CVE-2023-22392 Junos OS: PTX Series and QFX10000 Series: Received flow-routes which aren't installed as the hardware doesn't support them, lead to an FPC heap memory leak

🗓️ 12 Oct 2023 22:55:42Reported by juniperType

Junos OS vulnerability allows adjacent attacker to cause DoS due to uninstalled flow-routes. FPC heap memory leak

Reporter	Title	Published	Views	Family All 10
BDU FSTEC	The vulnerability of the Packet Forwarding Engine (PFE) module in Juniper Networks’ Junos operating systems allows a hacker to trigger a service failure.	17 Oct 202300:00	–	bdu_fstec
Circl	CVE-2023-22392	13 Oct 202302:36	–	circl
CNNVD	Juniper Networks Junos OS Security Vulnerability	12 Oct 202300:00	–	cnnvd
CVE	CVE-2023-22392	12 Oct 202322:55	–	cve
EUVD	EUVD-2023-26555	3 Oct 202520:07	–	euvd
Tenable Nessus	Juniper Junos OS Vulnerability (JSA73530)	11 Oct 202300:00	–	nessus
NVD	CVE-2023-22392	12 Oct 202323:15	–	nvd
OSV	CVE-2023-22392	12 Oct 202323:15	–	osv
Prion	Design/Logic Flaw	12 Oct 202323:15	–	prion
Positive Technologies	PT-2023-6144 · Juniper Networks · Qfx10000 +8	12 Oct 202300:00	–	ptsecurity

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "PTX1000",
      "PTX10002",
      "PTX10004",
      "PTX10008",
      "PTX10016 with LC110x FPCs"
    ],
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "20.4R3-S5",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThan": "21.1R3-S4",
        "status": "affected",
        "version": "21.1",
        "versionType": "semver"
      },
      {
        "lessThan": "21.2R3-S2",
        "status": "affected",
        "version": "21.2",
        "versionType": "semver"
      },
      {
        "lessThan": "21.3R3",
        "status": "affected",
        "version": "21.3",
        "versionType": "semver"
      },
      {
        "lessThan": "21.4R2-S2, 21.4R3",
        "status": "affected",
        "version": "21.4",
        "versionType": "semver"
      },
      {
        "lessThan": "22.1R1-S2, 22.1R2",
        "status": "affected",
        "version": "22.1",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "PTX3000",
      "PTX5000",
      "QFX10000"
    ],
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "20.4R3-S8",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThan": "21.1*",
        "status": "affected",
        "version": "21.1R1",
        "versionType": "semver"
      },
      {
        "lessThan": "21.2R3-S6",
        "status": "affected",
        "version": "21.2",
        "versionType": "semver"
      },
      {
        "lessThan": "21.3R3-S5",
        "status": "affected",
        "version": "21.3",
        "versionType": "semver"
      },
      {
        "lessThan": "21.4R3-S4",
        "status": "affected",
        "version": "21.4",
        "versionType": "semver"
      },
      {
        "lessThan": "22.1R3-S3",
        "status": "affected",
        "version": "22.1",
        "versionType": "semver"
      },
      {
        "lessThan": "22.2R3-S1",
        "status": "affected",
        "version": "22.2",
        "versionType": "semver"
      },
      {
        "lessThan": "22.3R2-S2, 22.3R3",
        "status": "affected",
        "version": "22.3",
        "versionType": "semver"
      },
      {
        "lessThan": "22.4R2",
        "status": "affected",
        "version": "22.4",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
supportportal	www.supportportal.juniper.net/JSA73530

23 Oct 2023 19:10Current

6.9Medium risk

Vulners AI Score6.9

CVSS 3.16.5

EPSS0.00066