CVE-2023-44185 Junos OS and Junos OS Evolved: In an BGP scenario RPD crashes upon receiving and processing a specific malformed ISO VPN BGP UPDATE packet

🗓️ 12 Oct 2023 23:02:53Reported by juniperType

CVE-2023-44185 Junos OS RPD BGP DoS vulnerabilit

Reporter	Title	Published	Views	Family All 10
BDU FSTEC	The vulnerability of the Routing Protocol Demon (rpd) in Juniper Networks’ Junos OS and Junos OS Evolved operating systems allows a attacker to cause a service failure.	21 Oct 202300:00	–	bdu_fstec
CNNVD	Juniper Networks Junos OS and Juniper Networks Junos OS Evolved Input Validation Error Vulnerability	12 Oct 202300:00	–	cnnvd
CVE	CVE-2023-44185	12 Oct 202323:02	–	cve
EUVD	EUVD-2023-48544	3 Oct 202520:07	–	euvd
Tenable Nessus	Juniper Junos OS Vulnerability (JSA73146)	27 Oct 202300:00	–	nessus
NCSC	Vulnerabilities fixed in Juniper Junos OS and Junos OS Evolved	12 Oct 202300:00	–	ncsc
NVD	CVE-2023-44185	13 Oct 202300:15	–	nvd
OSV	CVE-2023-44185	13 Oct 202300:15	–	osv
Prion	Input validation	13 Oct 202300:15	–	prion
Vulnrichment	CVE-2023-44185 Junos OS and Junos OS Evolved: In an BGP scenario RPD crashes upon receiving and processing a specific malformed ISO VPN BGP UPDATE packet	12 Oct 202323:02	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "20.4R3-S6",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThan": "21.1R3-S5",
        "status": "affected",
        "version": "21.1",
        "versionType": "semver"
      },
      {
        "lessThan": "21.2R3-S4",
        "status": "affected",
        "version": "21.2",
        "versionType": "semver"
      },
      {
        "lessThan": "21.3R3-S3",
        "status": "affected",
        "version": "21.3",
        "versionType": "semver"
      },
      {
        "lessThan": "21.4R3-S3",
        "status": "affected",
        "version": "21.4",
        "versionType": "semver"
      },
      {
        "lessThan": "22.1R2-S2, 22.1R3",
        "status": "affected",
        "version": "22.1",
        "versionType": "semver"
      },
      {
        "lessThan": "22.2R2-S1, 22.2R3",
        "status": "affected",
        "version": "22.2",
        "versionType": "semver"
      },
      {
        "lessThan": "22.3R1-S2, 22.3R2",
        "status": "affected",
        "version": "22.3",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Junos OS Evolved",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "20.4R3-S6-EVO",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThan": "21.1*-EVO",
        "status": "affected",
        "version": "21.1R1-EVO",
        "versionType": "semver"
      },
      {
        "lessThan": "21.2R3-S4-EVO",
        "status": "affected",
        "version": "21.2-EVO",
        "versionType": "semver"
      },
      {
        "lessThan": "21.3R3-S3-EVO",
        "status": "affected",
        "version": "21.3-EVO",
        "versionType": "semver"
      },
      {
        "lessThan": "21.4R3-S3-EVO",
        "status": "affected",
        "version": "21.4-EVO",
        "versionType": "semver"
      },
      {
        "lessThan": "22.1R3-EVO",
        "status": "affected",
        "version": "22.1-EVO",
        "versionType": "semver"
      },
      {
        "lessThan": "22.2R2-S1-EVO, 22.2R3-EVO",
        "status": "affected",
        "version": "22.2-EVO",
        "versionType": "semver"
      },
      {
        "lessThan": "22.3R1-S2-EVO, 22.3R2-EVO",
        "status": "affected",
        "version": "22.3-EVO",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
supportportal	www.supportportal.juniper.net/JSA73146

12 Oct 2023 23:02Current

7.6High risk

Vulners AI Score7.6

CVSS 3.17.5

EPSS0.00515

CWE-20