CVE-2023-4481 – Junos OS and Junos OS Evolved: A crafted BGP UPDATE message allows a remote attacker to de-peer (reset) BGP sessions (CVE-2023-4481)
https://notcve.org/view.php?id=CVE-2023-4481
An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When certain specific crafted BGP UPDATE messages are received over an established BGP session, one BGP session may be torn down with an UPDATE message error, or the issue may propagate beyond the local system which will remain non-impacted, but may affect one or more remote systems. This issue is exploitable remotely as the crafted UPDATE message can propagate through unaffected systems and intermediate BGP speakers. Continuous receipt of the crafted BGP UPDATE messages will create a sustained Denial of Service (DoS) condition for impacted devices. This issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations. This issue requires a remote attacker to have at least one established BGP session. An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When certain specific crafted BGP UPDATE messages are received over an established BGP session, one BGP session may be torn down with an UPDATE message error, or the issue may propagate beyond the local system which will remain non-impacted, but may affect one or more remote systems. This issue is exploitable remotely as the crafted UPDATE message can propagate through unaffected systems and intermediate BGP speakers. Continuous receipt of the crafted BGP UPDATE messages will create a sustained Denial of Service (DoS) condition for impacted devices. This issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations. • https://kb.juniper.net/JSA72510 https://www.juniper.net/documentation/us/en/software/junos/bgp/topics/topic-map/bgp-error-messages.html https://www.rfc-editor.org/rfc/rfc4271 https://www.rfc-editor.org/rfc/rfc7606 • CWE-20: Improper Input Validation •
CVE-2023-36849 – Junos OS and Junos OS Evolved: The l2cpd will crash when a malformed LLDP packet is received
https://notcve.org/view.php?id=CVE-2023-36849
An Improper Check or Handling of Exceptional Conditions vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS). When a malformed LLDP packet is received, l2cpd will crash and restart. The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP. Also, if any services depend on LLDP state (like PoE or VoIP device recognition), then these will also be affected. Continued receipt of such packets will lead to a sustained Denial of Service. This issue affects: Juniper Networks Junos OS 21.4 versions prior to 21.4R3-S3; 22.1 versions prior to 22.1R3-S3; 22.2 versions prior to 22.2R2-S1, 22.2R3; 22.3 versions prior to 22.3R2. Juniper Networks Junos OS Evolved 21.4-EVO versions prior to 21.4R3-S2-EVO; 22.1-EVO versions prior to 22.1R3-S3-EVO; 22.2-EVO versions prior to 22.2R2-S1-EVO, 22.2R3-EVO; 22.3-EVO versions prior to 22.3R2-EVO. • https://supportportal.juniper.net/JSA71660 • CWE-703: Improper Check or Handling of Exceptional Conditions •
CVE-2023-36840 – Junos OS and Junos OS Evolved: An rpd crash occurs when a specific L2VPN command is run
https://notcve.org/view.php?id=CVE-2023-36840
A Reachable Assertion vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a locally-based, low-privileged attacker to cause a Denial of Service (DoS). On all Junos OS and Junos OS Evolved, when a specific L2VPN command is run, RPD will crash and restart. Continued execution of this specific command will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS All versions prior to 19.3R3-S10; 20.1 versions prior to 20.1R3-S4; 20.2 versions prior to 20.2R3-S6; 20.3 versions prior to 20.3R3-S6; 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S2; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R3; 22.2 versions prior to 22.2R2; 22.3 versions prior to 22.3R2; Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S7-EVO; 21.1 versions prior to 21.1R3-S3-EVO; 21.2 versions prior to 21.2R3-S5-EVO; 21.3 versions prior to 21.3R3-S4-EVO; 21.4 versions prior to 21.4R3-EVO; 22.1 versions prior to 22.1R3-EVO; 22.2 versions prior to 22.2R2-EVO; 22.3 versions prior to 22.3R2-EVO; • https://supportportal.juniper.net/JSA71647 • CWE-617: Reachable Assertion •
CVE-2023-36836 – Junos OS and Junos OS Evolved: In a MoFRR scenario an rpd core may be observed when a low privileged CLI command is executed
https://notcve.org/view.php?id=CVE-2023-36836
A Use of an Uninitialized Resource vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with low privileges to cause a Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, in a Multicast only Fast Reroute (MoFRR) scenario, the rpd process can crash when a a specific low privileged CLI command is executed. The rpd crash will impact all routing protocols until the process has automatically been restarted. As the operational state which makes this issue exploitable is outside the attackers control, this issue is considered difficult to exploit. Continued execution of this command will lead to a sustained DoS. This issue affects: Juniper Networks Junos OS 19.4 version 19.4R3-S5 and later versions prior to 19.4R3-S9; 20.1 version 20.1R2 and later versions; 20.2 versions prior to 20.2R3-S7; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S6; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S2; 21.3 versions prior to 21.3R3-S1; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R1-S2, 22.1R2; 22.2 versions prior to 22.2R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S6-EVO; 21.1-EVO version 21.1R1-EVO and later versions; 21.2-EVO version 21.2R1-EVO and later versions; 21.3-EVO versions prior to 21.3R3-S1-EVO; 21.4-EVO versions prior to 21.4R3-EVO; 22.1-EVO versions prior to 22.1R1-S2-EVO, 22.1R2-EVO; 22.2-EVO versions prior to 22.2R2-EVO. • https://supportportal.juniper.net/JSA71643 • CWE-908: Use of Uninitialized Resource •
CVE-2023-36833 – Junos OS Evolved: PTX10001-36MR, and PTX10004, PTX10008, PTX10016 with LC1201/1202: The aftman-bt process will crash in a MoFRR scenario after multiple link flaps
https://notcve.org/view.php?id=CVE-2023-36833
A Use After Free vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS Evolved on PTX10001-36MR, and PTX10004, PTX10008, PTX10016 with LC1201/1202 allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). The process 'aftman-bt' will crash after multiple flaps on a multicast-only fast reroute (MoFRR) enabled interface. This will cause the respective FPC to stop forwarding traffic and it needs to be rebooted to restore the service. An indication that the system experienced this issue is the following log message: <date> <hostname> evo-aftmand-bt[<pid>]: [Error] jexpr_fdb: sanity check failed, ... , app_name L3 Mcast Routes This issue affects Juniper Networks Junos OS Evolved on PTX10001-36MR, PTX10004, PTX10008, PTX10016 with LC1201/1202: 21.2 version 21.2R1-EVO and later versions; 21.3 version 21.3R1-EVO and later versions; 21.4 versions prior to 21.4R3-S3-EVO; 22.1 version 22.1R1-EVO and later versions; 22.2 versions prior to 22.2R3-S2-EVO; 22.3 versions prior to 22.3R3-EVO; 22.4 versions prior to 22.4R1-S2-EVO, 22.4R2-EVO. • https://supportportal.juniper.net/JSA71640 • CWE-416: Use After Free •