目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

CVE-2023-28967— Juniper Networks Junos OS 安全漏洞

CVSS 7.5 · High EPSS 0.54% · P68
新しい脆弱性情報の通知を購読するログインして購読

I. CVE-2023-28967の基本情報

脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗

高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。

脆弱性タイトル
Junos OS and Junos OS Evolved: An attacker sending genuine BGP packets causes an RPD crash
ソース: NVD (National Vulnerability Database)
脆弱性説明
A Use of Uninitialized Resource vulnerability in the Border Gateway Protocol (BGP) software of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to send specific genuine BGP packets to a device configured with BGP to cause a Denial of Service (DoS) by crashing the Routing Protocol Daemon (rpd). This issue is triggered when the packets attempt to initiate a BGP connection before a BGP session is successfully established. Continued receipt of these specific BGP packets will cause a sustained Denial of Service condition. This issue is triggerable in both iBGP and eBGP deployments. This issue affects: Juniper Networks Junos OS 21.1 version 21.1R1 and later versions prior to 21.1R3-S5; 21.2 version 21.2R1 and later versions prior to 21.2R3-S2; 21.3 version 21.3R1 and later versions prior to 21.3R3-S2; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R3; 22.2 versions prior to 22.2R2. This issue does not affect Juniper Networks Junos OS versions prior to 21.1R1. This issue affects: Juniper Networks Junos OS Evolved 21.1-EVO version 21.1R1-EVO and later versions prior to 21.4R3-EVO; 22.1-EVO versions prior to 22.1R3-EVO; 22.2-EVO versions prior to 22.2R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 21.1R1-EVO.
ソース: NVD (National Vulnerability Database)
CVSS情報
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
N/A
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
Juniper Networks Junos OS 安全漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
Juniper Networks Junos OS是美国瞻博网络(Juniper Networks)公司的一套专用于该公司的硬件设备的网络操作系统。该操作系统提供了安全编程接口和Junos SDK。 Juniper Networks Junos OS 存在安全漏洞,该漏洞源于边界网关协议 (BGP) 软件中利用未初始化资源,攻击者利用该漏洞可以发送 BGP 数据包导致 RPD 崩溃,以下产品和版本受到影响:Juniper Networks Junos OS 21.1版本21.1R1及21.1R3-S5之前
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)

影響を受ける製品

ベンダープロダクト影響を受けるバージョンCPE購読
Juniper NetworksJunos OS unspecified ~ 21.1R1 -
Juniper NetworksJunos OS Evolved unspecified ~ 21.1R1-EVO -

II. CVE-2023-28967の公開POC

#POC説明ソースリンクShenlongリンク
AI生成POCプレミアム

公開POCは見つかりませんでした。

ログインしてAI POCを生成

III. CVE-2023-28967のインテリジェンス情報

登录查看更多情报信息。

Same Patch Batch · Juniper Networks · 2023-04-17 · 25 CVEs total

CVE-2023-289838.8 HIGHJunos OS Evolved: Shell Injection vulnerability in the gNOI server
CVE-2023-289608.2 HIGHJunos OS Evolved: Docker repository is world-writeable, allowing low-privileged local user
CVE-2023-289667.8 HIGHJunos OS Evolved: Local low-privileged user with shell access can execute CLI commands as
CVE-2023-289647.5 HIGHJunos OS and Junos OS Evolved: Malformed BGP flowspec update causes RPD crash
CVE-2023-289827.5 HIGHJunos OS and Junos OS Evolved: In a BGP rib sharding scenario when a route is frequently u
CVE-2023-289767.5 HIGHJunos OS: MX Series: If a specific traffic rate goes above the DDoS threshold it will lead
CVE-2023-289747.4 HIGHJunos OS: MX Series: In a BBE scenario upon receipt of specific malformed packets from sub
CVE-2023-289717.2 HIGHParagon Active Assurance: Enabling the timescaledb enables IP forwarding
CVE-2023-289737.1 HIGHJunos OS Evolved: The 'sysmanctl' shell command allows a local user to gain access to some
CVE-2023-289726.8 MEDIUMJunos OS: NFX Series: 'set system ports console insecure' allows root password recovery
CVE-2023-289706.5 MEDIUMJunos OS: JRR200: Kernel crash upon receipt of a specific packet
CVE-2023-289656.5 MEDIUMJunos OS: QFX10002: Failure of storm control feature may lead to Denial of Service
CVE-2023-289816.5 MEDIUMJunos OS and Junos OS Evolved: If malformed IPv6 router advertisements are received, memor
CVE-2023-289596.5 MEDIUMJunos OS: QFX10002: PFE wedges and restarts upon receipt of specific malformed packets
CVE-2023-16976.5 MEDIUMJunos OS: QFX10000 Series, PTX1000 Series: The dcpfe process will crash when a malformed e
CVE-2023-289615.8 MEDIUMJunos OS: ACX Series: IPv6 firewall filter is not installed in PFE when "from next-header
CVE-2023-289805.5 MEDIUMJunos OS and Junos OS Evolved: In a BGP rib sharding scenario an rpd crash will happen sho
CVE-2023-289785.3 MEDIUMJunos OS Evolved: Read access to some confidential user information is possible
CVE-2023-289625.3 MEDIUMJunos OS: Unauthenticated access vulnerability in J-Web
CVE-2023-289635.3 MEDIUMJunos OS: User-controlled input vulnerability in J-Web

Showing 20 of 25 CVEs. View all on vendor page →

IV. 関連脆弱性

同じ製品: Junos OS
同じベンダー: Juniper Networks

V. CVE-2023-28967へのコメント

まだコメントはありません

コメントを残す