Lucene search

JuniperCVELIST:CVE-2023-22398

HistoryJan 12, 2023 - 12:00 a.m.

CVE-2023-22398 Junos OS and Junos OS Evolved: RPD might crash when MPLS ping is performed on BGP LSPs

2023-01-1200:00:00

CWE-824

juniper

www.cve.org

juniper networks

rpd

dos

5.3 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

5.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

An Access of Uninitialized Pointer vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). When an MPLS ping is performed on BGP LSPs, the RPD might crash. Repeated execution of this operation will lead to a sustained DoS. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S12; 19.1 versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R1-S9, 19.2R3-S5; 19.3 versions prior to 19.3R3-S6; 19.4 versions prior to 19.4R2-S7, 19.4R3-S8; 20.1 versions prior to 20.1R3-S4; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R1-S1, 21.1R2; Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R2-EVO.

CNA Affected

[
  {
    "vendor": "Juniper Networks",
    "product": "Junos OS",
    "versions": [
      {
        "version": "15.1",
        "status": "affected",
        "lessThan": "15.1R7-S12",
        "versionType": "custom"
      },
      {
        "version": "19.1",
        "status": "affected",
        "lessThan": "19.1R3-S9",
        "versionType": "custom"
      },
      {
        "version": "19.2",
        "status": "affected",
        "lessThan": "19.2R1-S9, 19.2R3-S5",
        "versionType": "custom"
      },
      {
        "version": "19.3",
        "status": "affected",
        "lessThan": "19.3R3-S6",
        "versionType": "custom"
      },
      {
        "version": "19.4",
        "status": "affected",
        "lessThan": "19.4R2-S7, 19.4R3-S8",
        "versionType": "custom"
      },
      {
        "version": "20.1",
        "status": "affected",
        "lessThan": "20.1R3-S4",
        "versionType": "custom"
      },
      {
        "version": "20.2",
        "status": "affected",
        "lessThan": "20.2R3-S5",
        "versionType": "custom"
      },
      {
        "version": "20.3",
        "status": "affected",
        "lessThan": "20.3R3-S5",
        "versionType": "custom"
      },
      {
        "version": "20.4",
        "status": "affected",
        "lessThan": "20.4R3-S4",
        "versionType": "custom"
      },
      {
        "version": "21.1",
        "status": "affected",
        "lessThan": "21.1R1-S1, 21.1R2",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Juniper Networks",
    "product": "Junos OS Evolved",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "20.4R3-S4-EVO",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "21.1",
        "status": "affected",
        "lessThan": "21.1R2-EVO",
        "versionType": "custom"
      }
    ]
  }
]

References

kb.juniper.net/JSA70181

5.3 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

5.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2023-22398