CVE-2023-44186

11.10.2023, 21:15

An Improper Handling of Exceptional Conditions vulnerability in AS PATH processing of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a BGP update message with an AS PATH containing a large number of 4-byte ASes, leading to a Denial of Service (DoS). Continued receipt and processing of these BGP updates will create a sustained Denial of Service (DoS) condition.

This issue is hit when the router has Non-Stop Routing (NSR) enabled, has a non-4-byte-AS capable BGP neighbor, receives a BGP update message with a prefix that includes a long AS PATH containing large number of 4-byte ASes, and has to advertise the prefix towards the non-4-byte-AS capable BGP neighbor.

Note: NSR is not supported on the SRX Series and is therefore not affected by this vulnerability.
This issue affects:

Juniper Networks Junos OS:



  *  All versions prior to 20.4R3-S8;
  *  21.1 versions 21.1R1 and later;
  *  21.2 versions prior to 21.2R3-S6;
  *  21.3 versions prior to 21.3R3-S5;
  *  21.4 versions prior to 21.4R3-S5;
  *  22.1 versions prior to 22.1R3-S4;
  *  22.2 versions prior to 22.2R3-S2;
  *  22.3 versions prior to 22.3R2-S2, 22.3R3-S1;
  *  22.4 versions prior to 22.4R2-S1, 22.4R3.




Juniper Networks Junos OS Evolved



  *  All versions prior to 20.4R3-S8-EVO;
  *  21.1 versions 21.1R1-EVO and later;
  *  21.2 versions prior to 21.2R3-S6-EVO;
  *  21.3 versions prior to 21.3R3-S5-EVO;
  *  21.4 versions prior to 21.4R3-S5-EVO;
  *  22.1 versions prior to 22.1R3-S4-EVO;
  *  22.2 versions prior to 22.2R3-S2-EVO;
  *  22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO;
  *  22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
juniper	CNA	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 37%

