CVE-2023-28980
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
A Use After Free vulnerability in the routing protocol daemon of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause Denial of Service (DoS). In a rib sharding scenario the rpd process will crash shortly after specific CLI command is issued. This issue is more likely to occur in a scenario with high route scale (>1M routes).
This issue affects: Juniper Networks Junos OS
- 20.2 version 20.2R3-S5 and later versions prior to 20.2R3-S6;
- 20.3 version 20.3R3-S2 and later versions prior to 20.3R3-S5;
- 20.4 version 20.4R3-S1 and later versions prior to 20.4R3-S4
- 21.1 version 21.1R3 and later versions prior to 21.1R3-S3;
- 21.2 version 21.2R1-S2, 21.2R2-S1 and later versions prior to 21.2R3-S2;
- 21.3 version 21.3R2 and later versions prior to 21.3R3;
- 21.4 versions prior to 21.4R2-S1, 21.4R3;
- 22.1 versions prior to 22.1R2.
Juniper Networks Junos OS Evolved
- 20.4-EVO version 20.4R3-S1-EVO and later versions prior to 20.4R3-S6-EVO;
- 21.2-EVO version 21.2R1-S2-EVO and later versions prior to 21.2R3-S4-EVO;
- 21.3-EVO version 21.3R2-EVO and later versions prior to 21.3R3-S1-EVO;
- 21.4-EVO versions prior to 21.4R2-S1-EVO, 21.4R3-EVO;
- 22.1-EVO versions prior to 22.1R2-EVO.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Juniper Networks | Junos OS | 20.2R3-S5 < 20.2R3-S6 | affected |
| Juniper Networks | Junos OS | 20.3R3-S2 < 20.3R3-S5 | affected |
| Juniper Networks | Junos OS | 20.4R3-S1 < 20.4R3-S4 | affected |
| Juniper Networks | Junos OS | 21.1R3 < 21.1R3-S3 | affected |
| Juniper Networks | Junos OS | 21.2R1-S2, 21.2R2-S1 < 21.2R3-S2 | affected |
| Juniper Networks | Junos OS | 21.3R2 < 21.3R3 | affected |
| Juniper Networks | Junos OS | 21.4R1 < 21.4R2-S1, 21.4R3 | affected |
| Juniper Networks | Junos OS | 22.1R1 < 22.1R2 | affected |
| Juniper Networks | Junos OS Evolved | 20.4R3-S1-EVO < 20.4R3-S6-EVO | affected |
| Juniper Networks | Junos OS Evolved | 21.2R1-S2-EVO < 21.2R3-S4-EVO | affected |
| Juniper Networks | Junos OS Evolved | 21.3R2-EVO < 21.3R3-S1-EVO | affected |
| Juniper Networks | Junos OS Evolved | 21.4R1-EVO < 21.4R2-S1-EVO, 21.4R3-EVO | affected |
| Juniper Networks | Junos OS Evolved | 22.1R1-EVO < 22.1R2-EVO | affected |
Weaknesses
- CWE-416: CWE-416 Use After Free
- Denial of Service (DoS)
Workarounds
There are no known workarounds for this issue.
To reduce the risk of exploitation use access controls to limit CLI access to the device only from trusted networks, hosts and users.
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.