Main Vulnerability Database Vulnerabilities #VU82110

Missing origin validation in websockets in Junos OS Evolved - CVE-2023-44189

Published: October 17, 2023

Vulnerability identifier: #VU82110

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2023-44189

CWE-ID:

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
Junos OS Evolved

Software vendor:
Juniper Networks, Inc.

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to origin validation error in MAC address validation. A remote attacker on the local network can bypass MAC address checking and gain unauthorized access to network resources.

Remediation

Install updates from vendor's website for PTX10003 series devices.

External links

https://supportportal.juniper.net/s/article/2023-10-Security-Bulletin-Junos-OS-Evolved-PTX10003-Series-MAC-address-validation-bypass-vulnerability-CVE-2023-44189

Missing origin validation in websockets in Junos OS Evolved - CVE-2023-44189

Description

Remediation

External links

Please verify you're human