CVE-2023-22393

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions 21.1 through 21.1R3-S4 Juniper Networks Junos OS versions 21.2 through 21.2R3-S3 Juniper Networks Junos OS versions 21.3 through 21.3R3-S2 Juniper Networks Junos OS versions 21.4 through 21.4R2-S2, 21.4R3 Juniper Networks Junos OS versions 22.1 through 22.1R1-S2, 22.1R2 Juniper Networks Junos OS versions 22.2 through 22.2R1-S1, 22.2R2 Juniper Networks Junos OS Evolved versions 21.4-EVO through 21.4R2-S2-EVO, 21.4R3-EVO Juniper Networks Junos OS Evolved versions 22.1-EVO through 22.1R1-S2-EVO, 22.1R2-EVO Juniper Networks Junos OS Evolved versions 22.2-EVO through 22.2R1-S1-EVO, 22.2R2-EVO

Description The issue is related to the improper handling of BGP route processing requests in Juniper Networks Junos OS and Junos OS Evolved. An attacker can exploit this by sending a BGP route with an invalid next-hop, resulting in a Denial of Service (DoS) condition. This can cause the Routing Protocol Daemon (RPD) to crash. The issue only affects systems without an import policy configured.

Recommendations For Juniper Networks Junos OS versions 21.1 through 21.1R3-S4, update to version 21.1R3-S4 or later. For Juniper Networks Junos OS versions 21.2 through 21.2R3-S3, update to version 21.2R3-S3 or later. For Juniper Networks Junos OS versions 21.3 through 21.3R3-S2, update to version 21.3R3-S2 or later. For Juniper Networks Junos OS versions 21.4 through 21.4R2-S2, 21.4R3, update to a version later than 21.4R3. For Juniper Networks Junos OS versions 22.1 through 22.1R1-S2, 22.1R2, update to a version later than 22.1R2. For Juniper Networks Junos OS versions 22.2 through 22.2R1-S1, 22.2R2, update to a version later than 22.2R2. For Juniper Networks Junos OS Evolved versions 21.4-EVO through 21.4R2-S2-EVO, 21.4R3-EVO, update to a version later than 21.4R3-EVO. For Juniper Networks Junos OS Evolved versions 22.1-EVO through 22.1R1-S2-EVO, 22.1R2-EVO, update to a version later than 22.1R2-EVO. For Juniper Networks Junos OS Evolved versions 22.2-EVO through 22.2R1-S1-EVO, 22.2R2-EVO, update to a version later than 22.2R2-EVO. As a temporary workaround, consider configuring an import policy to mitigate the risk of exploitation.