CVE-2023-44197

Junos OS and Junos OS Evolved: An rpd crash may occur when BGP is processing newly learned routes

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

< 1%

*EPSS

Affected Versions

110

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

An Out-of-Bounds Write vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On all Junos OS and Junos OS Evolved devices an rpd crash and restart can occur while processing BGP route updates received over an established BGP session. This specific issue is observed for BGP routes learned via a peer which is configured with a BGP import policy that has hundreds of terms matching IPv4 and/or IPv6 prefixes. This issue affects Juniper Networks Junos OS: * All versions prior to 20.4R3-S8; * 21.1 version 21.1R1 and later versions; * 21.2 versions prior to 21.2R3-S2; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R2-S1, 21.4R3-S5. This issue affects Juniper Networks Junos OS Evolved: * All versions prior to 20.4R3-S8-EVO; * 21.1-EVO version 21.1R1-EVO and later versions; * 21.2-EVO versions prior to 21.2R3-S2-EVO; * 21.3-EVO version 21.3R1-EVO and later versions; * 21.4-EVO versions prior to 21.4R2-S1-EVO, 21.4R3-S5-EVO.

Una vulnerabilidad de Escritura Fuera de los Límites en el Routing Protocol Daemon (rpd) de Juniper Networks Junos OS y Junos OS Evolved permite que un atacante basado en red no autenticado provoque una Denegación de Servicio (DoS). En todos los dispositivos Junos OS y Junos OS Evolved, se puede producir un bloqueo y reinicio de rpd mientras se procesan las actualizaciones de ruta BGP recibidas a través de una sesión BGP establecida. Este problema específico se observa para las rutas BGP aprendidas a través de un par que está configurado con una política de importación de BGP que tiene cientos de términos que coinciden con los prefijos IPv4 y/o IPv6. Este problema afecta a Juniper Networks Junos OS: * Todas las versiones anteriores a 20.4R3-S8; * 21.1 versión 21.1R1 y versiones posteriores; * Versiones 21.2 anteriores a 21.2R3-S2; * Versiones 21.3 anteriores a 21.3R3-S5; * Versiones 21.4 anteriores a 21.4R2-S1, 21.4R3-S5. Este problema afecta a Juniper Networks Junos OS Evolved: * Todas las versiones anteriores a 20.4R3-S8-EVO; * 21.1-EVO versión 21.1R1-EVO y versiones posteriores; * Versiones 21.2-EVO anteriores a 21.2R3-S2-EVO; * 21.3-EVO versión 21.3R1-EVO y versiones posteriores; * Versiones 21.4-EVO anteriores a 21.4R2-S1-EVO, 21.4R3-S5-EVO.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

None

Automatable

Yes

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2023-09-26 CVE Reserved
2023-10-12 CVE Published
2024-09-19 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-787: Out-of-bounds Write

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://supportportal.juniper.net/JSA73163	2023-10-20

1 - 1 of 1

Affected Vendors, Products, and Versions (110)

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Juniper Search vendor "Juniper"		Junos Search vendor "Juniper" for product "Junos"				< 20.4 Search vendor "Juniper" for product "Junos" and version " < 20.4"		-		Affected
Juniper Search vendor "Juniper"		Junos Search vendor "Juniper" for product "Junos"				20.4 Search vendor "Juniper" for product "Junos" and version "20.4"		-		Affected
Juniper Search vendor "Juniper"		Junos Search vendor "Juniper" for product "Junos"				20.4 Search vendor "Juniper" for product "Junos" and version "20.4"		r1		Affected
Juniper Search vendor "Juniper"		Junos Search vendor "Juniper" for product "Junos"				20.4 Search vendor "Juniper" for product "Junos" and version "20.4"		r1-s1		Affected
Juniper Search vendor "Juniper"		Junos Search vendor "Juniper" for product "Junos"				20.4 Search vendor "Juniper" for product "Junos" and version "20.4"		r2		Affected
Juniper Search vendor "Juniper"		Junos Search vendor "Juniper" for product "Junos"				20.4 Search vendor "Juniper" for product "Junos" and version "20.4"		r2-s1		Affected
Juniper Search vendor "Juniper"		Junos Search vendor "Juniper" for product "Junos"				20.4 Search vendor "Juniper" for product "Junos" and version "20.4"		r2-s2		Affected
Juniper Search vendor "Juniper"		Junos Search vendor "Juniper" for product "Junos"				20.4 Search vendor "Juniper" for product "Junos" and version "20.4"		r3		Affected
Juniper Search vendor "Juniper"		Junos Search vendor "Juniper" for product "Junos"				20.4 Search vendor "Juniper" for product "Junos" and version "20.4"		r3-s1		Affected
Juniper Search vendor "Juniper"		Junos Search vendor "Juniper" for product "Junos"				20.4 Search vendor "Juniper" for product "Junos" and version "20.4"		r3-s2		Affected

1 - 10 of 110