CVE-2023-44204
Junos OS and Junos OS Evolved: The rpd will crash upon receiving a malformed BGP UPDATE message
Severity Score
6.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
An Improper Validation of Syntactic Correctness of Input vulnerability in Routing Protocol Daemon (rpd) Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS).
When a malformed BGP UPDATE packet is received over an established BGP session, the rpd crashes and restarts.
This issue affects both eBGP and iBGP implementations.
This issue affects:
Juniper Networks Junos OS
* 21.4 versions prior to 21.4R3-S4;
* 22.1 versions prior to 22.1R3-S3;
* 22.2 versions prior to 22.2R3-S2;
* 22.3 versions prior to 22.3R2-S2, 22.3R3;
* 22.4 versions prior to 22.4R2-S1, 22.4R3;
* 23.2 versions prior to 23.2R1, 23.2R2;
Juniper Networks Junos OS Evolved
* 21.4 versions prior to 21.4R3-S5-EVO;
* 22.1 versions prior to 22.1R3-S3-EVO;
* 22.2 versions prior to 22.2R3-S3-EVO;
* 22.3 versions prior to 22.3R2-S2-EVO;
* 22.4 versions prior to 22.4R3-EVO;
* 23.2 versions prior to 23.2R2-EVO;
Una validación inadecuada de la corrección sintáctica de la vulnerabilidad de entrada en Routing Protocol Daemon (rpd) Juniper Networks Junos OS y Junos OS Evolved permite que un atacante basado en red no autenticado provoque una Denegación de Servicio (DoS). Cuando se recibe un paquete de ACTUALIZACIÓN de BGP con formato incorrecto a través de una sesión BGP establecida, el rpd falla y se reinicia. Este problema afecta tanto a las implementaciones de eBGP como de iBGP. Este problema afecta a: Juniper Networks Junos OS * versiones 21.4 anteriores a 21.4R3-S4; * Versiones 22.1 anteriores a 22.1R3-S3; * Versiones 22.2 anteriores a 22.2R3-S2; * Versiones 22.3 anteriores a 22.3R2-S2, 22.3R3; * Versiones 22.4 anteriores a 22.4R2-S1, 22.4R3; * Versiones 23.2 anteriores a 23.2R1, 23.2R2; Juniper Networks Junos OS Evolved * Versiones 21.4 anteriores a 21.4R3-S5-EVO; * Versiones 22.1 anteriores a 22.1R3-S3-EVO; * Versiones 22.2 anteriores a 22.2R3-S3-EVO; * Versiones 22.3 anteriores a 22.3R2-S2-EVO; * Versiones 22.4 anteriores a 22.4R3-EVO; * Versiones 23.2 anteriores a 23.2R2-EVO;
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-09-26 CVE Reserved
- 2023-10-12 CVE Published
- 2023-10-20 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-1286: Improper Validation of Syntactic Correctness of Input
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://supportportal.juniper.net/JSA73170 | 2023-10-19 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 21.4 Search vendor "Juniper" for product "Junos" and version "21.4" | - |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 21.4 Search vendor "Juniper" for product "Junos" and version "21.4" | r1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 21.4 Search vendor "Juniper" for product "Junos" and version "21.4" | r1-s1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 21.4 Search vendor "Juniper" for product "Junos" and version "21.4" | r1-s2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 21.4 Search vendor "Juniper" for product "Junos" and version "21.4" | r2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 21.4 Search vendor "Juniper" for product "Junos" and version "21.4" | r2-s1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 21.4 Search vendor "Juniper" for product "Junos" and version "21.4" | r2-s2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 21.4 Search vendor "Juniper" for product "Junos" and version "21.4" | r3 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 21.4 Search vendor "Juniper" for product "Junos" and version "21.4" | r3-s1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 21.4 Search vendor "Juniper" for product "Junos" and version "21.4" | r3-s2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 21.4 Search vendor "Juniper" for product "Junos" and version "21.4" | r3-s3 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 21.4 Search vendor "Juniper" for product "Junos" and version "21.4" | r3-s4 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 22.1 Search vendor "Juniper" for product "Junos" and version "22.1" | r1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 22.1 Search vendor "Juniper" for product "Junos" and version "22.1" | r1-s1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 22.1 Search vendor "Juniper" for product "Junos" and version "22.1" | r1-s2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 22.1 Search vendor "Juniper" for product "Junos" and version "22.1" | r2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 22.1 Search vendor "Juniper" for product "Junos" and version "22.1" | r2-s1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 22.1 Search vendor "Juniper" for product "Junos" and version "22.1" | r2-s2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 22.1 Search vendor "Juniper" for product "Junos" and version "22.1" | r3 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 22.1 Search vendor "Juniper" for product "Junos" and version "22.1" | r3-s1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 22.1 Search vendor "Juniper" for product "Junos" and version "22.1" | r3-s2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 22.2 Search vendor "Juniper" for product "Junos" and version "22.2" | r1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 22.2 Search vendor "Juniper" for product "Junos" and version "22.2" | r1-s1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 22.2 Search vendor "Juniper" for product "Junos" and version "22.2" | r1-s2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 22.2 Search vendor "Juniper" for product "Junos" and version "22.2" | r2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 22.2 Search vendor "Juniper" for product "Junos" and version "22.2" | r2-s1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 22.2 Search vendor "Juniper" for product "Junos" and version "22.2" | r2-s2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 22.2 Search vendor "Juniper" for product "Junos" and version "22.2" | r3 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 22.2 Search vendor "Juniper" for product "Junos" and version "22.2" | r3-s1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 22.3 Search vendor "Juniper" for product "Junos" and version "22.3" | r1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 22.3 Search vendor "Juniper" for product "Junos" and version "22.3" | r1-s1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 22.3 Search vendor "Juniper" for product "Junos" and version "22.3" | r1-s2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 