CVE-2023-36849

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions 21.4 through 21.4R3-S3 Juniper Networks Junos OS versions 22.1 through 22.1R3-S3 Juniper Networks Junos OS versions 22.2 through 22.2R2-S1, 22.2R3 Juniper Networks Junos OS versions 22.3 through 22.3R2 Juniper Networks Junos OS Evolved versions 21.4-EVO through 21.4R3-S2-EVO Juniper Networks Junos OS Evolved versions 22.1-EVO through 22.1R3-S3-EVO Juniper Networks Junos OS Evolved versions 22.2-EVO through 22.2R2-S1-EVO, 22.2R3-EVO Juniper Networks Junos OS Evolved versions 22.3-EVO through 22.3R2-EVO

Description The issue is related to an Improper Check or Handling of Exceptional Conditions vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved. This vulnerability allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS) by sending a malformed LLDP packet, which will crash and restart the l2cpd process. The impact of the l2cpd crash includes the reinitialization of STP protocols (RSTP, MSTP, or VSTP) and MVRP and ERP. Additionally, services that depend on LLDP state, such as PoE or VoIP device recognition, will also be affected. Continued receipt of such packets will lead to a sustained Denial of Service.

Recommendations For Juniper Networks Junos OS versions 21.4 through 21.4R3-S3, update to version 21.4R3-S3 or later. For Juniper Networks Junos OS versions 22.1 through 22.1R3-S3, update to version 22.1R3-S3 or later. For Juniper Networks Junos OS versions 22.2 through 22.2R2-S1, 22.2R3, update to version 22.2R2-S1 or later. For Juniper Networks Junos OS versions 22.3 through 22.3R2, update to version 22.3R2 or later. For Juniper Networks Junos OS Evolved versions 21.4-EVO through 21.4R3-S2-EVO, update to version 21.4R3-S2-EVO or later. For Juniper Networks Junos OS Evolved versions 22.1-EVO through 22.1R3-S3-EVO, update to version 22.1R3-S3-EVO or later. For Juniper Networks Junos OS Evolved versions 22.2-EVO through 22.2R2-S1-EVO, 22.2R3-EVO, update to version 22.2R2-S1-EVO or later. For Juniper Networks Junos OS Evolved versions 22.3-EVO through 22.3R2-EVO, update to version 22.3R2-EVO or later. As a temporary workaround, consider disabling the l2cpd process until a patch is available. Restrict access to the vulnerable l2cpd daemon to minimize the risk of exploitation. Avoid using the LLDP protocol in the affected Junos OS and Junos OS Evolved versions until the issue is resolved.