Lucene search

JuniperCVELIST:CVE-2023-22401

HistoryJan 12, 2023 - 12:00 a.m.

CVE-2023-22401 Junos OS and Junos OS Evolved: PTX10008, PTX10016: When a specific SNMP MIB is queried the FPC will crash

2023-01-1200:00:00

CWE-129

juniper

www.cve.org

juniper networks

denial of service

junos os evolved

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

36.9%

JSON

An Improper Validation of Array Index vulnerability in the Advanced Forwarding Toolkit Manager daemon (aftmand) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On the PTX10008 and PTX10016 platforms running Junos OS or Junos OS Evolved, when a specific SNMP MIB is queried this will cause a PFE crash and the FPC will go offline and not automatically recover. A system restart is required to get the affected FPC in an operational state again. This issue affects: Juniper Networks Junos OS 22.1 version 22.1R2 and later versions; 22.1 versions prior to 22.1R3; 22.2 versions prior to 22.2R2. Juniper Networks Junos OS Evolved 21.3-EVO version 21.3R3-EVO and later versions; 21.4-EVO version 21.4R1-S2-EVO, 21.4R2-EVO and later versions prior to 21.4R2-S1-EVO; 22.1-EVO version 22.1R2-EVO and later versions prior to 22.1R3-EVO; 22.2-EVO versions prior to 22.2R1-S1-EVO, 22.2R2-EVO.

CNA Affected

[
  {
    "vendor": "Juniper Networks",
    "product": "Junos OS",
    "versions": [
      {
        "version": "22.1R2",
        "status": "affected",
        "lessThan": "22.1*",
        "versionType": "custom",
        "changes": [
          {
            "at": "22.1R3",
            "status": "unaffected"
          }
        ]
      },
      {
        "version": "22.2",
        "status": "affected",
        "lessThan": "22.2R2",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Juniper Networks",
    "product": "Junos OS Evolved",
    "versions": [
      {
        "version": "21.3R3-EVO",
        "status": "affected",
        "lessThan": "21.3-EVO*",
        "versionType": "custom"
      },
      {
        "version": "21.4R1-S2-EVO, 21.4R2-EVO",
        "status": "affected",
        "lessThan": "21.4-EVO*",
        "versionType": "custom",
        "changes": [
          {
            "at": "21.4R2-S1-EVO",
            "status": "unaffected"
          }
        ]
      },
      {
        "version": "22.1R2-EVO",
        "status": "affected",
        "lessThan": "22.1-EVO*",
        "versionType": "custom",
        "changes": [
          {
            "at": "22.1R3-EVO",
            "status": "unaffected"
          }
        ]
      },
      {
        "version": "22.2-EVO",
        "status": "affected",
        "lessThan": "22.2R1-S1-EVO, 22.2R2-EVO",
        "versionType": "custom"
      }
    ]
  }
]

References

kb.juniper.net/JSA70197

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

36.9%

JSON

Related for CVELIST:CVE-2023-22401