github - ghsa-6cxr-6qqw-c9xc

GHSA-6CXR-6QQW-C9XC

Vulnerability from github – Published: 2023-07-14 18:31 – Updated: 2024-04-04 06:08

Details

If an SRX is configured in L2 transparent mode the receipt of a specific genuine packet can cause a single Packet Processing Engines (PPE) component of the PFE to run into a loop, which in turn will render the PPE unavailable. Each packet will cause one PPE to get into a loop, leading to a gradual performance degradation until all PPEs are unavailable and all traffic processing stops. To recover the affected FPC need to be restarted.

This issue affects Juniper Networks Junos OS on SRX 4600 and SRX 5000 Series: 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S7; 20.3 version 20.3R1 and later versions; 20.4 versions prior to 20.4R3-S7; 21.1 versions prior to 21.1R3-S5; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3-S1; 22.1 versions prior to 22.1R3; 22.2 versions prior to 22.2R2; 22.3 versions prior to 22.3R1-S1, 22.3R2.

Severity ?

6.5 (Medium)


                  
                    CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-36834"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-372"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-07-14T18:15:10Z",
    "severity": "MODERATE"
  },
  "details": "An Incomplete Internal State Distinction vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX 4600 and SRX 5000 Series allows an adjacent attacker to cause a Denial of Service (DoS).\n\nIf an SRX is configured in L2 transparent mode the receipt of a specific genuine packet can cause a single Packet Processing Engines (PPE) component of the PFE to run into a loop, which in turn will render the PPE unavailable. Each packet will cause one PPE to get into a loop, leading to a gradual performance degradation until all PPEs are unavailable and all traffic processing stops. To recover the affected FPC need to be restarted.\n\nThis issue affects Juniper Networks Junos OS on SRX 4600 and SRX 5000 Series:\n20.1 version 20.1R1 and later versions;\n20.2 versions prior to 20.2R3-S7;\n20.3 version 20.3R1 and later versions;\n20.4 versions prior to 20.4R3-S7;\n21.1 versions prior to 21.1R3-S5;\n21.2 versions prior to 21.2R3-S3;\n21.3 versions prior to 21.3R3-S3;\n21.4 versions prior to 21.4R3-S1;\n22.1 versions prior to 22.1R3;\n22.2 versions prior to 22.2R2;\n22.3 versions prior to 22.3R1-S1, 22.3R2.\n",
  "id": "GHSA-6cxr-6qqw-c9xc",
  "modified": "2024-04-04T06:08:37Z",
  "published": "2023-07-14T18:31:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36834"
    },
    {
      "type": "WEB",
      "url": "https://supportportal.juniper.net/JSA71641"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2023-36834 (GCVE-0-2023-36834)

Vulnerability from cvelistv5 – Published: 2023-07-14 17:04 – Updated: 2024-10-22 14:30

Summary

An Incomplete Internal State Distinction vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX 4600 and SRX 5000 Series allows an adjacent attacker to cause a Denial of Service (DoS). If an SRX is configured in L2 transparent mode the receipt of a specific genuine packet can cause a single Packet Processing Engines (PPE) component of the PFE to run into a loop, which in turn will render the PPE unavailable. Each packet will cause one PPE to get into a loop, leading to a gradual performance degradation until all PPEs are unavailable and all traffic processing stops. To recover the affected FPC need to be restarted. This issue affects Juniper Networks Junos OS on SRX 4600 and SRX 5000 Series: 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S7; 20.3 version 20.3R1 and later versions; 20.4 versions prior to 20.4R3-S7; 21.1 versions prior to 21.1R3-S5; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3-S1; 22.1 versions prior to 22.1R3; 22.2 versions prior to 22.2R2; 22.3 versions prior to 22.3R1-S1, 22.3R2.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-372 - Incomplete Internal State Distinction
Denial of Service (DoS)

