CVE-2023-44196

CVSS v3.1

6.5

Medium

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS Evolved versions prior to 20.4R3-S8-EVO Juniper Networks Junos OS Evolved version 21.1R1-EVO and later Juniper Networks Junos OS Evolved versions prior to 21.2R3-S6-EVO Juniper Networks Junos OS Evolved version 21.3R1-EVO and later Juniper Networks Junos OS Evolved versions prior to 21.4R3-S3-EVO Juniper Networks Junos OS Evolved versions prior to 22.1R3-S4-EVO Juniper Networks Junos OS Evolved versions prior to 22.2R3-S3-EVO Juniper Networks Junos OS Evolved versions prior to 22.3R2-S2-EVO, 22.3R3-EVO Juniper Networks Junos OS Evolved versions prior to 22.4R2-EVO

Description The issue is related to an improper check for unusual or exceptional conditions in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on PTX10003 Series, allowing an unauthenticated adjacent attacker to cause an impact to the integrity of the system. When specific transit MPLS packets are received by the PFE, these packets are internally forwarded to the RE.

Recommendations For versions prior to 20.4R3-S8-EVO, update to version 20.4R3-S8-EVO or later. For version 21.1R1-EVO and later, ensure you are running the latest patch. For versions prior to 21.2R3-S6-EVO, update to version 21.2R3-S6-EVO or later. For version 21.3R1-EVO and later, ensure you are running the latest patch. For versions prior to 21.4R3-S3-EVO, update to version 21.4R3-S3-EVO or later. For versions prior to 22.1R3-S4-EVO, update to version 22.1R3-S4-EVO or later. For versions prior to 22.2R3-S3-EVO, update to version 22.2R3-S3-EVO or later. For versions prior to 22.3R2-S2-EVO, 22.3R3-EVO, update to version 22.3R2-S2-EVO, 22.3R3-EVO or later. For versions prior to 22.4R2-EVO, update to version 22.4R2-EVO or later.

Fix

Improper Check for Exceptional Conditions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-754

Related Identifiers

BDU:2023-07020

CVE-2023-44196

Affected Products

Junos Evolved

CVE-2023-44196

Weakness Enumeration

Related Identifiers

Affected Products

References · 6