Lucene search
HistoryOct 12, 2023 - 11:15 p.m.
CVE-2023-44175
cve-2023-44175
reachable assertion
juniper networks
junos os
junos os evolved
dos
nvd
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.0005 Low
EPSS
Percentile
16.7%
A Reachable Assertion vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows to send specific genuine PIM packets to the device resulting in rpd to crash causing a Denial of Service (DoS).
Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.
Note: This issue is not noticed when all the devices in the network are Juniper devices.
This issue affects Juniper Networks:
Junos OS:
- All versions prior to 20.4R3-S7;
- 21.2 versions prior to 21.2R3-S5;
- 21.3 versions prior to 21.3R3-S4;
- 21.4 versions prior to 21.4R3-S4;
- 22.1 versions prior to 22.1R3-S4;
- 22.2 versions prior to 22.2R3;
- 22.3 versions prior to 22.3R3;
- 22.4 versions prior to 22.4R3.
Junos OS Evolved:
- All versions prior to 22.3R3-EVO;
- 22.4-EVO versions prior to 22.4R3-EVO;
- 23.2-EVO versions prior to 23.2R1-EVO.
Affected configurations
Node
juniperjunosRange<20.4
ORjuniperjunosMatch20.4-
ORjuniperjunosMatch20.4r1
ORjuniperjunosMatch20.4r1-s1
ORjuniperjunosMatch20.4r2
ORjuniperjunosMatch20.4r2-s1
ORjuniperjunosMatch20.4r2-s2
ORjuniperjunosMatch20.4r3
ORjuniperjunosMatch20.4r3-s1
ORjuniperjunosMatch20.4r3-s2
ORjuniperjunosMatch20.4r3-s3
ORjuniperjunosMatch20.4r3-s4
ORjuniperjunosMatch20.4r3-s5
ORjuniperjunosMatch20.4r3-s6
ORjuniperjunosMatch21.2-
ORjuniperjunosMatch21.2r1
ORjuniperjunosMatch21.2r1-s1
ORjuniperjunosMatch21.2r1-s2
ORjuniperjunosMatch21.2r2
ORjuniperjunosMatch21.2r2-s1
ORjuniperjunosMatch21.2r2-s2
ORjuniperjunosMatch21.2r3
ORjuniperjunosMatch21.2r3-s1
ORjuniperjunosMatch21.2r3-s2
ORjuniperjunosMatch21.2r3-s3
ORjuniperjunosMatch21.2r3-s4
ORjuniperjunosMatch21.3-
ORjuniperjunosMatch21.3r1
ORjuniperjunosMatch21.3r1-s1
ORjuniperjunosMatch21.3r1-s2
ORjuniperjunosMatch21.3r2
ORjuniperjunosMatch21.3r2-s1
ORjuniperjunosMatch21.3r2-s2
ORjuniperjunosMatch21.3r3
ORjuniperjunosMatch21.3r3-s1
ORjuniperjunosMatch21.3r3-s2
ORjuniperjunosMatch21.3r3-s3
ORjuniperjunosMatch21.4-
ORjuniperjunosMatch21.4r1
ORjuniperjunosMatch21.4r1-s1
ORjuniperjunosMatch21.4r1-s2
ORjuniperjunosMatch21.4r2
ORjuniperjunosMatch21.4r2-s1
ORjuniperjunosMatch21.4r2-s2
ORjuniperjunosMatch21.4r3
ORjuniperjunosMatch21.4r3-s1
ORjuniperjunosMatch21.4r3-s2
ORjuniperjunosMatch21.4r3-s3
ORjuniperjunosMatch22.1r1
ORjuniperjunosMatch22.1r1-s1
ORjuniperjunosMatch22.1r1-s2
ORjuniperjunosMatch22.1r2
ORjuniperjunosMatch22.1r2-s1
ORjuniperjunosMatch22.1r2-s2
ORjuniperjunosMatch22.1r3
ORjuniperjunosMatch22.1r3-s1
ORjuniperjunosMatch22.1r3-s2
ORjuniperjunosMatch22.1r3-s3
ORjuniperjunosMatch22.2r1
ORjuniperjunosMatch22.2r1-s1
ORjuniperjunosMatch22.2r1-s2
ORjuniperjunosMatch22.2r2
ORjuniperjunosMatch22.2r2-s1
ORjuniperjunosMatch22.2r2-s2
ORjuniperjunosMatch22.3r1
ORjuniperjunosMatch22.3r1-s1
ORjuniperjunosMatch22.3r1-s2
ORjuniperjunosMatch22.3r2
ORjuniperjunosMatch22.3r2-s1
ORjuniperjunosMatch22.3r2-s2
ORjuniperjunosMatch22.4r1
ORjuniperjunosMatch22.4r1-s1
ORjuniperjunosMatch22.4r1-s2
ORjuniperjunosMatch22.4r2
ORjuniperjunosMatch22.4r2-s1
Node
juniperjunos_os_evolvedMatch22.3r1
ORjuniperjunos_os_evolvedMatch22.3r1-s1
ORjuniperjunos_os_evolvedMatch22.3r1-s2
ORjuniperjunos_os_evolvedMatch22.3r2
ORjuniperjunos_os_evolvedMatch22.3r2-s1
ORjuniperjunos_os_evolvedMatch22.4r1
ORjuniperjunos_os_evolvedMatch22.4r1-s1
ORjuniperjunos_os_evolvedMatch22.4r1-s2
ORjuniperjunos_os_evolvedMatch22.4r2
ORjuniperjunos_os_evolvedMatch23.2-
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S7",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.1R3-S4",
"status": "affected",
"version": "21.1",
"versionType": "semver"
},
{
"lessThan": "21.2R3-S5",
"status": "affected",
"version": "21.2",
"versionType": "semver"
},
{
"lessThan": "21.3R3-S4",
"status": "affected",
"version": "21.3",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S4",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S4",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "22.3R3-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "22.4R3-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
},
{
"lessThan": "23.2R1-EVO",
"status": "affected",
"version": "23.2-EVO",
"versionType": "semver"
}
]
}
]References
Related
nessus
nessus
Juniper Junos OS Vulnerability (JSA73141)
2023-10-11 00:00:00
prion
prion
Authentication flaw
2023-10-12 23:15:00
nvd
nvd
CVE-2023-44175
2023-10-12 23:15:11
cvelist
cvelist
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.0005 Low
EPSS
Percentile
16.7%
Related for CVE-2023-44175