CVE-2023-36840— Juniper Networks Junos OS Evolved安全漏洞
新しい脆弱性情報の通知を購読するログインして購読
I. CVE-2023-36840の基本情報
脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗ 高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
Junos OS and Junos OS Evolved: An rpd crash occurs when a specific L2VPN command is run
ソース: NVD (National Vulnerability Database)
脆弱性説明
A Reachable Assertion vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a locally-based, low-privileged attacker to cause a Denial of Service (DoS). On all Junos OS and Junos OS Evolved, when a specific L2VPN command is run, RPD will crash and restart. Continued execution of this specific command will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS All versions prior to 19.3R3-S10; 20.1 versions prior to 20.1R3-S4; 20.2 versions prior to 20.2R3-S6; 20.3 versions prior to 20.3R3-S6; 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S2; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R3; 22.2 versions prior to 22.2R2; 22.3 versions prior to 22.3R2; Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S7-EVO; 21.1 versions prior to 21.1R3-S3-EVO; 21.2 versions prior to 21.2R3-S5-EVO; 21.3 versions prior to 21.3R3-S4-EVO; 21.4 versions prior to 21.4R3-EVO; 22.1 versions prior to 22.1R3-EVO; 22.2 versions prior to 22.2R2-EVO; 22.3 versions prior to 22.3R2-EVO;
ソース: NVD (National Vulnerability Database)
CVSS情報
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
可达断言
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
Juniper Networks Junos OS Evolved安全漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
Juniper Networks Junos OS Evolved是美国瞻博网络(Juniper Networks)公司的Junos OS 的升级版系统。 Junos OS和Junos OS Evolved存在安全漏洞,该漏洞源于路由协议守护程序(RPD)存在可到达断言漏洞,攻击者可利用该漏洞造成拒绝服务(DoS)。受影响的产品和版本:Juniper Networks Junos OS: 19.3R3-S7之前的所有版本;19.4R3-S10之前的19.4版本;20.1R3-S4之前的20.1版本;20.
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)
影響を受ける製品
| ベンダー | プロダクト | 影響を受けるバージョン | CPE | 購読 |
|---|---|---|---|---|
| Juniper Networks | Junos OS | unspecified ~ 19.3R3-S10 | - | |
| Juniper Networks | Junos OS Evolved | unspecified ~ 20.4R3-S7-EVO | - |
II. CVE-2023-36840の公開POC
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|
AI生成POCプレミアム
公開POCは見つかりませんでした。
ログインしてAI POCを生成III. CVE-2023-36840のインテリジェンス情報
请登录查看更多情报信息。
Same Patch Batch · Juniper Networks · 2023-07-14 · 12 CVEs total
| CVE-2023-36835 | 7.5 HIGH | Junos OS: QFX10000 Series: All traffic will be dropped after a specific valid IP packet ha |
| CVE-2023-28985 | 7.5 HIGH | SRX Series and MX Series: An FPC core is observed when IDP is enabled on the device and a |
| CVE-2023-36832 | 7.5 HIGH | Junos OS: MX Series: PFE crash upon receipt of specific packet destined to an AMS interfac |
| CVE-2023-36831 | 7.5 HIGH | Junos OS: SRX Series: jbuf memory leak when SSL Proxy and UTM Web-Filtering is applied |
| CVE-2023-36850 | 6.5 MEDIUM | Junos OS: MX Series: An MPC will crash upon receipt of a malformed CFM packet. |
| CVE-2023-36849 | 6.5 MEDIUM | Junos OS and Junos OS Evolved: The l2cpd will crash when a malformed LLDP packet is receiv |
| CVE-2023-36848 | 6.5 MEDIUM | Junos OS: MX Series: The FPC will crash on receiving a malformed CFM packet |
| CVE-2023-36834 | 6.5 MEDIUM | Junos OS: SRX 4600 and SRX 5000 Series: The receipt of specific genuine packets by SRXes c |
| CVE-2023-36833 | 6.5 MEDIUM | Junos OS Evolved: PTX10001-36MR, and PTX10004, PTX10008, PTX10016 with LC1201/1202: The af |
| CVE-2023-36838 | 5.5 MEDIUM | Junos OS: SRX Series: A flowd core occurs when running a low privileged CLI command |
| CVE-2023-36836 | 4.7 MEDIUM | Junos OS and Junos OS Evolved: In a MoFRR scenario an rpd core may be observed when a low |
IV. 関連脆弱性
同じ製品: Junos OS
- CVE-2026-33791
Junos OS and Junos OS Evolved: Execution of crafted CLI comm - CVE-2026-33790
Junos OS: SRX Series: In a NAT64 configuration, receipt of a - CVE-2026-33787
Junos OS: SRX1500, SRX4100, SRX4200, SRX4600: When a specifi - CVE-2026-33785
Junos OS: MX Series: Missing Authorization for specific 'req - CVE-2026-33781
Junos OS: EX Series, QFX Series: In a VXLAN scenario when sp
同じベンダー: Juniper Networks
- CVE-2026-33791
Junos OS and Junos OS Evolved: Execution of crafted CLI comm - CVE-2026-33790
Junos OS: SRX Series: In a NAT64 configuration, receipt of a - CVE-2026-33787
Junos OS: SRX1500, SRX4100, SRX4200, SRX4600: When a specifi - CVE-2026-33785
Junos OS: MX Series: Missing Authorization for specific 'req - CVE-2026-33784
JSI Virtual Lightweight Collector: Default password is not r
同じ弱点: CWE-617
- CVE-2026-8257
WebAssembly Binaryen BrOn wasm-ir-builder.cpp makeBrOn asser - CVE-2026-41584
ZEBRA: rk Identity Point Panic in Transaction Verification - CVE-2026-20450
MediaTek Chipsets 安全漏洞 - CVE-2026-41485
Kyverno Controller Denial of Service via forEach Mutation Pa - CVE-2026-34067
nimiq-transaction vulnerable to panic via `HistoryTreeProof`
V. CVE-2023-36840へのコメント
まだコメントはありません