Incomplete Internal State Distinction in Juniper Junos OS - CVE-2023-36834

 

Incomplete Internal State Distinction in Juniper Junos OS - CVE-2023-36834

Published: July 14, 2023


Vulnerability identifier: #VU78261
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2023-36834
CWE-ID: CWE-372
Exploitation vector: Adjecent network
Exploit availability: No public exploit available
Vendor: Juniper Networks, Inc.
Affected software:
Juniper Junos OS

Detailed vulnerability description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an error in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX 4600 and SRX 5000 Series. If an SRX is configured in L2 transparent mode the receipt of a specific genuine packet can cause a single Packet Processing Engines (PPE) component of the PFE to run into a loop, which in turn will render the PPE unavailable. Each packet will cause one PPE to get into a loop, leading to a gradual performance degradation until all PPEs are unavailable and all traffic processing stops.


How to mitigate CVE-2023-36834

Install updates from vendor's website.

Sources