CVE-2023-44189

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS Evolved on PTX10003 Series versions prior to 21.4R3-S4-EVO Juniper Networks Junos OS Evolved on PTX10003 Series version 22.1 versions prior to 22.1R3-S3-EVO Juniper Networks Junos OS Evolved on PTX10003 Series version 22.2R1-EVO and later versions Juniper Networks Junos OS Evolved on PTX10003 Series version 22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO Juniper Networks Junos OS Evolved on PTX10003 Series version 22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO Juniper Networks Junos OS Evolved on PTX10003 Series version 23.2 versions prior to 23.2R2-EVO

Description The issue is related to an Origin Validation vulnerability in MAC address validation, allowing a network-adjacent attacker to bypass MAC address checking. This can cause the router to forward traffic if a valid route is present in the forwarding-table, leading to a loop and congestion in the downstream layer-2 domain connected to the device.

Recommendations For versions prior to 21.4R3-S4-EVO, update to version 21.4R3-S4-EVO or later. For version 22.1, update to version 22.1R3-S3-EVO or later. For version 22.2R1-EVO and later versions, restrict access to the vulnerable MAC address validation mechanism until a patch is available. For versions 22.3 prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO, update to version 22.3R2-S2-EVO, 22.3R3-S1-EVO or later. For versions 22.4 prior to 22.4R2-S1-EVO, 22.4R3-EVO, update to version 22.4R2-S1-EVO, 22.4R3-EVO or later. For versions 23.2 prior to 23.2R2-EVO, update to version 23.2R2-EVO or later.