A Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection. Six years running.Six years. Gartner® Magic Quadrant™ Leader.Find Out Why
Experiencing a Breach?Blog
Get StartedContact Us
SentinelOne
  • Platform
    Platform Overview
    • Singularity Platform
      Welcome to Integrated Enterprise Security
    • AI for Security
      Leading the Way in AI-Powered Security Solutions
    • Securing AI
      Accelerate AI Adoption with Secure AI Tools, Apps, and Agents.
    • How It Works
      The Singularity XDR Difference
    • Singularity Marketplace
      One-Click Integrations to Unlock the Power of XDR
    • Pricing & Packaging
      Comparisons and Guidance at a Glance
    Data & AI
    • Purple AI
      Accelerate SecOps with Generative AI
    • Singularity Hyperautomation
      Easily Automate Security Processes
    • AI-SIEM
      The AI SIEM for the Autonomous SOC
    • AI Data Pipelines
      Security Data Pipeline for AI SIEM and Data Optimization
    • Singularity Data Lake
      AI-Powered, Unified Data Lake
    • Singularity Data Lake for Log Analytics
      Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
    Endpoint Security
    • Singularity Endpoint
      Autonomous Prevention, Detection, and Response
    • Singularity XDR
      Native & Open Protection, Detection, and Response
    • Singularity RemoteOps Forensics
      Orchestrate Forensics at Scale
    • Singularity Threat Intelligence
      Comprehensive Adversary Intelligence
    • Singularity Vulnerability Management
      Application & OS Vulnerability Management
    • Singularity Identity
      Identity Threat Detection and Response
    Cloud Security
    • Singularity Cloud Security
      Block Attacks with an AI-Powered CNAPP
    • Singularity Cloud Native Security
      Secure Cloud and Development Resources
    • Singularity Cloud Workload Security
      Real-Time Cloud Workload Protection Platform
    • Singularity Cloud Data Security
      AI-Powered Threat Detection for Cloud Storage
    • Singularity Cloud Security Posture Management
      Detect and Remediate Cloud Misconfigurations
    Securing AI
    • Prompt Security
      Secure AI Tools Across Your Enterprise
  • Why SentinelOne?
    Why SentinelOne?
    • Why SentinelOne?
      Cybersecurity Built for What’s Next
    • Our Customers
      Trusted by the World’s Leading Enterprises
    • Industry Recognition
      Tested and Proven by the Experts
    • About Us
      The Industry Leader in Autonomous Cybersecurity
    Compare SentinelOne
    • Arctic Wolf
    • Broadcom
    • CrowdStrike
    • Cybereason
    • Microsoft
    • Palo Alto Networks
    • Sophos
    • Splunk
    • Trellix
    • Trend Micro
    • Wiz
    Verticals
    • Energy
    • Federal Government
    • Finance
    • Healthcare
    • Higher Education
    • K-12 Education
    • Manufacturing
    • Retail
    • State and Local Government
  • Services
    Managed Services
    • Managed Services Overview
      Wayfinder Threat Detection & Response
    • Threat Hunting
      World-Class Expertise and Threat Intelligence
    • Managed Detection & Response
      24/7/365 Expert MDR Across Your Entire Environment
    • Incident Readiness & Response
      DFIR, Breach Readiness, & Compromise Assessments
    Support, Deployment, & Health
    • Technical Account Management
      Customer Success with Personalized Service
    • SentinelOne GO
      Guided Onboarding & Deployment Advisory
    • SentinelOne University
      Live and On-Demand Training
    • Services Overview
      Comprehensive Solutions for Seamless Security Operations
    • SentinelOne Community
      Community Login
  • Partners
    Our Network
    • MSSP Partners
      Succeed Faster with SentinelOne
    • Singularity Marketplace
      Extend the Power of S1 Technology
    • Cyber Risk Partners
      Enlist Pro Response and Advisory Teams
    • Technology Alliances
      Integrated, Enterprise-Scale Solutions
    • SentinelOne for AWS
      Hosted in AWS Regions Around the World
    • Channel Partners
      Deliver the Right Solutions, Together
    • SentinelOne for Google Cloud
      Unified, Autonomous Security Giving Defenders the Advantage at Global Scale
    • Partner Locator
      Your Go-to Source for Our Top Partners in Your Region
    Partner Portal→
  • Resources
    Resource Center
    • Case Studies
    • Data Sheets
    • eBooks
    • Reports
    • Videos
    • Webinars
    • Whitepapers
    • Events
    View All Resources→
    Blog
    • Feature Spotlight
    • For CISO/CIO
    • From the Front Lines
    • Identity
    • Cloud
    • macOS
    • SentinelOne Blog
    Blog→
    Tech Resources
    • SentinelLABS
    • Ransomware Anthology
    • Cybersecurity 101
  • About
    About SentinelOne
    • About SentinelOne
      The Industry Leader in Cybersecurity
    • Investor Relations
      Financial Information & Events
    • SentinelLABS
      Threat Research for the Modern Threat Hunter
    • Careers
      The Latest Job Opportunities
    • Press & News
      Company Announcements
    • Cybersecurity Blog
      The Latest Cybersecurity Threats, News, & More
    • FAQ
      Get Answers to Our Most Frequently Asked Questions
    • DataSet
      The Live Data Platform
    • S Foundation
      Securing a Safer Future for All
    • S Ventures
      Investing in the Next Generation of Security, Data and AI
  • Pricing
Get StartedContact Us
CVE Vulnerability Database
Vulnerability Database/CVE-2024-21598

