CVE-2023-28980

Опубликовано: 17 апр. 2023

Источник: nvd

CVSS3: 5.5

EPSS Низкий

Описание

This issue affects: Juniper Networks Junos OS

20.2 version 20.2R3-S5 and later versions prior to 20.2R3-S6;
20.3 version 20.3R3-S2 and later versions prior to 20.3R3-S5;
20.4 version 20.4R3-S1 and later versions prior to 20.4R3-S4
21.1 version 21.1R3 and later versions prior to 21.1R3-S3;
21.2 version 21.2R1-S2, 21.2R2-S1 and later versions prior to 21.2R3-S2;
21.3 version 21.3R2 and later versions prior to 21.3R3;
21.4 versions prior to 21.4R2-S1, 21.4R3;
22.1 versions prior to 22.1R2.

Juniper Networks Junos OS Evolved

20.4-EVO version 20.4R3-S1-E

Ссылки

https://supportportal.juniper.net/JSA70606
Vendor Advisory
https://supportportal.juniper.net/JSA70606
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:juniper:junos:20.2:r3-s5:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:20.3:r3-s2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:20.3:r3-s3:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:20.3:r3-s4:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:20.4:r3-s1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:20.4:r3-s2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:20.4:r3-s3:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:21.1:r3:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:21.1:r3-s1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:21.1:r3-s2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:21.2:r1-s2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:21.2:r2-s1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:21.2:r2-s2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:21.2:r3:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:21.2:r3-s1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:21.3:r2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:21.3:r2-s1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:21.3:r2-s2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:21.4:-:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:21.4:r1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:21.4:r1-s1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:21.4:r1-s2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:21.4:r2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:21.4:r3:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:22.1:r1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:22.1:r1-s1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:22.1:r1-s2:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s3:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s4:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s5:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:21.2:r1-s2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:21.2:r2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:21.2:r2-s1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:21.2:r2-s2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:21.2:r3:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s3:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:21.3:r2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:21.3:r2-s1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:21.3:r2-s2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:21.3:r3:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:21.4:-:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:21.4:r1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:21.4:r2:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:21.4:r3:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:22.1:r1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:22.1:r1-s1:*:*:*:*:*:*

cpe:2.3:o:juniper:junos_os_evolved:22.1:r1-s2:*:*:*:*:*:*

EPSS

Процентиль: 17%

0.00054

Низкий

5.5 Medium

CVSS3

Дефекты

CWE-416

Связанные уязвимости

GHSA-xc2g-3f28-fmc4

CVSS3: 5.5

github

почти 3 года назад

A Use After Free vulnerability in the routing protocol daemon of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause Denial of Service (DoS). In a rib sharding scenario the rpd process will crash shortly after specific CLI command is issued. This issue is more likely to occur in a scenario with high route scale (>1M routes). This issue affects: Juniper Networks Junos OS 20.2 version 20.2R3-S5 and later versions prior to 20.2R3-S6; 20.3 version 20.3R3-S2 and later versions prior to 20.3R3-S5; 20.4 version 20.4R3-S1 and later versions prior to 20.4R3-S4 21.1 version 21.1R3 and later versions prior to 21.1R3-S3; 21.2 version 21.2R1-S2, 21.2R2-S1 and later versions prior to 21.2R3-S2; 21.3 version 21.3R2 and later versions prior to 21.3R3; 21.4 versions prior to 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R2. Juniper Networks Junos OS Evolved 20.4-EVO version 20.4R3-S1-EVO and later versions prior to 20.4R3-S6-EVO; 21.2-E...

EPSS

Процентиль: 17%

0.00054

Низкий

5.5 Medium

CVSS3

Дефекты

CWE-416