Action not permitted
Modal body text goes here.
Modal Title
Modal Body
WID-SEC-W-2023-0072
Vulnerability from csaf_certbund - Published: 2023-01-11 23:00 - Updated: 2023-01-11 23:00Summary
Juniper JUNOS, QFX Series, EX Series: Mehrere Schwachstellen ermöglichen Denial of Service
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
JUNOS ist das "Juniper Network Operating System", das in Juniper Appliances verwendet wird.
Die Switches der QFX-Serie von Juniper sichern und automatisieren Netzwerke in Rechenzentren.
Bei den Switches der Juniper EX-Serie handelt es sich um Access- und Aggregations-/Core-Layer-Switches.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Juniper JUNOS, Juniper QFX Series und Juniper EX Series ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme
- BIOS/Firmware
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "JUNOS ist das \"Juniper Network Operating System\", das in Juniper Appliances verwendet wird.\r\nDie Switches der QFX-Serie von Juniper sichern und automatisieren Netzwerke in Rechenzentren. \r\nBei den Switches der Juniper EX-Serie handelt es sich um Access- und Aggregations-/Core-Layer-Switches.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Juniper JUNOS, Juniper QFX Series und Juniper EX Series ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- BIOS/Firmware",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-0072 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0072.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-0072 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0072"
},
{
"category": "external",
"summary": "Juniper Security Advisory vom 2023-01-11",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA70210"
},
{
"category": "external",
"summary": "Juniper Security Advisory vom 2023-01-11",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA70201"
},
{
"category": "external",
"summary": "Juniper Security Advisory vom 2023-01-11",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA70199"
},
{
"category": "external",
"summary": "Juniper Security Advisory vom 2023-01-11",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA70195"
},
{
"category": "external",
"summary": "Juniper Security Advisory vom 2023-01-11",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA70192"
},
{
"category": "external",
"summary": "Juniper Security Advisory vom 2023-01-11",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA70191"
},
{
"category": "external",
"summary": "Juniper Security Advisory vom 2023-01-11",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA70187"
}
],
"source_lang": "en-US",
"title": "Juniper JUNOS, QFX Series, EX Series: Mehrere Schwachstellen erm\u00f6glichen Denial of Service",
"tracking": {
"current_release_date": "2023-01-11T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:41:15.542+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-0072",
"initial_release_date": "2023-01-11T23:00:00.000+00:00",
"revision_history": [
{
"date": "2023-01-11T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Juniper EX Series EX46xx",
"product": {
"name": "Juniper EX Series EX46xx",
"product_id": "T025819",
"product_identification_helper": {
"cpe": "cpe:/h:juniper:ex:ex46xx"
}
}
},
{
"branches": [
{
"category": "product_name",
"name": "Juniper JUNOS",
"product": {
"name": "Juniper JUNOS",
"product_id": "5930",
"product_identification_helper": {
"cpe": "cpe:/o:juniper:junos:-"
}
}
},
{
"category": "product_name",
"name": "Juniper JUNOS ACX2K Series",
"product": {
"name": "Juniper JUNOS ACX2K Series",
"product_id": "T025816",
"product_identification_helper": {
"cpe": "cpe:/o:juniper:junos:acx2k_series"
}
}
}
],
"category": "product_name",
"name": "JUNOS"
},
{
"branches": [
{
"category": "product_name",
"name": "Juniper QFX Series QFX10K",
"product": {
"name": "Juniper QFX Series QFX10K",
"product_id": "T025817",
"product_identification_helper": {
"cpe": "cpe:/h:juniper:qfx:qfx10k"
}
}
},
{
"category": "product_name",
"name": "Juniper QFX Series QFX5k",
"product": {
"name": "Juniper QFX Series QFX5k",
"product_id": "T025818",
"product_identification_helper": {
"cpe": "cpe:/h:juniper:qfx:qfx5k"
}
}
}
],
"category": "product_name",
"name": "QFX Series"
}
],
"category": "vendor",
"name": "Juniper"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-22414",
"notes": [
{
"category": "description",
"text": "In Juniper JUNOS, Juniper QFX Series und Juniper EX Series existieren mehrere Schwachstellen. Die Fehler bestehen darin, dass Pakete f\u00e4lschlicherweise in eine Warteschlange geleitet werden, die f\u00fcr anderen Verkehr mit hoher Priorit\u00e4t verwendet wird, ein Pufferleck und schlie\u00dflich ein Verbindungsverlust, ein MBUF-Leck, ein Absturz der Packet Forwarding Engine (PFE), ICCP-Verbindungsabbr\u00fcche und Synchronisierungsprobleme, eine nicht ordnungsgem\u00e4\u00dfe Erhaltung der Konsistenz und eine fehlende Freigabe des Speichers. Ein entfernter, anonymer Angreifer oder ein Angreifer aus dem angrenzenden Netzwerk kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"T025817",
"T025816",
"5930",
"T025819",
"T025818"
]
},
"release_date": "2023-01-11T23:00:00.000+00:00",
"title": "CVE-2023-22414"
},
{
"cve": "CVE-2023-22405",
"notes": [
{
"category": "description",
"text": "In Juniper JUNOS, Juniper QFX Series und Juniper EX Series existieren mehrere Schwachstellen. Die Fehler bestehen darin, dass Pakete f\u00e4lschlicherweise in eine Warteschlange geleitet werden, die f\u00fcr anderen Verkehr mit hoher Priorit\u00e4t verwendet wird, ein Pufferleck und schlie\u00dflich ein Verbindungsverlust, ein MBUF-Leck, ein Absturz der Packet Forwarding Engine (PFE), ICCP-Verbindungsabbr\u00fcche und Synchronisierungsprobleme, eine nicht ordnungsgem\u00e4\u00dfe Erhaltung der Konsistenz und eine fehlende Freigabe des Speichers. Ein entfernter, anonymer Angreifer oder ein Angreifer aus dem angrenzenden Netzwerk kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"T025817",
