CVE-2023-28980

Summary

A Use After Free vulnerability in the routing protocol daemon of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause Denial of Service (DoS). In a rib sharding scenario the rpd process will crash shortly after specific CLI command is issued. This issue is more likely to occur in a scenario with high route scale (>1M routes).

This issue affects: Juniper Networks Junos OS

  • 20.2 version 20.2R3-S5 and later versions prior to 20.2R3-S6;
  • 20.3 version 20.3R3-S2 and later versions prior to 20.3R3-S5;
  • 20.4 version 20.4R3-S1 and later versions prior to 20.4R3-S4
  • 21.1 version 21.1R3 and later versions prior to 21.1R3-S3;
  • 21.2 version 21.2R1-S2, 21.2R2-S1 and later versions prior to 21.2R3-S2;
  • 21.3 version 21.3R2 and later versions prior to 21.3R3;
  • 21.4 versions prior to 21.4R2-S1, 21.4R3;
  • 22.1 versions prior to 22.1R2.

Juniper Networks Junos OS Evolved

  • 20.4-EVO version 20.4R3-S1-EVO and later versions prior to 20.4R3-S6-EVO;
  • 21.2-EVO version 21.2R1-S2-EVO and later versions prior to 21.2R3-S4-EVO;
  • 21.3-EVO version 21.3R2-EVO and later versions prior to 21.3R3-S1-EVO;
  • 21.4-EVO versions prior to 21.4R2-S1-EVO, 21.4R3-EVO;
  • 22.1-EVO versions prior to 22.1R2-EVO.

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksJunos OS20.2R3-S5 < 20.2R3-S6affected
Juniper NetworksJunos OS20.3R3-S2 < 20.3R3-S5affected
Juniper NetworksJunos OS20.4R3-S1 < 20.4R3-S4affected
Juniper NetworksJunos OS21.1R3 < 21.1R3-S3affected
Juniper NetworksJunos OS21.2R1-S2, 21.2R2-S1 < 21.2R3-S2affected
Juniper NetworksJunos OS21.3R2 < 21.3R3affected
Juniper NetworksJunos OS21.4R1 < 21.4R2-S1, 21.4R3affected
Juniper NetworksJunos OS22.1R1 < 22.1R2affected
Juniper NetworksJunos OS Evolved20.4R3-S1-EVO < 20.4R3-S6-EVOaffected
Juniper NetworksJunos OS Evolved21.2R1-S2-EVO < 21.2R3-S4-EVOaffected
Juniper NetworksJunos OS Evolved21.3R2-EVO < 21.3R3-S1-EVOaffected
Juniper NetworksJunos OS Evolved21.4R1-EVO < 21.4R2-S1-EVO, 21.4R3-EVOaffected
Juniper NetworksJunos OS Evolved22.1R1-EVO < 22.1R2-EVOaffected

Weaknesses

  • CWE-416: CWE-416 Use After Free
  • Denial of Service (DoS)

Workarounds

There are no known workarounds for this issue.

To reduce the risk of exploitation use access controls to limit CLI access to the device only from trusted networks, hosts and users.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References