CVE-2023-28959

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS on QFX10002 versions prior to 19.1R3-S10 Juniper Networks Junos OS on QFX10002 19.4 versions prior to 19.4R3-S11 Juniper Networks Junos OS on QFX10002 20.2 versions prior to 20.2R3-S7 Juniper Networks Junos OS on QFX10002 20.4 versions prior to 20.4R3-S6 Juniper Networks Junos OS on QFX10002 21.1 versions prior to 21.1R3-S4 Juniper Networks Junos OS on QFX10002 21.2 versions prior to 21.2R3-S4 Juniper Networks Junos OS on QFX10002 21.3 versions prior to 21.3R3-S3 Juniper Networks Junos OS on QFX10002 21.4 versions prior to 21.4R3-S2 Juniper Networks Junos OS on QFX10002 22.1 versions prior to 22.1R3-S1 Juniper Networks Junos OS on QFX10002 22.2 versions prior to 22.2R2-S1, 22.2R3 Juniper Networks Junos OS on QFX10002 22.3 versions prior to 22.3R1-S2, 22.3R2

Description An Improper Check or Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS on QFX10002 allows an unauthenticated, adjacent attacker on the local broadcast domain sending a malformed packet to the device, causing all PFEs other than the inbound PFE to wedge and to eventually restart, resulting in a Denial of Service (DoS) condition. Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue can only be triggered by sending a specific malformed packet to the device. Transit traffic does not trigger this issue. An indication of this issue occurring can be seen through the following log messages: fpc0 expr hostbound packet handler: Receive pe 73? fpc0 Cmerror Op Set: PE Chip: PE0[0]: PGQ:misc intr: 0x00000020: Enqueue of a packet with out-of-range VOQ in 192K-VOQ mode.

Recommendations Update to version 19.1R3-S10 or later for Juniper Networks Junos OS on QFX10002 19.1. Update to version 19.4R3-S11 or later for Juniper Networks Junos OS on QFX10002 19.4. Update to version 20.2R3-S7 or later for Juniper Networks Junos OS on QFX10002 20.2. Update to version 20.4R3-S6 or later for Juniper Networks Junos OS on QFX10002 20.4. Update to version 21.1R3-S4 or later for Juniper Networks Junos OS on QFX10002 21.1. Update to version 21.2R3-S4 or later for Juniper Networks Junos OS on QFX10002 21.2. Update to version 21.3R3-S3 or later for Juniper Networks Junos OS on QFX10002 21.3. Update to version 21.4R3-S2 or later for Juniper Networks Junos OS on QFX10002 21.4. Update to version 22.1R3-S1 or later for Juniper Networks Junos OS on QFX10002 22.1. Update to version 22.2R2-S1, 22.2R3 or later for Juniper Networks Junos OS on QFX10002 22.2. Update to version 22.3R1-S2, 22.3R2 or later for Juniper Networks Junos OS on QFX10002 22.3.