"T025816",
"5930",
"T025819",
"T025818"
]
},
"release_date": "2023-01-11T23:00:00.000+00:00",
"title": "CVE-2023-22405"
},
{
"cve": "CVE-2023-22403",
"notes": [
{
"category": "description",
"text": "In Juniper JUNOS, Juniper QFX Series und Juniper EX Series existieren mehrere Schwachstellen. Die Fehler bestehen darin, dass Pakete f\u00e4lschlicherweise in eine Warteschlange geleitet werden, die f\u00fcr anderen Verkehr mit hoher Priorit\u00e4t verwendet wird, ein Pufferleck und schlie\u00dflich ein Verbindungsverlust, ein MBUF-Leck, ein Absturz der Packet Forwarding Engine (PFE), ICCP-Verbindungsabbr\u00fcche und Synchronisierungsprobleme, eine nicht ordnungsgem\u00e4\u00dfe Erhaltung der Konsistenz und eine fehlende Freigabe des Speichers. Ein entfernter, anonymer Angreifer oder ein Angreifer aus dem angrenzenden Netzwerk kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"T025817",
"T025816",
"5930",
"T025819",
"T025818"
]
},
"release_date": "2023-01-11T23:00:00.000+00:00",
"title": "CVE-2023-22403"
},
{
"cve": "CVE-2023-22399",
"notes": [
{
"category": "description",
"text": "In Juniper JUNOS, Juniper QFX Series und Juniper EX Series existieren mehrere Schwachstellen. Die Fehler bestehen darin, dass Pakete f\u00e4lschlicherweise in eine Warteschlange geleitet werden, die f\u00fcr anderen Verkehr mit hoher Priorit\u00e4t verwendet wird, ein Pufferleck und schlie\u00dflich ein Verbindungsverlust, ein MBUF-Leck, ein Absturz der Packet Forwarding Engine (PFE), ICCP-Verbindungsabbr\u00fcche und Synchronisierungsprobleme, eine nicht ordnungsgem\u00e4\u00dfe Erhaltung der Konsistenz und eine fehlende Freigabe des Speichers. Ein entfernter, anonymer Angreifer oder ein Angreifer aus dem angrenzenden Netzwerk kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"T025817",
"T025816",
"5930",
"T025819",
"T025818"
]
},
"release_date": "2023-01-11T23:00:00.000+00:00",
"title": "CVE-2023-22399"
},
{
"cve": "CVE-2023-22396",
"notes": [
{
"category": "description",
"text": "In Juniper JUNOS, Juniper QFX Series und Juniper EX Series existieren mehrere Schwachstellen. Die Fehler bestehen darin, dass Pakete f\u00e4lschlicherweise in eine Warteschlange geleitet werden, die f\u00fcr anderen Verkehr mit hoher Priorit\u00e4t verwendet wird, ein Pufferleck und schlie\u00dflich ein Verbindungsverlust, ein MBUF-Leck, ein Absturz der Packet Forwarding Engine (PFE), ICCP-Verbindungsabbr\u00fcche und Synchronisierungsprobleme, eine nicht ordnungsgem\u00e4\u00dfe Erhaltung der Konsistenz und eine fehlende Freigabe des Speichers. Ein entfernter, anonymer Angreifer oder ein Angreifer aus dem angrenzenden Netzwerk kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"T025817",
"T025816",
"5930",
"T025819",
"T025818"
]
},
"release_date": "2023-01-11T23:00:00.000+00:00",
"title": "CVE-2023-22396"
},
{
"cve": "CVE-2023-22395",
"notes": [
{
"category": "description",
"text": "In Juniper JUNOS, Juniper QFX Series und Juniper EX Series existieren mehrere Schwachstellen. Die Fehler bestehen darin, dass Pakete f\u00e4lschlicherweise in eine Warteschlange geleitet werden, die f\u00fcr anderen Verkehr mit hoher Priorit\u00e4t verwendet wird, ein Pufferleck und schlie\u00dflich ein Verbindungsverlust, ein MBUF-Leck, ein Absturz der Packet Forwarding Engine (PFE), ICCP-Verbindungsabbr\u00fcche und Synchronisierungsprobleme, eine nicht ordnungsgem\u00e4\u00dfe Erhaltung der Konsistenz und eine fehlende Freigabe des Speichers. Ein entfernter, anonymer Angreifer oder ein Angreifer aus dem angrenzenden Netzwerk kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"T025817",
"T025816",
"5930",
"T025819",
"T025818"
]
},
"release_date": "2023-01-11T23:00:00.000+00:00",
"title": "CVE-2023-22395"
},
{
"cve": "CVE-2023-22391",
"notes": [
{
"category": "description",
"text": "In Juniper JUNOS, Juniper QFX Series und Juniper EX Series existieren mehrere Schwachstellen. Die Fehler bestehen darin, dass Pakete f\u00e4lschlicherweise in eine Warteschlange geleitet werden, die f\u00fcr anderen Verkehr mit hoher Priorit\u00e4t verwendet wird, ein Pufferleck und schlie\u00dflich ein Verbindungsverlust, ein MBUF-Leck, ein Absturz der Packet Forwarding Engine (PFE), ICCP-Verbindungsabbr\u00fcche und Synchronisierungsprobleme, eine nicht ordnungsgem\u00e4\u00dfe Erhaltung der Konsistenz und eine fehlende Freigabe des Speichers. Ein entfernter, anonymer Angreifer oder ein Angreifer aus dem angrenzenden Netzwerk kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"T025817",
"T025816",
"5930",
"T025819",
"T025818"
]
},
"release_date": "2023-01-11T23:00:00.000+00:00",
"title": "CVE-2023-22391"
}
]
}
CVE-2023-22405 (GCVE-0-2023-22405)
Vulnerability from cvelistv5 – Published: 2023-01-12 00:00 – Updated: 2025-04-07 15:38
VLAI?
EPSS
Summary
An Improper Preservation of Consistency Between Independent Representations of Shared State vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS) to device due to out of resources. When a device is configured with "service-provider/SP style" switching, and mac-limiting is configured on an Aggregated Ethernet (ae) interface, and then a PFE is restarted or the device is rebooted, mac-limiting doesn't work anymore. Please note that the issue might not be apparent as traffic will continue to flow through the device although the mac table and respective logs will indicate that mac limit is reached. Functionality can be restored by removing and re-adding the MAC limit configuration. This issue affects Juniper Networks Junos OS on QFX5k Series, EX46xx Series: All versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3 on; 21.4 versions prior to 21.4R3 on; 22.1 versions prior to 22.1R2 on.
Severity ?
