CVE-2023-36840 | THREATINT

Description

A Reachable Assertion vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a locally-based, low-privileged attacker to cause a Denial of Service (DoS). On all Junos OS and Junos OS Evolved, when a specific L2VPN command is run, RPD will crash and restart. Continued execution of this specific command will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS All versions prior to 19.3R3-S10; 20.1 versions prior to 20.1R3-S4; 20.2 versions prior to 20.2R3-S6; 20.3 versions prior to 20.3R3-S6; 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S2; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R3; 22.2 versions prior to 22.2R2; 22.3 versions prior to 22.3R2; Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S7-EVO; 21.1 versions prior to 21.1R3-S3-EVO; 21.2 versions prior to 21.2R3-S5-EVO; 21.3 versions prior to 21.3R3-S4-EVO; 21.4 versions prior to 21.4R3-EVO; 22.1 versions prior to 22.1R3-EVO; 22.2 versions prior to 22.2R2-EVO; 22.3 versions prior to 22.3R2-EVO;

Reserved 2023-06-27 | Published 2023-07-14 | Updated 2024-10-22 | Assigner juniper

MEDIUM: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Problem types

CWE-617 Reachable Assertion

Denial of Service (DoS)

Product status

Default status

unaffected

Any version before 19.3R3-S10

affected

20.1 before 20.1R3-S4

affected

20.2 before 20.2R3-S6

affected

20.3 before 20.3R3-S6

affected

20.4 before 20.4R3-S5

affected

21.1 before 21.1R3-S4

affected

21.2 before 21.2R3-S3

affected

21.3 before 21.3R3-S2

affected

21.4 before 21.4R3

affected

22.1 before 22.1R3

affected

22.2 before 22.2R2

affected

22.3 before 22.3R2

affected

Default status

unaffected

Any version before 20.4R3-S7-EVO

affected

21.1 before 21.1R3-S3-EVO

affected

21.2 before 21.2R3-S5-EVO

affected

21.3 before 21.3R3-S4-EVO

affected

21.4 before 21.4R3-EVO

affected

22.1 before 22.1R3-EVO

affected

22.2 before 22.2R2-EVO

affected

22.3 before 22.3R2-EVO

affected

References

supportportal.juniper.net/JSA71647

cve.org (CVE-2023-36840)

nvd.nist.gov (CVE-2023-36840)

Download JSON