CVE-2023-22396

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions 12.3R12-S19 through 22.3R2 Juniper Networks Junos OS versions 15.1R7-S10 through 22.3R2 Juniper Networks Junos OS versions 17.3R3-S12 through 22.3R2 Juniper Networks Junos OS versions 18.4R3-S9 through 22.3R2 Juniper Networks Junos OS versions 19.1R3-S7 through 22.3R2 Juniper Networks Junos OS versions 19.2R3-S3 through 22.3R2 Juniper Networks Junos OS versions 19.3R2-S7 through 22.3R2 Juniper Networks Junos OS versions 19.4R2-S7 through 22.3R2 Juniper Networks Junos OS versions 20.1R3-S1 through 22.3R2 Juniper Networks Junos OS versions 20.2R3-S2 through 22.3R2 Juniper Networks Junos OS versions 20.3R3-S1 through 22.3R2 Juniper Networks Junos OS versions 20.4R2-S2 through 22.3R2 Juniper Networks Junos OS versions 21.1R2 through 22.3R2 Juniper Networks Junos OS versions 21.2R1-S1 through 22.3R2 Juniper Networks Junos OS versions 21.3 through 22.3R2 Juniper Networks Junos OS versions 21.4 through 22.3R2 Juniper Networks Junos OS versions 22.1 through 22.3R2 Juniper Networks Junos OS versions 22.2 through 22.3R2

Description An Uncontrolled Resource Consumption vulnerability in TCP processing on the Routing Engine of Juniper Networks Junos OS allows an unauthenticated network-based attacker to send crafted TCP packets destined to the device, resulting in an MBUF leak that ultimately leads to a Denial of Service. The system does not recover automatically and must be manually restarted to restore service. This issue occurs when crafted TCP packets are sent directly to a configured IPv4 or IPv6 interface on the device. Transit traffic will not trigger this issue. MBUF usage can be monitored through the use of the show system buffers command.

Recommendations For Juniper Networks Junos OS versions 12.3R12-S19 through 22.3R2, update to a fixed version to resolve the issue. For Juniper Networks Junos OS versions 15.1R7-S10 through 22.3R2, update to a fixed version to resolve the issue. For Juniper Networks Junos OS versions 17.3R3-S12 through 22.3R2, update to a fixed version to resolve the issue. For Juniper Networks Junos OS versions 18.4R3-S9 through 22.3R2, update to a fixed version to resolve the issue. For Juniper Networks Junos OS versions 19.1R3-S7 through 22.3R2, update to a fixed version to resolve the issue. For Juniper Networks Junos OS versions 19.2R3-S3 through 22.3R2, update to a fixed version to resolve the issue. For Juniper Networks Junos OS versions 19.3R2-S7 through 22.3R2, update to a fixed version to resolve the issue. For Juniper Networks Junos OS versions 19.4R2-S7 through 22.3R2, update to a fixed version to resolve the issue. For Juniper Networks Junos OS versions 20.1R3-S1 through 22.3R2, update to a fixed version to resolve the issue. For Juniper Networks Junos OS versions 20.2R3-S2 through 22.3R2, update to a fixed version to resolve the issue. For Juniper Networks Junos OS versions 20.3R3-S1 through 22.3R2, update to a fixed version to resolve the issue. For Juniper Networks Junos OS versions 20.4R2-S2 through 22.3R2, update to a fixed version to resolve the issue. For Juniper Networks Junos OS versions 21.1R2 through 22.3R2, update to a fixed version to resolve the issue. For Juniper Networks Junos OS versions 21.2R1-S1 through 22.3R2, update to a fixed version to resolve the issue. For Juniper Networks Junos OS versions 21.3 through 22.3R2, update to a fixed version to resolve the issue. For Juniper Networks Junos OS versions 21.4 through 22.3R2, update to a fixed version to resolve the issue. For Juniper Networks Junos OS versions 22.1 through 22.3R2, update to a fixed version to resolve the issue. For Juniper Networks Junos OS versions 22.2 through 22.3R2, update to a fixed version to resolve the issue. As a temporary workaround, consider monitoring MBUF usage through the show system buffers command to detect potential exploitation.