Cyber Security News

Junos OS Flaw Allows a Network-based Attacker to Launch DoS Attack

Junos OS and Junos OS Evolved have been found to be vulnerable to a DoS (Denial of Service) condition, which an unauthenticated, network-based attacker can exploit.

Juniper Networks has addressed this vulnerability on their security advisory along with certain workarounds.

Junos OS evolved, and Junos OS was built on Linux Kernel and FreeBSD kernel, respectively, that uses a BGP session which enables the exchange of routing between the internet and the large networks of systems.

At the end of August, a pre-auth RCE was reported, and additional details about the proof of concept have been published.

However, Juniper Networks has released patches for fixing this vulnerability.

CVE-2023-4481: DoS (Denial of Service) in Routing Protocol Daemon

The BGP UPDATE messages are received over an established BGP session which can be terminated with an UPDATE message error. This UPDATE message can be specially crafted by a threat actor and can go through unaffected systems and intermediate BGP speakers.

An attacker can continuously send this BGP UPDATE message which will result in a Denial of Service condition on affected devices. However, there are prerequisites for a remote attacker, including at least one established BGP session. 

This issue affects both IPv4 and IPv6 implementations of eBGP (External Border Gateway Protocol) and iBGP (External Border Gateway Protocol). The CVSS score for this vulnerability has been given as 7.5 (High).

Remediation & Workaround

Products affected by this vulnerability include Junos OS prior to 23.4R1, and Junos OS Evolved prior to 23.4R1-EVO. To fix this issue, Users of these products are recommended to upgrade to the latest versions of Junos OS: 23.4R1* and Junos OS Evolved: 23.4R1-EVO*. 

As a means workaround for this vulnerability, Juniper Networks provided a step that involves the configuring of BGP error tolerance

Keep informed about the latest Cyber Security News by following us on Google NewsLinkedinTwitter, and Facebook.
Eswar

Eswar is a Cyber security reporter with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is reporting data breach, Privacy and APT Threats.

Share
Published by
Eswar
Tags: DDoS attackJunosvulnerability
2 years ago

Recent Posts

Cybersecurity in Mergers and Acquisitions – CISO Focus

Cybersecurity in mergers and acquisitions is crucial, as M&A activities represent key inflection points for…

2 hours ago

Top Cybersecurity Trends Every CISO Must Watch in 2025

In 2025, cybersecurity trends for CISOs will reflect a landscape that is more dynamic and…

2 hours ago

Zero Trust Architecture – A CISO’s Blueprint for Modern Security

Zero-trust architecture has become essential for securing operations in today’s hyper-connected world, where corporate network…

2 hours ago

Chrome 136 Released With Patch For 20-Year-Old Privacy Vulnerability

The Chrome team has officially promoted Chrome 136 to the stable channel for Windows, Mac,…

2 hours ago

SecAI Debuts at RSA 2025, Redefining Threat Investigation with AI

By fusing agentic AI and contextual threat intelligence, SecAI transforms investigation from a bottleneck into…

12 hours ago

How Healthcare Providers Investigate And Prevent Cyber Attacks: Real-world Examples

According to IBM Security annual research, "Cost of a Data Breach Report 2024", an average…

13 hours ago