CVE-2023-36848

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions prior to 19.1R3-S10 on MX Series Juniper Networks Junos OS 19.2 versions prior to 19.2R3-S7 on MX Series Juniper Networks Junos OS 19.3 versions prior to 19.3R3-S8 on MX Series Juniper Networks Junos OS 19.4 versions prior to 19.4R3-S12 on MX Series Juniper Networks Junos OS 20.1 version 20.1R1 and later versions on MX Series Juniper Networks Junos OS 20.2 versions prior to 20.2R3-S8 on MX Series Juniper Networks Junos OS 20.3 version 20.3R1 and later versions on MX Series Juniper Networks Junos OS 20.4 versions prior to 20.4R3-S7 on MX Series Juniper Networks Junos OS 21.1 versions prior to 21.1R3-S5 on MX Series Juniper Networks Junos OS 21.2 versions prior to 21.2R3-S5 on MX Series Juniper Networks Junos OS 21.3 versions prior to 21.3R3-S4 on MX Series Juniper Networks Junos OS 21.4 versions prior to 21.4R3-S4 on MX Series Juniper Networks Junos OS 22.1 versions prior to 22.1R3-S3 on MX Series Juniper Networks Junos OS 22.2 versions prior to 22.2R3-S1 on MX Series Juniper Networks Junos OS 22.3 versions prior to 22.3R3 on MX Series Juniper Networks Junos OS 22.4 versions prior to 22.4R1-S2, 22.4R2 on MX Series

Description The issue is related to an Improper Handling of Undefined Values vulnerability in the periodic packet management daemon (PPMD) of Juniper Networks Junos OS on MX Series. This vulnerability allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS) when a malformed CFM packet is received, leading to an FPC crash. The vulnerability occurs only when CFM has been configured on the interface.

Recommendations For Juniper Networks Junos OS versions prior to 19.1R3-S10 on MX Series, update to version 19.1R3-S10 or later. For Juniper Networks Junos OS 19.2 versions prior to 19.2R3-S7 on MX Series, update to version 19.2R3-S7 or later. For Juniper Networks Junos OS 19.3 versions prior to 19.3R3-S8 on MX Series, update to version 19.3R3-S8 or later. For Juniper Networks Junos OS 19.4 versions prior to 19.4R3-S12 on MX Series, update to version 19.4R3-S12 or later. For Juniper Networks Junos OS 20.1 version 20.1R1 and later versions on MX Series, no specific fix is provided. For Juniper Networks Junos OS 20.2 versions prior to 20.2R3-S8 on MX Series, update to version 20.2R3-S8 or later. For Juniper Networks Junos OS 20.3 version 20.3R1 and later versions on MX Series, no specific fix is provided. For Juniper Networks Junos OS 20.4 versions prior to 20.4R3-S7 on MX Series, update to version 20.4R3-S7 or later. For Juniper Networks Junos OS 21.1 versions prior to 21.1R3-S5 on MX Series, update to version 21.1R3-S5 or later. For Juniper Networks Junos OS 21.2 versions prior to 21.2R3-S5 on MX Series, update to version 21.2R3-S5 or later. For Juniper Networks Junos OS 21.3 versions prior to 21.3R3-S4 on MX Series, update to version 21.3R3-S4 or later. For Juniper Networks Junos OS 21.4 versions prior to 21.4R3-S4 on MX Series, update to version 21.4R3-S4 or later. For Juniper Networks Junos OS 22.1 versions prior to 22.1R3-S3 on MX Series, update to version 22.1R3-S3 or later. For Juniper Networks Junos OS 22.2 versions prior to 22.2R3-S1 on MX Series, update to version 22.2R3-S1 or later. For Juniper Networks Junos OS 22.3 versions prior to 22.3R3 on MX Series, update to version 22.3R3 or later. For Juniper Networks Junos OS 22.4 versions prior to 22.4R1-S2, 22.4R2 on MX Series, update to version 22.4R1-S2, 22.4R2 or later. As a temporary workaround, consider disabling the CFM configuration on the interface until a patch is available.