CVE-2023-44177— Juniper Networks Junos 和 Junos EVO 缓冲区错误漏洞
新しい脆弱性情報の通知を購読するログインして購読
I. CVE-2023-44177の基本情報
脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗ 高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
Junos OS and Junos OS Evolved: Stack overflow vulnerability in CLI command processing
ソース: NVD (National Vulnerability Database)
脆弱性説明
A Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos and Junos EVO allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service. Repeated actions by the attacker will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks: Junos OS: * All versions prior to 19.1R3-S10; * 19.2 versions prior to 19.2R3-S7; * 19.3 versions prior to 19.3R3-S8; * 19.4 versions prior to 19.4R3-S12; * 20.2 versions prior to 20.2R3-S8; * 20.4 versions prior to 20.4R3-S8; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S1; * 22.3 versions prior to 22.3R3; * 22.4 versions prior to 22.4R2. Junos OS Evolved: * All versions prior to 20.4R3-S8-EVO; * 21.2 versions prior to 21.2R3-S6-EVO; * 21.3 versions prior to 21.3R3-S5-EVO; * 21.4 versions prior to 21.4R3-S4-EVO; * 22.1 versions prior to 22.1R3-S3-EVO; * 22.2 versions prior to 22.2R3-S1-EVO; * 22.3 versions prior to 22.3R3-EVO; * 22.4 versions prior to 22.4R2-EVO.
ソース: NVD (National Vulnerability Database)
CVSS情報
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
跨界内存写
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
Juniper Networks Junos 和 Junos EVO 缓冲区错误漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
Juniper Networks Junos OS是美国瞻博网络(Juniper Networks)公司的一套专用于该公司的硬件设备的网络操作系统。该操作系统提供了安全编程接口和Junos SDK。 Juniper Networks Junos 和 Junos EVO 存在安全漏洞,该漏洞源于 CLI 命令中存在基于堆栈的缓冲区溢出漏洞,允许低权限攻击者执行特定的 CLI 命令,从而导致拒绝服务。
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)
影響を受ける製品
| ベンダー | プロダクト | 影響を受けるバージョン | CPE | 購読 |
|---|---|---|---|---|
| Juniper Networks | Junos OS | 0 ~ 19.1R3-S10 | - | |
| Juniper Networks | Junos OS Evolved | 0 ~ 20.4R3-S8-EVO | - |
II. CVE-2023-44177の公開POC
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|
AI生成POCプレミアム
公開POCは見つかりませんでした。
ログインしてAI POCを生成III. CVE-2023-44177のインテリジェンス情報
请登录查看更多情报信息。
- https://supportportal.juniper.net/JSA73140vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-44177
Same Patch Batch · Juniper Networks · 2023-10-12 · 25 CVEs total
| CVE-2023-44194 | 8.4 HIGH | Junos OS: An unauthenticated attacker with local access to the device can create a backdoo |
| CVE-2023-44199 | 7.5 HIGH | Junos OS: MX Series: In a PTP scenario a prolonged routing protocol churn can trigger an F |
| CVE-2023-36841 | 7.5 HIGH | Junos OS: MX Series: Receipt of malformed TCP traffic will cause a Denial of Service |
| CVE-2023-44197 | 7.5 HIGH | Junos OS and Junos OS Evolved: An rpd crash may occur when BGP is processing newly learned |
| CVE-2023-36843 | 7.5 HIGH | Junos OS: SRX Series: The PFE will crash on receiving malformed SSL traffic when Sky ATP i |
| CVE-2023-44181 | 7.5 HIGH | Junos OS: QFX5k: l2 loop in the overlay impacts the stability in a EVPN/VXLAN environment |
| CVE-2023-44192 | 7.5 HIGH | Junos OS: QFX5000 Series: DMA memory leak is observed when specific DHCP packets are trans |
| CVE-2023-44191 | 7.5 HIGH | Junos OS: QFX5000 Series and EX4000 Series: Denial of Service (DoS) on a large scale VLAN |
| CVE-2023-44185 | 7.5 HIGH | Junos OS and Junos OS Evolved: In an BGP scenario RPD crashes upon receiving and processin |
| CVE-2023-44182 | 7.3 HIGH | Junos OS and Junos OS Evolved: An Unchecked Return Value in multiple users interfaces affe |
| CVE-2023-22392 | 6.5 MEDIUM | Junos OS: PTX Series and QFX10000 Series: Received flow-routes which aren't installed as t |
| CVE-2023-44204 | 6.5 MEDIUM | Junos OS and Junos OS Evolved: The rpd will crash upon receiving a malformed BGP UPDATE me |
| CVE-2023-36839 | 6.5 MEDIUM | Junos OS and Junos OS Evolved: An l2cpd crash will occur when specific LLDP packets are re |
| CVE-2023-44175 | 6.5 MEDIUM | Junos OS and Junos OS Evolved: Receipt of a specific genuine PIM packet causes RPD crash |
| CVE-2023-44183 | 6.5 MEDIUM | Junos OS: QFX5000 Series, EX4600 Series: In a VxLAN scenario an adjacent attacker within t |
| CVE-2023-44184 | 6.5 MEDIUM | Junos OS and Junos OS Evolved: High CPU load due to specific NETCONF command |
| CVE-2023-44196 | 6.5 MEDIUM | Junos OS Evolved: PTX10003 Series: Packets which are not destined to the router can reach |
| CVE-2023-44203 | 6.5 MEDIUM | Junos OS: QFX5000 Series, EX2300, EX3400, EX4100, EX4400 and EX4600: Packet flooding will |
| CVE-2023-44198 | 5.8 MEDIUM | Junos OS: SRX Series and MX Series: SIP ALG doesn't drop specifically malformed retransmit |
| CVE-2023-44193 | 5.5 MEDIUM | Junos OS: MX Series: An FPC crash is observed when CFM is enabled in a VPLS scenario and a |
Showing 20 of 25 CVEs. View all on vendor page →
IV. 関連脆弱性
同じ製品: Junos OS
- CVE-2026-33791
Junos OS and Junos OS Evolved: Execution of crafted CLI comm - CVE-2026-33790
Junos OS: SRX Series: In a NAT64 configuration, receipt of a - CVE-2026-33787
Junos OS: SRX1500, SRX4100, SRX4200, SRX4600: When a specifi - CVE-2026-33785
Junos OS: MX Series: Missing Authorization for specific 'req - CVE-2026-33781
Junos OS: EX Series, QFX Series: In a VXLAN scenario when sp
同じベンダー: Juniper Networks
- CVE-2026-33791
Junos OS and Junos OS Evolved: Execution of crafted CLI comm - CVE-2026-33790
Junos OS: SRX Series: In a NAT64 configuration, receipt of a - CVE-2026-33787
Junos OS: SRX1500, SRX4100, SRX4200, SRX4600: When a specifi - CVE-2026-33785
Junos OS: MX Series: Missing Authorization for specific 'req - CVE-2026-33784
JSI Virtual Lightweight Collector: Default password is not r
V. CVE-2023-44177へのコメント
まだコメントはありません