Cyber Security News

Junos OS Flaw Allows a Network-based Attacker to Launch DoS Attack

by Esmeralda McKenzie
written by Esmeralda McKenzie
Junos OS Flaw Allows a Network-based Attacker to Launch DoS Attack

Junos OS Flaw Allows a Network-based Attacker to Launch DoS Attack

Junos OS Flaw Permits a community-primarily primarily based Attacker to Starting up DoS Assault

Junos OS and Junos OS Developed were came all the plot in which thru to be inclined to a DoS (Denial of Carrier) condition, which an unauthenticated, community-primarily primarily based attacker can exploit.

Juniper Networks has addressed this vulnerability on their security advisory along with sure workarounds.

Junos OS developed, and Junos OS was once built on Linux Kernel and FreeBSD kernel, respectively, that makes consume of a BGP session which permits the commerce of routing between the web and the mountainous networks of programs.

On the head of August, a pre-auth RCE was once reported, and further little print concerning the proof of theory were published.

On the other hand, Juniper Networks has released patches for fixing this vulnerability.

CVE-2023-4481: DoS (Denial of Carrier) in Routing Protocol Daemon

The BGP UPDATE messages are obtained over a longtime BGP session which is prepared to be terminated with an UPDATE message error. This UPDATE message also shall be specially crafted by a threat actor and can struggle thru unaffected programs and intermediate BGP audio system.

An attacker can ceaselessly send this BGP UPDATE message which is prepared to consequence in a Denial of Carrier condition on affected devices. On the other hand, there are necessities for a miles off attacker, together with on the least one established BGP session.

This direct of affairs affects both IPv4 and IPv6 implementations of eBGP (Exterior Border Gateway Protocol) and iBGP (Exterior Border Gateway Protocol). The CVSS gain for this vulnerability has been given as 7.5 (High).

Remediation & Workaround

Products plagued by this vulnerability consist of Junos OS outdated to 23.4R1, and Junos OS Developed outdated to 23.4R1-EVO. To repair this direct of affairs, Customers of these products are urged to increase to basically the most modern versions of Junos OS: 23.4R1* and Junos OS Developed: 23.4R1-EVO*.

As a technique workaround for this vulnerability, Juniper Networks equipped a step that involves the configuring of BGP error tolerance.

Preserve told concerning basically the most modern Cyber Safety Records by following us on Google Records, Linkedin, Twitter, and Fb.

Source credit : cybersecuritynews.com

Related Posts

Google Chrome 127 Released With Fix for Vulnerabilities...

CrowdStrike Details Incident Affected Millions of Windows Systems...

IPFire Unveils New Feature to Protect Systems from...

Play Ransomware Variant Attacking Linux ESXi Servers

Google Researchers Detailed Tools Used by APT41 Hacker...

Threat Actors Hijacking Facebook Accounts With Password Stealing...

Weekly Cyber Security News Letter – Data Breaches,...

CrowdStrike Releases Fix for Updates Causing Windows to...

Cisco Smart Software Manager Flaw Let Attackers Change...

Killer Ultra Malware Attacking EDR Tools From Symantec,...