Lucene search

JuniperCVE-2023-28980

HistoryApr 17, 2023 - 10:15 p.m.

CVE-2023-28980

2023-04-1722:15:09

CWE-416

juniper

web.nvd.nist.gov

juniper networks

junos os

junos os evolved

cve-2023-28980

use after free

dos

nvd

vulnerability

routing protocol daemon

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

5.4

Confidence

High

EPSS

Percentile

9.0%

JSON

A Use After Free vulnerability in the routing protocol daemon of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause Denial of Service (DoS). In a rib sharding scenario the rpd process will crash shortly after specific CLI command is issued. This issue is more likely to occur in a scenario with high route scale (>1M routes).

This issue affects:
Juniper Networks Junos OS

20.2 version 20.2R3-S5 and later versions prior to 20.2R3-S6;
20.3 version 20.3R3-S2 and later versions prior to 20.3R3-S5;
20.4 version 20.4R3-S1 and later versions prior to 20.4R3-S4
21.1 version 21.1R3 and later versions prior to 21.1R3-S3;
21.2 version 21.2R1-S2, 21.2R2-S1 and later versions prior to 21.2R3-S2;
21.3 version 21.3R2 and later versions prior to 21.3R3;
21.4 versions prior to 21.4R2-S1, 21.4R3;
22.1 versions prior to 22.1R2.

Juniper Networks Junos OS Evolved

20.4-EVO version 20.4R3-S1-EVO and later versions prior to 20.4R3-S6-EVO;
21.2-EVO version 21.2R1-S2-EVO and later versions prior to 21.2R3-S4-EVO;
21.3-EVO version 21.3R2-EVO and later versions prior to 21.3R3-S1-EVO;
21.4-EVO versions prior to 21.4R2-S1-EVO, 21.4R3-EVO;
22.1-EVO versions prior to 22.1R2-EVO.

