CVE-2023-44175 — Reachable Assertion in Networks Junos OS

CWE-617 — Reachable Assertion4 documents4 sources

Severity

7.5HIGHNVD

CNA6.5

EPSS

0.2%

top 61.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Networks Junos OS Evolved Juniper Junos +1 more

Timeline

PublishedOct 12

Latest updateOct 13

Description

A Reachable Assertion vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows to send specific genuine PIM packets to the device resulting in rpd to crash causing a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. Note: This issue is not noticed when all the devices in the network are Juniper devices. This issue affects Juniper Networks: Junos OS: * All ver…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5juniper_networks/junos_os_evolved22.4-EVO — 22.4R3-EVO+2

▶CVEListV5juniper_networks/junos_os21.1 — 21.1R3-S4+8

▶NVDjuniper/junos_os_evolved22.3, 22.4, 23.2+2

▶NVDjuniper/junos< 20.4+8

🔴Vulnerability Details

GHSA

GHSA-r6wp-r547-f9gf: A Reachable Assertion vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows to send specific gen↗2023-10-13

▶

CVEList

Junos OS and Junos OS Evolved: Receipt of a specific genuine PIM packet causes RPD crash↗2023-10-12

▶

📋Vendor Advisories

Juniper

CVE-2023-44175: A Reachable Assertion vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows to send specific ge↗2023-10-12

▶