CVE-2023-44190

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS Evolved versions prior to 21.4R3-S5-EVO Juniper Networks Junos OS Evolved 22.1 versions prior to 22.1R3-S4-EVO Juniper Networks Junos OS Evolved 22.2 versions 22.2R1-EVO and later Juniper Networks Junos OS Evolved 22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO Juniper Networks Junos OS Evolved 22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO Juniper Networks Junos OS Evolved 23.2 versions prior to 23.2R1-S1-EVO, 23.2R2-EVO

Description The issue is related to an Origin Validation vulnerability in MAC address validation, which allows a network-adjacent attacker to bypass MAC address checking. This can cause the router to forward traffic if a valid route is present in the forwarding-table, leading to a loop and congestion in the downstream layer-2 domain connected to the device.

Recommendations For versions prior to 21.4R3-S5-EVO, update to version 21.4R3-S5-EVO or later. For 22.1 versions prior to 22.1R3-S4-EVO, update to version 22.1R3-S4-EVO or later. For 22.2 versions 22.2R1-EVO and later, no specific fix is provided, consider disabling the vulnerable MAC address validation mechanism as a temporary workaround. For 22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO, update to version 22.3R2-S2-EVO, 22.3R3-S1-EVO or later. For 22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO, update to version 22.4R2-S1-EVO, 22.4R3-EVO or later. For 23.2 versions prior to 23.2R1-S1-EVO, 23.2R2-EVO, update to version 23.2R1-S1-EVO, 23.2R2-EVO or later.