Lucene search

JuniperCVELIST:CVE-2023-22392

HistoryOct 12, 2023 - 10:55 p.m.

CVE-2023-22392 Junos OS: PTX Series and QFX10000 Series: Received flow-routes which aren't installed as the hardware doesn't support them, lead to an FPC heap memory leak

2023-10-1222:55:42

CWE-401

juniper

www.cve.org

junos os

vulnerability

adjacent attacker

dos

flow-routes

fpc heap memory

ptx series

qfx10000 series

memory leak

packet forwarding engine

juniper networks

denial of service

cve-2023-22392

ptx3000

ptx5000

ptx1000

ptx10002

ptx10004

ptx10008

ptx10016

lc110x fpcs

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

18.0%

JSON

A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS).

PTX3000, PTX5000, QFX10000, PTX1000, PTX10002, and PTX10004, PTX10008 and PTX10016 with LC110x FPCs do not support certain flow-routes. Once a flow-route is received over an established BGP session and an attempt is made to install the resulting filter into the PFE, FPC heap memory is leaked. The FPC heap memory can be monitored using the CLI command “show chassis fpc”.

The following syslog messages can be observed if the respective filter derived from a flow-route cannot be installed.

expr_dfw_sfm_range_add:661 SFM packet-length Unable to get a sfm entry for updating the hw
expr_dfw_hw_sfm_add:750 Unable to add the filter secondarymatch to the hardware
expr_dfw_base_hw_add:52 Failed to add h/w sfm data.
expr_dfw_base_hw_create:114 Failed to add h/w data.
expr_dfw_base_pfe_inst_create:241 Failed to create base inst for sfilter 0 on PFE 0 for flowspec_default_inet
expr_dfw_flt_inst_change:1368 Failed to create flowspec_default_inet on PFE 0
expr_dfw_hw_pgm_fnum:465 dfw_pfe_inst_old not found for pfe_index 0!
expr_dfw_bp_pgm_flt_num:548 Failed to pgm bind-point in hw: generic failure
expr_dfw_bp_topo_handler:1102 Failed to program fnum.
expr_dfw_entry_process_change:679 Failed to change instance for filter flowspec_default_inet.
This issue affects Juniper Networks Junos OS:

on PTX1000, PTX10002, and PTX10004, PTX10008 and PTX10016 with LC110x FPCs:

All versions prior to 20.4R3-S5;
21.1 versions prior to 21.1R3-S4;
21.2 versions prior to 21.2R3-S2;
21.3 versions prior to 21.3R3;
21.4 versions prior to 21.4R2-S2, 21.4R3;
22.1 versions prior to 22.1R1-S2, 22.1R2.

on PTX3000, PTX5000, QFX10000:

All versions prior to 20.4R3-S8;
21.1 version 21.1R1 and later versions;
21.2 versions prior to 21.2R3-S6;
21.3 versions prior to 21.3R3-S5;
21.4 versions prior to 21.4R3-S4;
22.1 versions prior to 22.1R3-S3
22.2 versions prior to 22.2R3-S1
22.3 versions prior to 22.3R2-S2, 22.3R3
22.4 versions prior to 22.4R2.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "PTX1000",
      "PTX10002",
      "PTX10004",
      "PTX10008",
      "PTX10016 with LC110x FPCs"
    ],
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "20.4R3-S5",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThan": "21.1R3-S4",
        "status": "affected",
        "version": "21.1",
        "versionType": "semver"
      },
      {
        "lessThan": "21.2R3-S2",
        "status": "affected",
        "version": "21.2",
        "versionType": "semver"
      },
      {
        "lessThan": "21.3R3",
        "status": "affected",
        "version": "21.3",
        "versionType": "semver"
      },
      {
        "lessThan": "21.4R2-S2, 21.4R3",
        "status": "affected",
        "version": "21.4",
        "versionType": "semver"
      },
      {
        "lessThan": "22.1R1-S2, 22.1R2",
        "status": "affected",
        "version": "22.1",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "PTX3000",
      "PTX5000",
      "QFX10000"
    ],
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "20.4R3-S8",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThan": "21.1*",
        "status": "affected",
        "version": "21.1R1",
        "versionType": "semver"
      },
      {
        "lessThan": "21.2R3-S6",
        "status": "affected",
        "version": "21.2",
        "versionType": "semver"
      },
      {
        "lessThan": "21.3R3-S5",
        "status": "affected",
        "version": "21.3",
        "versionType": "semver"
      },
      {
        "lessThan": "21.4R3-S4",
        "status": "affected",
        "version": "21.4",
        "versionType": "semver"
      },
      {
        "lessThan": "22.1R3-S3",
        "status": "affected",
        "version": "22.1",
        "versionType": "semver"
      },
      {
        "lessThan": "22.2R3-S1",
        "status": "affected",
        "version": "22.2",
        "versionType": "semver"
      },
      {
        "lessThan": "22.3R2-S2, 22.3R3",
        "status": "affected",
        "version": "22.3",
        "versionType": "semver"
      },
      {
        "lessThan": "22.4R2",
        "status": "affected",
        "version": "22.4",
        "versionType": "semver"
      }
    ]
  }
]

References

supportportal.juniper.net/JSA73530

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

18.0%

JSON

Related for CVELIST:CVE-2023-22392