CVE-2023-36850 Junos OS: MX Series: An MPC will crash upon receipt of a malformed CFM packet.

🗓️ 14 Jul 2023 18:06:02Reported by juniperType

Junos OS: Vulnerability in CFM Module Crash MP

Reporter	Title	Published	Views	Family All 12
BDU FSTEC	The vulnerability of the Connectivity Fault Management function in Juniper Networks’ Junos OS-based MX routers allows a attacker to cause a service failure.	2 Nov 202300:00	–	bdu_fstec
Circl	CVE-2023-36850	14 Jul 202322:22	–	circl
CNNVD	Juniper Networks Junos OS MX 安全漏洞	14 Jul 202300:00	–	cnnvd
CVE	CVE-2023-36850	14 Jul 202318:06	–	cve
EUVD	EUVD-2023-40770	3 Oct 202520:07	–	euvd
Tenable Nessus	Juniper Junos OS Vulnerability (JSA71661)	12 Jul 202300:00	–	nessus
NCSC	Vulnerabilities fixed in Juniper JunOS	13 Jul 202300:00	–	ncsc
NVD	CVE-2023-36850	14 Jul 202319:15	–	nvd
OSV	CVE-2023-36850	14 Jul 202319:15	–	osv
Prion	Input validation	14 Jul 202319:15	–	prion

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "MX Series"
    ],
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "19.1R3-S10",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "19.2R3-S7",
        "status": "affected",
        "version": "19.2",
        "versionType": "custom"
      },
      {
        "lessThan": "19.3R3-S8",
        "status": "affected",
        "version": "19.3",
        "versionType": "custom"
      },
      {
        "lessThan": "19.4R3-S12",
        "status": "affected",
        "version": "19.4",
        "versionType": "custom"
      },
      {
        "lessThan": "20.1*",
        "status": "affected",
        "version": "20.1",
        "versionType": "custom"
      },
      {
        "lessThan": "20.2R3-S7",
        "status": "affected",
        "version": "20.2",
        "versionType": "custom"
      },
      {
        "lessThan": "20.3*",
        "status": "affected",
        "version": "20.3",
        "versionType": "custom"
      },
      {
        "lessThan": "20.4R3-S7",
        "status": "affected",
        "version": "20.4",
        "versionType": "custom"
      },
      {
        "lessThan": "21.1R3-S5",
        "status": "affected",
        "version": "21.2",
        "versionType": "custom"
      },
      {
        "lessThan": "21.2R3-S4",
        "status": "affected",
        "version": "21.2",
        "versionType": "custom"
      },
      {
        "lessThan": "21.3R3-S4",
        "status": "affected",
        "version": "21.3",
        "versionType": "custom"
      },
      {
        "lessThan": "21.4R3-S3",
        "status": "affected",
        "version": "21.4",
        "versionType": "custom"
      },
      {
        "lessThan": "22.1R3-S2",
        "status": "affected",
        "version": "22.1",
        "versionType": "custom"
      },
      {
        "lessThan": "22.2R3",
        "status": "affected",
        "version": "22.2",
        "versionType": "custom"
      },
      {
        "lessThan": "22.3R2",
        "status": "affected",
        "version": "22.3",
        "versionType": "custom"
      },
      {
        "lessThan": "22.4R2",
        "status": "affected",
        "version": "22.4",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
supportportal	www.supportportal.juniper.net/JSA71661

14 Jul 2023 18:06Current

6.5Medium risk

Vulners AI Score6.5

CVSS 3.16.5

EPSS0.00271

CWE-1285

juniper networks mx series denial of service improper validation vulnerability cfm module