{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2023-079.pdf"
    },
    "title": "Juniper Networks Junos OS Multiple Vulnerabilities",
    "serial_number": "2023-079",
    "publish_date": "17-10-2023 10:33:58",
    "description": "On October 14, 2023, Juniper Networks announced patches for more than 30 vulnerabilities in Junos OS and Junos OS Evolved, including nine high-severity flaws. The most severe vulnerability, tracked as CVE-2023-44194 with a CVSS score of 8.4 out of 10, allows an unauthenticated attacker with local access to create a backdoor with root privileges due to incorrect default permissions in a certain system directory.<br>\nIt is recommended applying updates as soon as possible.<br>\n",
    "url_title": "2023-079",
    "content_markdown": "---\ntitle: 'Juniper Networks Junos OS Multiple Vulnerabilities'\nnumber: '2023-079'\nversion: '1.0'\noriginal_date: 'October 14, 2023'\ndate: 'October 14, 2023'\n---\n\n_History:_\n\n* _14/10/2023 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn October 14, 2023, Juniper Networks announced patches for more than 30 vulnerabilities in Junos OS and Junos OS Evolved, including nine high-severity flaws. The most severe vulnerability, tracked as **CVE-2023-44194** with a CVSS score of 8.4 out of 10, allows an unauthenticated attacker with local access to create a backdoor with root privileges due to incorrect default permissions in a certain system directory.\n\nIt is recommended applying updates as soon as possible.\n\n# Technical Details\n\nVarious vulnerabilities were addressed in this patch release, including:\n\n- **CVE-2023-44194**: This vulnerability, with a CVSS score of 8.4 out of 10, is due to an incorrect default permissions bug that could allow an unauthenticated local attacker to create a backdoor with root privileges.\n- **CVE-2023-44186**:  This vulnerability, with a CVSS score of 7.5 out of 10, allows an attacker to send a BGP update message with an `AS PATH` containing a large number of 4-byte ASes, leading to a Denial of Service (DoS)\n\n# Affected Products\n\n- Junos OS and Junos OS Evolved versions 20.4, 21.1, 21.2, 21.3, 21.4, 22.1, 22.2, 22.3, 22.4, 23.1, 23.2, and 23.3.\n\n# Recommendations\n\nCERT-EU recommends updating affected devices to the latest versions as soon as possible.\n\n## Workaround\n\n### CVE-2023-44186\n\nIt is possible to limit the `AS PATH` length to mitigate this vulnerability.\n\n```\nBelow is an example configuration to limit AS PATH to 30 entries:\nset groups BASE-POLICY policy-options policy-statement MaxAS-Limit-30 term more-than-30 from protocol bgp\nset groups BASE-POLICY policy-options policy-statement MaxAS-Limit-30 term more-than-30 from as-path 31as\nset groups BASE-POLICY policy-options policy-statement MaxAS-Limit-30 term more-than-30 then reject\nset groups BASE-POLICY policy-options policy-statement MaxAS-Limit-30 then accept\nset groups BASE-POLICY policy-options policy-statement Customer-IN term MaxAS-Limit from policy MaxAS-Limit-30\nset groups BASE-BGP protocols bgp group <*-CUSTOMER> import Customer-IN\nset groups BASE-PREFIX-LISTS policy-options as-path 31as \".{31,}\"\n```\n\n# References\n\n[1] <https://www.securityweek.com/juniper-networks-patches-over-30-vulnerabilities-in-junos-os>\n",
    "content_html": "<p><em>History:</em></p><ul><li><em>14/10/2023 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On October 14, 2023, Juniper Networks announced patches for more than 30 vulnerabilities in Junos OS and Junos OS Evolved, including nine high-severity flaws. The most severe vulnerability, tracked as <strong>CVE-2023-44194</strong> with a CVSS score of 8.4 out of 10, allows an unauthenticated attacker with local access to create a backdoor with root privileges due to incorrect default permissions in a certain system directory.</p><p>It is recommended applying updates as soon as possible.</p><h2 id=\"technical-details\">Technical Details</h2><p>Various vulnerabilities were addressed in this patch release, including:</p><ul><li><strong>CVE-2023-44194</strong>: This vulnerability, with a CVSS score of 8.4 out of 10, is due to an incorrect default permissions bug that could allow an unauthenticated local attacker to create a backdoor with root privileges.</li><li><strong>CVE-2023-44186</strong>: This vulnerability, with a CVSS score of 7.5 out of 10, allows an attacker to send a BGP update message with an <code>AS PATH</code> containing a large number of 4-byte ASes, leading to a Denial of Service (DoS)</li></ul><h2 id=\"affected-products\">Affected Products</h2><ul><li>Junos OS and Junos OS Evolved versions 20.4, 21.1, 21.2, 21.3, 21.4, 22.1, 22.2, 22.3, 22.4, 23.1, 23.2, and 23.3.</li></ul><h2 id=\"recommendations\">Recommendations</h2><p>CERT-EU recommends updating affected devices to the latest versions as soon as possible.</p><h3 id=\"workaround\">Workaround</h3><h4 id=\"cve-2023-44186\">CVE-2023-44186</h4><p>It is possible to limit the <code>AS PATH</code> length to mitigate this vulnerability.</p><pre><code>Below is an example configuration to limit AS PATH to 30 entries:\nset groups BASE-POLICY policy-options policy-statement MaxAS-Limit-30 term more-than-30 from protocol bgp\nset groups BASE-POLICY policy-options policy-statement MaxAS-Limit-30 term more-than-30 from as-path 31as\nset groups BASE-POLICY policy-options policy-statement MaxAS-Limit-30 term more-than-30 then reject\nset groups BASE-POLICY policy-options policy-statement MaxAS-Limit-30 then accept\nset groups BASE-POLICY policy-options policy-statement Customer-IN term MaxAS-Limit from policy MaxAS-Limit-30\nset groups BASE-BGP protocols bgp group &lt;*-CUSTOMER&gt; import Customer-IN\nset groups BASE-PREFIX-LISTS policy-options as-path 31as \".{31,}\"\n</code></pre><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.securityweek.com/juniper-networks-patches-over-30-vulnerabilities-in-junos-os\">https://www.securityweek.com/juniper-networks-patches-over-30-vulnerabilities-in-junos-os</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}