CVE-2023-44176

Summary

A Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos OS allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service.

Repeated actions by the attacker will create a sustained Denial of Service (DoS) condition.

This issue affects Juniper Networks:

Junos OS:

  • All versions prior to 20.4R3-S8;
  • 21.2 versions prior to 21.2R3-S6;
  • 21.3 versions prior to 21.3R3-S5;
  • 22.1 versions prior to 22.1R3-S3;
  • 22.3 versions prior to 22.3R3;
  • 22.4 versions prior to 22.4R3.

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksJunos OS0 < 20.4R3-S8affected
Juniper NetworksJunos OS21.2 < 21.2R3-S6affected
Juniper NetworksJunos OS21.3 < 21.3R3-S5affected
Juniper NetworksJunos OS22.1 < 22.1R3-S3affected
Juniper NetworksJunos OS22.3 < 22.3R3affected
Juniper NetworksJunos OS22.4 < 22.4R3affected

Weaknesses

  • CWE-787: CWE-787 Out-of-bounds Write
  • CWE-121: CWE-121 Stack-based Buffer Overflow
  • Denial of Service (DoS)

Workarounds

To reduce the risk of malicious exploitation use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References