Lucene search

JuniperCVE-2023-44186

HistoryOct 11, 2023 - 9:15 p.m.

CVE-2023-44186

2023-10-1121:15:09

CWE-755

juniper

web.nvd.nist.gov

juniper networks

junos os

junos os evolved

cve-2023-44186

as path

bgp

dos

vulnerability

nvd

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

23.6%

JSON

An Improper Handling of Exceptional Conditions vulnerability in AS PATH processing of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a BGP update message with an AS PATH containing a large number of 4-byte ASes, leading to a Denial of Service (DoS). Continued receipt and processing of these BGP updates will create a sustained Denial of Service (DoS) condition.

This issue is hit when the router has Non-Stop Routing (NSR) enabled, has a non-4-byte-AS capable BGP neighbor, receives a BGP update message with a prefix that includes a long AS PATH containing large number of 4-byte ASes, and has to advertise the prefix towards the non-4-byte-AS capable BGP neighbor.

Note: NSR is not supported on the SRX Series and is therefore not affected by this vulnerability.
This issue affects:

Juniper Networks Junos OS:

All versions prior to 20.4R3-S8;
21.1 versions 21.1R1 and later;
21.2 versions prior to 21.2R3-S6;
21.3 versions prior to 21.3R3-S5;
21.4 versions prior to 21.4R3-S5;
22.1 versions prior to 22.1R3-S4;
22.2 versions prior to 22.2R3-S2;
22.3 versions prior to 22.3R2-S2, 22.3R3-S1;
22.4 versions prior to 22.4R2-S1, 22.4R3.

Juniper Networks Junos OS Evolved

All versions prior to 20.4R3-S8-EVO;
21.1 versions 21.1R1-EVO and later;
21.2 versions prior to 21.2R3-S6-EVO;
21.3 versions prior to 21.3R3-S5-EVO;
21.4 versions prior to 21.4R3-S5-EVO;
22.1 versions prior to 22.1R3-S4-EVO;
22.2 versions prior to 22.2R3-S2-EVO;
22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO;
22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO.

