Main Vulnerability Database Vulnerabilities #VU82113

Improper input validation in Juniper Junos OS - CVE-2023-44183

Published: October 17, 2023

Vulnerability identifier: #VU82113

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2023-44183

CWE-ID: CWE-20

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
Juniper Junos OS

Software vendor:
Juniper Networks, Inc.

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation error in the VxLAN packet forwarding engine (PFE) when multiple devices indicate that FPC0 has gone missing when issuing a show chassis fpc command. A remote attacker on the local network can perform a denial of service (DoS) attack.

The vulnerability affects QFX5000 and EX4600 series devices.

Remediation

Install updates from vendor's website.

External links

https://supportportal.juniper.net/s/article/2023-10-Security-Bulletin-Junos-OS-QFX5000-Series-EX4600-Series-In-a-VxLAN-scenario-an-adjacent-attacker-within-the-VxLAN-sending-genuine-packets-may-cause-a-DMA-memory-leak-to-occur-CVE-2023-44183

Improper input validation in Juniper Junos OS - CVE-2023-44183

Description

Remediation

External links

Please verify you're human