A newly discovered vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker who sends specific LLDP packets to cause a Denial of Service (DoS). This vulnerability, tracked as CVE-2023-36839, relies on improper validation of specified quantities in input, causing issues when particular LLDP packets are received and telemetry polling is being performed on the device.
The consequences of an l2cpd crash resulting from this vulnerability include reinitialization of STP protocols (RSTP, MSTP or VSTP) and MVRP and ERP. Furthermore, if any services rely on LLDP state (such as PoE or VoIP device recognition), they, too, will be affected.
* 22.4 versions prior to 22.4R1-S1-EVO;
It is highly recommended for users of at-risk versions to upgrade to the latest patch available. Please refer to the original security advisory from Juniper Networks here for more information and recommendations on how to address this security issue.
The exploitation of this vulnerability has not been detailed, but it is assumed that an attacker with access to the local network can send specially crafted LLDP packets to vulnerable devices. These packets could include incorrect length fields or invalid data elements, resulting in a buffer overflow that crashes the l2cpd service. For example, an attacker might send an LLDP packet like this:
02:ED:FA:BC:00:01 > 01:80:C2:00:00:E, ethertype LLDP (x88cc), length 120:
Chassis Id TLV (1), length 7: Subtype MAC address (4): 02:ED:FA:BC:00:01
Port Id TLV (2), length 5: Subtype Interface Name (1):
TTL TLV (3), length 2: TTL 120
End TLV (), length
In this post, we covered CVE-2023-36839, an Improper Validation of Specified Quantity vulnerability in Juniper Networks Junos OS and Junos OS Evolved. This vulnerability can lead to a DoS situation, so it is important for affected users to take action and upgrade to a non-vulnerable version. Be sure to stay up to date with your device configurations and mitigate the risks by applying recommended security practices.
Timeline
Published on: 10/12/2023 23:15:10 UTC
Last modified on: 10/16/2023 19:27:00 UTC