Affected configurations

Nvd

Node

juniperjunosRange<20.4

juniperjunosMatch20.4-

juniperjunosMatch20.4r1

juniperjunosMatch20.4r1-s1

juniperjunosMatch20.4r2

juniperjunosMatch20.4r2-s1

juniperjunosMatch20.4r2-s2

juniperjunosMatch20.4r3

juniperjunosMatch20.4r3-s1

juniperjunosMatch20.4r3-s2

juniperjunosMatch20.4r3-s3

juniperjunosMatch20.4r3-s4

juniperjunosMatch20.4r3-s5

juniperjunosMatch20.4r3-s6

juniperjunosMatch20.4r3-s7

juniperjunosMatch21.1r1

juniperjunosMatch21.1r1-s1

juniperjunosMatch21.1r2

juniperjunosMatch21.1r2-s1

juniperjunosMatch21.1r2-s2

juniperjunosMatch21.1r3

juniperjunosMatch21.1r3-s1

juniperjunosMatch21.1r3-s2

juniperjunosMatch21.1r3-s3

juniperjunosMatch21.1r3-s4

juniperjunosMatch21.1r3-s5

juniperjunosMatch21.2-

juniperjunosMatch21.2r1

juniperjunosMatch21.2r1-s1

juniperjunosMatch21.2r1-s2

juniperjunosMatch21.2r2

juniperjunosMatch21.2r2-s1

juniperjunosMatch21.2r2-s2

juniperjunosMatch21.2r3

juniperjunosMatch21.2r3-s1

juniperjunosMatch21.2r3-s2

juniperjunosMatch21.2r3-s3

juniperjunosMatch21.2r3-s4

juniperjunosMatch21.2r3-s5

juniperjunosMatch21.3-

juniperjunosMatch21.3r1

juniperjunosMatch21.3r1-s1

juniperjunosMatch21.3r1-s2

juniperjunosMatch21.3r2

juniperjunosMatch21.3r2-s1

juniperjunosMatch21.3r2-s2

juniperjunosMatch21.3r3

juniperjunosMatch21.3r3-s1

juniperjunosMatch21.3r3-s2

juniperjunosMatch21.3r3-s3

juniperjunosMatch21.3r3-s4

juniperjunosMatch21.4-

juniperjunosMatch21.4r1

juniperjunosMatch21.4r1-s1

juniperjunosMatch21.4r1-s2

juniperjunosMatch21.4r2

juniperjunosMatch21.4r2-s1

juniperjunosMatch21.4r2-s2

juniperjunosMatch21.4r3

juniperjunosMatch21.4r3-s1

juniperjunosMatch21.4r3-s2

juniperjunosMatch21.4r3-s3

juniperjunosMatch21.4r3-s4

juniperjunosMatch22.1r1

juniperjunosMatch22.1r1-s1

juniperjunosMatch22.1r1-s2

juniperjunosMatch22.1r2

juniperjunosMatch22.1r2-s1

juniperjunosMatch22.1r2-s2

juniperjunosMatch22.1r3

juniperjunosMatch22.1r3-s1

juniperjunosMatch22.1r3-s2

juniperjunosMatch22.1r3-s3

juniperjunosMatch22.2r1

juniperjunosMatch22.2r1-s1

juniperjunosMatch22.2r1-s2

juniperjunosMatch22.2r2

juniperjunosMatch22.2r2-s1

juniperjunosMatch22.2r2-s2

juniperjunosMatch22.2r3

juniperjunosMatch22.2r3-s1

juniperjunosMatch22.3r1

juniperjunosMatch22.3r1-s1

juniperjunosMatch22.3r1-s2

juniperjunosMatch22.3r2

juniperjunosMatch22.3r2-s1

juniperjunosMatch22.3r3

juniperjunosMatch22.4r1

juniperjunosMatch22.4r1-s1

juniperjunosMatch22.4r1-s2

juniperjunosMatch22.4r2

juniperjunosMatch23.1r1

juniperjunosMatch23.2r1

juniperjunosMatch23.2r1-s1

Node

juniperjunos_os_evolvedRange<20.4

juniperjunos_os_evolvedMatch20.4-

juniperjunos_os_evolvedMatch20.4r1

juniperjunos_os_evolvedMatch20.4r1-s1

juniperjunos_os_evolvedMatch20.4r1-s2

juniperjunos_os_evolvedMatch20.4r2

juniperjunos_os_evolvedMatch20.4r2-s1

juniperjunos_os_evolvedMatch20.4r2-s2

juniperjunos_os_evolvedMatch20.4r2-s3

juniperjunos_os_evolvedMatch20.4r3

juniperjunos_os_evolvedMatch20.4r3-s1

juniperjunos_os_evolvedMatch20.4r3-s2

juniperjunos_os_evolvedMatch20.4r3-s3

juniperjunos_os_evolvedMatch20.4r3-s4

juniperjunos_os_evolvedMatch20.4r3-s5

juniperjunos_os_evolvedMatch20.4r3-s6

juniperjunos_os_evolvedMatch20.4r3-s7

juniperjunos_os_evolvedMatch21.1-

juniperjunos_os_evolvedMatch21.1r1