6.5 (Medium)
CWE
- CWE-1250 - Improper Preservation of Consistency Between Independent Representations of Shared State
- Denial of Service (DoS)
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
unspecified , < 20.2R3-S5
(custom)
Affected: 20.3 , < 20.3R3-S5 (custom) Affected: 20.4 , < 20.4R3-S4 (custom) Affected: 21.1 , < 21.1R3-S3 (custom) Affected: 21.2 , < 21.2R3-S1 (custom) Affected: 21.3 , < 21.3R3 (custom) Affected: 21.4 , < 21.4R3 (custom) Affected: 22.1 , < 22.1R2 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.juniper.net/JSA70201"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22405",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T15:00:37.278215Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T15:38:23.836Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"QFX5k Series, EX46xx Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.2R3-S5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "20.3R3-S5",
"status": "affected",
"version": "20.3",
"versionType": "custom"
},
{
"lessThan": "20.4R3-S4",
"status": "affected",
"version": "20.4",
"versionType": "custom"
},
{
"lessThan": "21.1R3-S3",
"status": "affected",
"version": "21.1",
"versionType": "custom"
},
{
"lessThan": "21.2R3-S1",
"status": "affected",
"version": "21.2",
"versionType": "custom"
},
{
"lessThan": "21.3R3",
"status": "affected",
"version": "21.3",
"versionType": "custom"
},
{
"lessThan": "21.4R3",
"status": "affected",
"version": "21.4",
"versionType": "custom"
},
{
"lessThan": "22.1R2",
"status": "affected",
"version": "22.1",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "To be vulnerable to this issue a \"service provider/SP\"-style configuration like the following needs to be present:\n\n [interfaces \u003cinterface\u003e ether-options 802.3ad ae\u003c#\u003e]\n [interfaces ae\u003c#\u003e unit \u003cunit\u003e vlan-id \u003cid\u003e]\n [switch-options interface ae\u003c#\u003e.\u003cid\u003e interface-mac-limit \u003climit\u003e]\n [switch-options interface ae\u003c#\u003e.\u003cid\u003e interface-mac-limit packet-action \u003caction\u003e]"
}
],
"datePublic": "2023-01-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Improper Preservation of Consistency Between Independent Representations of Shared State vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS) to device due to out of resources. When a device is configured with \"service-provider/SP style\" switching, and mac-limiting is configured on an Aggregated Ethernet (ae) interface, and then a PFE is restarted or the device is rebooted, mac-limiting doesn\u0027t work anymore. Please note that the issue might not be apparent as traffic will continue to flow through the device although the mac table and respective logs will indicate that mac limit is reached. Functionality can be restored by removing and re-adding the MAC limit configuration. This issue affects Juniper Networks Junos OS on QFX5k Series, EX46xx Series: All versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3 on; 21.4 versions prior to 21.4R3 on; 22.1 versions prior to 22.1R2 on."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1250",
"description": "CWE-1250 Improper Preservation of Consistency Between Independent Representations of Shared State",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-12T00:00:00.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"url": "https://kb.juniper.net/JSA70201"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R3-S3, 21.2R3-S1, 21.3R3, 21.4R3, 22.1R2, 22.2R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA70201",
"defect": [
"1659873"
],
"discovery": "USER"
},
"title": "Junos OS: QFX5k Series, EX46xx Series: MAC limiting feature stops working after PFE restart or device reboot",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2023-22405",
"datePublished": "2023-01-12T00:00:00.000Z",
"dateReserved": "2022-12-27T00:00:00.000Z",
"dateUpdated": "2025-04-07T15:38:23.836Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22399 (GCVE-0-2023-22399)
Vulnerability from cvelistv5 – Published: 2023-01-12 00:00 – Updated: 2025-04-07 15:39
VLAI?
EPSS
Summary
When sFlow is enabled and it monitors a packet forwarded via ECMP, a buffer management vulnerability in the dcpfe process of Juniper Networks Junos OS on QFX10K Series systems allows an attacker to cause the Packet Forwarding Engine (PFE) to crash and restart by sending specific genuine packets to the device, resulting in a Denial of Service (DoS) condition. The dcpfe process tries to copy more data into a smaller buffer, which overflows and corrupts the buffer, causing a crash of the dcpfe process. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS on QFX10K Series: All versions prior to 19.4R3-S9; 20.2 versions prior to 20.2R3-S6; 20.3 versions prior to 20.3R3-S6; 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S2; 21.4 versions prior to 21.4R2-S2, 21.4R3; 22.1 versions prior to 22.1R2; 22.2 versions prior to 22.2R1-S2, 22.2R2.
Severity ?
