Lucene search

[email protected]CVE-2023-36840

HistoryJul 14, 2023 - 6:15 p.m.

CVE-2023-36840

2023-07-1418:15:10

CWE-617

[email protected]

web.nvd.nist.gov

cve-2023-36840

reachable assertion

rpd

juniper networks

junos os

junos os evolved

denial of service

dos

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

1.7 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:S/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

A Reachable Assertion vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a locally-based, low-privileged attacker to cause a Denial of Service (DoS).

On all Junos OS and Junos OS Evolved, when a specific L2VPN command is run, RPD will crash and restart. Continued execution of this specific command will create a sustained Denial of Service (DoS) condition.

This issue affects:
Juniper Networks Junos OS
All versions prior to 19.3R3-S10;
20.1 versions prior to 20.1R3-S4;
20.2 versions prior to 20.2R3-S6;
20.3 versions prior to 20.3R3-S6;
20.4 versions prior to 20.4R3-S5;
21.1 versions prior to 21.1R3-S4;
21.2 versions prior to 21.2R3-S3;
21.3 versions prior to 21.3R3-S2;
21.4 versions prior to 21.4R3;
22.1 versions prior to 22.1R3;
22.2 versions prior to 22.2R2;
22.3 versions prior to 22.3R2;

Juniper Networks Junos OS Evolved
All versions prior to 20.4R3-S7-EVO;
21.1 versions prior to 21.1R3-S3-EVO;
21.2 versions prior to 21.2R3-S5-EVO;
21.3 versions prior to 21.3R3-S4-EVO;
21.4 versions prior to 21.4R3-EVO;
22.1 versions prior to 22.1R3-EVO;
22.2 versions prior to 22.2R2-EVO;
22.3 versions prior to 22.3R2-EVO;

CPENameOperatorVersion
juniper:junosjuniper junoslt19.3
juniper:junosjuniper junoseq15.1
juniper:junosjuniper junoseq12.3
juniper:junosjuniper junoseq15.1f6-s1
juniper:junosjuniper junoseq18.1
juniper:junosjuniper junoseq16.1
juniper:junosjuniper junoseq12.1x45
juniper:junosjuniper junoseq18.4
juniper:junosjuniper junoseq17.2x75
juniper:junosjuniper junoseq17.4

CPE	Name	Operator	Version
juniper:junos	juniper junos	lt	19.3
juniper:junos	juniper junos	eq	15.1
juniper:junos	juniper junos	eq	12.3
juniper:junos	juniper junos	eq	15.1f6-s1
juniper:junos	juniper junos	eq	18.1
juniper:junos	juniper junos	eq	16.1
juniper:junos	juniper junos	eq	12.1x45
juniper:junos	juniper junos	eq	18.4
juniper:junos	juniper junos	eq	17.2x75
juniper:junos	juniper junos	eq	17.4

Rows per page:

1-10 of 1821

References

supportportal.juniper.net/JSA71647

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

1.7 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:S/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2023-36840

prion1 cvelist1 nessus1