{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-28980", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "dateUpdated": "2025-02-05T21:41:05.635Z", "dateReserved": "2023-03-29T00:00:00.000Z", "datePublished": "2023-04-17T00:00:00.000Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Junos OS", "vendor": "Juniper Networks", "versions": [{"lessThan": "20.2R3-S6", "status": "affected", "version": "20.2R3-S5", "versionType": "semver"}, {"lessThan": "20.3R3-S5", "status": "affected", "version": "20.3R3-S2", "versionType": "semver"}, {"lessThan": "20.4R3-S4", "status": "affected", "version": "20.4R3-S1", "versionType": "semver"}, {"lessThan": "21.1R3-S3", "status": "affected", "version": "21.1R3", "versionType": "semver"}, {"lessThan": "21.2R3-S2", "status": "affected", "version": "21.2R1-S2, 21.2R2-S1", "versionType": "semver"}, {"lessThan": "21.3R3", "status": "affected", "version": "21.3R2", "versionType": "semver"}, {"lessThan": "21.4R2-S1, 21.4R3", "status": "affected", "version": "21.4R1", "versionType": "semver"}, {"lessThan": "22.1R2", "status": "affected", "version": "22.1R1", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Junos OS Evolved", "vendor": "Juniper Networks", "versions": [{"lessThan": "20.4R3-S6-EVO", "status": "affected", "version": "20.4R3-S1-EVO", "versionType": "semver"}, {"lessThan": "21.2R3-S4-EVO", "status": "affected", "version": "21.2R1-S2-EVO", "versionType": "semver"}, {"lessThan": "21.3R3-S1-EVO", "status": "affected", "version": "21.3R2-EVO", "versionType": "semver"}, {"lessThan": "21.4R2-S1-EVO, 21.4R3-EVO", "status": "affected", "version": "21.4R1-EVO", "versionType": "semver"}, {"lessThan": "22.1R2-EVO", "status": "affected", "version": "22.1R1-EVO", "versionType": "semver"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>To be exposed to this issue the system needs to be configured with rib sharding as follows:</p><code>  [system processes routing bgp rib-sharding]</code><br/>"}], "value": "To be exposed to this issue the system needs to be configured with rib sharding as follows:\n\n  [system processes routing bgp rib-sharding]\n"}], "datePublic": "2023-04-12T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>A Use After Free vulnerability in the routing protocol daemon of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause Denial of Service (DoS). In a rib sharding scenario the rpd process will crash shortly after specific CLI command is issued. This issue is more likely to occur in a scenario with high route scale (&gt;1M routes).<br></p><p>This issue affects:<br>Juniper Networks Junos OS<br></p><ul><li>20.2 version 20.2R3-S5 and later versions prior to 20.2R3-S6;</li><li>20.3 version 20.3R3-S2 and later versions prior to 20.3R3-S5;</li><li>20.4 version 20.4R3-S1 and later versions prior to 20.4R3-S4</li><li>21.1 version 21.1R3 and later versions prior to 21.1R3-S3;</li><li>21.2 version 21.2R1-S2, 21.2R2-S1 and later versions prior to 21.2R3-S2;</li><li>21.3 version 21.3R2 and later versions prior to 21.3R3;</li><li>21.4 versions prior to 21.4R2-S1, 21.4R3;</li><li>22.1 versions prior to 22.1R2.</li></ul><p></p><p>Juniper Networks Junos OS Evolved<br></p><ul><li>20.4-EVO version 20.4R3-S1-EVO and later versions prior to 20.4R3-S6-EVO;</li><li>21.2-EVO version 21.2R1-S2-EVO and later versions prior to 21.2R3-S4-EVO;</li><li>21.3-EVO version 21.3R2-EVO and later versions prior to 21.3R3-S1-EVO;</li><li>21.4-EVO versions prior to 21.4R2-S1-EVO, 21.4R3-EVO;</li><li>22.1-EVO versions prior to 22.1R2-EVO.</li></ul>"}], "value": "A Use After Free vulnerability in the routing protocol daemon of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause Denial of Service (DoS). In a rib sharding scenario the rpd process will crash shortly after specific CLI command is issued. This issue is more likely to occur in a scenario with high route scale (>1M routes).