PT-2023-1288 · Juniper Networks · Junos

Published

2023-01-11

·

Updated

2023-01-24

·

CVE-2023-22409

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions prior to 19.4R3-S10 Juniper Networks Junos OS version 20.1R1 and later versions Juniper Networks Junos OS versions prior to 20.2R3-S6 Juniper Networks Junos OS versions prior to 20.3R3-S6 Juniper Networks Junos OS versions prior to 20.4R3-S5 Juniper Networks Junos OS versions prior to 21.1R3-S4 Juniper Networks Junos OS versions prior to 21.2R3-S3 Juniper Networks Junos OS versions prior to 21.3R3-S3 Juniper Networks Junos OS versions prior to 21.4R3-S1 Juniper Networks Junos OS versions prior to 22.1R2-S2, 22.1R3 Juniper Networks Junos OS versions prior to 22.2R2
Description The issue is related to an Unchecked Input for Loop Condition vulnerability in the NAT library of Juniper Networks Junos OS, which allows a local authenticated attacker with low privileges to cause a Denial of Service (DoS). This occurs when an inconsistent "deterministic NAT" configuration is present on an SRX or MX with SPC3, and a specific CLI command is issued, causing the SPC to crash and restart. Repeated execution of this command can lead to a sustained DoS. The configuration is characterized by the total number of port blocks being greater than the total number of hosts.
Recommendations For versions prior to 19.4R3-S10, update to version 19.4R3-S10 or later. For version 20.1R1 and later versions, update to a version that is not affected. For versions prior to 20.2R3-S6, update to version 20.2R3-S6 or later. For versions prior to 20.3R3-S6, update to version 20.3R3-S6 or later. For versions prior to 20.4R3-S5, update to version 20.4R3-S5 or later. For versions prior to 21.1R3-S4, update to version 21.1R3-S4 or later. For versions prior to 21.2R3-S3, update to version 21.2R3-S3 or later. For versions prior to 21.3R3-S3, update to version 21.3R3-S3 or later. For versions prior to 21.4R3-S1, update to version 21.4R3-S1 or later. For versions prior to 22.1R2-S2, 22.1R3, update to a version that is not affected. For versions prior to 22.2R2, update to version 22.2R2 or later.

Fix

DoS

Weakness Enumeration

CWE-1284

Related Identifiers

BDU:2023-00565
CVE-2023-22409

Affected Products

Junos