CVSS: 5.9EPSS: 0%CPEs: 148EXPL: 0CVE-2024-21585 – Junos OS and Junos OS Evolved: BGP session flaps on NSR-enabled devices can cause rpd crash
https://notcve.org/view.php?id=CVE-2024-21585
An Improper Handling of Exceptional Conditions vulnerability in BGP session processing of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker, using specific timing outside the attacker's control, to flap BGP sessions and cause the routing protocol daemon (rpd) process to crash and restart, leading to a Denial of Service (DoS) condition. Continued BGP session flapping will create a sustained Denial of Service (DoS) condition. This issue only affects routers configured with non-stop routing (NSR) enabled. Graceful Restart (GR) helper mode, enabled by default, is also required for this issue to be exploitable. Note: NSR is not supported on the SRX Series and is therefore not affected by this vulnerability. When the BGP session flaps on the NSR-enabled router, the device enters GR-helper/LLGR-helper mode due to the peer having negotiated GR/LLGR-restarter capability and the backup BGP requests for replication of the GR/LLGR-helper session, master BGP schedules, and initiates replication of GR/LLGR stale routes to the backup BGP. In this state, if the BGP session with the BGP peer comes up again, unsolicited replication is initiated for the peer without cleaning up the ongoing GR/LLGR-helper mode replication. This parallel two instances of replication for the same peer leads to the assert if the BGP session flaps again. This issue affects: Juniper Networks Junos OS * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R2-S2, 22.4R3; * 23.2 versions earlier than 23.2R1-S1, 23.2R2. Juniper Networks Junos OS Evolved * All versions earlier than 21.3R3-S5-EVO; * 21.4 versions earlier than 21.4R3-S5-EVO; * 22.1 versions earlier than 22.1R3-S4-EVO; * 22.2 versions earlier than 22.2R3-S3-EVO; * 22.3 versions earlier than 22.3R3-S1-EVO; * 22.4 versions earlier than 22.4R2-S2-EVO, 22.4R3-EVO; * 23.2 versions earlier than 23.2R1-S1-EVO, 23.2R2-EVO. • https://supportportal.juniper.net/JSA75723 https://supportportal.juniper.net/s/article/MX-GR-and-LLGR-capability-and-compatibility-changes-after-15-1-release https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 6.5EPSS: 0%CPEs: 82EXPL: 0CVE-2023-44204 – Junos OS and Junos OS Evolved: The rpd will crash upon receiving a malformed BGP UPDATE message
https://notcve.org/view.php?id=CVE-2023-44204
An Improper Validation of Syntactic Correctness of Input vulnerability in Routing Protocol Daemon (rpd) Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS). When a malformed BGP UPDATE packet is received over an established BGP session, the rpd crashes and restarts. This issue affects both eBGP and iBGP implementations. This issue affects: Juniper Networks Junos OS * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2-S1, 22.4R3; * 23.2 versions prior to 23.2R1, 23.2R2; Juniper Networks Junos OS Evolved * 21.4 versions prior to 21.4R3-S5-EVO; * 22.1 versions prior to 22.1R3-S3-EVO; * 22.2 versions prior to 22.2R3-S3-EVO; * 22.3 versions prior to 22.3R2-S2-EVO; * 22.4 versions prior to 22.4R3-EVO; * 23.2 versions prior to 23.2R2-EVO; Una validación inadecuada de la corrección sintáctica de la vulnerabilidad de entrada en Routing Protocol Daemon (rpd) Juniper Networks Junos OS y Junos OS Evolved permite que un atacante basado en red no autenticado provoque una Denegación de Servicio (DoS). Cuando se recibe un paquete