We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2023-36836

Junos OS and Junos OS Evolved: In a MoFRR scenario an rpd core may be observed when a low privileged CLI command is executed



Description

A Use of an Uninitialized Resource vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with low privileges to cause a Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, in a Multicast only Fast Reroute (MoFRR) scenario, the rpd process can crash when a a specific low privileged CLI command is executed. The rpd crash will impact all routing protocols until the process has automatically been restarted. As the operational state which makes this issue exploitable is outside the attackers control, this issue is considered difficult to exploit. Continued execution of this command will lead to a sustained DoS. This issue affects: Juniper Networks Junos OS 19.4 version 19.4R3-S5 and later versions prior to 19.4R3-S9; 20.1 version 20.1R2 and later versions; 20.2 versions prior to 20.2R3-S7; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S6; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S2; 21.3 versions prior to 21.3R3-S1; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R1-S2, 22.1R2; 22.2 versions prior to 22.2R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S6-EVO; 21.1-EVO version 21.1R1-EVO and later versions; 21.2-EVO version 21.2R1-EVO and later versions; 21.3-EVO versions prior to 21.3R3-S1-EVO; 21.4-EVO versions prior to 21.4R3-EVO; 22.1-EVO versions prior to 22.1R1-S2-EVO, 22.1R2-EVO; 22.2-EVO versions prior to 22.2R2-EVO.

Reserved 2023-06-27 | Published 2023-07-14 | Updated 2024-10-22 | Assigner juniper


MEDIUM: 4.7CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Problem types

CWE-908 Use of Uninitialized Resource

Denial of Service (DoS)

Product status

Default status
unaffected

19.4R3-S4 before 19.4*
affected

20.1R2 before 20.1*
affected

20.2 before 20.2R3-S7
affected

20.3 before 20.3R3-S5
affected

20.4 before 20.4R3-S6
affected

21.1 before 21.1R3-S4
affected

21.2 before 21.2R3-S2
affected

21.3 before 21.3R3-S1
affected

21.4 before 21.4R3
affected

22.1 before 22.1R1-S2, 22.1R2
affected

22.2 before 22.2R2
affected

Default status
unaffected

Any version before 20.4R3-S6-EVO
affected

21.1 before 21.1*
affected

21.2 before 21.2*
affected

21.3 before 21.3R3-S1-EVO
affected

21.4 before 21.4R3-EVO
affected

22.1 before 22.1R1-S2-EVO, 22.1R2-EVO
affected

22.2 before 22.2R2-EVO
affected

References

supportportal.juniper.net/JSA71643

cve.org (CVE-2023-36836)

nvd.nist.gov (CVE-2023-36836)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2023-36836

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.