CVE-2023-4481 — Improper Input Validation in Networks INC Junos OS

CWE-20 — Improper Input Validation CWE-200 — Sensitive Information Exposure5 documents5 sources

Severity

7.5HIGHNVD

EPSS

0.9%

top 25.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks INC Junos OS Juniper Networks INC Junos OS Evolved Juniper Junos +1 more

Timeline

PublishedSep 1

Latest updateSep 12

Description

An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When certain specific crafted BGP UPDATE messages are received over an established BGP session, one BGP session may be torn down with an UPDATE message error, or the issue may propagate beyond the local system which will remain non-impacted, but may affect one or more remote systems…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5juniper_networks_inc/junos_os_evolved21.2-EVO — 21.2R3-S7-EVO+8

▶CVEListV5juniper_networks_inc/junos_os21.2 — 21.2R3-S5+9

▶NVDjuniper/junos_os_evolved< 20.4+9

▶NVDjuniper/junos< 20.4+10

🔴Vulnerability Details

GHSA

GHSA-559g-r8hh-jrx5: An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenti↗2023-09-01

▶

CVEList

Junos OS and Junos OS Evolved: A crafted BGP UPDATE message allows a remote attacker to de-peer (reset) BGP sessions (CVE-2023-4481)↗2023-08-31

▶

📋Vendor Advisories

Microsoft

Microsoft Outlook Information Disclosure Vulnerability↗2023-09-12

▶

Juniper

CVE-2023-4481: An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenti↗2023-09-01

▶