\n\n\nThis issue affects:\nJuniper Networks Junos OS\n\n\n  *  20.2 version 20.2R3-S5 and later versions prior to 20.2R3-S6;\n  *  20.3 version 20.3R3-S2 and later versions prior to 20.3R3-S5;\n  *  20.4 version 20.4R3-S1 and later versions prior to 20.4R3-S4\n  *  21.1 version 21.1R3 and later versions prior to 21.1R3-S3;\n  *  21.2 version 21.2R1-S2, 21.2R2-S1 and later versions prior to 21.2R3-S2;\n  *  21.3 version 21.3R2 and later versions prior to 21.3R3;\n  *  21.4 versions prior to 21.4R2-S1, 21.4R3;\n  *  22.1 versions prior to 22.1R2.\n\n\n\n\nJuniper Networks Junos OS Evolved\n\n\n  *  20.4-EVO version 20.4R3-S1-EVO and later versions prior to 20.4R3-S6-EVO;\n  *  21.2-EVO version 21.2R1-S2-EVO and later versions prior to 21.2R3-S4-EVO;\n  *  21.3-EVO version 21.3R2-EVO and later versions prior to 21.3R3-S1-EVO;\n  *  21.4-EVO versions prior to 21.4R2-S1-EVO, 21.4R3-EVO;\n  *  22.1-EVO versions prior to 22.1R2-EVO.\n\n\n"}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Juniper SIRT is not aware of any malicious exploitation of this vulnerability.</p>"}], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"description": "Denial of Service (DoS)", "lang": "en"}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2023-08-28T23:49:43.170Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://supportportal.juniper.net/JSA70606"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>The following software releases have been updated to resolve this specific issue:</p><p>Junos OS Evolved: 20.4R3-S6-EVO, 21.2R3-S4-EVO, 21.3R3-S1-EVO, 21.4R2-S1-EVO, 21.4R3-EVO, 22.1R2-EVO, 22.2R1-EVO, and all subsequent releases.</p><p>Junos OS: 20.2R3-S6, 20.3R3-S5, 20.4R3-S4, 21.1R3-S3, 21.2R3-S2, 21.3R3, 21.4R2-S1, 21.4R3, 22.1R2, 22.2R1, and all subsequent releases.</p>"}], "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS Evolved: 20.4R3-S6-EVO, 21.2R3-S4-EVO, 21.3R3-S1-EVO, 21.4R2-S1-EVO, 21.4R3-EVO, 22.1R2-EVO, 22.2R1-EVO, and all subsequent releases.\n\nJunos OS: 20.2R3-S6, 20.3R3-S5, 20.4R3-S4, 21.1R3-S3, 21.2R3-S2, 21.3R3, 21.4R2-S1, 21.4R3, 22.1R2, 22.2R1, and all subsequent releases.\n\n"}], "source": {"advisory": "JSA70606", "defect": ["1658834"], "discovery": "USER"}, "timeline": [{"lang": "en", "time": "2023-04-12T16:00:00.000Z", "value": "Initial Publication"}], "title": "Junos OS and Junos OS Evolved: In a BGP rib sharding scenario an rpd crash will happen shortly after a specific CLI command is issued", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>There are no known workarounds for this issue.</p><p>To reduce the risk of exploitation use access controls to limit CLI access to the device only from trusted networks, hosts and users.</p>"}], "value": "There are no known workarounds for this issue.\n\nTo reduce the risk of exploitation use access controls to limit CLI access to the device only from trusted networks, hosts and users.\n\n"}], "x_generator": {"engine": "Vulnogram 0.0.9"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T13:51:38.985Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://supportportal.juniper.net/JSA70606"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-05T21:40:59.816327Z", "id": "CVE-2023-28980", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-05T21:41:05.635Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://supportportal.juniper.net/JSA70606", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T13:51:38.985Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-28980", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-05T21:40:59.816327Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-05T21:40:57.372Z"}}], "cna": {"title": "Junos OS and Junos OS Evolved: In a BGP rib sharding scenario an rpd crash will happen shortly after a specific CLI command is issued", "source": {"defect": ["1658834"], "advisory": "JSA70606", "discovery": "USER"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Juniper