7.5 (High)
CWE
- CWE-120 - Buffer Overflow
- Denial of Service (DoS)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
unspecified , < 19.4R3-S9
(custom)
Affected: 20.2 , < 20.2R3-S6 (custom) Affected: 20.3 , < 20.3R3-S6 (custom) Affected: 20.4 , < 20.4R3-S5 (custom) Affected: 21.1 , < 21.1R3-S4 (custom) Affected: 21.2 , < 21.2R3-S3 (custom) Affected: 21.3 , < 21.3R3-S2 (custom) Affected: 21.4 , < 21.4R2-S2, 21.4R3 (custom) Affected: 22.1 , < 22.1R2 (custom) Affected: 22.2 , < 22.2R1-S2, 22.2R2 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.528Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.juniper.net/JSA70195"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.juniper.net/documentation/us/en/software/junos/network-mgmt/topics/topic-map/sflow-monitoring-technology.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22399",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T15:08:09.076242Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T15:39:48.371Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"QFX10K Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "19.4R3-S9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "20.2R3-S6",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R3-S6",
"status": "affected",
"version": "20.3",
"versionType": "custom"
},
{
"lessThan": "20.4R3-S5",
"status": "affected",
"version": "20.4",
"versionType": "custom"
},
{
"lessThan": "21.1R3-S4",
"status": "affected",
"version": "21.1",
"versionType": "custom"
},
{
"lessThan": "21.2R3-S3",
"status": "affected",
"version": "21.2",
"versionType": "custom"
},
{
"lessThan": "21.3R3-S2",
"status": "affected",
"version": "21.3",
"versionType": "custom"
},
{
"lessThan": "21.4R2-S2, 21.4R3",
"status": "affected",
"version": "21.4",
"versionType": "custom"
},
{
"lessThan": "22.1R2",
"status": "affected",
"version": "22.1",
"versionType": "custom"
},
{
"lessThan": "22.2R1-S2, 22.2R2",
"status": "affected",
"version": "22.2",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "This issue only affects systems with sFlow enabled. An example sFlow configuration is shown below:\n\n [protocols sflow collector \u003cip-address\u003e udp-port \u003cport-number\u003e]\n [protocols sflow interfaces \u003cinterface-name\u003e polling-interval \u003cseconds\u003e sample-rate \u003cnumber\u003e]\n"
}
],
"datePublic": "2023-01-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "When sFlow is enabled and it monitors a packet forwarded via ECMP, a buffer management vulnerability in the dcpfe process of Juniper Networks Junos OS on QFX10K Series systems allows an attacker to cause the Packet Forwarding Engine (PFE) to crash and restart by sending specific genuine packets to the device, resulting in a Denial of Service (DoS) condition. The dcpfe process tries to copy more data into a smaller buffer, which overflows and corrupts the buffer, causing a crash of the dcpfe process. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS on QFX10K Series: All versions prior to 19.4R3-S9; 20.2 versions prior to 20.2R3-S6; 20.3 versions prior to 20.3R3-S6; 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S2; 21.4 versions prior to 21.4R2-S2, 21.4R3; 22.1 versions prior to 22.1R2; 22.2 versions prior to 22.2R1-S2, 22.2R2."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-12T00:00:00.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"url": "https://kb.juniper.net/JSA70195"
},
{
"url": "https://www.juniper.net/documentation/us/en/software/junos/network-mgmt/topics/topic-map/sflow-monitoring-technology.html"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 19.4R3-S9, 20.2R3-S6, 20.3R3-S6, 20.4R3-S5, 21.1R3-S4, 21.2R3-S3, 21.3R3-S2, 21.4R2-S2, 21.4R3, 22.1R2, 22.2R1-S2, 22.2R2, 22.3R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA70195",
"defect": [
"1668330"
],
"discovery": "USER"
},
"title": "Junos OS: QFX10K Series: PFE crash upon receipt of specific genuine packets when sFlow is enabled",
"workarounds": [
{
"lang": "en",
"value": "1. Prevent sflow from monitoring ECMP forwarded packets.\n\n2. Temporarily disable sFlow to mitigate this issue.\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2023-22399",
"datePublished": "2023-01-12T00:00:00.000Z",
"dateReserved": "2022-12-27T00:00:00.000Z",
"dateUpdated": "2025-04-07T15:39:48.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22403 (GCVE-0-2023-22403)
Vulnerability from cvelistv5 – Published: 2023-01-12 00:00 – Updated: 2025-04-07 19:55
VLAI?
EPSS
Summary
An Allocation of Resources Without Limits or Throttling vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).
On QFX10K Series, Inter-Chassis Control Protocol (ICCP) is used in MC-LAG topologies to exchange control information between the devices in the topology. ICCP connection flaps and sync issues will be observed due to excessive specific traffic to the local device.
This issue affects Juniper Networks Junos OS on QFX10K Series:
* All versions prior to 20.2R3-S7;
* 20.4 versions prior to 20.4R3-S4;
* 21.1 versions prior to 21.1R3-S3;
* 21.2 versions prior to 21.2R3-S1;
* 21.3 versions prior to 21.3R3;
* 21.4 versions prior to 21.4R3;
* 22.1 versions prior to 22.1R2.
Severity ?
7.5 (High)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
- Denial of Service (DoS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
unspecified , < 20.2R3-S7
(custom)
Affected: 20.4 , < 20.4R3-S4 (custom) Affected: 21.1 , < 21.1R3-S3 (custom) Affected: 21.2 , < 21.2R3-S1 (custom) Affected: 21.3 , < 21.3R3 (custom) Affected: 21.4 , < 21.4R3 (custom) Affected: 22.1 , < 22.1R2 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.545Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA70199"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22403",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T19:55:03.227843Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T19:55:11.399Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"QFX10K Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.2R3-S7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "20.4R3-S4",
"status": "affected",
"version": "20.4",
"versionType": "custom"
},
{
"lessThan": "21.1R3-S3",
"status": "affected",
"version": "21.1",
"versionType": "custom"
},
{
"lessThan": "21.2R3-S1",
"status": "affected",
"version": "21.2",
"versionType": "custom"
},
{
"lessThan": "21.3R3",
"status": "affected",
"version": "21.3",
"versionType": "custom"
},
{
"lessThan": "21.4R3",
"status": "affected",
"version": "21.4",
"versionType": "custom"
},
{
"lessThan": "22.1R2",
"status": "affected",
"version": "22.1",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTo be exposed to this issue a minimal ICCP configuration like the following needs to be present:\u003c/p\u003e\u003ccode\u003e [protocols iccp peer \u0026lt;peer-IP\u0026gt; ...] \u003c/code\u003e\u003cbr/\u003e"
}
],
"value": "To be exposed to this issue a minimal ICCP configuration like the following needs to be present:\n\n [protocols iccp peer \u003cpeer-IP\u003e ...] \n"
}
],
"datePublic": "2023-01-11T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eAn Allocation of Resources Without Limits or Throttling vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eOn QFX10K Series, Inter-Chassis Control Protocol (ICCP) is used in MC-LAG topologies to exchange control information between the devices in the topology. ICCP connection flaps and sync issues will be observed due to excessive specific traffic to the local device.\u003cbr\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Juniper Networks Junos OS on QFX10K Series:\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions prior to 20.2R3-S7;\u003c/li\u003e\u003cli\u003e20.4 versions prior to 20.4R3-S4;\u003c/li\u003e\u003cli\u003e21.1 versions prior to 21.1R3-S3;\u003c/li\u003e\u003cli\u003e21.2 versions prior to 21.2R3-S1;\u003c/li\u003e\u003cli\u003e21.3 versions prior to 21.3R3;\u003c/li\u003e\u003cli\u003e21.4 versions prior to 21.4R3;\u003c/li\u003e\u003cli\u003e22.1 versions prior to 22.1R2.\u003c/li\u003e\u003c/ul\u003e\n\n"
