CVE-2023-44204 Junos OS and Junos OS Evolved: The rpd will crash upon receiving a malformed BGP UPDATE message

🗓️ 12 Oct 2023 23:06:37Reported by juniperType

Improper Validation of Syntactic Correctness of Input vulnerability in Juniper Networks Junos OS and Junos OS Evolved may cause rpd to crash and restart upon receiving a malformed BGP UPDATE message, leading to denial of service.

Reporter	Title	Published	Views	Family All 10
BDU FSTEC	The vulnerability of the Routing Protocol Demon (RPD) in Juniper Networks’ Junos OS and Junper Networks’ Junos OS Evolved operating systems allows a attacker to cause a service failure.	17 Oct 202300:00	–	bdu_fstec
CNNVD	Juniper Networks Junos OS Input Validation Error Vulnerability	12 Oct 202300:00	–	cnnvd
CVE	CVE-2023-44204	12 Oct 202323:06	–	cve
EUVD	EUVD-2023-48563	3 Oct 202520:07	–	euvd
Tenable Nessus	Juniper Junos OS Vulnerability (JSA73170)	27 Oct 202300:00	–	nessus
NVD	CVE-2023-44204	13 Oct 202300:15	–	nvd
OSV	CVE-2023-44204	13 Oct 202300:15	–	osv
Prion	Input validation	13 Oct 202300:15	–	prion
Positive Technologies	PT-2023-6154 · Juniper Networks · Junos Evolved +1	11 Oct 202300:00	–	ptsecurity
Vulnrichment	CVE-2023-44204 Junos OS and Junos OS Evolved: The rpd will crash upon receiving a malformed BGP UPDATE message	12 Oct 202323:06	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "21.4R3-S4",
        "status": "affected",
        "version": "21.4",
        "versionType": "semver"
      },
      {
        "lessThan": "22.1R3-S3",
        "status": "affected",
        "version": "22.1",
        "versionType": "semver"
      },
      {
        "lessThan": "22.2R3-S2",
        "status": "affected",
        "version": "22.2",
        "versionType": "semver"
      },
      {
        "lessThan": "22.3R2-S2, 22.3R3",
        "status": "affected",
        "version": "22.3",
        "versionType": "semver"
      },
      {
        "lessThan": "22.4R2-S1, 22.4R3",
        "status": "affected",
        "version": "22.4",
        "versionType": "semver"
      },
      {
        "lessThan": "23.2R1, 23.2R2",
        "status": "affected",
        "version": "23.2",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Junos OS Evolved",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "21.4R3-S5-EVO",
        "status": "affected",
        "version": "21.4-EVO",
        "versionType": "semver"
      },
      {
        "lessThan": "22.1R3-S3-EVO",
        "status": "affected",
        "version": "22.1-EVO",
        "versionType": "semver"
      },
      {
        "lessThan": "22.2R3-S3-EVO",
        "status": "affected",
        "version": "22.2-EVO",
        "versionType": "semver"
      },
      {
        "lessThan": "22.3R2-S2-EVO",
        "status": "affected",
        "version": "22.3-EVO",
        "versionType": "semver"
      },
      {
        "lessThan": "22.4R3-EVO",
        "status": "affected",
        "version": "22.4-EVO",
        "versionType": "semver"
      },
      {
        "lessThan": "23.2R2-EVO",
        "status": "affected",
        "version": "23.2-EVO",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
supportportal	www.supportportal.juniper.net/JSA73170

12 Oct 2023 23:06Current

6.6Medium risk

Vulners AI Score6.6

CVSS 3.16.5

EPSS0.00268

CWE-1286