Assigner

juniper

References

URL

Tags

https://supportportal.juniper.net/JSA71641

Impacted products

	Vendor	Product	Version
	Juniper Networks	Junos OS	Affected: 20.1 , < 20.1* (custom) Affected: 20.2 , < 20.2R3-S7 (custom) Affected: 20.3 , < 20.3* (custom) Affected: 20.4 , < 20.4R3-S7 (custom) Affected: 21.1 , < 21.1R3-S5 (custom) Affected: 21.2 , < 21.2R3-S3 (custom) Affected: 21.3 , < 21.3R3-S3 (custom) Affected: 21.4 , < 21.4R3-S1 (custom) Affected: 22.1 , < 22.1R3 (custom) Affected: 22.2 , < 22.2R2 (custom) Affected: 22.3 , < 22.3R1-S1, 22.3R2 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:01:09.625Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://supportportal.juniper.net/JSA71641"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-36834",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T14:19:57.018718Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T14:30:54.560Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "SRX4600",
            "SRX 5000 Series"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "20.1R1",
                  "status": "affected"
                }
              ],
              "lessThan": "20.1*",
              "status": "affected",
              "version": "20.1",
              "versionType": "custom"
            },
            {
              "lessThan": "20.2R3-S7",
              "status": "affected",
              "version": "20.2",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "20.3R1",
                  "status": "affected"
                }
              ],
              "lessThan": "20.3*",
              "status": "affected",
              "version": "20.3",
              "versionType": "custom"
            },
            {
              "lessThan": "20.4R3-S7",
              "status": "affected",
              "version": "20.4",
              "versionType": "custom"
            },
            {
              "lessThan": "21.1R3-S5",
              "status": "affected",
              "version": "21.1",
              "versionType": "custom"
            },
            {
              "lessThan": "21.2R3-S3",
              "status": "affected",
              "version": "21.2",
              "versionType": "custom"
            },
            {
              "lessThan": "21.3R3-S3",
              "status": "affected",
              "version": "21.3",
              "versionType": "custom"
            },
            {
              "lessThan": "21.4R3-S1",
              "status": "affected",
              "version": "21.4",
              "versionType": "custom"
            },
            {
              "lessThan": "22.1R3",
              "status": "affected",
              "version": "22.1",
              "versionType": "custom"
            },
            {
              "lessThan": "22.2R2",
              "status": "affected",
              "version": "22.2",
              "versionType": "custom"
            },
            {
              "lessThan": "22.3R1-S1, 22.3R2",
              "status": "affected",
              "version": "22.3",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "To be exposed to this issue an SRX needs to be configured for L2 transparent mode like in the following example:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e\u0026nbsp; [ interfaces \u0026lt;interface1\u0026gt; unit \u0026lt;unit\u0026gt; family ethernet-switching vlan members \u0026lt;vlan\u0026gt; ]\u003cbr\u003e\u0026nbsp; [ interfaces \u0026lt;interface2\u0026gt; unit \u0026lt;unit\u0026gt; family ethernet-switching vlan members \u0026lt;vlan\u0026gt; ]\u003cbr\u003e\u0026nbsp; [ vlans \u0026lt;vlan\u0026gt; vlan-id \u0026lt;vlan ID\u0026gt; ]\u003c/tt\u003e"
            }
          ],
          "value": "To be exposed to this issue an SRX needs to be configured for L2 transparent mode like in the following example:\n\n\u00a0 [ interfaces \u003cinterface1\u003e unit \u003cunit\u003e family ethernet-switching vlan members \u003cvlan\u003e ]\n\u00a0 [ interfaces \u003cinterface2\u003e unit \u003cunit\u003e family ethernet-switching vlan members \u003cvlan\u003e ]\n\u00a0 [ vlans \u003cvlan\u003e vlan-id \u003cvlan ID\u003e ]"
        }
      ],
