CVE-2023-4481

Name of the Vulnerable Software and Affected Versions Junos OS versions prior to 20.4R3-S10 Junos OS versions 21.1R1 through 21.* Junos OS versions 21.2 through 21.2R3-S5 Junos OS versions 21.3 through 21.3R3-S5 Junos OS versions 21.4 through 21.4R3-S7 Junos OS versions 22.1 through 22.1R3-S4 Junos OS versions 22.2 through 22.2R3-S3 Junos OS versions 22.3 through 22.3R3-S1 Junos OS versions 22.4 through 22.4R3 Junos OS versions 23.2 through 23.2R2 Junos OS Evolved versions prior to 20.4R3-S10-EVO Junos OS Evolved versions 21.2-EVO through 21.2R3-S7-EVO Junos OS Evolved versions 21.3-EVO through 21.3R3-S5-EVO Junos OS Evolved versions 21.4-EVO through 21.4R3-S5-EVO Junos OS Evolved versions 22.1-EVO through 22.1R3-S4-EVO Junos OS Evolved versions 22.2-EVO through 22.2R3-S3-EVO Junos OS Evolved versions 22.3-EVO through 22.3R3-S1-EVO Junos OS Evolved versions 22.4-EVO through 22.4R3-EVO Junos OS Evolved versions 23.2-EVO through 23.2R2-EVO

Description The issue is related to an Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved. This vulnerability allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS) by sending crafted BGP UPDATE messages over an established BGP session. The issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations, and requires a remote attacker to have at least one established BGP session. Continuous receipt of the crafted BGP UPDATE messages will create a sustained Denial of Service (DoS) condition for impacted devices.

Recommendations Update Junos OS to a version after 20.4R3-S10 Update Junos OS to a version after 21.1R1 Update Junos OS to a version after 21.2R3-S5 Update Junos OS to a version after 21.3R3-S5 Update Junos OS to a version after 21.4R3-S7 Update Junos OS to a version after 22.1R3-S4 Update Junos OS to a version after 22.2R3-S3 Update Junos OS to a version after 22.3R3-S1 Update Junos OS to a version after 22.4R3 Update Junos OS to a version after 23.2R2 Update Junos OS Evolved to a version after 20.4R3-S10-EVO Update Junos OS Evolved to a version after 21.2R3-S7-EVO Update Junos OS Evolved to a version after 21.3R3-S5-EVO Update Junos OS Evolved to a version after 21.4R3-S5-EVO Update Junos OS Evolved to a version after 22.1R3-S4-EVO Update Junos OS Evolved to a version after 22.2R3-S3-EVO Update Junos OS Evolved to a version after 22.3R3-S1-EVO Update Junos OS Evolved to a version after 22.4R3-EVO Update Junos OS Evolved to a version after 23.2R2-EVO As a temporary workaround, consider disabling the BGP protocol until a patch is available. Restrict access to the BGP UPDATE messages to minimize the risk of exploitation. Avoid using the BGP protocol in the affected API endpoint until the issue is resolved.