CVE-2023-28975

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions prior to 19.4R3-S10 Juniper Networks Junos OS 20.2 versions prior to 20.2R3-S7 Juniper Networks Junos OS 20.3 versions prior to 20.3R3-S6 Juniper Networks Junos OS 20.4 versions prior to 20.4R3-S5 Juniper Networks Junos OS 21.1 versions prior to 21.1R3-S4 Juniper Networks Junos OS 21.2 versions prior to 21.2R3-S4 Juniper Networks Junos OS 21.3 versions prior to 21.3R3-S3 Juniper Networks Junos OS 21.4 versions prior to 21.4R3-S2 Juniper Networks Junos OS 22.1 versions prior to 22.1R2-S2, 22.1R3 Juniper Networks Junos OS 22.2 versions prior to 22.2R2, 22.2R3 Juniper Networks Junos OS 22.3 versions prior to 22.3R1-S1, 22.3R2 Juniper Networks Junos OS 22.4 versions prior to 22.4R2

Description The issue is related to an Unexpected Status Code or Return Value vulnerability in the kernel of Juniper Networks Junos OS. This vulnerability allows an unauthenticated attacker with physical access to the device to cause a Denial of Service (DoS) when certain USB devices are connected to a USB port of the routing-engine (RE). The kernel will crash, leading to a reboot of the device, and the device will continue to crash as long as the USB device is connected.

Recommendations For Juniper Networks Junos OS versions prior to 19.4R3-S10, update to version 19.4R3-S10 or later. For Juniper Networks Junos OS 20.2 versions prior to 20.2R3-S7, update to version 20.2R3-S7 or later. For Juniper Networks Junos OS 20.3 versions prior to 20.3R3-S6, update to version 20.3R3-S6 or later. For Juniper Networks Junos OS 20.4 versions prior to 20.4R3-S5, update to version 20.4R3-S5 or later. For Juniper Networks Junos OS 21.1 versions prior to 21.1R3-S4, update to version 21.1R3-S4 or later. For Juniper Networks Junos OS 21.2 versions prior to 21.2R3-S4, update to version 21.2R3-S4 or later. For Juniper Networks Junos OS 21.3 versions prior to 21.3R3-S3, update to version 21.3R3-S3 or later. For Juniper Networks Junos OS 21.4 versions prior to 21.4R3-S2, update to version 21.4R3-S2 or later. For Juniper Networks Junos OS 22.1 versions prior to 22.1R2-S2, 22.1R3, update to version 22.1R2-S2 or 22.1R3 or later. For Juniper Networks Junos OS 22.2 versions prior to 22.2R2, 22.2R3, update to version 22.2R2 or 22.2R3 or later. For Juniper Networks Junos OS 22.3 versions prior to 22.3R1-S1, 22.3R2, update to version 22.3R1-S1 or 22.3R2 or later. For Juniper Networks Junos OS 22.4 versions prior to 22.4R2, update to version 22.4R2 or later. As a temporary workaround, consider disconnecting USB devices from the routing-engine (RE) to prevent the kernel from crashing.