CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
23.6%
The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA73146 advisory.
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#TRUSTED 0d78a6334384aea505783a03cf0faee14fab95c0dad1c6156ff2ff903ca14c75c74c9c7abe9787bb7ecee7c3c12256433a8400695103b30aee97a5d568ab9fca5c4a866e7a98fb4b06cd0ff6244514729bc642ceb73bd71ba3311dba515ede776e735610658f43960e65066787d224618f70b56d354be3e07f316dfb96f59a3eb23fd8322095e51c6851b31d37e26085cd0068a3e55ae2878bedf6a8bb70e6efc6b0763c1f40facc79315ba5f28d7e6cfe99d49eaf31f4403019b406e9d185c96e1108cabb1b4441b5bd80588b64f8b43d562e52a1bd4e7e611e8abb93ebf5449a8dc76f5510e37c7e8f6fbb49d3274160bf3de9d6dd809c5a96fcfdbdc86b5727f5f0eeb244bef299db32637c7d25ff5f2879360c9f7e6ff72dfc112d7e50878374081c985c46501051e59c850df6cf169d7f22db6acb86e171a9bb5b0be95c86cc5f21e8ce84e6290ce8f40ad7413ec38613b0b44ce1b4a39b47d80db818bf7c110d6122b9f9492f361b36e0cab1cc2b1f05933afab712b32edbeeb2389ea3bb8ad9a530122baefc8aed5bdad846fa8b3c7efa82c92cc6a6d184fa9e323c762362be50fd85b19c03f1fd27a2233fe8ec87f7e6ced5302fef1fff81cdbe8599fcd45c5a677a20a16a316edeea0f75e6386bc9cc12305fa029c37d8d6aa20e7c2fd8bfa2d61fa310b5ae993b8f8de5f74bcc20725b3437d520fa3c0d6506c0be
#TRUST-RSA-SHA256 21104fb00583b03e60635866d6a998d42424b6425f641da562230ff011f645e4270e7071d412a60dfd100ec223c1b310cc2ea4d593f41f84341df3c8981af9cd3cfc88cb22758d390cd10dd95d0c398e39b611a0eec02fb88c523ec88e1e57de81da767b41d1c1bc3b59c06f0873c6d17fb7133709e79bffed4a5bb126b422461f13f516e75a04f0ee1e476b5e4a52ba618bb4926cbbd19c2d297282e28b177d30b5e47170b6b43bc4b48493b2d4c15790609e07399f9ae16b21f4e07aafd23cfb5e24ebccff9caeb629a4d628cefbd24ed29f4dda4b5f45aa594a02a390fdb73f5ad3b75e80093e3bcf5d7b91482f04a4e29bf4762fb62c7e5cd77f08cd0466d1f543e53e4ff510c17f4c64f7534eb474ca80f3cf371365cf1ce887bdbb90307d23a18bf80815a707823fbff7ea2f03abb200d326b17d1eedd1b64a7c73a3bf4d998812f7d3bb21a1cdd897d4ca5cce4c49cc5f9baa556e708a90d84212b92c2b94e0251442288ba316b38c5dce23713db6909df04cae27b066b9b80341b1961c07c209a46e3cd35bf3c8e9dbe959ea7ec9e04fb7d7000ddac2f4733e492f15f9f45bf581d6dd2ddda69731d36bdbe065fd80e97a4a1d93638e87b26e12641cdcd0d450c27c75f983f0ab29835a51c2582aec7f8d5928d28712a476726bcad868037a33d726c598c8c4999b0e451adb0285237de3651909ac66357d5ccff88c
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(183962);
script_version("1.0");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/27");
script_cve_id("CVE-2023-44185");
script_xref(name:"JSA", value:"JSA73146");
script_xref(name:"IAVA", value:"2023-A-0565");
script_name(english:"Juniper Junos OS Vulnerability (JSA73146)");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
script_set_attribute(attribute:"description", value:
"The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA73146
advisory.
- An Improper Input Validation vulnerability in the routing protocol daemon (rpd) of Juniper Networks allows
an attacker to cause a Denial of Service (DoS) to the device upon receiving and processing a specific
malformed ISO VPN BGP UPDATE packet. (CVE-2023-44185)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://kb.juniper.net/JSA73146");
# https://supportportal.juniper.net/s/article/2023-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-a-BGP-scenario-RPD-crashes-upon-receiving-and-processing-a-specific-malformed-ISO-VPN--BGP-UPDATE-packet-CVE-2023-44185
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3f962cd9");
script_set_attribute(attribute:"solution", value:
"Apply the relevant Junos software release referenced in Juniper advisory JSA73146");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-44185");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/10/11");
script_set_attribute(attribute:"patch_publication_date", value:"2023/10/11");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/10/27");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/o:juniper:junos");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Junos Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("junos_version.nasl");
script_require_keys("Host/Juniper/JUNOS/Version");
exit(0);
}
include('junos.inc');
include('junos_kb_cmd_func.inc');
var ver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version');
var vuln_ranges = [
{'min_ver':'0.0', 'fixed_ver':'20.4R3-S6'},
{'min_ver':'0.0', 'fixed_ver':'20.4R3-S6-EVO'},
{'min_ver':'21.1', 'fixed_ver':'21.1R3-S5'},
{'min_ver':'21.1-EVO', 'fixed_ver':'21.1R1-EVO'},
{'min_ver':'21.2', 'fixed_ver':'21.2R3-S4'},
{'min_ver':'21.3', 'fixed_ver':'21.3R3-S3'},
{'min_ver':'21.3-EVO', 'fixed_ver':'21.3R3-S3-EVO'},
{'min_ver':'21.4', 'fixed_ver':'21.4R3-S3'},
{'min_ver':'21.4-EVO', 'fixed_ver':'21.4R3-S3-EVO'},
{'min_ver':'22.1', 'fixed_ver':'22.1R2-S2', 'fixed_display':'22.1R2-S2, 22.1R3'},
{'min_ver':'22.1-EVO', 'fixed_ver':'22.1R3-EVO'},
{'min_ver':'22.2', 'fixed_ver':'22.2R2-S1', 'fixed_display':'22.2R2-S1, 22.2R3'},
{'min_ver':'22.2-EVO', 'fixed_ver':'22.2R2-S1-EVO'},
{'min_ver':'22.2R3', 'fixed_ver':'22.2R3-EVO'},
{'min_ver':'22.3', 'fixed_ver':'22.3R1-S2', 'fixed_display':'22.3R1-S2, 22.3R2'},
{'min_ver':'22.3-EVO', 'fixed_ver':'22.3R1-S2-EVO', 'fixed_display':'22.3R1-S2-EVO, 22.3R2-EVO'}
];
var override = TRUE;
var buf = junos_command_kb_item(cmd:'show configuration | display set');
if (buf)
{
override = FALSE;
if (!junos_check_config(buf:buf, pattern:"^set protocols bgp"))
audit(AUDIT_HOST_NOT, 'using a vulnerable configuration');
}
var fix = junos_compare_range(target_version:ver, vuln_ranges:vuln_ranges);
if (empty_or_null(fix)) audit(AUDIT_INST_VER_NOT_VULN, 'Junos OS', ver);
junos_report(ver:ver, fix:fix, override:override, severity:SECURITY_HOLE);