CVE-2023-36839 — Improper Validation of Specified Quantity in Input in Networks Junos OS

CWE-1284 — Improper Validation of Specified Quantity in Input4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.0%

top 88.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Networks Junos OS Evolved Juniper Junos +1 more

Timeline

PublishedOct 12

Latest updateOct 13

Description

An Improper Validation of Specified Quantity in Input vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker who sends specific LLDP packets to cause a Denial of Service(DoS). This issue occurs when specific LLDP packets are received and telemetry polling is being done on the device. The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP. Also, …

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5juniper_networks/junos_os_evolved21.1R1-EVO — 21.1*-EVO+8

▶CVEListV5juniper_networks/junos_os21.1R1 — 21.1*+8

▶NVDjuniper/junos_os_evolved< 20.4+9

▶NVDjuniper/junos< 20.4+9

🔴Vulnerability Details

GHSA

GHSA-wr6j-q48c-hx4c: An Improper Validation of Specified Quantity in Input vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and J↗2023-10-13

▶

CVEList

Junos OS and Junos OS Evolved: An l2cpd crash will occur when specific LLDP packets are received↗2023-10-12

▶

📋Vendor Advisories

Juniper

CVE-2023-36839: An Improper Validation of Specified Quantity in Input vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and↗2023-10-12

▶