juniperjunos_os_evolvedMatch21.1r1-s1

juniperjunos_os_evolvedMatch21.1r2

juniperjunos_os_evolvedMatch21.1r3

juniperjunos_os_evolvedMatch21.1r3-s1

juniperjunos_os_evolvedMatch21.1r3-s2

juniperjunos_os_evolvedMatch21.1r3-s3

juniperjunos_os_evolvedMatch21.2-

juniperjunos_os_evolvedMatch21.2r1

juniperjunos_os_evolvedMatch21.2r1-s1

juniperjunos_os_evolvedMatch21.2r1-s2

juniperjunos_os_evolvedMatch21.2r2

juniperjunos_os_evolvedMatch21.2r2-s1

juniperjunos_os_evolvedMatch21.2r2-s2

juniperjunos_os_evolvedMatch21.2r3

juniperjunos_os_evolvedMatch21.2r3-s1

juniperjunos_os_evolvedMatch21.2r3-s2

juniperjunos_os_evolvedMatch21.2r3-s3

juniperjunos_os_evolvedMatch21.2r3-s4

juniperjunos_os_evolvedMatch21.2r3-s5

juniperjunos_os_evolvedMatch21.3-

juniperjunos_os_evolvedMatch21.3r1

juniperjunos_os_evolvedMatch21.3r1-s1

juniperjunos_os_evolvedMatch21.3r2

juniperjunos_os_evolvedMatch21.3r2-s1

juniperjunos_os_evolvedMatch21.3r2-s2

juniperjunos_os_evolvedMatch21.3r3

juniperjunos_os_evolvedMatch21.3r3-s1

juniperjunos_os_evolvedMatch21.3r3-s2

juniperjunos_os_evolvedMatch21.3r3-s3

juniperjunos_os_evolvedMatch21.3r3-s4

juniperjunos_os_evolvedMatch21.4-

juniperjunos_os_evolvedMatch21.4r1

juniperjunos_os_evolvedMatch21.4r1-s1

juniperjunos_os_evolvedMatch21.4r1-s2

juniperjunos_os_evolvedMatch21.4r2

juniperjunos_os_evolvedMatch21.4r2-s1

juniperjunos_os_evolvedMatch21.4r2-s2

juniperjunos_os_evolvedMatch21.4r3

juniperjunos_os_evolvedMatch21.4r3-s1

juniperjunos_os_evolvedMatch21.4r3-s2

juniperjunos_os_evolvedMatch21.4r3-s3

juniperjunos_os_evolvedMatch21.4r3-s4

juniperjunos_os_evolvedMatch22.1r1

juniperjunos_os_evolvedMatch22.1r1-s1

juniperjunos_os_evolvedMatch22.1r1-s2

juniperjunos_os_evolvedMatch22.1r2

juniperjunos_os_evolvedMatch22.1r2-s1

juniperjunos_os_evolvedMatch22.1r3

juniperjunos_os_evolvedMatch22.1r3-s1

juniperjunos_os_evolvedMatch22.1r3-s2

juniperjunos_os_evolvedMatch22.1r3-s3

juniperjunos_os_evolvedMatch22.2r1

juniperjunos_os_evolvedMatch22.2r1-s1

juniperjunos_os_evolvedMatch22.2r2

juniperjunos_os_evolvedMatch22.2r2-s1

juniperjunos_os_evolvedMatch22.2r2-s2

juniperjunos_os_evolvedMatch22.2r3

juniperjunos_os_evolvedMatch22.2r3-s1

juniperjunos_os_evolvedMatch22.3r1

juniperjunos_os_evolvedMatch22.3r1-s1

juniperjunos_os_evolvedMatch22.3r1-s2

juniperjunos_os_evolvedMatch22.3r2

juniperjunos_os_evolvedMatch22.3r2-s1

juniperjunos_os_evolvedMatch22.4r1

juniperjunos_os_evolvedMatch22.4r1-s1

juniperjunos_os_evolvedMatch22.4r1-s2

juniperjunos_os_evolvedMatch22.4r2

juniperjunos_os_evolvedMatch23.2-

juniperjunos_os_evolvedMatch23.2r1

juniperjunos_os_evolvedMatch23.2r1-s1

VendorProductVersionCPE
juniperjunos*cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*
juniperjunos20.4cpe:2.3:o:juniper:junos:20.4:-:*:*:*:*:*:*
juniperjunos20.4cpe:2.3:o:juniper:junos:20.4:r1:*:*:*:*:*:*
juniperjunos20.4cpe:2.3:o:juniper:junos:20.4:r1-s1:*:*:*:*:*:*
juniperjunos20.4cpe:2.3:o:juniper:junos:20.4:r2:*:*:*:*:*:*
juniperjunos20.4cpe:2.3:o:juniper:junos:20.4:r2-s1:*:*:*:*:*:*
juniperjunos20.4cpe:2.3:o:juniper:junos:20.4:r2-s2:*:*:*:*:*:*
juniperjunos20.4cpe:2.3:o:juniper:junos:20.4:r3:*:*:*:*:*:*
juniperjunos20.4cpe:2.3:o:juniper:junos:20.4:r3-s1:*:*:*:*:*:*
juniperjunos20.4cpe:2.3:o:juniper:junos:20.4:r3-s2:*:*:*:*:*:*