      "datePublic": "2023-07-12T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An Incomplete Internal State Distinction vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX 4600 and SRX 5000 Series allows an adjacent attacker to cause a Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003eIf an SRX is configured in L2 transparent mode the receipt of a specific genuine packet can cause a single Packet Processing Engines (PPE) component of the PFE to run into a loop, which in turn will render the PPE unavailable. Each packet will cause one PPE to get into a loop, leading to a gradual performance degradation until all PPEs are unavailable and all traffic processing stops. To recover the affected FPC need to be restarted.\u003cbr\u003e\u003cbr\u003eThis issue affects Juniper Networks Junos OS on SRX 4600 and SRX 5000 Series:\u003cbr\u003e20.1 version 20.1R1 and later versions;\u003cbr\u003e20.2 versions prior to 20.2R3-S7;\u003cbr\u003e20.3 version 20.3R1 and later versions;\u003cbr\u003e20.4 versions prior to 20.4R3-S7;\u003cbr\u003e21.1 versions prior to 21.1R3-S5;\u003cbr\u003e21.2 versions prior to 21.2R3-S3;\u003cbr\u003e21.3 versions prior to 21.3R3-S3;\u003cbr\u003e21.4 versions prior to 21.4R3-S1;\u003cbr\u003e22.1 versions prior to 22.1R3;\u003cbr\u003e22.2 versions prior to 22.2R2;\u003cbr\u003e22.3 versions prior to 22.3R1-S1, 22.3R2.\u003cbr\u003e"
            }
          ],
          "value": "An Incomplete Internal State Distinction vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX 4600 and SRX 5000 Series allows an adjacent attacker to cause a Denial of Service (DoS).\n\nIf an SRX is configured in L2 transparent mode the receipt of a specific genuine packet can cause a single Packet Processing Engines (PPE) component of the PFE to run into a loop, which in turn will render the PPE unavailable. Each packet will cause one PPE to get into a loop, leading to a gradual performance degradation until all PPEs are unavailable and all traffic processing stops. To recover the affected FPC need to be restarted.\n\nThis issue affects Juniper Networks Junos OS on SRX 4600 and SRX 5000 Series:\n20.1 version 20.1R1 and later versions;\n20.2 versions prior to 20.2R3-S7;\n20.3 version 20.3R1 and later versions;\n20.4 versions prior to 20.4R3-S7;\n21.1 versions prior to 21.1R3-S5;\n21.2 versions prior to 21.2R3-S3;\n21.3 versions prior to 21.3R3-S3;\n21.4 versions prior to 21.4R3-S1;\n22.1 versions prior to 22.1R3;\n22.2 versions prior to 22.2R2;\n22.3 versions prior to 22.3R1-S1, 22.3R2.\n"
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003cbr\u003e"
            }
          ],
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-372",
              "description": "CWE-372 Incomplete Internal State Distinction",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "description": "Denial of Service (DoS)",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-14T17:04:36.052Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "url": "https://supportportal.juniper.net/JSA71641"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The following software releases have been updated to resolve this specific issue: Junos OS 20.2R3-S7, 20.4R3-S7, 21.1R3-S5, 21.2R3-S3, 21.3R3-S3, 21.4R3-S1, 22.1R3, 22.2R2, 22.3R1-S1, 22.3R2, 22.4R1, and all subsequent releases.\u003cbr\u003e"
            }
          ],
          "value": "The following software releases have been updated to resolve this specific issue: Junos OS 20.2R3-S7, 20.4R3-S7, 21.1R3-S5, 21.2R3-S3, 21.3R3-S3, 21.4R3-S1, 22.1R3, 22.2R2, 22.3R1-S1, 22.3R2, 22.4R1, and all subsequent releases.\n"
        }
      ],
      "source": {
        "advisory": "JSA71641",
        "defect": [
          "1685927"
        ],
        "discovery": "USER"
      },
      "title": "Junos OS: SRX 4600 and SRX 5000 Series: The receipt of specific genuine packets by SRXes configured for L2 transparency will cause a DoS",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "There are no known workarounds for this issue.\u003cbr\u003e"
            }
          ],
          "value": "There are no known workarounds for this issue.\n"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2023-36834",
    "datePublished": "2023-07-14T17:04:36.052Z",
    "dateReserved": "2023-06-27T16:17:25.275Z",
    "dateUpdated": "2024-10-22T14:30:54.560Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-6CXR-6QQW-C9XC

CVE-2023-36834 (GCVE-0-2023-36834)

Tags

Sightings

Nomenclature