CVE-2023-28967

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions 21.1R1 through 21.1R3-S5 Juniper Networks Junos OS versions 21.2R1 through 21.2R3-S2 Juniper Networks Junos OS versions 21.3R1 through 21.3R3-S2 Juniper Networks Junos OS versions prior to 21.4R3 Juniper Networks Junos OS versions prior to 22.1R3 Juniper Networks Junos OS versions prior to 22.2R2 Juniper Networks Junos OS Evolved versions 21.1R1-EVO through 21.4R3-EVO Juniper Networks Junos OS Evolved versions prior to 22.1R3-EVO Juniper Networks Junos OS Evolved versions prior to 22.2R2-EVO

Description A Use of Uninitialized Resource vulnerability in the Border Gateway Protocol (BGP) software of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to send specific genuine BGP packets to a device configured with BGP to cause a Denial of Service (DoS) by crashing the Routing Protocol Daemon (rpd). This issue is triggered when the packets attempt to initiate a BGP connection before a BGP session is successfully established. Continued receipt of these specific BGP packets will cause a sustained Denial of Service condition. This issue is triggerable in both iBGP and eBGP deployments.

Recommendations For Juniper Networks Junos OS versions 21.1R1 through 21.1R3-S5, update to version 21.1R3-S5 or later. For Juniper Networks Junos OS versions 21.2R1 through 21.2R3-S2, update to version 21.2R3-S2 or later. For Juniper Networks Junos OS versions 21.3R1 through 21.3R3-S2, update to version 21.3R3-S2 or later. For Juniper Networks Junos OS versions prior to 21.4R3, update to version 21.4R3 or later. For Juniper Networks Junos OS versions prior to 22.1R3, update to version 22.1R3 or later. For Juniper Networks Junos OS versions prior to 22.2R2, update to version 22.2R2 or later. For Juniper Networks Junos OS Evolved versions 21.1R1-EVO through 21.4R3-EVO, update to version 21.4R3-EVO or later. For Juniper Networks Junos OS Evolved versions prior to 22.1R3-EVO, update to version 22.1R3-EVO or later. For Juniper Networks Junos OS Evolved versions prior to 22.2R2-EVO, update to version 22.2R2-EVO or later. As a temporary workaround, consider disabling the BGP protocol until a patch is available. Restrict access to the BGP module to minimize the risk of exploitation. Avoid using the BGP protocol in the affected API endpoint until the issue is resolved.