PT-2023-6135 · Juniper Networks · Junos

Published

2023-10-11

·

Updated

2023-10-20

·

CVE-2023-44181

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Junos OS versions prior to 20.2R3-S6 on QFX5k Junos OS versions 20.3 prior to 20.3R3-S5 on QFX5k Junos OS versions 20.4 prior to 20.4R3-S5 on QFX5k Junos OS versions 21.1 prior to 21.1R3-S4 on QFX5k Junos OS versions 21.2 prior to 21.2R3-S3 on QFX5k Junos OS versions 21.3 prior to 21.3R3-S2 on QFX5k Junos OS versions 21.4 prior to 21.4R3 on QFX5k Junos OS versions 22.1 prior to 22.1R3 on QFX5k Junos OS versions 22.2 prior to 22.2R2 on QFX5k
Description The issue is related to an improperly implemented security check for standard vulnerability in storm control of Juniper Networks Junos OS QFX5k devices, allowing packets to be punted to ARP queue, causing a l2 loop, and resulting in DDOS violations and DDOS syslog. This issue is triggered when Storm control is enabled and ICMPv6 packets are present on the device.
Recommendations For Junos OS versions prior to 20.2R3-S6 on QFX5k, update to version 20.2R3-S6 or later. For Junos OS versions 20.3 prior to 20.3R3-S5 on QFX5k, update to version 20.3R3-S5 or later. For Junos OS versions 20.4 prior to 20.4R3-S5 on QFX5k, update to version 20.4R3-S5 or later. For Junos OS versions 21.1 prior to 21.1R3-S4 on QFX5k, update to version 21.1R3-S4 or later. For Junos OS versions 21.2 prior to 21.2R3-S3 on QFX5k, update to version 21.2R3-S3 or later. For Junos OS versions 21.3 prior to 21.3R3-S2 on QFX5k, update to version 21.3R3-S2 or later. For Junos OS versions 21.4 prior to 21.4R3 on QFX5k, update to version 21.4R3 or later. For Junos OS versions 22.1 prior to 22.1R3 on QFX5k, update to version 22.1R3 or later. For Junos OS versions 22.2 prior to 22.2R2 on QFX5k, update to version 22.2R2 or later.

Fix

Infinite Loop

Weakness Enumeration

CWE-835

Related Identifiers

BDU:2023-06841
CVE-2023-44181

Affected Products

Junos