CVE-2023-44197 — Out-of-bounds Write in Networks Junos OS

CWE-787 — Out-of-bounds Write4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.1%

top 65.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Networks Junos OS Evolved Juniper Junos +1 more

Timeline

PublishedOct 13

Description

An Out-of-Bounds Write vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On all Junos OS and Junos OS Evolved devices an rpd crash and restart can occur while processing BGP route updates received over an established BGP session. This specific issue is observed for BGP routes learned via a peer which is configured with a BGP import policy that has hundreds of …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5juniper_networks/junos_os_evolved21.1R1-EVO — 21.1*-EVO+4

▶CVEListV5juniper_networks/junos_os21.1R1 — 21.1*+4

▶NVDjuniper/junos_os_evolved< 20.4+5

▶NVDjuniper/junos< 20.4+5

🔴Vulnerability Details

GHSA

GHSA-66qc-5f4v-2m8h: An Out-of-Bounds Write vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated,↗2023-10-13

▶

CVEList

Junos OS and Junos OS Evolved: An rpd crash may occur when BGP is processing newly learned routes↗2023-10-12

▶

📋Vendor Advisories

Juniper

CVE-2023-44197: An Out-of-Bounds Write vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated↗2023-10-13

▶