CVE-2023-44204

An Improper Validation of Syntactic Correctness of Input vulnerability in Routing Protocol Daemon (rpd) Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS). When a malformed BGP UPDATE packet is received over an established BGP session, the rpd crashes and restarts. This issue affects both eBGP and iBGP implementations. This issue affects: Juniper Networks Junos OS * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2-S1, 22.4R3; * 23.2 versions prior to 23.2R1, 23.2R2; Juniper Networks Junos OS Evolved * 21.4 versions prior to 21.4R3-S5-EVO; * 22.1 versions prior to 22.1R3-S3-EVO; * 22.2 versions prior to 22.2R3-S3-EVO; * 22.3 versions prior to 22.3R2-S2-EVO; * 22.4 versions prior to 22.4R3-EVO; * 23.2 versions prior to 23.2R2-EVO;

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://supportportal.juniper.net/JSA73170	Vendor Advisory
https://supportportal.juniper.net/JSA73170	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:juniper:junos:21.4:-::::::
	cpe:2.3:o:juniper:junos:21.4:r1::::::
	cpe:2.3:o:juniper:junos:21.4:r1-s1::::::
	cpe:2.3:o:juniper:junos:21.4:r1-s2::::::
	cpe:2.3:o:juniper:junos:21.4:r2::::::
	cpe:2.3:o:juniper:junos:21.4:r2-s1::::::
	cpe:2.3:o:juniper:junos:21.4:r2-s2::::::
	cpe:2.3:o:juniper:junos:21.4:r3::::::
	cpe:2.3:o:juniper:junos:21.4:r3-s1::::::
	cpe:2.3:o:juniper:junos:21.4:r3-s2::::::
	cpe:2.3:o:juniper:junos:21.4:r3-s3::::::
	cpe:2.3:o:juniper:junos:22.1:r1::::::
	cpe:2.3:o:juniper:junos:22.1:r1-s1::::::
	cpe:2.3:o:juniper:junos:22.1:r1-s2::::::
	cpe:2.3:o:juniper:junos:22.1:r2::::::
	cpe:2.3:o:juniper:junos:22.1:r2-s1::::::
	cpe:2.3:o:juniper:junos:22.1:r2-s2::::::
	cpe:2.3:o:juniper:junos:22.1:r3::::::
	cpe:2.3:o:juniper:junos:22.1:r3-s1::::::
	cpe:2.3:o:juniper:junos:22.1:r3-s2::::::
	cpe:2.3:o:juniper:junos:22.2:r1::::::
	cpe:2.3:o:juniper:junos:22.2:r1-s1::::::
	cpe:2.3:o:juniper:junos:22.2:r1-s2::::::
	cpe:2.3:o:juniper:junos:22.2:r2::::::
	cpe:2.3:o:juniper:junos:22.2:r2-s1::::::
	cpe:2.3:o:juniper:junos:22.2:r2-s2::::::
	cpe:2.3:o:juniper:junos:22.2:r3::::::
	cpe:2.3:o:juniper:junos:22.2:r3-s1::::::
	cpe:2.3:o:juniper:junos:22.3:r1::::::
	cpe:2.3:o:juniper:junos:22.3:r1-s1::::::
	cpe:2.3:o:juniper:junos:22.3:r1-s2::::::
	cpe:2.3:o:juniper:junos:22.3:r2::::::
	cpe:2.3:o:juniper:junos:22.3:r2-s1::::::
	cpe:2.3:o:juniper:junos:22.4:r1::::::
	cpe:2.3:o:juniper:junos:22.4:r1-s1::::::
	cpe:2.3:o:juniper:junos:22.4:r1-s2::::::
	cpe:2.3:o:juniper:junos:22.4:r2::::::

Configuration 2 (hide)

OR	cpe:2.3:o:juniper:junos_os_evolved:21.4:-::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r1::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r2::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r3::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s3::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s4::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.1:r1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.1:r1-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.1:r1-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.1:r2::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.1:r2-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.1:r3::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.1:r3-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.1:r3-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.2:r1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.2:r1-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.2:r2::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.2:r2-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.2:r2-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.2:r3::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.2:r3-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.2:r3-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.3:r1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.3:r1-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.3:r1-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.3:r2::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.3:r2-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.4:r1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.4:r2::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.4:r2-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.4:r2-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:23.2:-::::::
	cpe:2.3:o:juniper:junos_os_evolved:23.2:r1::::::
	cpe:2.3:o:juniper:junos_os_evolved:23.2:r1-s1::::::

History

02 May 2025, 16:13

Type	Values Removed	Values Added
CPE	cpe:2.3:o:juniper:junos:21.4:r3-s4:::::: cpe:2.3:o:juniper:junos:22.4:r2-s1:::::: cpe:2.3:o:juniper:junos:23.2:r1-s1::::::

21 Nov 2024, 08:25

Type	Values Removed	Values Added
References	~~() https://supportportal.juniper.net/JSA73170 - Vendor Advisory~~	() https://supportportal.juniper.net/JSA73170 - Vendor Advisory

Information

Published : 2023-10-13 00:15

Updated : 2025-05-02 16:13

NVD link : CVE-2023-44204

Mitre link : CVE-2023-44204

CVE.ORG link : CVE-2023-44204

JSON object : View

Products Affected

juniper

junos_os_evolved
junos

CWE

CWE-1286

Improper Validation of Syntactic Correctness of Input

CWE-20

Improper Input Validation

6.5 /10