Networks", "product": "Junos OS", "versions": [{"status": "affected", "version": "20.2R3-S5", "lessThan": "20.2R3-S6", "versionType": "semver"}, {"status": "affected", "version": "20.3R3-S2", "lessThan": "20.3R3-S5", "versionType": "semver"}, {"status": "affected", "version": "20.4R3-S1", "lessThan": "20.4R3-S4", "versionType": "semver"}, {"status": "affected", "version": "21.1R3", "lessThan": "21.1R3-S3", "versionType": "semver"}, {"status": "affected", "version": "21.2R1-S2, 21.2R2-S1", "lessThan": "21.2R3-S2", "versionType": "semver"}, {"status": "affected", "version": "21.3R2", "lessThan": "21.3R3", "versionType": "semver"}, {"status": "affected", "version": "21.4R1", "lessThan": "21.4R2-S1, 21.4R3", "versionType": "semver"}, {"status": "affected", "version": "22.1R1", "lessThan": "22.1R2", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Juniper Networks", "product": "Junos OS Evolved", "versions": [{"status": "affected", "version": "20.4R3-S1-EVO", "lessThan": "20.4R3-S6-EVO", "versionType": "semver"}, {"status": "affected", "version": "21.2R1-S2-EVO", "lessThan": "21.2R3-S4-EVO", "versionType": "semver"}, {"status": "affected", "version": "21.3R2-EVO", "lessThan": "21.3R3-S1-EVO", "versionType": "semver"}, {"status": "affected", "version": "21.4R1-EVO", "lessThan": "21.4R2-S1-EVO, 21.4R3-EVO", "versionType": "semver"}, {"status": "affected", "version": "22.1R1-EVO", "lessThan": "22.1R2-EVO", "versionType": "semver"}], "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n", "supportingMedia": [{"type": "text/html", "value": "<p>Juniper SIRT is not aware of any malicious exploitation of this vulnerability.</p>", "base64": false}]}], "timeline": [{"lang": "en", "time": "2023-04-12T16:00:00.000Z", "value": "Initial Publication"}], "solutions": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS Evolved: 20.4R3-S6-EVO, 21.2R3-S4-EVO, 21.3R3-S1-EVO, 21.4R2-S1-EVO, 21.4R3-EVO, 22.1R2-EVO, 22.2R1-EVO, and all subsequent releases.\n\nJunos OS: 20.2R3-S6, 20.3R3-S5, 20.4R3-S4, 21.1R3-S3, 21.2R3-S2, 21.3R3, 21.4R2-S1, 21.4R3, 22.1R2, 22.2R1, and all subsequent releases.\n\n", "supportingMedia": [{"type": "text/html", "value": "<p>The following software releases have been updated to resolve this specific issue:</p><p>Junos OS Evolved: 20.4R3-S6-EVO, 21.2R3-S4-EVO, 21.3R3-S1-EVO, 21.4R2-S1-EVO, 21.4R3-EVO, 22.1R2-EVO, 22.2R1-EVO, and all subsequent releases.</p><p>Junos OS: 20.2R3-S6, 20.3R3-S5, 20.4R3-S4, 21.1R3-S3, 21.2R3-S2, 21.3R3, 21.4R2-S1, 21.4R3, 22.1R2, 22.2R1, and all subsequent releases.</p>", "base64": false}]}], "datePublic": "2023-04-12T16:00:00.000Z", "references": [{"url": "https://supportportal.juniper.net/JSA70606", "tags": ["vendor-advisory"]}], "workarounds": [{"lang": "en", "value": "There are no known workarounds for this issue.\n\nTo reduce the risk of exploitation use access controls to limit CLI access to the device only from trusted networks, hosts and users.\n\n", "supportingMedia": [{"type": "text/html", "value": "<p>There are no known workarounds for this issue.</p><p>To reduce the risk of exploitation use access controls to limit CLI access to the device only from trusted networks, hosts and users.</p>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "descriptions": [{"lang": "en", "value": "A Use After Free vulnerability in the routing protocol daemon of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause Denial of Service (DoS). In a rib sharding scenario the rpd process will crash shortly after specific CLI command is issued. This issue is more likely to occur in a scenario with high route scale (>1M routes).