22.3 Search vendor "Juniper" for product "Junos" and version "22.3" | r2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 22.3 Search vendor "Juniper" for product "Junos" and version "22.3" | r2-s1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 22.4 Search vendor "Juniper" for product "Junos" and version "22.4" | r1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 22.4 Search vendor "Juniper" for product "Junos" and version "22.4" | r1-s1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 22.4 Search vendor "Juniper" for product "Junos" and version "22.4" | r1-s2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 22.4 Search vendor "Juniper" for product "Junos" and version "22.4" | r2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 22.4 Search vendor "Juniper" for product "Junos" and version "22.4" | r2-s1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 23.2 Search vendor "Juniper" for product "Junos" and version "23.2" | r1-s1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 21.4 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.4" | - |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 21.4 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.4" | r1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 21.4 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.4" | r1-s1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 21.4 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.4" | r1-s2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 21.4 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.4" | r2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 21.4 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.4" | r2-s1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 21.4 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.4" | r2-s2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 21.4 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.4" | r3 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 21.4 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.4" | r3-s1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 21.4 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.4" | r3-s2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 21.4 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.4" | r3-s3 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 21.4 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.4" | r3-s4 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 22.1 Search vendor "Juniper" for product "Junos Os Evolved" and version "22.1" | r1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 22.1 Search vendor "Juniper" for product "Junos Os Evolved" and version "22.1" | r1-s1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 22.1 Search vendor "Juniper" for product "Junos Os Evolved" and version "22.1" | r1-s2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 22.1 Search vendor "Juniper" for product "Junos Os Evolved" and version "22.1" | r2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 22.1 Search vendor "Juniper" for product "Junos Os Evolved" and version "22.1" | r2-s1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 22.1 Search vendor "Juniper" for product "Junos Os Evolved" and version "22.1" | r3 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 22.1 Search vendor "Juniper" for product "Junos Os Evolved" and version "22.1" | r3-s1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 22.1 Search vendor "Juniper" for product "Junos Os Evolved" and version "22.1" | r3-s2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 22.2 Search vendor "Juniper" for product "Junos Os Evolved" and version "22.2" | r1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 22.2 Search vendor "Juniper" for product "Junos Os Evolved" and version "22.2" | r1-s1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 22.2 Search vendor "Juniper" for product "Junos Os Evolved" and version "22.2" | r2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 22.2 Search vendor "Juniper" for product "Junos Os Evolved" and version "22.2" | r2-s1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 22.2 Search vendor "Juniper" for product "Junos Os Evolved" and version "22.2" | r2-s2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 22.2 Search vendor "Juniper" for product "Junos Os Evolved" and version "22.2" | r3 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 22.2 Search vendor "Juniper" for product "Junos Os Evolved" and version "22.2" | r3-s1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 22.2 Search vendor "Juniper" for product "Junos Os Evolved" and version "22.2" | r3-s2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 22.3 Search vendor "Juniper" for product "Junos Os Evolved" and version "22.3" | r1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 22.3 Search vendor "Juniper" for product "Junos Os Evolved" and version "22.3" | r1-s1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 22.3 Search vendor "Juniper" for product "Junos Os Evolved" and version "22.3" | r1-s2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 22.3 Search vendor "Juniper" for product "Junos Os Evolved" and version "22.3" | r2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 22.3 Search vendor "Juniper" for product "Junos Os Evolved" and version "22.3" | r2-s1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 22.4 Search vendor "Juniper" for product "Junos Os Evolved" and version "22.4" | r1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 22.4 Search vendor "Juniper" for product "Junos Os Evolved" and version "22.4" | r1-s1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 22.4 Search vendor "Juniper" for product "Junos Os Evolved" and version "22.4" | r1-s2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 22.4 Search vendor "Juniper" for product "Junos Os Evolved" and version "22.4" | r2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 22.4 Search vendor "Juniper" for product "Junos Os Evolved" and version "22.4" | r2-s1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 22.4 Search vendor "Juniper" for product "Junos Os Evolved" and version "22.4" | r2-s2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 23.2 Search vendor "Juniper" for product "Junos Os Evolved" and version "23.2" | - |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 23.2 Search vendor "Juniper" for product "Junos Os Evolved" and version "23.2" | r1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved" | 23.2 Search vendor "Juniper" for product "Junos Os Evolved" and version "23.2" | r1-s1 |
Affected
| ||||||