Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistJuniperCVELIST:CVE-2023-36835
HistoryJul 14, 2023 - 5:11 p.m.

CVE-2023-36835 Junos OS: QFX10000 Series: All traffic will be dropped after a specific valid IP packet has been received which needs to be routed over a VXLAN tunnel

2023-07-1417:11:26
CWE-754
juniper
www.cve.org
juniper networks
packet forwarding engine
pfe
vxlan tunnel
dos
vulnerability
qfx10000 series
traffic impact
reboot
security advisory
cve-2023-36835

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

23.0%

JSON

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on QFX10000 Series allows a network based attacker to cause a Denial of Service (DoS).

If a specific valid IP packet is received and that packet needs to be routed over a VXLAN tunnel, this will result in a PFE wedge condition due to which traffic gets impacted. As this is not a crash and restart scenario, this condition will persist until the system is rebooted to recover.

This issue affects Juniper Networks Junos OS on QFX10000:
20.3 version 20.3R1 and later versions;
20.4 versions prior to 20.4R3-S5;
21.1 versions prior to 21.1R3-S5;
21.2 versions prior to 21.2R3-S5;
21.3 versions prior to 21.3R3-S4;
21.4 versions prior to 21.4R3-S1;
22.1 versions prior to 22.1R3;
22.2 versions prior to 22.2R2;
22.3 versions prior to 22.3R1-S2, 22.3R2.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "QFX10000 Series"
    ],
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "changes": [
          {
            "at": "20.3R1",
            "status": "affected"
          }
        ],
        "lessThan": "20.3*",
        "status": "affected",
        "version": "20.3",
        "versionType": "custom"
      },
      {
        "lessThan": "20.4R3-S5",
        "status": "affected",
        "version": "20.4",
        "versionType": "custom"
      },
      {
        "lessThan": "21.1R3-S5",
        "status": "affected",
        "version": "21.1",
        "versionType": "custom"
      },
      {
        "lessThan": "21.2R3-S5",
        "status": "affected",
        "version": "21.2",
        "versionType": "custom"
      },
      {
        "lessThan": "21.3R3-S4",
        "status": "affected",
        "version": "21.3",
        "versionType": "custom"
      },
      {
        "lessThan": "21.4R3-S1",
        "status": "affected",
        "version": "21.4",
        "versionType": "custom"
      },
      {
        "lessThan": "22.1R3",
        "status": "affected",
        "version": "22.1",
        "versionType": "custom"
      },
      {
        "lessThan": "22.2R2",
        "status": "affected",
        "version": "22.2",
        "versionType": "custom"
      },
      {
        "lessThan": "22.3R1-S2, 22.3R2",
        "status": "affected",
        "version": "22.3",
        "versionType": "custom"
      }
    ]
  }
]

Related

nvd 1
nessus 1
cve 1
prion 1
nvd
nvd
CVE-2023-36835
2023-07-14 18:15:10
nessus
nessus
Juniper Junos OS Vulnerability (JSA71642)
2023-07-12 00:00:00
cve
cve
CVE-2023-36835
2023-07-14 18:15:10
prion
prion
Design/Logic Flaw
2023-07-14 18:15:00

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

23.0%

JSON
Related for CVELIST:CVE-2023-36835
nvd1nessus1cve1prion1