Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 14/07/2023 Updated: 27/07/2023

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 0

An Improper Check or Handling of Exceptional Conditions vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent malicious user to cause a Denial of Service (DoS). When a malformed LLDP packet is received, l2cpd will crash and restart. The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP. Also, if any services depend on LLDP state (like PoE or VoIP device recognition), then these will also be affected. Continued receipt of such packets will lead to a sustained Denial of Service. This issue affects: Juniper Networks Junos OS 21.4 versions before 21.4R3-S3; 22.1 versions before 22.1R3-S3; 22.2 versions before 22.2R2-S1, 22.2R3; 22.3 versions before 22.3R2. Juniper Networks Junos OS Evolved 21.4-EVO versions before 21.4R3-S2-EVO; 22.1-EVO versions before 22.1R3-S3-EVO; 22.2-EVO versions before 22.2R2-S1-EVO, 22.2R3-EVO; 22.3-EVO versions before 22.3R2-EVO.

Vulnerable Product	Search on Vulmon	Subscribe to Product
juniper junos 21.4
juniper junos 22.1
juniper junos 22.2
juniper junos 22.3
juniper junos os evolved 21.4
juniper junos os evolved 22.1
juniper junos os evolved 22.2
juniper junos os evolved 22.3

CWE-703 https://supportportal.juniper.net/JSA71660 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-36849

Vulnerability Summary

References

Vulmon Search

About

Products

Connect