CVE-2023-36834

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS on SRX 4600 and SRX 5000 Series versions 20.1R1 and later versions Juniper Networks Junos OS on SRX 4600 and SRX 5000 Series versions 20.2 through 20.2R3-S6 Juniper Networks Junos OS on SRX 4600 and SRX 5000 Series versions 20.3R1 and later versions Juniper Networks Junos OS on SRX 4600 and SRX 5000 Series versions 20.4 through 20.4R3-S6 Juniper Networks Junos OS on SRX 4600 and SRX 5000 Series versions 21.1 through 21.1R3-S4 Juniper Networks Junos OS on SRX 4600 and SRX 5000 Series versions 21.2 through 21.2R3-S2 Juniper Networks Junos OS on SRX 4600 and SRX 5000 Series versions 21.3 through 21.3R3-S2 Juniper Networks Junos OS on SRX 4600 and SRX 5000 Series versions 21.4 through 21.4R3 Juniper Networks Junos OS on SRX 4600 and SRX 5000 Series versions 22.1 through 22.1R2 Juniper Networks Junos OS on SRX 4600 and SRX 5000 Series versions 22.2 through 22.2R1 Juniper Networks Junos OS on SRX 4600 and SRX 5000 Series versions 22.3 through 22.3R1

Description An Incomplete Internal State Distinction issue in the packet forwarding engine of Juniper Networks Junos OS on SRX 4600 and SRX 5000 Series allows an adjacent attacker to cause a Denial of Service. If an SRX is configured in L2 transparent mode, the receipt of a specific genuine packet can cause a single Packet Processing Engines component to run into a loop, rendering it unavailable. Each packet will cause one component to get into a loop, leading to gradual performance degradation until all components are unavailable and all traffic processing stops. To recover, the affected FPC needs to be restarted.

Recommendations For versions 20.1R1 and later, update to a version later than 20.2R3-S7, 20.4R3-S7, 21.1R3-S5, 21.2R3-S3, 21.3R3-S3, 21.4R3-S1, 22.1R3, 22.2R2, or 22.3R1-S1. For versions 20.2 through 20.2R3-S6, update to version 20.2R3-S7 or later. For versions 20.3R1 and later, update to a version later than 20.4R3-S7, 21.1R3-S5, 21.2R3-S3, 21.3R3-S3, 21.4R3-S1, 22.1R3, 22.2R2, or 22.3R1-S1. For versions 20.4 through 20.4R3-S6, update to version 20.4R3-S7 or later. For versions 21.1 through 21.1R3-S4, update to version 21.1R3-S5 or later. For versions 21.2 through 21.2R3-S2, update to version 21.2R3-S3 or later. For versions 21.3 through 21.3R3-S2, update to version 21.3R3-S3 or later. For versions 21.4 through 21.4R3, update to a version later than 21.4R3. For versions 22.1 through 22.1R2, update to version 22.1R3 or later. For versions 22.2 through 22.2R1, update to version 22.2R2 or later. For versions 22.3 through 22.3R1, update to a version later than 22.3R1.