}
],
"value": "\nAn Allocation of Resources Without Limits or Throttling vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).\n\n\n\nOn QFX10K Series, Inter-Chassis Control Protocol (ICCP) is used in MC-LAG topologies to exchange control information between the devices in the topology. ICCP connection flaps and sync issues will be observed due to excessive specific traffic to the local device.\n\n\n\nThis issue affects Juniper Networks Junos OS on QFX10K Series:\n\n * All versions prior to 20.2R3-S7;\n * 20.4 versions prior to 20.4R3-S4;\n * 21.1 versions prior to 21.1R3-S3;\n * 21.2 versions prior to 21.2R3-S1;\n * 21.3 versions prior to 21.3R3;\n * 21.4 versions prior to 21.4R3;\n * 22.1 versions prior to 22.1R2.\n\n\n\n\n"
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e"
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-08T20:39:25.537Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://kb.juniper.net/JSA70199"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue: 20.2R3-S7, 20.4R3-S4, 21.1R3-S3, 21.2R3-S1, 21.3R3, 21.4R3, 22.1R2, 22.2R1, and all subsequent releases.\u003c/p\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue: 20.2R3-S7, 20.4R3-S4, 21.1R3-S3, 21.2R3-S1, 21.3R3, 21.4R3, 22.1R2, 22.2R1, and all subsequent releases.\n\n"
}
],
"source": {
"advisory": "JSA70199",
"defect": [
"1640483"
],
"discovery": "USER"
},
"timeline": [
{
"lang": "en",
"time": "2023-08-08T21:00:00.000Z",
"value": "Explicitly state \"QFX10K Series\" in Description and Platforms"
}
],
"title": "Junos OS: QFX10K Series: An ICCP flap will be observed due to excessive specific traffic",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are no known workarounds for this issue.\u003c/p\u003e"
}
],
"value": "There are no known workarounds for this issue.\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2023-22403",
"datePublished": "2023-01-12T00:00:00.000Z",
"dateReserved": "2022-12-27T00:00:00.000Z",
"dateUpdated": "2025-04-07T19:55:11.399Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22414 (GCVE-0-2023-22414)
Vulnerability from cvelistv5 – Published: 2023-01-12 00:00 – Updated: 2025-04-07 19:54
VLAI?
EPSS
Summary
A Missing Release of Memory after Effective Lifetime vulnerability in Flexible PIC Concentrator (FPC) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker from the same shared physical or logical network, to cause a heap memory leak and leading to FPC crash. On all Junos PTX Series and QFX10000 Series, when specific EVPN VXLAN Multicast packets are processed, an FPC heap memory leak is observed. The FPC memory usage can be monitored using the CLI command "show heap extensive". Following is an example output. ID Base Total(b) Free(b) Used(b) % Name Peak used % -- -------- --------- --------- --------- --- ----------- ----------- 0 37dcf000 3221225472 1694526368 1526699104 47 Kernel 47 1 17dcf000 1048576 1048576 0 0 TOE DMA 0 2 17ecf000 1048576 1048576 0 0 DMA 0 3 17fcf000 534773760 280968336 253805424 47 Packet DMA 47 This issue affects: Juniper Networks Junos OS PTX Series and QFX10000 Series 20.2 versions prior to 20.2R3-S6; 20.3 versions prior to 20.3R3-S6; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R2; 22.2 versions prior to 22.2R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.1R1 on PTX Series and QFX10000 Series.
Severity ?
6.5 (Medium)
CWE
- CWE-401 - Missing Release of Memory after Effective Lifetime
- Denial of Service (DoS)
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Unaffected:
unspecified , < 20.1R1
(custom)
Affected: 20.2 , < 20.2R3-S6 (custom) Affected: 20.3 , < 20.3R3-S6 (custom) Affected: 20.4 , < 20.4R3-S4 (custom) Affected: 21.2 , < 21.2R3-S1 (custom) Affected: 21.3 , < 21.3R3 (custom) Affected: 21.4 , < 21.4R3 (custom) Affected: 22.1 , < 22.1R2 (custom) Affected: 22.2 , < 22.2R2 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.570Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.juniper.net/JSA70210"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22414",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T19:54:35.845790Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T19:54:43.296Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"PTX Series and QFX10000 Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.1R1",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "20.2R3-S6",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R3-S6",
"status": "affected",
"version": "20.3",
"versionType": "custom"
},
{
"lessThan": "20.4R3-S4",
"status": "affected",
"version": "20.4",
"versionType": "custom"
},
{
"lessThan": "21.2R3-S1",
"status": "affected",
"version": "21.2",
"versionType": "custom"
},
{
"lessThan": "21.3R3",
"status": "affected",
"version": "21.3",
"versionType": "custom"
},
{
"lessThan": "21.4R3",
"status": "affected",
"version": "21.4",
"versionType": "custom"
},
{
"lessThan": "22.1R2",
"status": "affected",
"version": "22.1",
"versionType": "custom"
},
{
"lessThan": "22.2R2",
"status": "affected",
"version": "22.2",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "This issue can occur when multicast and EVPN are configured: \n\n [protocols evpn]"
}
],
"datePublic": "2023-01-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Missing Release of Memory after Effective Lifetime vulnerability in Flexible PIC Concentrator (FPC) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker from the same shared physical or logical network, to cause a heap memory leak and leading to FPC crash. On all Junos PTX Series and QFX10000 Series, when specific EVPN VXLAN Multicast packets are processed, an FPC heap memory leak is observed. The FPC memory usage can be monitored using the CLI command \"show heap extensive\". Following is an example output. ID Base Total(b) Free(b) Used(b) % Name Peak used % -- -------- --------- --------- --------- --- ----------- ----------- 0 37dcf000 3221225472 1694526368 1526699104 47 Kernel 47 1 17dcf000 1048576 1048576 0 0 TOE DMA 0 2 17ecf000 1048576 1048576 0 0 DMA 0 3 17fcf000 534773760 280968336 253805424 47 Packet DMA 47 This issue affects: Juniper Networks Junos OS PTX Series and QFX10000 Series 20.2 versions prior to 20.2R3-S6; 20.3 versions prior to 20.3R3-S6; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R2; 22.2 versions prior to 22.2R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.1R1 on PTX Series and QFX10000 Series."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-12T00:00:00.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"url": "https://kb.juniper.net/JSA70210"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 20.2R3-S6, 20.3R3-S6, 20.4R3-S4, 21.1R3-S3, 21.2R3-S1, 21.3R3, 21.4R3, 22.1R2, 22.2R2, 22.3R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA70210",
"defect": [
"1661286"
],
"discovery": "USER"
},
"title": "Junos OS: PTX Series and QFX10000 Series: An FPC memory leak is observed when specific EVPN VXLAN Multicast packets are processed",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2023-22414",
"datePublished": "2023-01-12T00:00:00.000Z",
"dateReserved": "2022-12-27T00:00:00.000Z",
"dateUpdated": "2025-04-07T19:54:43.296Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22395 (GCVE-0-2023-22395)
Vulnerability from cvelistv5 – Published: 2023-01-12 00:00 – Updated: 2025-04-07 15:42
VLAI?
