Junos OS and Junos OS Evolved have been found to be vulnerable to a DoS (Denial of Service) condition, which an unauthenticated, network-based attacker can exploit.
Juniper Networks has addressed this vulnerability on their security advisory along with certain workarounds.
Junos OS evolved, and Junos OS was built on Linux Kernel and FreeBSD kernel, respectively, that uses a BGP session which enables the exchange of routing between the internet and the large networks of systems.
At the end of August, a pre-auth RCE was reported, and additional details about the proof of concept have been published.
However, Juniper Networks has released patches for fixing this vulnerability.
CVE-2023-4481: DoS (Denial of Service) in Routing Protocol Daemon
The BGP UPDATE messages are received over an established BGP session which can be terminated with an UPDATE message error. This UPDATE message can be specially crafted by a threat actor and can go through unaffected systems and intermediate BGP speakers.
An attacker can continuously send this BGP UPDATE message which will result in a Denial of Service condition on affected devices. However, there are prerequisites for a remote attacker, including at least one established BGP session.
This issue affects both IPv4 and IPv6 implementations of eBGP (External Border Gateway Protocol) and iBGP (External Border Gateway Protocol). The CVSS score for this vulnerability has been given as 7.5 (High).
Products affected by this vulnerability include Junos OS prior to 23.4R1, and Junos OS Evolved prior to 23.4R1-EVO. To fix this issue, Users of these products are recommended to upgrade to the latest versions of Junos OS: 23.4R1* and Junos OS Evolved: 23.4R1-EVO*.
As a means workaround for this vulnerability, Juniper Networks provided a step that involves the configuring of BGP error tolerance.
Source: https://cybersecuritynews.com/junos-os-flaw-dos-attack/