\n\n\nThis issue affects:\nJuniper Networks Junos OS\n\n\n  *  20.2 version 20.2R3-S5 and later versions prior to 20.2R3-S6;\n  *  20.3 version 20.3R3-S2 and later versions prior to 20.3R3-S5;\n  *  20.4 version 20.4R3-S1 and later versions prior to 20.4R3-S4\n  *  21.1 version 21.1R3 and later versions prior to 21.1R3-S3;\n  *  21.2 version 21.2R1-S2, 21.2R2-S1 and later versions prior to 21.2R3-S2;\n  *  21.3 version 21.3R2 and later versions prior to 21.3R3;\n  *  21.4 versions prior to 21.4R2-S1, 21.4R3;\n  *  22.1 versions prior to 22.1R2.\n\n\n\n\nJuniper Networks Junos OS Evolved\n\n\n  *  20.4-EVO version 20.4R3-S1-EVO and later versions prior to 20.4R3-S6-EVO;\n  *  21.2-EVO version 21.2R1-S2-EVO and later versions prior to 21.2R3-S4-EVO;\n  *  21.3-EVO version 21.3R2-EVO and later versions prior to 21.3R3-S1-EVO;\n  *  21.4-EVO versions prior to 21.4R2-S1-EVO, 21.4R3-EVO;\n  *  22.1-EVO versions prior to 22.1R2-EVO.\n\n\n", "supportingMedia": [{"type": "text/html", "value": "<p>A Use After Free vulnerability in the routing protocol daemon of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause Denial of Service (DoS). In a rib sharding scenario the rpd process will crash shortly after specific CLI command is issued. This issue is more likely to occur in a scenario with high route scale (&gt;1M routes).<br></p><p>This issue affects:<br>Juniper Networks Junos OS<br></p><ul><li>20.2 version 20.2R3-S5 and later versions prior to 20.2R3-S6;</li><li>20.3 version 20.3R3-S2 and later versions prior to 20.3R3-S5;</li><li>20.4 version 20.4R3-S1 and later versions prior to 20.4R3-S4</li><li>21.1 version 21.1R3 and later versions prior to 21.1R3-S3;</li><li>21.2 version 21.2R1-S2, 21.2R2-S1 and later versions prior to 21.2R3-S2;</li><li>21.3 version 21.3R2 and later versions prior to 21.3R3;</li><li>21.4 versions prior to 21.4R2-S1, 21.4R3;</li><li>22.1 versions prior to 22.1R2.</li></ul><p></p><p>Juniper Networks Junos OS Evolved<br></p><ul><li>20.4-EVO version 20.4R3-S1-EVO and later versions prior to 20.4R3-S6-EVO;</li><li>21.2-EVO version 21.2R1-S2-EVO and later versions prior to 21.2R3-S4-EVO;</li><li>21.3-EVO version 21.3R2-EVO and later versions prior to 21.3R3-S1-EVO;</li><li>21.4-EVO versions prior to 21.4R2-S1-EVO, 21.4R3-EVO;</li><li>22.1-EVO versions prior to 22.1R2-EVO.</li></ul>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use After Free"}]}, {"descriptions": [{"lang": "en", "description": "Denial of Service (DoS)"}]}], "configurations": [{"lang": "en", "value": "To be exposed to this issue the system needs to be configured with rib sharding as follows:\n\n  [system processes routing bgp rib-sharding]\n", "supportingMedia": [{"type": "text/html", "value": "<p>To be exposed to this issue the system needs to be configured with rib sharding as follows:</p><code>  [system processes routing bgp rib-sharding]</code><br/>", "base64": false}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2023-08-28T23:49:43.170Z"}}}, "cveMetadata": {"cveId": "CVE-2023-28980", "state": "PUBLISHED", "dateUpdated": "2025-02-05T21:41:05.635Z", "dateReserved": "2023-03-29T00:00:00.000Z", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "datePublished": "2023-04-17T00:00:00.000Z", "assignerShortName": "juniper"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:20.2:r3-s5:*:*:*:*:*:*", "matchCriteriaId": "6E5E3FDB-3F33-4686-9B64-0152AD41939D", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.3:r3-s2:*:*:*:*:*:*", "matchCriteriaId": "E9AE26EB-699B-4B10-87E2-9E731B820F32", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.3:r3-s3:*:*:*:*:*:*", "matchCriteriaId": "A29E0070-47E9-43DD-9303-C732FE8CC851", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.3:r3-s4:*:*:*:*:*:*", "matchCriteriaId": "A5E7E8D2-5D08-492E-84FC-8803E50F2CA7", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s1:*:*:*:*:*:*", "matchCriteriaId": "41615104-C17E-44DA-AB0D-6E2053BD4EF4", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s2:*:*:*:*:*:*", "matchCriteriaId": "1981DE38-36B5-469D-917E-92717EE3ED53", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s3:*:*:*:*:*:*", "matchCriteriaId": "AFA68ACD-AAE5-4577-B734-23AAF77BC85A", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.1:r3:*:*:*:*:*:*", "matchCriteriaId": "A0040FE2-7ECD-4755-96CE-E899BA298E0C", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.1:r3-s1:*:*:*:*:*:*", "matchCriteriaId": "076AB086-BB79-4583-AAF7-A5233DFB2F95", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.1:r3-s2:*:*:*:*:*:*", "matchCriteriaId": "72E2DDF6-01DF-4880-AB60-B3DA3281E88D", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:r1-s2:*:*:*:*:*:*", "matchCriteriaId": "36ED4552-2420-45F9-B6E4-6DA2B2B12870", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:r2-s1:*:*:*:*:*:*", "matchCriteriaId": "4A43752D-A4AF-4B4E-B95B-192E42883A5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:r2-s2:*:*:*:*:*:*", "matchCriteriaId": "42986538-E9D0-4C2E-B1C4-A763A4EE451B", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:r3:*:*:*:*:*:*", "matchCriteriaId": "DE22CA01-EA7E-4EE5-B59F-EE100688C1DA", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s1:*:*:*:*:*:*", "matchCriteriaId": "E596ABD9-6ECD-48DC-B770-87B7E62EA345", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.3:r2:*:*:*:*:*:*", "matchCriteriaId": "6514CDE8-35DC-469F-89A3-078684D18F7A", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.3:r2-s1:*:*:*:*:*:*", "matchCriteriaId": "4624565D-8F59-44A8-B7A8-01AD579745E7", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.3:r2-s2:*:*:*:*:*:*", "matchCriteriaId": "4BF8CD82-C338-4D9A-8C98-FCB3CEAA9227", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.4:-:*:*:*:*:*:*", "matchCriteriaId": "79ED3CE8-CC57-43AB-9A26-BBC87816062D", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.4:r1:*:*:*:*:*:*", "matchCriteriaId": "4310D2D9-A8A6-48F8-9384-0A0692A1E1C3", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "9962B01C-C57C-4359-9532-676AB81CE8B0", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s2:*:*:*:*:*:*", "matchCriteriaId": "62178549-B679-4902-BFDB-2993803B7FCE", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.4:r2:*:*:*:*:*:*", "matchCriteriaId": "9AD697DF-9738-4276-94ED-7B9380CD09F5", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.4:r3:*:*:*:*:*:*", "matchCriteriaId": "0CB280D8-C5D8-4B51-A879-496ACCDE4538", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:22.1:r1:*:*:*:*:*:*", "matchCriteriaId": "3F96EBE9-2532-4E35-ABA5-CA68830476A4", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:22.1:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "B4D936AE-FD74-4823-A824-2D9F24C25BFB", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:22.1:r1-s2:*:*:*:*:*:*", "matchCriteriaId": "E117E493-F4E1-4568-88E3-F243C74A2662", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s1:*:*:*:*:*:*", "matchCriteriaId": "B39DDCF8-BB68-49F4-8AAF-AE25C9C13AC1", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s2:*:*:*:*:*:*", "matchCriteriaId": "B38A90A9-B739-49BE-8845-9ABF846CCC5D", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s3:*:*:*:*:*:*", "matchCriteriaId": "AAE56A7C-BA26-405F-A640-C43AF78B0A3B", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s4:*:*:*:*:*:*", "matchCriteriaId": "683D8EED-9F26-41E7-B69C-FE198225A8F2", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s5:*:*:*:*:*:*", "matchCriteriaId": "8979C85C-87DD-42B1-9CCC-BC3F7007C600", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r1-s2:*:*:*:*:*:*", "matchCriteriaId": "144730FB-7622-4B3D-9C47-D1B7A7FB7EB0", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r2:*:*:*:*:*:*", "matchCriteriaId": "7BA246F0-154E-4F44-A97B-690D22FA73DD", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r2-s1:*:*:*:*:*:*", "matchCriteriaId": "25D6C07C-F96E-4523-BB54-7FEABFE1D1ED", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r2-s2:*:*:*:*:*:*", "matchCriteriaId": "2B70C784-534B-4FAA-A5ED-3709656E2B97", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3:*:*:*:*:*:*", "matchCriteriaId": "60448FFB-568E-4280-9261-ADD65244F31A", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s1:*:*:*:*:*:*", "matchCriteriaId": "2B770C52-7E3E-4B92-9138-85DEC56F3B22", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s2:*:*:*:*:*:*", "matchCriteriaId": "E88AC378-461C-4EFA-A04B-5786FF21FE03", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s3:*:*:*:*:*:*", "matchCriteriaId": "3B0AFB30-81DC-465C-9F63-D1B15EA4809A", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r2:*:*:*:*:*:*", "matchCriteriaId": "0F26369D-21B2-4C6A-98C1-492692A61283", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r2-s1:*:*:*:*:*:*", "matchCriteriaId": "24003819-1A6B-4BDF-B3DF-34751C137788", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r2-s2:*:*:*:*:*:*", "matchCriteriaId": "BF8D332E-9133-45B9-BB07-B33C790F737A", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r3:*:*:*:*:*:*", "matchCriteriaId": "3E2A4377-D044-4E43-B6CC-B753D7F6ABD4", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:-:*:*:*:*:*:*", "matchCriteriaId": "2E907193-075E-45BC-9257-9607DB790D71", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1:*:*:*:*:*:*", "matchCriteriaId": "8B73A41D-3FF5-4E53-83FF-74DF58E0D6C3", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "CEDF46A8-FC3A-4779-B695-2CA11D045AEB", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s2:*:*:*:*:*:*", "matchCriteriaId": "39809219-9F87-4583-9DAD-9415DD320B36", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r2:*:*:*:*:*:*", "matchCriteriaId": "DB299492-A919-4EBA-A62A-B3CF02FC0A95", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3:*:*:*:*:*:*", "matchCriteriaId": "97DB6DD5-F5DD-4AE1-AF2F-8DB9E18FF882", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r1:*:*:*:*:*:*", "matchCriteriaId": "750FE748-82E7-4419-A061-2DEA26E35309", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "236E23E5-8B04-4081-9D97-7300DF284000", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r1-s2:*:*:*:*:*:*", "matchCriteriaId": "5FC96EA7-90A7-4838-B95D-60DBC88C7BC7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A Use After Free vulnerability in the routing protocol daemon of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause Denial of Service (DoS). In a rib sharding scenario the rpd process will crash shortly after specific CLI command is issued. This issue is more likely to occur in a scenario with high route scale (>1M routes).\n\n\nThis issue affects:\nJuniper Networks Junos OS\n\n\n  *  20.2 version 20.2R3-S5 and later versions prior to 20.2R3-S6;\n  *  20.3 version 20.3R3-S2 and later versions prior to 20.3R3-S5;\n  *  20.4 version 20.4R3-S1 and later versions prior to 20.4R3-S4\n  *  21.1 version 21.1R3 and later versions prior to 21.1R3-S3;\n  *  21.2 version 21.2R1-S2, 21.2R2-S1 and later versions prior to 21.2R3-S2;\n  *  21.3 version 21.3R2 and later versions prior to 21.3R3;\n  *  21.4 versions prior to 21.4R2-S1, 21.4R3;\n  *  22.1 versions prior to 22.1R2.\n\n\n\n\nJuniper Networks Junos OS Evolved\n\n\n  *  20.4-EVO version 20.4R3-S1-EVO and later versions prior to 20.4R3-S6-EVO;\n  *  21.2-EVO version 21.2R1-S2-EVO and later versions prior to 21.2R3-S4-EVO;\n  *  21.3-EVO version 21.3R2-EVO and later versions prior to 21.3R3-S1-EVO;\n  *  21.4-EVO versions prior to 21.4R2-S1-EVO, 21.4R3-EVO;\n  *  22.1-EVO versions prior to 22.1R2-EVO.\n\n\n"}], "id": "CVE-2023-28980", "lastModified": "2024-11-21T07:56:19.967", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "sirt@juniper.net", "type": "Secondary"}]}, "published": "2023-04-17T22:15:09.617", "references": [{"source": "sirt@juniper.net", "tags": ["Vendor Advisory"], "url": "https://supportportal.juniper.net/JSA70606"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://supportportal.juniper.net/JSA70606"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "sirt@juniper.net", "type": "Secondary"}]}

{}