EPSS
Summary
A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). In an MPLS scenario specific packets destined to an Integrated Routing and Bridging (irb) interface of the device will cause a buffer (mbuf) to leak. Continued receipt of these specific packets will eventually cause a loss of connectivity to and from the device, and requires a reboot to recover. These mbufs can be monitored by using the CLI command 'show system buffers': user@host> show system buffers 783/1497/2280 mbufs in use (current/cache/total) user@host> show system buffers 793/1487/2280 mbufs in use (current/cache/total) <<<<<< mbuf usage increased This issue affects Juniper Networks Junos OS: All versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R3-S9; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S2; 21.3 versions prior to 21.3R3-S1; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R2.
Severity ?
6.5 (Medium)
CWE
- CWE-401 - Missing Release of Memory after Effective Lifetime
- Denial of Service (DoS)
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
unspecified , < 19.3R3-S7
(custom)
Affected: 19.4 , < 19.4R3-S9 (custom) Affected: 20.1R1 , < 20.1* (custom) Affected: 20.2 , < 20.2R3-S5 (custom) Affected: 20.3 , < 20.3R3-S5 (custom) Affected: 20.4 , < 20.4R3-S4 (custom) Affected: 21.1 , < 21.1R3-S3 (custom) Affected: 21.2 , < 21.2R3-S2 (custom) Affected: 21.3 , < 21.3R3-S1 (custom) Affected: 21.4 , < 21.4R3 (custom) Affected: 22.1 , < 22.1R2 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.642Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.juniper.net/JSA70191"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22395",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T15:10:37.940814Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T15:42:48.152Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "19.3R3-S7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "19.4R3-S9",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1*",
"status": "affected",
"version": "20.1R1",
"versionType": "custom"
},
{
"lessThan": "20.2R3-S5",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R3-S5",
"status": "affected",
"version": "20.3",
"versionType": "custom"
},
{
"lessThan": "20.4R3-S4",
"status": "affected",
"version": "20.4",
"versionType": "custom"
},
{
"lessThan": "21.1R3-S3",
"status": "affected",
"version": "21.1",
"versionType": "custom"
},
{
"lessThan": "21.2R3-S2",
"status": "affected",
"version": "21.2",
"versionType": "custom"
},
{
"lessThan": "21.3R3-S1",
"status": "affected",
"version": "21.3",
"versionType": "custom"
},
{
"lessThan": "21.4R3",
"status": "affected",
"version": "21.4",
"versionType": "custom"
},
{
"lessThan": "22.1R2",
"status": "affected",
"version": "22.1",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "To be exposed to this vulnerability a minimal IRB configuration like in the following example needs to be present:\n\n [interfaces irb unit \u003cunit\u003e family inet address \u003cIP-adress\u003e]"
}
],
"datePublic": "2023-01-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). In an MPLS scenario specific packets destined to an Integrated Routing and Bridging (irb) interface of the device will cause a buffer (mbuf) to leak. Continued receipt of these specific packets will eventually cause a loss of connectivity to and from the device, and requires a reboot to recover. These mbufs can be monitored by using the CLI command \u0027show system buffers\u0027: user@host\u003e show system buffers 783/1497/2280 mbufs in use (current/cache/total) user@host\u003e show system buffers 793/1487/2280 mbufs in use (current/cache/total) \u003c\u003c\u003c\u003c\u003c\u003c mbuf usage increased This issue affects Juniper Networks Junos OS: All versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R3-S9; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S2; 21.3 versions prior to 21.3R3-S1; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R2."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-12T00:00:00.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"url": "https://kb.juniper.net/JSA70191"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 19.3R3-S7, 19.4R3-S9, 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R3-S3, 21.2R3-S2, 21.3R3-S1, 21.4R3, 22.1R2, 22.2R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA70191",
"defect": [
"1666181"
],
"discovery": "USER"
},
"title": "Junos OS: In an MPLS scenario the processing of specific packets to the device causes a buffer leak and ultimately a loss of connectivity",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2023-22395",
"datePublished": "2023-01-12T00:00:00.000Z",
"dateReserved": "2022-12-27T00:00:00.000Z",
"dateUpdated": "2025-04-07T15:42:48.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22391 (GCVE-0-2023-22391)
Vulnerability from cvelistv5 – Published: 2023-01-12 00:00 – Updated: 2025-04-07 15:43
VLAI?
EPSS
Summary
A vulnerability in class-of-service (CoS) queue management in Juniper Networks Junos OS on the ACX2K Series devices allows an unauthenticated network-based attacker to cause a Denial of Service (DoS). Specific packets are being incorrectly routed to a queue used for other high-priority traffic such as BGP, PIM, ICMP, ICMPV6 ND and ISAKMP. Due to this misclassification of traffic, receipt of a high rate of these specific packets will cause delays in the processing of other traffic, leading to a Denial of Service (DoS). Continued receipt of this amount of traffic will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS on ACX2K Series: All versions prior to 19.4R3-S9; All 20.2 versions; 20.3 versions prior to 20.3R3-S6 on ACX2K Series; 20.4 versions prior to 20.4R3-S4 on ACX2K Series; All 21.1 versions; 21.2 versions prior to 21.2R3-S3 on ACX2K Series. Note: This issues affects legacy ACX2K Series PPC-based devices. This platform reached Last Supported Version (LSV) as of the Junos OS 21.2 Release.
Severity ?