Affected configurations

Nvd

Node

juniperjunosMatch20.2r3-s5

juniperjunosMatch20.3r3-s2

juniperjunosMatch20.3r3-s3

juniperjunosMatch20.3r3-s4

juniperjunosMatch20.4r3-s1

juniperjunosMatch20.4r3-s2

juniperjunosMatch20.4r3-s3

juniperjunosMatch21.1r3

juniperjunosMatch21.1r3-s1

juniperjunosMatch21.1r3-s2

juniperjunosMatch21.2r1-s2

juniperjunosMatch21.2r2-s1

juniperjunosMatch21.2r2-s2

juniperjunosMatch21.2r3

juniperjunosMatch21.2r3-s1

juniperjunosMatch21.3r2

juniperjunosMatch21.3r2-s1

juniperjunosMatch21.3r2-s2

juniperjunosMatch21.4-

juniperjunosMatch21.4r1

juniperjunosMatch21.4r1-s1

juniperjunosMatch21.4r1-s2

juniperjunosMatch21.4r2

juniperjunosMatch21.4r3

juniperjunosMatch22.1r1

juniperjunosMatch22.1r1-s1

juniperjunosMatch22.1r1-s2

Node

juniperjunos_os_evolvedMatch20.4r3-s1

juniperjunos_os_evolvedMatch20.4r3-s2

juniperjunos_os_evolvedMatch20.4r3-s3

juniperjunos_os_evolvedMatch20.4r3-s4

juniperjunos_os_evolvedMatch20.4r3-s5

juniperjunos_os_evolvedMatch21.2r1-s2

juniperjunos_os_evolvedMatch21.2r2

juniperjunos_os_evolvedMatch21.2r2-s1

juniperjunos_os_evolvedMatch21.2r2-s2

juniperjunos_os_evolvedMatch21.2r3

juniperjunos_os_evolvedMatch21.2r3-s1

juniperjunos_os_evolvedMatch21.2r3-s2

juniperjunos_os_evolvedMatch21.2r3-s3

juniperjunos_os_evolvedMatch21.3r2

juniperjunos_os_evolvedMatch21.3r2-s1

juniperjunos_os_evolvedMatch21.3r2-s2

juniperjunos_os_evolvedMatch21.3r3

juniperjunos_os_evolvedMatch21.4-

juniperjunos_os_evolvedMatch21.4r1

juniperjunos_os_evolvedMatch21.4r1-s1

juniperjunos_os_evolvedMatch21.4r1-s2

juniperjunos_os_evolvedMatch21.4r2

juniperjunos_os_evolvedMatch21.4r3

juniperjunos_os_evolvedMatch22.1r1

juniperjunos_os_evolvedMatch22.1r1-s1

juniperjunos_os_evolvedMatch22.1r1-s2

VendorProductVersionCPE
juniperjunos20.2cpe:2.3:o:juniper:junos:20.2:r3-s5:*:*:*:*:*:*
juniperjunos20.3cpe:2.3:o:juniper:junos:20.3:r3-s2:*:*:*:*:*:*
juniperjunos20.3cpe:2.3:o:juniper:junos:20.3:r3-s3:*:*:*:*:*:*
juniperjunos20.3cpe:2.3:o:juniper:junos:20.3:r3-s4:*:*:*:*:*:*
juniperjunos20.4cpe:2.3:o:juniper:junos:20.4:r3-s1:*:*:*:*:*:*
juniperjunos20.4cpe:2.3:o:juniper:junos:20.4:r3-s2:*:*:*:*:*:*
juniperjunos20.4cpe:2.3:o:juniper:junos:20.4:r3-s3:*:*:*:*:*:*
juniperjunos21.1cpe:2.3:o:juniper:junos:21.1:r3:*:*:*:*:*:*
juniperjunos21.1cpe:2.3:o:juniper:junos:21.1:r3-s1:*:*:*:*:*:*
juniperjunos21.1cpe:2.3:o:juniper:junos:21.1:r3-s2:*:*:*:*:*:*

Vendor	Product	Version	CPE
juniper	junos	20.2	cpe:2.3:o:juniper:junos:20.2:r3-s5::::::
juniper	junos	20.3	cpe:2.3:o:juniper:junos:20.3:r3-s2::::::
juniper	junos	20.3	cpe:2.3:o:juniper:junos:20.3:r3-s3::::::
juniper	junos	20.3	cpe:2.3:o:juniper:junos:20.3:r3-s4::::::
juniper	junos	20.4	cpe:2.3:o:juniper:junos:20.4:r3-s1::::::
juniper	junos	20.4	cpe:2.3:o:juniper:junos:20.4:r3-s2::::::
juniper	junos	20.4	cpe:2.3:o:juniper:junos:20.4:r3-s3::::::
juniper	junos	21.1	cpe:2.3:o:juniper:junos:21.1:r3::::::
juniper	junos	21.1	cpe:2.3:o:juniper:junos:21.1:r3-s1::::::
juniper	junos	21.1	cpe:2.3:o:juniper:junos:21.1:r3-s2::::::

Rows per page:

1-10 of 531

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "20.2R3-S6",
        "status": "affected",
        "version": "20.2R3-S5",
        "versionType": "semver"
      },
      {
        "lessThan": "20.3R3-S5",
        "status": "affected",
        "version": "20.3R3-S2",
        "versionType": "semver"
      },
      {
        "lessThan": "20.4R3-S4",
        "status": "affected",
        "version": "20.4R3-S1",
        "versionType": "semver"
      },
      {
        "lessThan": "21.1R3-S3",
        "status": "affected",
        "version": "21.1R3",
        "versionType": "semver"
      },
      {
        "lessThan": "21.2R3-S2",
        "status": "affected",
        "version": "21.2R1-S2, 21.2R2-S1",
        "versionType": "semver"
      },
      {
        "lessThan": "21.3R3",
        "status": "affected",
        "version": "21.3R2",
        "versionType": "semver"
      },
      {
        "lessThan": "21.4R2-S1, 21.4R3",
        "status": "affected",
        "version": "21.4R1",
        "versionType": "semver"
      },
      {
        "lessThan": "22.1R2",
        "status": "affected",
        "version": "22.1R1",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Junos OS Evolved",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "20.4R3-S6-EVO",
        "status": "affected",
        "version": "20.4R3-S1-EVO",
        "versionType": "semver"
      },
      {
        "lessThan": "21.2R3-S4-EVO",
        "status": "affected",
        "version": "21.2R1-S2-EVO",
        "versionType": "semver"
      },
      {
        "lessThan": "21.3R3-S1-EVO",
        "status": "affected",
        "version": "21.3R2-EVO",
        "versionType": "semver"
      },
      {
        "lessThan": "21.4R2-S1-EVO, 21.4R3-EVO",
        "status": "affected",
        "version": "21.4R1-EVO",
        "versionType": "semver"
      },
      {
        "lessThan": "22.1R2-EVO",
        "status": "affected",
        "version": "22.1R1-EVO",
        "versionType": "semver"
      }
    ]
  }
]

References

supportportal.juniper.net/JSA70606

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

5.4

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVE-2023-28980