Lucene search

K
cvelistJuniperCVELIST:CVE-2023-44204
HistoryOct 12, 2023 - 11:06 p.m.

CVE-2023-44204 Junos OS and Junos OS Evolved: The rpd will crash upon receiving a malformed BGP UPDATE message

2023-10-1223:06:37
CWE-1286
juniper
www.cve.org
4
vulnerability
juniper networks
junos os
rpd
bgp
denial of service

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

18.0%

An Improper Validation of Syntactic Correctness of Input vulnerability in Routing Protocol Daemon (rpd) Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS).

When a malformed BGP UPDATE packet is received over an established BGP session, the rpd crashes and restarts.

This issue affects both eBGP and iBGP implementations.

This issue affects:

Juniper Networks Junos OS

  • 21.4 versions prior to 21.4R3-S4;
  • 22.1 versions prior to 22.1R3-S3;
  • 22.2 versions prior to 22.2R3-S2;
  • 22.3 versions prior to 22.3R2-S2, 22.3R3;
  • 22.4 versions prior to 22.4R2-S1, 22.4R3;
  • 23.2 versions prior to 23.2R1, 23.2R2;

Juniper Networks Junos OS Evolved

  • 21.4 versions prior to 21.4R3-S5-EVO;
  • 22.1 versions prior to 22.1R3-S3-EVO;
  • 22.2 versions prior to 22.2R3-S3-EVO;
  • 22.3 versions prior to 22.3R2-S2-EVO;
  • 22.4 versions prior to 22.4R3-EVO;
  • 23.2 versions prior to 23.2R2-EVO;

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "21.4R3-S4",
        "status": "affected",
        "version": "21.4",
        "versionType": "semver"
      },
      {
        "lessThan": "22.1R3-S3",
        "status": "affected",
        "version": "22.1",
        "versionType": "semver"
      },
      {
        "lessThan": "22.2R3-S2",
        "status": "affected",
        "version": "22.2",
        "versionType": "semver"
      },
      {
        "lessThan": "22.3R2-S2, 22.3R3",
        "status": "affected",
        "version": "22.3",
        "versionType": "semver"
      },
      {
        "lessThan": "22.4R2-S1, 22.4R3",
        "status": "affected",
        "version": "22.4",
        "versionType": "semver"
      },
      {
        "lessThan": "23.2R1, 23.2R2",
        "status": "affected",
        "version": "23.2",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Junos OS Evolved",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "21.4R3-S5-EVO",
        "status": "affected",
        "version": "21.4-EVO",
        "versionType": "semver"
      },
      {
        "lessThan": "22.1R3-S3-EVO",
        "status": "affected",
        "version": "22.1-EVO",
        "versionType": "semver"
      },
      {
        "lessThan": "22.2R3-S3-EVO",
        "status": "affected",
        "version": "22.2-EVO",
        "versionType": "semver"
      },
      {
        "lessThan": "22.3R2-S2-EVO",
        "status": "affected",
        "version": "22.3-EVO",
        "versionType": "semver"
      },
      {
        "lessThan": "22.4R3-EVO",
        "status": "affected",
        "version": "22.4-EVO",
        "versionType": "semver"
      },
      {
        "lessThan": "23.2R2-EVO",
        "status": "affected",
        "version": "23.2-EVO",
        "versionType": "semver"
      }
    ]
  }
]

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

18.0%

Related for CVELIST:CVE-2023-44204