CVE-2023-36849 — Improper Check or Handling of Exceptional Conditions in Networks Junos OS

CWE-703 — Improper Check or Handling of Exceptional Conditions4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 73.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Networks Junos OS Evolved Juniper Junos +1 more

Timeline

PublishedJul 14

Description

An Improper Check or Handling of Exceptional Conditions vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS). When a malformed LLDP packet is received, l2cpd will crash and restart. The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP. Also, if any services depend on LLDP state (like PoE or VoIP device reco…

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5juniper_networks/junos_os_evolved21.4 — 21.4R3-S2-EVO+3

▶CVEListV5juniper_networks/junos_os21.4 — 21.4R3-S3+3

▶NVDjuniper/junos_os_evolved4 versions+3

▶NVDjuniper/junos4 versions+3

🔴Vulnerability Details

GHSA

GHSA-px74-prrr-j3jp: An Improper Check or Handling of Exceptional Conditions vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and↗2023-07-14

▶

CVEList

Junos OS and Junos OS Evolved: The l2cpd will crash when a malformed LLDP packet is received↗2023-07-14

▶

📋Vendor Advisories

Juniper

CVE-2023-36849: An Improper Check or Handling of Exceptional Conditions vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and↗2023-07-14

▶