CVE-2023-28981

Published: Apr 17, 2023Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: sirt@juniper.net (Secondary)

Description

An Improper Input Validation vulnerability in the kernel of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). If the receipt of router advertisements is enabled on an interface and a specifically malformed RA packet is received, memory corruption will happen which leads to an rpd crash. This issue affects: Juniper Networks Junos OS 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S3; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2; 22.1 versions prior to 22.1R2. Juniper Networks Junos OS Evolved 20.3-EVO version 20.3R1-EVO and later versions; 20.4-EVO versions prior to 20.4R3-S6-EVO; 21.3-EVO versions prior to 21.3R3-EVO; 21.4-EVO versions prior to 21.4R2-EVO; 22.1-EVO versions prior to 22.1R2-EVO.

Affected (83)

Products: Juniper: Junos, Junos Os Evolved

Juniper

2 products

Junos

Junos Os Evolved

Configuration A

51 vulnerable

Vulnerable Software	Affected Versions
Juniper Junos	Version 20.3
Juniper Junos	Version 20.3 r1-s1
Juniper Junos	Version 20.3 r1-s2
Juniper Junos	Version 20.3 r1
Juniper Junos	Version 20.3 r2-s1
Juniper Junos	Version 20.3 r2
Juniper Junos	Version 20.3 r3-s1
Juniper Junos	Version 20.3 r3-s2
Juniper Junos	Version 20.3 r3-s3
Juniper Junos	Version 20.3 r3-s4
Juniper Junos	Version 20.3 r3
Juniper Junos	Version 20.4
Juniper Junos	Version 20.4 r1-s1
Juniper Junos	Version 20.4 r1
Juniper Junos	Version 20.4 r2-s1
Juniper Junos	Version 20.4 r2-s2
Juniper Junos	Version 20.4 r2
Juniper Junos	Version 20.4 r3-s1
Juniper Junos	Version 20.4 r3-s2
Juniper Junos	Version 20.4 r3
Juniper Junos	Version 21.1
Juniper Junos	Version 21.1 r1-s1
Juniper Junos	Version 21.1 r1
Juniper Junos	Version 21.1 r2-s1
Juniper Junos	Version 21.1 r2-s2
Juniper Junos	Version 21.1 r2
Juniper Junos	Version 21.1 r3-s1
Juniper Junos	Version 21.1 r3-s2
Juniper Junos	Version 21.1 r3-s3
Juniper Junos	Version 21.1 r3
Juniper Junos	Version 21.2
Juniper Junos	Version 21.2 r1-s1
Juniper Junos	Version 21.2 r1-s2
Juniper Junos	Version 21.2 r1
Juniper Junos	Version 21.2 r2-s1
Juniper Junos	Version 21.2 r2-s2
Juniper Junos	Version 21.2 r2
Juniper Junos	Version 21.3
Juniper Junos	Version 21.3 r1-s1
Juniper Junos	Version 21.3 r1-s2
Juniper Junos	Version 21.3 r1
Juniper Junos	Version 21.3 r2-s1
Juniper Junos	Version 21.3 r2-s2
Juniper Junos	Version 21.3 r2
Juniper Junos	Version 21.4
Juniper Junos	Version 21.4 r1-s1
Juniper Junos	Version 21.4 r1-s2
Juniper Junos	Version 21.4 r1
Juniper Junos	Version 22.1 r1-s1
Juniper Junos	Version 22.1 r1-s2
Juniper Junos	Version 22.1 r1

Configuration B

32 vulnerable

Vulnerable Software	Affected Versions
Juniper Junos Os Evolved	Version 20.3 r1-s1
Juniper Junos Os Evolved	Version 20.3 r1-s2
Juniper Junos Os Evolved	Version 20.3 r1-s3
Juniper Junos Os Evolved	Version 20.3 r1
Juniper Junos Os Evolved	Version 20.3 r2
Juniper Junos Os Evolved	Version 20.4
Juniper Junos Os Evolved	Version 20.4 r1-s1
Juniper Junos Os Evolved	Version 20.4 r1-s2
Juniper Junos Os Evolved	Version 20.4 r1
Juniper Junos Os Evolved	Version 20.4 r2-s1
Juniper Junos Os Evolved	Version 20.4 r2-s2
Juniper Junos Os Evolved	Version 20.4 r2-s3
Juniper Junos Os Evolved	Version 20.4 r2
Juniper Junos Os Evolved	Version 20.4 r3-s1
Juniper Junos Os Evolved	Version 20.4 r3-s2
Juniper Junos Os Evolved	Version 20.4 r3-s3
Juniper Junos Os Evolved	Version 20.4 r3-s4
Juniper Junos Os Evolved	Version 20.4 r3-s5
Juniper Junos Os Evolved	Version 20.4 r3
Juniper Junos Os Evolved	Version 21.3
Juniper Junos Os Evolved	Version 21.3 r1-s1
Juniper Junos Os Evolved	Version 21.3 r1
Juniper Junos Os Evolved	Version 21.3 r2-s1
Juniper Junos Os Evolved	Version 21.3 r2-s2
Juniper Junos Os Evolved	Version 21.3 r2
Juniper Junos Os Evolved	Version 21.4
Juniper Junos Os Evolved	Version 21.4 r1-s1
Juniper Junos Os Evolved	Version 21.4 r1-s2
Juniper Junos Os Evolved	Version 21.4 r1
Juniper Junos Os Evolved	Version 22.1 r1-s1
Juniper Junos Os Evolved	Version 22.1 r1-s2
Juniper Junos Os Evolved	Version 22.1 r1

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://supportportal.juniper.net/JSA70607

Source: sirt@juniper.net

Vendor Advisory

https://supportportal.juniper.net/JSA70607

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.