CVE-2023-22393

CVSS V2 None CVSS V3 None

Description

An Improper Check for Unusual or Exceptional Conditions vulnerability in BGP route processing of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to cause Routing Protocol Daemon (RPD) crash by sending a BGP route with invalid next-hop resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue only affects systems without import policy configured. This issue affects: Juniper Networks Junos OS 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S2; 21.4 versions prior to 21.4R2-S2, 21.4R3; 22.1 versions prior to 22.1R1-S2, 22.1R2; 22.2 versions prior to 22.2R1-S1, 22.2R2. Juniper Networks Junos OS Evolved 21.4-EVO versions prior to 21.4R2-S2-EVO, 21.4R3-EVO; 22.1-EVO versions prior to 22.1R1-S2-EVO, 22.1R2-EVO; 22.2-EVO versions prior to 22.2R1-S1-EVO, 22.2R2-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 21.1R1. Juniper Networks Junos OS Evolved versions prior to 21.3R1-EVO.

Overview

CVE ID
CVE-2023-22393

Assigner
sirt@juniper.net

Vulnerability Status
Analyzed

Published Version
2023-01-13T00:15:09

Last Modified Date
2023-01-24T18:46:14

Weakness Enumerations

CWE	URL
CWE-754	http://cwe.mitre.org/data/definitions/754.html
CWE-358	http://cwe.mitre.org/data/definitions/358.html

CPE Configuration (Product)

CPE	Vulnerable	Operator
cpe:2.3:o:juniper:junos:21.1:-::::::	1	OR
cpe:2.3:o:juniper:junos:21.1:r1::::::	1	OR
cpe:2.3:o:juniper:junos:21.1:r1-s1::::::	1	OR
cpe:2.3:o:juniper:junos:21.1:r2::::::	1	OR
cpe:2.3:o:juniper:junos:21.1:r2-s1::::::	1	OR
cpe:2.3:o:juniper:junos:21.1:r2-s2::::::	1	OR
cpe:2.3:o:juniper:junos:21.1:r3::::::	1	OR
cpe:2.3:o:juniper:junos:21.1:r3-s1::::::	1	OR
cpe:2.3:o:juniper:junos:21.1:r3-s2::::::	1	OR
cpe:2.3:o:juniper:junos:21.1:r3-s3::::::	1	OR
cpe:2.3:o:juniper:junos:21.2:-::::::	1	OR
cpe:2.3:o:juniper:junos:21.2:r1::::::	1	OR
cpe:2.3:o:juniper:junos:21.2:r1-s1::::::	1	OR
cpe:2.3:o:juniper:junos:21.2:r1-s2::::::	1	OR
cpe:2.3:o:juniper:junos:21.2:r2::::::	1	OR
cpe:2.3:o:juniper:junos:21.2:r2-s1::::::	1	OR
cpe:2.3:o:juniper:junos:21.2:r2-s2::::::	1	OR
cpe:2.3:o:juniper:junos:21.2:r3::::::	1	OR
cpe:2.3:o:juniper:junos:21.2:r3-s1::::::	1	OR
cpe:2.3:o:juniper:junos:21.2:r3-s2::::::	1	OR
cpe:2.3:o:juniper:junos:21.3:-::::::	1	OR
cpe:2.3:o:juniper:junos:21.3:r1::::::	1	OR
cpe:2.3:o:juniper:junos:21.3:r1-s1::::::	1	OR
cpe:2.3:o:juniper:junos:21.3:r1-s2::::::	1	OR
cpe:2.3:o:juniper:junos:21.3:r2::::::	1	OR
cpe:2.3:o:juniper:junos:21.3:r2-s1::::::	1	OR
cpe:2.3:o:juniper:junos:21.3:r2-s2::::::	1	OR
cpe:2.3:o:juniper:junos:21.3:r3::::::	1	OR
cpe:2.3:o:juniper:junos:21.3:r3-s1::::::	1	OR
cpe:2.3:o:juniper:junos:21.4:-::::::	1	OR
cpe:2.3:o:juniper:junos:21.4:r1::::::	1	OR
cpe:2.3:o:juniper:junos:21.4:r1-s1::::::	1	OR
cpe:2.3:o:juniper:junos:21.4:r1-s2::::::	1	OR
cpe:2.3:o:juniper:junos:21.4:r2::::::	1	OR
cpe:2.3:o:juniper:junos:21.4:r2-s1::::::	1	OR
cpe:2.3:o:juniper:junos:22.1:r1::::::	1	OR
cpe:2.3:o:juniper:junos:22.1:r1-s1::::::	1	OR
cpe:2.3:o:juniper:junos:22.2:r1::::::	1	OR
cpe:2.3:o:juniper:junos_os_evolved:21.4:-::::::	1	OR
cpe:2.3:o:juniper:junos_os_evolved:21.4:r1::::::	1	OR
cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s1::::::	1	OR
cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s2::::::	1	OR
cpe:2.3:o:juniper:junos_os_evolved:21.4:r2::::::	1	OR
cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s1::::::	1	OR
cpe:2.3:o:juniper:junos_os_evolved:22.1:r1::::::	1	OR
cpe:2.3:o:juniper:junos_os_evolved:22.1:r1-s1::::::	1	OR
cpe:2.3:o:juniper:junos_os_evolved:22.2:r1::::::	1	OR

References

Reference URL	Reference Tags
https://kb.juniper.net/JSA70189

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-22393
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22393

History

Created	Old Value	New Value	Data Type	Notes
2023-01-13 00:20:40				Added to TrackCVE
2023-01-13 00:20:41			Weakness Enumeration	new
2023-01-13 05:15:09		2023-01-13T05:12:35	CVE Modified Date	updated
2023-01-13 05:15:09	Received	Awaiting Analysis	Vulnerability Status	updated
2023-01-19 13:14:23	Awaiting Analysis	Undergoing Analysis	Vulnerability Status	updated
2023-01-24 19:14:05		2023-01-24T18:46:14	CVE Modified Date	updated
2023-01-24 19:14:05	Undergoing Analysis	Analyzed	Vulnerability Status	updated
2023-01-24 19:14:07			Weakness Enumeration	update
2023-01-24 19:14:09			CPE Information	updated