CVE-2023-22397

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS Evolved on PTX10003 versions prior to 20.4R3-S4-EVO Juniper Networks Junos OS Evolved on PTX10003 version 21.3 prior to 21.3R3-S1-EVO Juniper Networks Junos OS Evolved on PTX10003 version 21.4 prior to 21.4R2-S2-EVO, 21.4R3-EVO Juniper Networks Junos OS Evolved on PTX10003 version 22.1 prior to 22.1R1-S2-EVO, 22.1R2-EVO Juniper Networks Junos OS Evolved on PTX10003 version 22.2 prior to 22.2R2-EVO

Description The issue is related to an Allocation of Resources Without Limits or Throttling weakness in the memory management of the Packet Forwarding Engine (PFE) on Juniper Networks Junos OS Evolved PTX10003 Series devices. This weakness allows an attacker to send specific packets to begin a Time-of-check Time-of-use (TOCTOU) Race Condition attack, causing a memory leak. The memory leak can lead to a Distributed Denial of Service (DDoS) event, resulting in a cascading outage to any vulnerable devices. The devices will reboot in as little as 1.5 days due to internal anti-flood security controls reaching their maximum limit. The device will self-recover after crashing and rebooting.

Recommendations To resolve the issue for versions prior to 20.4R3-S4-EVO, update to version 20.4R3-S4-EVO or later. To resolve the issue for version 21.3 prior to 21.3R3-S1-EVO, update to version 21.3R3-S1-EVO or later. To resolve the issue for version 21.4 prior to 21.4R2-S2-EVO, 21.4R3-EVO, update to version 21.4R2-S2-EVO, 21.4R3-EVO or later. To resolve the issue for version 22.1 prior to 22.1R1-S2-EVO, 22.1R2-EVO, update to version 22.1R1-S2-EVO, 22.1R2-EVO or later. To resolve the issue for version 22.2 prior to 22.2R2-EVO, update to version 22.2R2-EVO or later.