admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-30 18:04:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-08-29 00:00:33 +00:00
parent 98d3e0eeed
commit e34e6b1ebf
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
1 changed files with 175 additions and 191 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

366
2023/28xxx/CVE-2023-28980.json
View File

@ -1,197 +1,28 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2023-04-12T16:00:00.000Z",
"ID": "CVE-2023-28980",
"STATE": "PUBLIC",
"TITLE": "Junos OS and Junos OS Evolved: In a BGP rib sharding scenario an rpd crash will happen shortly after a specific CLI command is issued"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_name": "20.2",
"version_value": "20.2R3-S5"
},
{
"version_affected": "<",
"version_name": "20.2",
"version_value": "20.2R3-S6"
},
{
"version_affected": ">=",
"version_name": "20.3",
"version_value": "20.3R3-S2"
},
{
"version_affected": "<",
"version_name": "20.3",
"version_value": "20.3R3-S5"
},
{
"version_affected": ">=",
"version_name": "20.4",
"version_value": "20.4R3-S1"
},
{
"version_affected": "<",
"version_name": "20.4",
"version_value": "20.4R3-S4"
},
{
"version_affected": ">=",
"version_name": "21.1",
"version_value": "21.1R3"
},
{
"version_affected": "<",
"version_name": "21.1",
"version_value": "21.1R3-S3"
},
{
"version_affected": ">=",
"version_name": "21.2",
"version_value": "21.2R1-S2, 21.2R2-S1"
},
{
"version_affected": "<",
"version_name": "21.2",
"version_value": "21.2R3-S2"
},
{
"version_affected": ">=",
"version_name": "21.3",
"version_value": "21.3R2"
},
{
"version_affected": "<",
"version_name": "21.3",
"version_value": "21.3R3"
},
{
"version_affected": "<",
"version_name": "21.4",
"version_value": "21.4R2-S1, 21.4R3"
},
{
"version_affected": "<",
"version_name": "22.1",
"version_value": "22.1R2"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_name": "20.4-EVO",
"version_value": "20.4R3-S1-EVO"
},
{
"version_affected": "<",
"version_name": "20.4-EVO",
"version_value": "20.4R3-S6-EVO"
},
{
"version_affected": ">=",
"version_name": "21.2-EVO",
"version_value": "21.2R1-S2-EVO"
},
{
"version_affected": "<",
"version_name": "21.2-EVO",
"version_value": "21.2R3-S4-EVO"
},
{
"version_affected": ">=",
"version_name": "21.3-EVO",
"version_value": "21.3R2-EVO"
},
{
"version_affected": "<",
"version_name": "21.3-EVO",
"version_value": "21.3R3-S1-EVO"
},
{
"version_affected": "<",
"version_name": "21.4-EVO",
"version_value": "21.4R2-S1-EVO, 21.4R3-EVO"
},
{
"version_affected": "<",
"version_name": "22.1-EVO",
"version_value": "22.1R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "To be exposed to this issue the system needs to be configured with rib sharding as follows:\n\n [system processes routing bgp rib-sharding]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2023-28980",
"ASSIGNER": "sirt@juniper.net",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Use After Free vulnerability in the routing protocol daemon of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause Denial of Service (DoS). In a rib sharding scenario the rpd process will crash shortly after specific CLI command is issued. This issue is more likely to occur in a scenario with high route scale (>1M routes). This issue affects: Juniper Networks Junos OS 20.2 version 20.2R3-S5 and later versions prior to 20.2R3-S6; 20.3 version 20.3R3-S2 and later versions prior to 20.3R3-S5; 20.4 version 20.4R3-S1 and later versions prior to 20.4R3-S4 21.1 version 21.1R3 and later versions prior to 21.1R3-S3; 21.2 version 21.2R1-S2, 21.2R2-S1 and later versions prior to 21.2R3-S2; 21.3 version 21.3R2 and later versions prior to 21.3R3; 21.4 versions prior to 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R2. Juniper Networks Junos OS Evolved 20.4-EVO version 20.4R3-S1-EVO and later versions prior to 20.4R3-S6-EVO; 21.2-EVO version 21.2R1-S2-EVO and later versions prior to 21.2R3-S4-EVO; 21.3-EVO version 21.3R2-EVO and later versions prior to 21.3R3-S1-EVO; 21.4-EVO versions prior to 21.4R2-S1-EVO, 21.4R3-EVO; 22.1-EVO versions prior to 22.1R2-EVO."