7.5 (High)
CWE
- CWE-755 - Improper Handling of Exceptional Conditions
- Denial of Service (DoS)
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
unspecified , < 19.4R3-S9
(custom)
Affected: 20.2R1 , < 20.2* (custom) Affected: 20.3 , < 20.3R3-S6 (custom) Affected: 20.4 , < 20.4R3-S4 (custom) Affected: 21.1R1 , < 21.1* (custom) Affected: 21.2 , < 21.2R3-S3 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.627Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.juniper.net/JSA70187"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22391",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T15:11:30.499578Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T15:43:53.220Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"ACX2K Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "19.4R3-S9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "20.2*",
"status": "affected",
"version": "20.2R1",
"versionType": "custom"
},
{
"lessThan": "20.3R3-S6",
"status": "affected",
"version": "20.3",
"versionType": "custom"
},
{
"lessThan": "20.4R3-S4",
"status": "affected",
"version": "20.4",
"versionType": "custom"
},
{
"lessThan": "21.1*",
"status": "affected",
"version": "21.1R1",
"versionType": "custom"
},
{
"lessThan": "21.2R3-S3",
"status": "affected",
"version": "21.2",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-01-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in class-of-service (CoS) queue management in Juniper Networks Junos OS on the ACX2K Series devices allows an unauthenticated network-based attacker to cause a Denial of Service (DoS). Specific packets are being incorrectly routed to a queue used for other high-priority traffic such as BGP, PIM, ICMP, ICMPV6 ND and ISAKMP. Due to this misclassification of traffic, receipt of a high rate of these specific packets will cause delays in the processing of other traffic, leading to a Denial of Service (DoS). Continued receipt of this amount of traffic will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS on ACX2K Series: All versions prior to 19.4R3-S9; All 20.2 versions; 20.3 versions prior to 20.3R3-S6 on ACX2K Series; 20.4 versions prior to 20.4R3-S4 on ACX2K Series; All 21.1 versions; 21.2 versions prior to 21.2R3-S3 on ACX2K Series. Note: This issues affects legacy ACX2K Series PPC-based devices. This platform reached Last Supported Version (LSV) as of the Junos OS 21.2 Release."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755 Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-12T00:00:00.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"url": "https://kb.juniper.net/JSA70187"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 19.4R3-S9, 20.3R3-S6, 20.4R3-S4, and 21.2R3-S3.\n\nNote: Legacy ACX2000 Series PPC-based devices have reached Last Supported Version (LSV) as of Junos OS 21.2.\n"
}
],
"source": {
"advisory": "JSA70187",
"defect": [
"1637615"
],
"discovery": "USER"
},
"title": "Junos OS: ACX2K Series: Receipt of a high rate of specific traffic will lead to a Denial of Service (DoS)",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2023-22391",
"datePublished": "2023-01-12T00:00:00.000Z",
"dateReserved": "2022-12-27T00:00:00.000Z",
"dateUpdated": "2025-04-07T15:43:53.220Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22396 (GCVE-0-2023-22396)
Vulnerability from cvelistv5 – Published: 2023-01-12 00:00 – Updated: 2025-04-07 15:41
VLAI?
EPSS
Summary
An Uncontrolled Resource Consumption vulnerability in TCP processing on the Routing Engine (RE) of Juniper Networks Junos OS allows an unauthenticated network-based attacker to send crafted TCP packets destined to the device, resulting in an MBUF leak that ultimately leads to a Denial of Service (DoS). The system does not recover automatically and must be manually restarted to restore service. This issue occurs when crafted TCP packets are sent directly to a configured IPv4 or IPv6 interface on the device. Transit traffic will not trigger this issue. MBUF usage can be monitored through the use of the 'show system buffers' command. For example: user@junos> show system buffers | refresh 5 4054/566/4620 mbufs in use (current/cache/total) ... 4089/531/4620 mbufs in use (current/cache/total) ... 4151/589/4740 mbufs in use (current/cache/total) ... 4213/527/4740 mbufs in use (current/cache/total) This issue affects Juniper Networks Junos OS: 12.3 version 12.3R12-S19 and later versions; 15.1 version 15.1R7-S10 and later versions; 17.3 version 17.3R3-S12 and later versions; 18.4 version 18.4R3-S9 and later versions; 19.1 version 19.1R3-S7 and later versions; 19.2 version 19.2R3-S3 and later versions; 19.3 version 19.3R2-S7, 19.3R3-S3 and later versions prior to 19.3R3-S7; 19.4 version 19.4R2-S7, 19.4R3-S5 and later versions prior to 19.4R3-S10; 20.1 version 20.1R3-S1 and later versions; 20.2 version 20.2R3-S2 and later versions prior to 20.2R3-S6; 20.3 version 20.3R3-S1 and later versions prior to 20.3R3-S6; 20.4 version 20.4R2-S2, 20.4R3 and later versions prior to 20.4R3-S5; 21.1 version 21.1R2 and later versions prior to 21.1R3-S4; 21.2 version 21.2R1-S1, 21.2R2 and later versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S2; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R2-S1, 22.1R3; 22.2 versions prior to 22.2R1-S2, 22.2R2; 22.3 versions prior to 22.3R1-S1, 22.3R2.
Severity ?
