CVE-2023-36850

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions prior to 19.1R3-S10 on MX Series Juniper Networks Junos OS 19.2 versions prior to 19.2R3-S7 on MX Series Juniper Networks Junos OS 19.3 versions prior to 19.3R3-S8 on MX Series Juniper Networks Junos OS 19.4 versions prior to 19.4R3-S12 on MX Series Juniper Networks Junos OS 20.1 version 20.1R1 and later versions on MX Series Juniper Networks Junos OS 20.2 versions prior to 20.2R3-S7 on MX Series Juniper Networks Junos OS 20.3 version 20.3R1 and later versions on MX Series Juniper Networks Junos OS 20.4 versions prior to 20.4R3-S7 on MX Series Juniper Networks Junos OS 21.1 versions prior to 21.1R3-S5 on MX Series Juniper Networks Junos OS 21.2 versions prior to 21.2R3-S4 on MX Series Juniper Networks Junos OS 21.3 versions prior to 21.3R3-S4 on MX Series Juniper Networks Junos OS 21.4 versions prior to 21.4R3-S3 on MX Series Juniper Networks Junos OS 22.1 versions prior to 22.1R3-S2 on MX Series Juniper Networks Junos OS 22.2 versions prior to 22.2R3 on MX Series Juniper Networks Junos OS 22.3 versions prior to 22.3R2, 22.3R3 on MX Series Juniper Networks Junos OS 22.4 versions prior to 22.4R2 on MX Series

Description The issue is related to an improper validation of specified index, position, or offset in input in the Connectivity Fault Management (CFM) module of Juniper Networks Junos OS on MX Series. This can allow an adjacent attacker on the local broadcast domain to cause a Denial of Service (DoS) by sending a malformed CFM packet, which can cause the MPC to crash. Continued receipt of these packets can lead to a sustained denial of service. This issue can only be triggered when CFM hasn't been configured.

Recommendations For Juniper Networks Junos OS versions prior to 19.1R3-S10 on MX Series, update to version 19.1R3-S10 or later. For Juniper Networks Junos OS 19.2 versions prior to 19.2R3-S7 on MX Series, update to version 19.2R3-S7 or later. For Juniper Networks Junos OS 19.3 versions prior to 19.3R3-S8 on MX Series, update to version 19.3R3-S8 or later. For Juniper Networks Junos OS 19.4 versions prior to 19.4R3-S12 on MX Series, update to version 19.4R3-S12 or later. For Juniper Networks Junos OS 20.1 version 20.1R1 and later versions on MX Series, no specific fix is provided. For Juniper Networks Junos OS 20.2 versions prior to 20.2R3-S7 on MX Series, update to version 20.2R3-S7 or later. For Juniper Networks Junos OS 20.3 version 20.3R1 and later versions on MX Series, no specific fix is provided. For Juniper Networks Junos OS 20.4 versions prior to 20.4R3-S7 on MX Series, update to version 20.4R3-S7 or later. For Juniper Networks Junos OS 21.1 versions prior to 21.1R3-S5 on MX Series, update to version 21.1R3-S5 or later. For Juniper Networks Junos OS 21.2 versions prior to 21.2R3-S4 on MX Series, update to version 21.2R3-S4 or later. For Juniper Networks Junos OS 21.3 versions prior to 21.3R3-S4 on MX Series, update to version 21.3R3-S4 or later. For Juniper Networks Junos OS 21.4 versions prior to 21.4R3-S3 on MX Series, update to version 21.4R3-S3 or later. For Juniper Networks Junos OS 22.1 versions prior to 22.1R3-S2 on MX Series, update to version 22.1R3-S2 or later. For Juniper Networks Junos OS 22.2 versions prior to 22.2R3 on MX Series, update to version 22.2R3 or later. For Juniper Networks Junos OS 22.3 versions prior to 22.3R2, 22.3R3 on MX Series, update to version 22.3R2 or 22.3R3 or later. For Juniper Networks Junos OS 22.4 versions prior to 22.4R2 on MX Series, update to version 22.4R2 or later. As a temporary workaround, consider disabling the CFM module until a patch is available.