CVE-2023-44204 — Improper Validation of Syntactic Correctness of Input in Networks Junos OS

CWE-1286 — Improper Validation of Syntactic Correctness of Input CWE-20 — Improper Input Validation4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 84.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Networks Junos OS Evolved Juniper Junos +1 more

Timeline

PublishedOct 13

Description

An Improper Validation of Syntactic Correctness of Input vulnerability in Routing Protocol Daemon (rpd) Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS). When a malformed BGP UPDATE packet is received over an established BGP session, the rpd crashes and restarts. This issue affects both eBGP and iBGP implementations. This issue affects: Juniper Networks Junos OS * 21.4 versions prior to 21.4R3-S4; * 22.1 ver…

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5juniper_networks/junos_os_evolved21.4-EVO — 21.4R3-S5-EVO+5

▶CVEListV5juniper_networks/junos_os21.4 — 21.4R3-S4+5

▶NVDjuniper/junos_os_evolved6 versions+5

▶NVDjuniper/junos5 versions+4

🔴Vulnerability Details

GHSA

GHSA-jgpr-gfxw-cgxq: An Improper Validation of Syntactic Correctness of Input vulnerability in Routing Protocol Daemon (rpd) Juniper Networks Junos OS and Junos OS Evolved↗2023-10-13

▶

CVEList

Junos OS and Junos OS Evolved: The rpd will crash upon receiving a malformed BGP UPDATE message↗2023-10-12

▶

📋Vendor Advisories

Juniper

CVE-2023-44204: An Improper Validation of Syntactic Correctness of Input vulnerability in Routing Protocol Daemon (rpd) Juniper Networks Junos OS and Junos OS Evolve↗2023-10-13

▶