Vendor	Product	Version
juniper	junos	𝑥 < 20.4
juniper	junos	20.4
juniper	junos	20.4:r1
juniper	junos	20.4:r1-s1
juniper	junos	20.4:r2
juniper	junos	20.4:r2-s1
juniper	junos	20.4:r2-s2
juniper	junos	20.4:r3
juniper	junos	20.4:r3-s1
juniper	junos	20.4:r3-s2
juniper	junos	20.4:r3-s3
juniper	junos	20.4:r3-s4
juniper	junos	20.4:r3-s5
juniper	junos	20.4:r3-s6
juniper	junos	20.4:r3-s7
juniper	junos	21.1:r1
juniper	junos	21.1:r1-s1
juniper	junos	21.1:r2
juniper	junos	21.1:r2-s1
juniper	junos	21.1:r2-s2
juniper	junos	21.1:r3
juniper	junos	21.1:r3-s1
juniper	junos	21.1:r3-s2
juniper	junos	21.1:r3-s3
juniper	junos	21.1:r3-s4
juniper	junos	21.1:r3-s5
juniper	junos	21.2
juniper	junos	21.2:r1
juniper	junos	21.2:r1-s1
juniper	junos	21.2:r1-s2
juniper	junos	21.2:r2
juniper	junos	21.2:r2-s1
juniper	junos	21.2:r2-s2
juniper	junos	21.2:r3
juniper	junos	21.2:r3-s1
juniper	junos	21.2:r3-s2
juniper	junos	21.2:r3-s3
juniper	junos	21.2:r3-s4
juniper	junos	21.2:r3-s5
juniper	junos	21.3
juniper	junos	21.3:r1
juniper	junos	21.3:r1-s1
juniper	junos	21.3:r1-s2
juniper	junos	21.3:r2
juniper	junos	21.3:r2-s1
juniper	junos	21.3:r2-s2
juniper	junos	21.3:r3
juniper	junos	21.3:r3-s1
juniper	junos	21.3:r3-s2
juniper	junos	21.3:r3-s3
juniper	junos	21.3:r3-s4
juniper	junos	21.4
juniper	junos	21.4:r1
juniper	junos	21.4:r1-s1
juniper	junos	21.4:r1-s2
juniper	junos	21.4:r2
juniper	junos	21.4:r2-s1
juniper	junos	21.4:r2-s2
juniper	junos	21.4:r3
juniper	junos	21.4:r3-s1
juniper	junos	21.4:r3-s2
juniper	junos	21.4:r3-s3
juniper	junos	21.4:r3-s4
juniper	junos	22.1:r1
juniper	junos	22.1:r1-s1
juniper	junos	22.1:r1-s2
juniper	junos	22.1:r2
juniper	junos	22.1:r2-s1
juniper	junos	22.1:r2-s2
juniper	junos	22.1:r3
juniper	junos	22.1:r3-s1
juniper	junos	22.1:r3-s2
juniper	junos	22.1:r3-s3
juniper	junos	22.2:r1
juniper	junos	22.2:r1-s1
juniper	junos	22.2:r1-s2
juniper	junos	22.2:r2
juniper	junos	22.2:r2-s1
juniper	junos	22.2:r2-s2
juniper	junos	22.2:r3
juniper	junos	22.2:r3-s1
juniper	junos	22.3:r1
juniper	junos	22.3:r1-s1
juniper	junos	22.3:r1-s2
juniper	junos	22.3:r2
juniper	junos	22.3:r2-s1
juniper	junos	22.3:r3
juniper	junos	22.4:r1
juniper	junos	22.4:r1-s1
juniper	junos	22.4:r1-s2
juniper	junos	22.4:r2
juniper	junos	23.1:r1
juniper	junos	23.2:r1
juniper	junos	23.2:r1-s1
juniper	junos_os_evolved	𝑥 < 20.4
juniper	junos_os_evolved	20.4
juniper	junos_os_evolved	20.4:r1
juniper	junos_os_evolved	20.4:r1-s1
juniper	junos_os_evolved	20.4:r1-s2
juniper	junos_os_evolved	20.4:r2
juniper	junos_os_evolved	20.4:r2-s1
juniper	junos_os_evolved	20.4:r2-s2
juniper	junos_os_evolved	20.4:r2-s3
juniper	junos_os_evolved	20.4:r3
juniper	junos_os_evolved	20.4:r3-s1
juniper	junos_os_evolved	20.4:r3-s2
juniper	junos_os_evolved	20.4:r3-s3
juniper	junos_os_evolved	20.4:r3-s4
juniper	junos_os_evolved	20.4:r3-s5
juniper	junos_os_evolved	20.4:r3-s6
juniper	junos_os_evolved	20.4:r3-s7
juniper	junos_os_evolved	21.1
juniper	junos_os_evolved	21.1:r1
juniper	junos_os_evolved	21.1:r1-s1
juniper	junos_os_evolved	21.1:r2
juniper	junos_os_evolved	21.1:r3
juniper	junos_os_evolved	21.1:r3-s1
juniper	junos_os_evolved	21.1:r3-s2
juniper	junos_os_evolved	21.1:r3-s3
juniper	junos_os_evolved	21.2
juniper	junos_os_evolved	21.2:r1
juniper	junos_os_evolved	21.2:r1-s1
juniper	junos_os_evolved	21.2:r1-s2
juniper	junos_os_evolved	21.2:r2
juniper	junos_os_evolved	21.2:r2-s1
juniper	junos_os_evolved	21.2:r2-s2
juniper	junos_os_evolved	21.2:r3
juniper	junos_os_evolved	21.2:r3-s1
juniper	junos_os_evolved	21.2:r3-s2
juniper	junos_os_evolved	21.2:r3-s3
juniper	junos_os_evolved	21.2:r3-s4
juniper	junos_os_evolved	21.2:r3-s5
juniper	junos_os_evolved	21.3
juniper	junos_os_evolved	21.3:r1
juniper	junos_os_evolved	21.3:r1-s1
juniper	junos_os_evolved	21.3:r2
juniper	junos_os_evolved	21.3:r2-s1
juniper	junos_os_evolved	21.3:r2-s2
juniper	junos_os_evolved	21.3:r3
juniper	junos_os_evolved	21.3:r3-s1
juniper	junos_os_evolved	21.3:r3-s2
juniper	junos_os_evolved	21.3:r3-s3
juniper	junos_os_evolved	21.3:r3-s4
juniper	junos_os_evolved	21.4
juniper	junos_os_evolved	21.4:r1
juniper	junos_os_evolved	21.4:r1-s1
juniper	junos_os_evolved	21.4:r1-s2
juniper	junos_os_evolved	21.4:r2
juniper	junos_os_evolved	21.4:r2-s1
juniper	junos_os_evolved	21.4:r2-s2
juniper	junos_os_evolved	21.4:r3
juniper	junos_os_evolved	21.4:r3-s1
juniper	junos_os_evolved	21.4:r3-s2
juniper	junos_os_evolved	21.4:r3-s3
juniper	junos_os_evolved	21.4:r3-s4
juniper	junos_os_evolved	22.1:r1
juniper	junos_os_evolved	22.1:r1-s1
juniper	junos_os_evolved	22.1:r1-s2
juniper	junos_os_evolved	22.1:r2
juniper	junos_os_evolved	22.1:r2-s1
juniper	junos_os_evolved	22.1:r3
juniper	junos_os_evolved	22.1:r3-s1
juniper	junos_os_evolved	22.1:r3-s2
juniper	junos_os_evolved	22.1:r3-s3
juniper	junos_os_evolved	22.2:r1
juniper	junos_os_evolved	22.2:r1-s1
juniper	junos_os_evolved	22.2:r2
juniper	junos_os_evolved	22.2:r2-s1
juniper	junos_os_evolved	22.2:r2-s2
juniper	junos_os_evolved	22.2:r3
juniper	junos_os_evolved	22.2:r3-s1
juniper	junos_os_evolved	22.3:r1
juniper	junos_os_evolved	22.3:r1-s1
juniper	junos_os_evolved	22.3:r1-s2
juniper	junos_os_evolved	22.3:r2
juniper	junos_os_evolved	22.3:r2-s1
juniper	junos_os_evolved	22.4:r1
juniper	junos_os_evolved	22.4:r1-s1
juniper	junos_os_evolved	22.4:r1-s2
juniper	junos_os_evolved	22.4:r2
juniper	junos_os_evolved	23.2
juniper	junos_os_evolved	23.2:r1
juniper	junos_os_evolved	23.2:r1-s1

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-755 - Improper Handling of Exceptional Conditions
The software does not handle or incorrectly handles an exceptional condition.

References

https://supportportal.juniper.net/JSA73150