de ACTUALIZACIÓN de BGP con formato incorrecto a través de una sesión BGP establecida, el rpd falla y se reinicia. Este problema afecta tanto a las implementaciones de eBGP como de iBGP. Este problema afecta a: Juniper Networks Junos OS * versiones 21.4 anteriores a 21.4R3-S4; * Versiones 22.1 anteriores a 22.1R3-S3; * Versiones 22.2 anteriores a 22.2R3-S2; * Versiones 22.3 anteriores a 22.3R2-S2, 22.3R3; * Versiones 22.4 anteriores a 22.4R2-S1, 22.4R3; * Versiones 23.2 anteriores a 23.2R1, 23.2R2; Juniper Networks Junos OS Evolved * Versiones 21.4 anteriores a 21.4R3-S5-EVO; * Versiones 22.1 anteriores a 22.1R3-S3-EVO; * Versiones 22.2 anteriores a 22.2R3-S3-EVO; * Versiones 22.3 anteriores a 22.3R2-S2-EVO; * Versiones 22.4 anteriores a 22.4R3-EVO; * Versiones 23.2 anteriores a 23.2R2-EVO; • https://supportportal.juniper.net/JSA73170 • CWE-20: Improper Input Validation CWE-1286: Improper Validation of Syntactic Correctness of Input •
CVSS: 6.5EPSS: 0%CPEs: 80EXPL: 0CVE-2023-44196 – Junos OS Evolved: PTX10003 Series: Packets which are not destined to the router can reach the RE
https://notcve.org/view.php?id=CVE-2023-44196
An Improper Check for Unusual or Exceptional Conditions in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS Evolved on PTX10003 Series allows an unauthenticated adjacent attacker to cause an impact to the integrity of the system. When specific transit MPLS packets are received by the PFE, these packets are internally forwarded to the RE. This issue is a prerequisite for CVE-2023-44195. This issue affects Juniper Networks Junos OS Evolved: * All versions prior to 20.4R3-S8-EVO; * 21.1-EVO version 21.1R1-EVO and later; * 21.2-EVO versions prior to 21.2R3-S6-EVO; * 21.3-EVO version 21.3R1-EVO and later; * 21.4-EVO versions prior to 21.4R3-S3-EVO; * 22.1-EVO versions prior to 22.1R3-S4-EVO; * 22.2-EVO versions prior to 22.2R3-S3-EVO; * 22.3-EVO versions prior to 22.3R2-S2-EVO, 22.3R3-EVO; * 22.4-EVO versions prior to 22.4R2-EVO. Una Verificación Inadecuada de Condiciones Inusuales o Excepcionales en Packet Forwarding Engine (pfe) de Juniper Networks Junos OS Evolved en la serie PTX10003 permite que un atacante adyacente no autenticado cause un impacto en la integridad del sistema. Cuando el PFE recibe paquetes MPLS de tránsito específicos, estos paquetes se reenvían internamente al RE. Este problema es un requisito previo para CVE-2023-44195. • https://supportportal.juniper.net/JSA73162 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 5.4EPSS: 0%CPEs: 39EXPL: 0CVE-2023-44195 – Junos OS Evolved: Packets which are not destined to the router can reach the RE
https://notcve.org/view.php?id=CVE-2023-44195
An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the NetworkStack agent daemon (nsagentd) of Juniper Networks Junos OS Evolved allows an unauthenticated network based attacker to cause limited impact to the availability of the system. If specific packets reach the Routing-Engine (RE) these will be processed normally even if firewall filters are in place which should have prevented this. This can lead to a limited, increased consumption of resources resulting in a Denial-of-Service (DoS), and unauthorized access. CVE-2023-44196 is a prerequisite for this issue. This issue affects Juniper Networks Junos OS Evolved: * 21.3-EVO versions prior to 21.3R3-S5-EVO; * 21.4-EVO versions prior to 21.4R3-S4-EVO; * 22.1-EVO version 22.1R1-EVO and later; * 22.2-EVO version 22.2R1-EVO and later; * 22.3-EVO versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO; * 22.4-EVO versions prior to 22.4R3-EVO. This issue doesn't not affected Junos OS Evolved versions prior to 21.3R1-EVO. Una vulnerabilidad de Restricción Inadecuada del Canal de Comunicación a los Endpoints Previstos en el daemon del agente NetworkStack (nsagentd) de Juniper Networks Junos OS Evolved permite que un atacante basado en red no autenticado cause un impacto limitado en la disponibilidad del sistema. Si paquetes específicos llegan al Routing-Engine (RE), se procesarán normalmente incluso si existen filtros de firewall que deberían haberlo impedido. Esto puede provocar un consumo mayor y limitado de recursos, lo que resulta en una Denegación de Servicio (DoS) y un acceso no autorizado. • https://supportportal.juniper.net/JSA73160 • CWE-923: Improper Restriction of Communication Channel to Intended Endpoints •
CVSS: 7.5EPSS: 0%CPEs: 129EXPL: 0CVE-2023-44185 – Junos OS and Junos OS Evolved: In an BGP scenario RPD crashes upon receiving and processing a specific malformed ISO VPN BGP UPDATE packet
https://notcve.org/view.php?id=CVE-2023-44185
An Improper Input Validation vulnerability in the routing protocol daemon (rpd) of Juniper Networks allows an attacker to cause a Denial of Service (DoS )to the device upon receiving and processing a specific malformed ISO VPN BGP UPDATE packet. Continued receipt of this packet will cause a sustained Denial of Service condition. This issue affects: * Juniper Networks Junos OS: * All versions prior to 20.4R3-S6; * 21.1 versions prior to 21.1R3-S5; * 21.2 versions prior to 21.2R3-S4; * 21.3 versions prior to 21.3R3-S3; * 21.4 versions prior to 21.4R3-S3; * 22.1 versions prior to 22.1R2-S2, 22.1R3; * 22.2 versions prior to 22.2R2-S1, 22.2R3; * 22.3 versions prior to 22.3R1-S2, 22.3R2. Juniper Networks Junos OS Evolved: * All versions prior to 20.4R3-S6-EVO; * 21.1-EVO version 21.1R1-EVO and later versions prior to 21.2R3-S4-EVO; * 21.3-EVO versions prior to 21.3R3-S3-EVO; * 21.4-EVO versions prior to 21.4R3-S3-EVO; * 22.1-EVO versions prior to 22.1R3-EVO; * 22.2-EVO versions prior to 22.2R2-S1-EVO, 22.2R3-EVO; * 22.3-EVO versions prior to 22.3R1-S2-EVO, 22.3R2-EVO. Una vulnerabilidad de validación de entrada incorrecta en el Routing Protocol Daemon (rpd) de Juniper Networks permite a un atacante causar una Denegación de Servicio (DoS) al dispositivo al recibir y procesar un paquete de ACTUALIZACIÓN BGP de VPN ISO con formato incorrecto específico. La recepción continua de este paquete provocará una condición sostenida de Denegación de Servicio. Este problema afecta a: * Juniper Networks Junos OS: * Todas las versiones anteriores a 20.4R3-S6; * Versiones 21.1 anteriores a 21.1R3-S5; * Versiones 21.2 anteriores a 21.2R3-S4; * Versiones 21.3 anteriores a 21.3R3-S3; * Versiones 21.4 anteriores a 21.4R3-S3; * Versiones 22.1 anteriores a 22.1R2-S2, 22.1R3; * Versiones 22.2 anteriores a 22.2R2-S1, 22.2R3; * Versiones 22.3 anteriores a 22.3R1-S2, 22.3R2. Juniper Networks Junos OS Evolved: * Todas las versiones anteriores a 20.4R3-S6-EVO; * 21.1-EVO versión 21.1R1-EVO y versiones posteriores anteriores a 21.2R3-S4-EVO; * Versiones 21.3-EVO anteriores a 21.3R3-S3-EVO; * Versiones 21.4-EVO anteriores a 21.4R3-S3-EVO; * Versiones 22.1-EVO anteriores a 22.1R3-EVO; * Versiones 22.2-EVO anteriores a 22.2R2-S1-EVO, 22.2R3-EVO; * Versiones 22.3-EVO anteriores a 22.3R1-S2-EVO, 22.3R2-EVO. • https://supportportal.juniper.net/JSA73146 • CWE-20: Improper Input Validation •