"value": "A Use After Free vulnerability in the routing protocol daemon of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause Denial of Service (DoS). In a rib sharding scenario the rpd process will crash shortly after specific CLI command is issued. This issue is more likely to occur in a scenario with high route scale (>1M routes).\n\n\nThis issue affects:\nJuniper Networks Junos OS\n\n\n * 20.2 version 20.2R3-S5 and later versions prior to 20.2R3-S6;\n * 20.3 version 20.3R3-S2 and later versions prior to 20.3R3-S5;\n * 20.4 version 20.4R3-S1 and later versions prior to 20.4R3-S4\n * 21.1 version 21.1R3 and later versions prior to 21.1R3-S3;\n * 21.2 version 21.2R1-S2, 21.2R2-S1 and later versions prior to 21.2R3-S2;\n * 21.3 version 21.3R2 and later versions prior to 21.3R3;\n * 21.4 versions prior to 21.4R2-S1, 21.4R3;\n * 22.1 versions prior to 22.1R2.\n\n\n\n\nJuniper Networks Junos OS Evolved\n\n\n * 20.4-EVO version 20.4R3-S1-EVO and later versions prior to 20.4R3-S6-EVO;\n * 21.2-EVO version 21.2R1-S2-EVO and later versions prior to 21.2R3-S4-EVO;\n * 21.3-EVO version 21.3R2-EVO and later versions prior to 21.3R3-S1-EVO;\n * 21.4-EVO versions prior to 21.4R2-S1-EVO, 21.4R3-EVO;\n * 22.1-EVO versions prior to 22.1R2-EVO.\n\n\n"
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416 Use After Free"
"value": "CWE-416 Use After Free",
"cweId": "CWE-416"
}
]
},
@ -205,21 +36,110 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Juniper Networks",
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "20.2R3-S5",
"version_value": "20.2R3-S6"
},
{
"version_affected": "<",
"version_name": "20.3R3-S2",
"version_value": "20.3R3-S5"
},
{
"version_affected": "<",
"version_name": "20.4R3-S1",
"version_value": "20.4R3-S4"
},
{
"version_affected": "<",
"version_name": "21.1R3",
"version_value": "21.1R3-S3"
},
{
"version_affected": "<",
"version_name": "21.2R1-S2, 21.2R2-S1",
"version_value": "21.2R3-S2"
},
{
"version_affected": "<",
"version_name": "21.3R2",
"version_value": "21.3R3"
},
{
"version_affected": "<",
"version_name": "21.4R1",
"version_value": "21.4R2-S1, 21.4R3"
},
{
"version_affected": "<",
"version_name": "22.1R1",
"version_value": "22.1R2"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "20.4R3-S1-EVO",
"version_value": "20.4R3-S6-EVO"
},
{
"version_affected": "<",
"version_name": "21.2R1-S2-EVO",
"version_value": "21.2R3-S4-EVO"
},
{
"version_affected": "<",
"version_name": "21.3R2-EVO",
"version_value": "21.3R3-S1-EVO"
},
{
"version_affected": "<",
"version_name": "21.4R1-EVO",
"version_value": "21.4R2-S1-EVO, 21.4R3-EVO"
},
{
"version_affected": "<",
"version_name": "22.1R1-EVO",
"version_value": "22.1R2-EVO"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://supportportal.juniper.net/JSA70606",
"refsource": "CONFIRM",
"url": "https://supportportal.juniper.net/JSA70606"
"url": "https://supportportal.juniper.net/JSA70606",
"refsource": "MISC",
"name": "https://supportportal.juniper.net/JSA70606"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue:\nJunos OS Evolved: 20.4R3-S6-EVO, 21.2R3-S4-EVO, 21.3R3-S1-EVO, 21.4R2-S1-EVO, 21.4R3-EVO, 22.1R2-EVO, 22.2R1-EVO, and all subsequent releases.\nJunos OS: 20.2R3-S6, 20.3R3-S5, 20.4R3-S4, 21.1R3-S3, 21.2R3-S2, 21.3R3, 21.4R2-S1, 21.4R3, 22.1R2, 22.2R1, and all subsequent releases."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"source": {
"advisory": "JSA70606",
"defect": [
@ -227,10 +147,74 @@
],
"discovery": "USER"
},
"configuration": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>To be exposed to this issue the system needs to be configured with rib sharding as follows:</p><code> [system processes routing bgp rib-sharding]</code><br/>"
}
],
"value": "To be exposed to this issue the system needs to be configured with rib sharding as follows:\n\n [system processes routing bgp rib-sharding]\n"
}
],
"work_around": [
{
"lang": "eng",
"value": "There are no known workarounds for this issue.\n\nTo reduce the risk of exploitation use access controls to limit CLI access to the device only from trusted networks, hosts and users."
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>There are no known workarounds for this issue.</p><p>To reduce the risk of exploitation use access controls to limit CLI access to the device only from trusted networks, hosts and users.</p>"
}
],
"value": "There are no known workarounds for this issue.\n\nTo reduce the risk of exploitation use access controls to limit CLI access to the device only from trusted networks, hosts and users.\n\n"
}
]
],
"exploit": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>Juniper SIRT is not aware of any malicious exploitation of this vulnerability.</p>"
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n"
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>The following software releases have been updated to resolve this specific issue:</p><p>Junos OS Evolved: 20.4R3-S6-EVO, 21.2R3-S4-EVO, 21.3R3-S1-EVO, 21.4R2-S1-EVO, 21.4R3-EVO, 22.1R2-EVO, 22.2R1-EVO, and all subsequent releases.</p><p>Junos OS: 20.2R3-S6, 20.3R3-S5, 20.4R3-S4, 21.1R3-S3, 21.2R3-S2, 21.3R3, 21.4R2-S1, 21.4R3, 22.1R2, 22.2R1, and all subsequent releases.</p>"
}
],
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS Evolved: 20.4R3-S6-EVO, 21.2R3-S4-EVO, 21.3R3-S1-EVO, 21.4R2-S1-EVO, 21.4R3-EVO, 22.1R2-EVO, 22.2R1-EVO, and all subsequent releases.\n\nJunos OS: 20.2R3-S6, 20.3R3-S5, 20.4R3-S4, 21.1R3-S3, 21.2R3-S2, 21.3R3, 21.4R2-S1, 21.4R3, 22.1R2, 22.2R1, and all subsequent releases.\n\n"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}
}