Lucene search

[email protected]CVE-2023-44190

HistoryOct 11, 2023 - 10:15 p.m.

CVE-2023-44190

2023-10-1122:15:10

CWE-346

[email protected]

web.nvd.nist.gov

cve-2023-44190

origin validation

mac address validation

juniper networks

junos os evolved

ptx10001

ptx10004

ptx10008

ptx10016

vulnerability

network security

cve

6.1 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L

5.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.6%

JSON

An Origin Validation vulnerability in MAC address validation of Juniper Networks Junos OS Evolved on PTX10001, PTX10004, PTX10008, and PTX10016 devices allows a network-adjacent attacker to bypass MAC address checking, allowing MAC addresses not intended to reach the adjacent LAN to be forwarded to the downstream network. Due to this issue, the router will start forwarding traffic if a valid route is present in forwarding-table, causing a loop and congestion in the downstream layer-2 domain connected to the device.

This issue affects Juniper Networks Junos OS Evolved on PTX10001, PTX10004, PTX10008, and PTX10016:

All versions prior to 21.4R3-S5-EVO;
22.1 versions prior to 22.1R3-S4-EVO;
22.2 versions 22.2R1-EVO and later;
22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO;
22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO;
23.2 versions prior to 23.2R1-S1-EVO, 23.2R2-EVO.

Affected configurations

NVD

Node

juniperjunos_os_evolvedRange<21.4

juniperjunos_os_evolvedMatch21.4-

juniperjunos_os_evolvedMatch21.4r1

juniperjunos_os_evolvedMatch21.4r1-s1

juniperjunos_os_evolvedMatch21.4r1-s2

juniperjunos_os_evolvedMatch21.4r2

juniperjunos_os_evolvedMatch21.4r2-s1

juniperjunos_os_evolvedMatch21.4r2-s2

juniperjunos_os_evolvedMatch21.4r3

juniperjunos_os_evolvedMatch21.4r3-s1

juniperjunos_os_evolvedMatch21.4r3-s2

juniperjunos_os_evolvedMatch21.4r3-s3

juniperjunos_os_evolvedMatch21.4r3-s4

juniperjunos_os_evolvedMatch22.1r1

juniperjunos_os_evolvedMatch22.1r1-s1

juniperjunos_os_evolvedMatch22.1r1-s2

juniperjunos_os_evolvedMatch22.1r2

juniperjunos_os_evolvedMatch22.1r2-s1

juniperjunos_os_evolvedMatch22.1r3

juniperjunos_os_evolvedMatch22.1r3-s1

juniperjunos_os_evolvedMatch22.1r3-s2

juniperjunos_os_evolvedMatch22.1r3-s3

juniperjunos_os_evolvedMatch22.2r1

juniperjunos_os_evolvedMatch22.2r1-s1

juniperjunos_os_evolvedMatch22.2r2

juniperjunos_os_evolvedMatch22.2r2-s1

juniperjunos_os_evolvedMatch22.2r2-s2

juniperjunos_os_evolvedMatch22.2r3

juniperjunos_os_evolvedMatch22.2r3-s1

juniperjunos_os_evolvedMatch22.3r1

juniperjunos_os_evolvedMatch22.3r1-s1

juniperjunos_os_evolvedMatch22.3r1-s2

juniperjunos_os_evolvedMatch22.3r2

juniperjunos_os_evolvedMatch22.3r2-s1

juniperjunos_os_evolvedMatch22.4r1

juniperjunos_os_evolvedMatch22.4r1-s1

juniperjunos_os_evolvedMatch22.4r1-s2

juniperjunos_os_evolvedMatch22.4r2

juniperjunos_os_evolvedMatch23.2r1

AND

juniperptx10001Match-

juniperptx10001-36mrMatch-

juniperptx10004Match-

juniperptx10008Match-

juniperptx10016Match-

CPENameOperatorVersion
juniper:junos_os_evolvedjuniper junos os evolvedlt21.4
juniper:junos_os_evolvedjuniper junos os evolvedeq22.1
juniper:junos_os_evolvedjuniper junos os evolvedeq22.2
juniper:junos_os_evolvedjuniper junos os evolvedeq22.3
juniper:junos_os_evolvedjuniper junos os evolvedeq22.4
juniper:junos_os_evolvedjuniper junos os evolvedeq23.2

CPE	Name	Operator	Version
juniper:junos_os_evolved	juniper junos os evolved	lt	21.4
juniper:junos_os_evolved	juniper junos os evolved	eq	22.1
juniper:junos_os_evolved	juniper junos os evolved	eq	22.2
juniper:junos_os_evolved	juniper junos os evolved	eq	22.3
juniper:junos_os_evolved	juniper junos os evolved	eq	22.4
juniper:junos_os_evolved	juniper junos os evolved	eq	23.2

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "PTX10001",
      "PTX10004",
      "PTX10008",
      "PTX10016"
    ],
    "product": "Junos OS Evolved",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "21.4R3-S5-EVO",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThan": "22.1R3-S4-EVO",
        "status": "affected",
        "version": "22.1",
        "versionType": "semver"
      },
      {
        "lessThan": "22.2*-EVO",
        "status": "affected",
        "version": "22.2R1-EVO",
        "versionType": "semver"
      },
      {
        "lessThan": "22.3R2-S2-EVO, 22.3R3-S1-EVO",
        "status": "affected",
        "version": "22.3",
        "versionType": "semver"
      },
      {
        "lessThan": "22.4R2-S1-EVO, 22.4R3-EVO",
        "status": "affected",
        "version": "22.4",
        "versionType": "semver"
      },
      {
        "lessThan": "23.2R1-S1-EVO, 23.2R2-EVO",
        "status": "affected",
        "version": "23.2",
        "versionType": "semver"
      }
    ]
  }
]

References

supportportal.juniper.net/JSA73154

6.1 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L

5.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.6%

JSON

Related for CVE-2023-44190

prion1 cvelist1 nvd1