CVE-2023-36836 — Use of Uninitialized Resource in Networks Junos OS

CWE-908 — Use of Uninitialized Resource4 documents4 sources

Severity

4.7MEDIUMNVD

EPSS

0.1%

top 81.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Networks Junos OS Evolved Juniper Junos OS Evolved +1 more

Timeline

PublishedJul 14

Description

A Use of an Uninitialized Resource vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with low privileges to cause a Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, in a Multicast only Fast Reroute (MoFRR) scenario, the rpd process can crash when a a specific low privileged CLI command is executed. The rpd crash will impact all routing protocols until the process has automatically b…

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.0 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5juniper_networks/junos_os_evolvedunspecified — 20.4R3-S6-EVO+6

▶NVDjuniper/junos_os_evolved< 20.4+7

▶CVEListV5juniper_networks/junos_os19.4R3-S4 — 19.4*+10

▶NVDjuniper/junos11 versions+10

🔴Vulnerability Details

CVEList

Junos OS and Junos OS Evolved: In a MoFRR scenario an rpd core may be observed when a low privileged CLI command is executed↗2023-07-14

▶

GHSA

GHSA-jmpv-5c86-5fj9: A Use of an Uninitialized Resource vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local↗2023-07-14

▶

📋Vendor Advisories

Juniper

CVE-2023-36836: A Use of an Uninitialized Resource vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local↗2023-07-14

▶