Vendor	Product	Version	CPE
juniper	junos	*	cpe:2.3:o:juniper:junos::::::::
juniper	junos	20.4	cpe:2.3:o:juniper:junos:20.4:-::::::
juniper	junos	20.4	cpe:2.3:o:juniper:junos:20.4:r1::::::
juniper	junos	20.4	cpe:2.3:o:juniper:junos:20.4:r1-s1::::::
juniper	junos	20.4	cpe:2.3:o:juniper:junos:20.4:r2::::::
juniper	junos	20.4	cpe:2.3:o:juniper:junos:20.4:r2-s1::::::
juniper	junos	20.4	cpe:2.3:o:juniper:junos:20.4:r2-s2::::::
juniper	junos	20.4	cpe:2.3:o:juniper:junos:20.4:r3::::::
juniper	junos	20.4	cpe:2.3:o:juniper:junos:20.4:r3-s1::::::
juniper	junos	20.4	cpe:2.3:o:juniper:junos:20.4:r3-s2::::::

Rows per page:

1-10 of 1831

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "MX Series",
      "PTX Series",
      "ACX Series",
      "EX Series",
      "QFX Series"
    ],
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "20.4R3-S8",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThan": "21.1*",
        "status": "affected",
        "version": "21.1R1",
        "versionType": "semver"
      },
      {
        "lessThan": "21.2R3-S6",
        "status": "affected",
        "version": "21.2",
        "versionType": "semver"
      },
      {
        "lessThan": "21.3R3-S5",
        "status": "affected",
        "version": "21.3",
        "versionType": "semver"
      },
      {
        "lessThan": "21.4R3-S5",
        "status": "affected",
        "version": "21.4",
        "versionType": "semver"
      },
      {
        "lessThan": "22.1R3-S4",
        "status": "affected",
        "version": "22.1",
        "versionType": "semver"
      },
      {
        "lessThan": "22.2R3-S2",
        "status": "affected",
        "version": "22.2",
        "versionType": "semver"
      },
      {
        "lessThan": "22.3R2-S2, 22.3R3-S1",
        "status": "affected",
        "version": "22.3",
        "versionType": "semver"
      },
      {
        "lessThan": "22.4R2-S1, 22.4R3",
        "status": "affected",
        "version": "22.4",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "PTX Series",
      "ACX Series",
      "QFX Series"
    ],
    "product": "Junos OS Evolved",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "20.4R3-S8-EVO",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThan": "21.1*-EVO",
        "status": "affected",
        "version": "21.1",
        "versionType": "semver"
      },
      {
        "lessThan": "21.2R3-S6-EVO",
        "status": "affected",
        "version": "21.2",
        "versionType": "semver"
      },
      {
        "lessThan": "21.3R3-S5-EVO",
        "status": "affected",
        "version": "21.3",
        "versionType": "semver"
      },
      {
        "lessThan": "21.4R3-S5-EVO",
        "status": "affected",
        "version": "21.4",
        "versionType": "semver"
      },
      {
        "lessThan": "22.1R3-S4-EVO",
        "status": "affected",
        "version": "22.1",
        "versionType": "semver"
      },
      {
        "lessThan": "22.2R3-S2-EVO",
        "status": "affected",
        "version": "22.2",
        "versionType": "semver"
      },
      {
        "lessThan": "22.3R2-S2-EVO, 22.3R3-S1-EVO",
        "status": "affected",
        "version": "22.3",
        "versionType": "semver"
      },
      {
        "lessThan": "22.4R2-S1-EVO, 22.4R3-EVO",
        "status": "affected",
        "version": "22.4",
        "versionType": "semver"
      }
    ]
  }
]

References

supportportal.juniper.net/JSA73150

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

23.6%

JSON

Related for CVE-2023-44186