW-TRUSTED from source-address [trusted-networks]
set firewall family inet filter PROTECT-NETCONF term DENY-ALL then discard
set interfaces [interface-name] unit 0 family inet filter input PROTECT-NETCONF
commit
🧯 If You Can't Patch
- Implement strict network access controls to limit NETCONF/gRPC access to trusted management networks only.
- Monitor RPD process health and implement automated restart scripts to minimize DoS impact.
🔍 How to Verify
Check if Vulnerable:
Check version with 'show version' and verify if NETCONF/gRPC are enabled with 'show configuration system services'.Check Version:
show versionVerify Fix Applied:
Verify installed version is patched with 'show version' and test NETCONF/gRPC functionality remains operational.📡 Detection & Monitoring
Log Indicators:
- RPD crash messages in /var/log/messages
- NETCONF/gRPC connection attempts from unusual sources
- Increased RPD restart frequency
Network Indicators:
- Unusual NETCONF/gRPC traffic patterns
- Multiple RPD restart events within short timeframes
SIEM Query:
source="/var/log/messages" "rpd" AND ("crash" OR "restart" OR "core dumped")