CVE-2024-21598: Juniper Junos BGP DoS Vulnerability

CVE-2024-21598 is a denial of service vulnerability in Juniper Junos OS and Junos OS Evolved affecting the Routing Protocol Daemon. Malformed BGP updates cause rpd crashes and service disruption. This article covers technical details, affected versions, impact analysis, and mitigation strategies.

Published: June 2, 2026

CVE-2024-21598 Overview

CVE-2024-21598 is a denial-of-service vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved. The flaw stems from improper validation of syntactic correctness of input [CWE-1286] when parsing tunnel encapsulation attributes in Border Gateway Protocol (BGP) updates. A network-based, unauthenticated attacker can send a malformed type-length-value (TLV) within a tunnel encapsulation attribute over an established BGP session, causing rpd to crash and restart. The issue affects multiple Junos OS and Junos OS Evolved release trains from 20.4 through 23.2. Juniper assigned the issue advisory JSA75739 and notes it is related to but separate from the issue tracked in JSA79095.

Critical Impact

An unauthenticated BGP peer can repeatedly crash the routing daemon, disrupting routing convergence and producing a sustained denial-of-service condition on affected Juniper routers.

Affected Products

  • Juniper Networks Junos OS 20.4, 21.2, 21.3, 21.4, 22.1, 22.2, 22.3, 22.4, and 23.2 release trains prior to the fixed service releases
  • Juniper Networks Junos OS Evolved 20.4-EVO through 23.2-EVO release trains prior to the fixed service releases
  • Routers and routing platforms running rpd with BGP sessions configured for tunnel encapsulation

Discovery Timeline

  • 2024-04-12 - CVE-2024-21598 published to NVD
  • 2025-02-06 - Last updated in NVD database

Technical Details for CVE-2024-21598

Vulnerability Analysis

The Routing Protocol Daemon (rpd) on Junos OS and Junos OS Evolved processes BGP UPDATE messages, including optional path attributes such as the tunnel encapsulation attribute defined in RFC 9012. This attribute contains a sequence of TLV sub-structures describing tunnel parameters. The vulnerable code does not adequately validate the syntactic correctness of these TLVs before processing them. When rpd parses a specifically malformed TLV, the daemon crashes and restarts. Because BGP sessions are typically long-lived and persistent, an attacker that can deliver a single crafted UPDATE will trigger repeated daemon restarts, preventing route processing and disrupting network reachability for the affected device.

Root Cause

The underlying weakness is classified as Improper Validation of Syntactic Correctness of Input [CWE-1286]. The tunnel encapsulation attribute parser in rpd fails to verify TLV length and structure constraints before dereferencing or processing fields. Malformed input drives the parser into an unexpected state that terminates the process. The defect is isolated to the BGP attribute parsing path and does not affect Junos OS releases earlier than 20.4R1 or Junos OS Evolved releases earlier than 20.4R1-EVO.

Attack Vector

Exploitation requires an established BGP session with the target device, which the attacker either controls directly as a configured peer or reaches through a compromised upstream peer that propagates the malformed attribute. No authentication beyond the existing BGP peering and no user interaction is required. Once the crafted BGP UPDATE traverses the session, rpd crashes; repeated transmission yields a sustained denial-of-service condition affecting routing on the device.

No public proof-of-concept exploit code is available for this issue. See the Juniper Security Advisory JSA75739 for vendor technical details.

