CVE-2023-36840 — Reachable Assertion in Networks Junos OS

CWE-617 — Reachable Assertion4 documents4 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 75.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Networks Junos OS Evolved Juniper Junos +1 more

Timeline

PublishedJul 14

Description

A Reachable Assertion vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a locally-based, low-privileged attacker to cause a Denial of Service (DoS). On all Junos OS and Junos OS Evolved, when a specific L2VPN command is run, RPD will crash and restart. Continued execution of this specific command will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS All versions prior to 19.3R3-S10; 20.1 ve…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5juniper_networks/junos_os_evolvedunspecified — 20.4R3-S7-EVO+7

▶NVDjuniper/junos_os_evolved< 20.4+8

▶CVEListV5juniper_networks/junos_osunspecified — 19.3R3-S10+11

▶NVDjuniper/junos< 19.3+13

🔴Vulnerability Details

CVEList

Junos OS and Junos OS Evolved: An rpd crash occurs when a specific L2VPN command is run↗2023-07-14

▶

GHSA

GHSA-vfwv-m6qg-w443: A Reachable Assertion vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a locally-based, low-pri↗2023-07-14

▶

📋Vendor Advisories

Juniper

CVE-2023-36840: A Reachable Assertion vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a locally-based, low-pri↗2023-07-14

▶