7.5 (High)
CWE
- CWE-400 - Uncontrolled Resource Consumption
- Denial of Service
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
12.3R12-S19 , < 12.3*
(custom)
Affected: 15.1R7-S10 , < 15.1* (custom) Affected: 17.3R3-S12 , < 17.3* (custom) Affected: 18.4R3-S9 , < 18.4* (custom) Affected: 19.1R3-S7 , < 19.1* (custom) Affected: 19.2R3-S3 , < 19.2* (custom) Affected: 19.3R2-S7, 19.3R3-S3 , < 19.3* (custom) Affected: 19.4R2-S7, 19.4R3-S5 , < 19.4* (custom) Affected: 20.1R3-S1 , < 20.1* (custom) Affected: 20.2R3-S2 , < 20.2* (custom) Affected: 20.3R3-S1 , < 20.3* (custom) Affected: 20.4R2-S2, 20.4R3 , < 20.4* (custom) Affected: 21.1R2 , < 21.1* (custom) Affected: 21.2R1-S1, 21.2R2 , < 21.2* (custom) Affected: 21.3 , < 21.3R3-S2 (custom) Affected: 21.4 , < 21.4R3 (custom) Affected: 22.1 , < 22.1R2-S1, 22.1R3 (custom) Affected: 22.2 , < 22.2R1-S2, 22.2R2 (custom) Affected: 22.3 , < 22.3R1-S1, 22.3R2 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.655Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.juniper.net/JSA70192"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22396",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T15:10:25.845510Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T15:41:27.867Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "12.3*",
"status": "affected",
"version": "12.3R12-S19",
"versionType": "custom"
},
{
"lessThan": "15.1*",
"status": "affected",
"version": "15.1R7-S10",
"versionType": "custom"
},
{
"lessThan": "17.3*",
"status": "affected",
"version": "17.3R3-S12",
"versionType": "custom"
},
{
"lessThan": "18.4*",
"status": "affected",
"version": "18.4R3-S9",
"versionType": "custom"
},
{
"lessThan": "19.1*",
"status": "affected",
"version": "19.1R3-S7",
"versionType": "custom"
},
{
"lessThan": "19.2*",
"status": "affected",
"version": "19.2R3-S3",
"versionType": "custom"
},
{
"changes": [
{
"at": "19.3R3-S7",
"status": "unaffected"
}
],
"lessThan": "19.3*",
"status": "affected",
"version": "19.3R2-S7, 19.3R3-S3",
"versionType": "custom"
},
{
"changes": [
{
"at": "19.4R3-S10",
"status": "unaffected"
}
],
"lessThan": "19.4*",
"status": "affected",
"version": "19.4R2-S7, 19.4R3-S5",
"versionType": "custom"
},
{
"lessThan": "20.1*",
"status": "affected",
"version": "20.1R3-S1",
"versionType": "custom"
},
{
"changes": [
{
"at": "20.2R3-S6",
"status": "unaffected"
}
],
"lessThan": "20.2*",
"status": "affected",
"version": "20.2R3-S2",
"versionType": "custom"
},
{
"changes": [
{
"at": "20.3R3-S6",
"status": "unaffected"
}
],
"lessThan": "20.3*",
"status": "affected",
"version": "20.3R3-S1",
"versionType": "custom"
},
{
"changes": [
{
"at": "20.4R3-S5",
"status": "unaffected"
}
],
"lessThan": "20.4*",
"status": "affected",
"version": "20.4R2-S2, 20.4R3",
"versionType": "custom"
},
{
"changes": [
{
"at": "21.1R3-S4",
"status": "unaffected"
}
],
"lessThan": "21.1*",
"status": "affected",
"version": "21.1R2",
"versionType": "custom"
},
{
"changes": [
{
"at": "21.2R3-S3",
"status": "unaffected"
}
],
"lessThan": "21.2*",
"status": "affected",
"version": "21.2R1-S1, 21.2R2",
"versionType": "custom"
},
{
"lessThan": "21.3R3-S2",
"status": "affected",
"version": "21.3",
"versionType": "custom"
},
{
"lessThan": "21.4R3",
"status": "affected",
"version": "21.4",
"versionType": "custom"
},
{
"lessThan": "22.1R2-S1, 22.1R3",
"status": "affected",
"version": "22.1",
"versionType": "custom"
},
{
"lessThan": "22.2R1-S2, 22.2R2",
"status": "affected",
"version": "22.2",
"versionType": "custom"
},
{
"lessThan": "22.3R1-S1, 22.3R2",
"status": "affected",
"version": "22.3",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-01-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Uncontrolled Resource Consumption vulnerability in TCP processing on the Routing Engine (RE) of Juniper Networks Junos OS allows an unauthenticated network-based attacker to send crafted TCP packets destined to the device, resulting in an MBUF leak that ultimately leads to a Denial of Service (DoS). The system does not recover automatically and must be manually restarted to restore service. This issue occurs when crafted TCP packets are sent directly to a configured IPv4 or IPv6 interface on the device. Transit traffic will not trigger this issue. MBUF usage can be monitored through the use of the \u0027show system buffers\u0027 command. For example: user@junos\u003e show system buffers | refresh 5 4054/566/4620 mbufs in use (current/cache/total) ... 4089/531/4620 mbufs in use (current/cache/total) ... 4151/589/4740 mbufs in use (current/cache/total) ... 4213/527/4740 mbufs in use (current/cache/total) This issue affects Juniper Networks Junos OS: 12.3 version 12.3R12-S19 and later versions; 15.1 version 15.1R7-S10 and later versions; 17.3 version 17.3R3-S12 and later versions; 18.4 version 18.4R3-S9 and later versions; 19.1 version 19.1R3-S7 and later versions; 19.2 version 19.2R3-S3 and later versions; 19.3 version 19.3R2-S7, 19.3R3-S3 and later versions prior to 19.3R3-S7; 19.4 version 19.4R2-S7, 19.4R3-S5 and later versions prior to 19.4R3-S10; 20.1 version 20.1R3-S1 and later versions; 20.2 version 20.2R3-S2 and later versions prior to 20.2R3-S6; 20.3 version 20.3R3-S1 and later versions prior to 20.3R3-S6; 20.4 version 20.4R2-S2, 20.4R3 and later versions prior to 20.4R3-S5; 21.1 version 21.1R2 and later versions prior to 21.1R3-S4; 21.2 version 21.2R1-S1, 21.2R2 and later versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S2; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R2-S1, 22.1R3; 22.2 versions prior to 22.2R1-S2, 22.2R2; 22.3 versions prior to 22.3R1-S1, 22.3R2."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-12T00:00:00.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"url": "https://kb.juniper.net/JSA70192"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 19.3R3-S7, 19.4R3-S10, 20.2R3-S6, 20.3R3-S6, 20.4R3-S5, 21.1R3-S4, 21.2R3-S3, 21.3R3-S2, 21.4R3, 22.1R2-S1, 22.1R3, 22.2R1-S2, 22.2R2, 22.2R3, 22.3R1-S1, 22.3R2, 22.4R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA70192",
"defect": [
"1670303"
],
"discovery": "USER"
},
"title": "Junos OS: Receipt of crafted TCP packets destined to the device results in MBUF leak leading to a Denial of Service (DoS)",
"workarounds": [
{
"lang": "en",
"value": "Limit the exploitable attack surface of critical infrastructure networking equipment. Use access lists or firewall filters to limit access to the device only from trusted, administrative networks or hosts.\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2023-22396",
"datePublished": "2023-01-12T00:00:00.000Z",
"dateReserved": "2022-12-27T00:00:00.000Z",
"dateUpdated": "2025-04-07T15:41:27.867Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…