Junos OS and Junos OS Evolved: An rpd crash occurs when a specific L2VPN command is run
Description
A Reachable Assertion vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a locally-based, low-privileged attacker to cause a Denial of Service (DoS).
On all Junos OS and Junos OS Evolved, when a specific L2VPN command is run, RPD will crash and restart. Continued execution of this specific command will create a sustained Denial of Service (DoS) condition.
This issue affects: Juniper Networks Junos OS All versions prior to 19.3R3-S10; 20.1 versions prior to 20.1R3-S4; 20.2 versions prior to 20.2R3-S6; 20.3 versions prior to 20.3R3-S6; 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S2; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R3; 22.2 versions prior to 22.2R2; 22.3 versions prior to 22.3R2;
Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S7-EVO; 21.1 versions prior to 21.1R3-S3-EVO; 21.2 versions prior to 21.2R3-S5-EVO; 21.3 versions prior to 21.3R3-S4-EVO; 21.4 versions prior to 21.4R3-EVO; 22.1 versions prior to 22.1R3-EVO; 22.2 versions prior to 22.2R2-EVO; 22.3 versions prior to 22.3R2-EVO;
Affected products
3<20.4R3-S7-EVO, 21.1R1-R3-S3-EVO, 21.2R1-R3-S5-EVO, 21.3R1-R3-S4-EVO, 21.4R1-R3-EVO, 22.1R1-R3-EVO, 22.2R1-R2-EVO, 22.3R1-R2-EVO+ 1 more
- (no CPE)range: <20.4R3-S7-EVO, 21.1R1-R3-S3-EVO, 21.2R1-R3-S5-EVO, 21.3R1-R3-S4-EVO, 21.4R1-R3-EVO, 22.1R1-R3-EVO, 22.2R1-R2-EVO, 22.3R1-R2-EVO
- (no CPE)range: unspecified
- Range: <19.3R3-S10, 20.1R1-R3-S4, 20.2R1-R3-S6, 20.3R1-R3-S6, 20.4R1-R3-S5, 21.1R1-R3-S4, 21.2R1-R3-S3, 21.3R1-R3-S2, 21.4R1-R3, 22.1R1-R3, 22.2R1-R2, 22.3R1-R2
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.