CVE-2023-22391

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS on ACX2K Series versions prior to 19.4R3-S9 Juniper Networks Junos OS on ACX2K Series versions 20.2 Juniper Networks Junos OS on ACX2K Series versions 20.3 through 20.3R3-S6 Juniper Networks Junos OS on ACX2K Series versions 20.4 through 20.4R3-S4 Juniper Networks Junos OS on ACX2K Series versions 21.1 Juniper Networks Junos OS on ACX2K Series versions 21.2 through 21.2R3-S3

Description A vulnerability in class-of-service (CoS) queue management in Juniper Networks Junos OS on the ACX2K Series devices allows an unauthenticated network-based attacker to cause a Denial of Service (DoS). Specific packets are being incorrectly routed to a queue used for other high-priority traffic such as BGP, PIM, ICMP, ICMPV6 ND and ISAKMP. Due to this misclassification of traffic, receipt of a high rate of these specific packets will cause delays in the processing of other traffic, leading to a Denial of Service (DoS). Continued receipt of this amount of traffic will create a sustained Denial of Service (DoS) condition.

Recommendations For versions prior to 19.4R3-S9, update to version 19.4R3-S9 or later. For versions 20.2, update to a version outside of the 20.2 series. For versions 20.3 through 20.3R3-S6, update to version 20.3R3-S6 or later. For versions 20.4 through 20.4R3-S4, update to version 20.4R3-S4 or later. For versions 21.1, update to a version outside of the 21.1 series. For versions 21.2 through 21.2R3-S3, update to version 21.2R3-S3 or later.