Improper restriction of communication channel to intended endpoints in Junos OS Evolved

#VU82300 Improper restriction of communication channel to intended endpoints in Junos OS Evolved

Published: 2023-10-23 | Updated: 2023-10-30

Vulnerability identifier: #VU82300

Vulnerability risk: Low

CVSSv3.1: 4.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-44196

CWE-ID: CWE-923

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Junos OS Evolved
Operating systems & Components / Operating system

Vendor: Juniper Networks, Inc.

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper restriction of communication channel to intended endpoints in the NetworkStack agent daemon (nsagentd). A remote attacker on the local network can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Junos OS Evolved: 22.4R1-EVO - 22.4R2-S1-EVO, 22.4R2-S2-EVO, 22.3R1-EVO - 22.3R2-S1-EVO, 21.4R1-EVO - 21.4R3-S3-EVO, 21.3-EVO - 21.3R3-S4-EVO

External links
http://supportportal.juniper.net/JSA73162

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Improper restriction of communication channel to intended endpoints in Juniper Junos OS Evolved