Detection Methods for CVE-2024-21598

Indicators of Compromise

  • Unexpected rpd process crashes or restarts logged in /var/log/messages or in show system core-dumps output
  • BGP sessions repeatedly flapping or transitioning through Idle, Connect, and Established states without configuration change
  • Core files generated by the rpd daemon coincident with receipt of BGP UPDATE traffic
  • Syslog entries referencing rpd signal termination or assertion failures during BGP attribute processing

Detection Strategies

  • Correlate rpd crash events with inbound BGP UPDATE timestamps from specific peers to identify the source of malformed attributes
  • Inspect BGP UPDATE messages on peering interfaces for tunnel encapsulation attribute (attribute type 23) TLVs with anomalous length fields
  • Monitor for BGP session resets across multiple peers occurring near-simultaneously, indicating possible upstream propagation of a malformed attribute

Monitoring Recommendations

  • Forward Junos syslog and rpd crash telemetry to a centralized logging or SIEM platform for alerting on daemon restart patterns
  • Enable BGP trace options selectively to capture attribute parsing errors when investigating suspected exploitation
  • Track per-peer UPDATE statistics with show bgp neighbor and alert on abnormal volumes of attribute parsing errors

How to Mitigate CVE-2024-21598

Immediate Actions Required

  • Upgrade affected devices to a fixed Junos OS or Junos OS Evolved release as listed in Juniper Security Advisory JSA75739
  • Audit BGP peering configurations and confirm that only trusted neighbors are permitted to establish sessions
  • Apply BGP import policies that filter or reject tunnel encapsulation attributes from peers that do not require them
  • Review device crash logs to determine whether rpd instability already correlates with this issue

Patch Information

Juniper has released fixed software in the following service releases: Junos OS 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S3, 22.3R3-S1, 22.4R3, 23.2R1-S2, 23.2R2, and all subsequent releases. Equivalent fixes apply to the corresponding Junos OS Evolved trains (for example, 20.4R3-S9-EVO and 23.2R1-S2-EVO). Refer to Juniper Security Advisory JSA75739 for the complete and authoritative fixed-release matrix.

Workarounds

  • Restrict BGP peering to trusted, authenticated neighbors using configured peer addresses and BGP authentication
  • Apply BGP import policies that discard or sanitize tunnel encapsulation attributes from peers that do not require them
  • Use infrastructure access control lists to limit BGP TCP/179 connectivity to known peer addresses
  • Where tunnel encapsulation signaling is not required, disable or avoid configurations that process the attribute
bash
# Example Junos import policy to reject UPDATEs carrying the tunnel encapsulation attribute
# from peers that do not require it. Review against operational requirements before deployment.
set policy-options policy-statement REJECT-TUNNEL-ENCAP term match-tunnel-encap from attribute tunnel-encapsulation
set policy-options policy-statement REJECT-TUNNEL-ENCAP term match-tunnel-encap then reject
set protocols bgp group EXTERNAL import REJECT-TUNNEL-ENCAP
commit check

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

  • Vulnerability Details
  • TypeDOS
  • Vendor/TechJuniper Junos
  • SeverityHIGH
  • CVSS Score8.7
  • EPSS Probability0.15%
  • Known ExploitedNo
  • CVSS Vector
  • CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Impact Assessment
  • ConfidentialityLow
  • IntegrityNone
  • AvailabilityHigh
  • CWE References
  • CWE-1286
  • NVD-CWE-Other
  • Technical References
  • First.org CVSS Calculator 4.0
  • Vendor Resources
  • Juniper Security Advisory JSA75739
  • Related CVEs
  • CVE-2025-52981: Juniper Junos SRX Series DoS Vulnerability
  • CVE-2025-21594: Juniper Junos DS-Lite NAT DoS Vulnerability
  • CVE-2025-30649: Juniper Junos DoS Vulnerability
  • CVE-2024-47504: Juniper Junos SRX5000 DoS Vulnerability
Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.

Try SentinelOne
  • Get Started
  • Get a Demo
  • Product Tour
  • Why SentinelOne
  • Pricing & Packaging
  • FAQ
  • Contact
  • Contact Us
  • Customer Support
  • SentinelOne Status
  • Language
  • Platform
  • Singularity Platform
  • Singularity Endpoint
  • Singularity Cloud
  • Singularity AI-SIEM
  • Singularity Identity
  • Singularity Marketplace
  • Purple AI
  • Services
  • Wayfinder TDR
  • SentinelOne GO
  • Technical Account Management
  • Support Services
  • Verticals
  • Energy
  • Federal Government
  • Finance
  • Healthcare
  • Higher Education
  • K-12 Education
  • Manufacturing
  • Retail
  • State and Local Government
  • Cybersecurity for SMB
  • Resources
  • Blog
  • Labs
  • Case Studies
  • Videos
  • Product Tours
  • Events
  • Cybersecurity 101
  • eBooks
  • Webinars
  • Whitepapers
  • Press
  • News
  • Ransomware Anthology
  • Company
  • About Us
  • Our Customers
  • Careers
  • Partners
  • Legal & Compliance
  • Security & Compliance
  • Investor Relations
  • S Foundation
  • S Ventures

©2026 SentinelOne, All Rights Reserved.

Privacy Notice Terms of Use

English