VYPR
Unrated severityNVD Advisory· Published Jul 14, 2023· Updated Oct 22, 2024

Junos OS and Junos OS Evolved: An rpd crash occurs when a specific L2VPN command is run

CVE-2023-36840

Description

A Reachable Assertion vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a locally-based, low-privileged attacker to cause a Denial of Service (DoS).

On all Junos OS and Junos OS Evolved, when a specific L2VPN command is run, RPD will crash and restart. Continued execution of this specific command will create a sustained Denial of Service (DoS) condition.

This issue affects: Juniper Networks Junos OS All versions prior to 19.3R3-S10; 20.1 versions prior to 20.1R3-S4; 20.2 versions prior to 20.2R3-S6; 20.3 versions prior to 20.3R3-S6; 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S2; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R3; 22.2 versions prior to 22.2R2; 22.3 versions prior to 22.3R2;

Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S7-EVO; 21.1 versions prior to 21.1R3-S3-EVO; 21.2 versions prior to 21.2R3-S5-EVO; 21.3 versions prior to 21.3R3-S4-EVO; 21.4 versions prior to 21.4R3-EVO; 22.1 versions prior to 22.1R3-EVO; 22.2 versions prior to 22.2R2-EVO; 22.3 versions prior to 22.3R2-EVO;

Affected products

3
  • <20.4R3-S7-EVO, 21.1R1-R3-S3-EVO, 21.2R1-R3-S5-EVO, 21.3R1-R3-S4-EVO, 21.4R1-R3-EVO, 22.1R1-R3-EVO, 22.2R1-R2-EVO, 22.3R1-R2-EVO+ 1 more
    • (no CPE)range: <20.4R3-S7-EVO, 21.1R1-R3-S3-EVO, 21.2R1-R3-S5-EVO, 21.3R1-R3-S4-EVO, 21.4R1-R3-EVO, 22.1R1-R3-EVO, 22.2R1-R2-EVO, 22.3R1-R2-EVO
    • (no CPE)range: unspecified
  • Range: <19.3R3-S10, 20.1R1-R3-S4, 20.2R1-R3-S6, 20.3R1-R3-S6, 20.4R1-R3-S5, 21.1R1-R3-S4, 21.2R1-R3-S3, 21.3R1-R3-S2, 21.4R1-R3, 22.1R1-R3, 22.2R1-R2, 22.3R1-R2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.