JuniperCVELIST:CVE-2023-44184CVE-2023-44184 Junos OS and Junos OS Evolved: High CPU load due to specific NETCONF command
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.0004 Low
EPSS
Percentile
13.3%
An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the management daemon (mgd) process of Juniper Networks Junos OS and Junos OS Evolved allows a network-based authenticated low-privileged attacker, by executing a specific command via NETCONF, to cause a CPU Denial of Service to the device’s control plane.
This issue affects:
Juniper Networks Junos OS
- All versions prior to 20.4R3-S7;
- 21.2 versions prior to 21.2R3-S5;
- 21.3 versions prior to 21.3R3-S5;
- 21.4 versions prior to 21.4R3-S4;
- 22.1 versions prior to 22.1R3-S2;
- 22.2 versions prior to 22.2R3;
- 22.3 versions prior to 22.3R2-S1, 22.3R3;
- 22.4 versions prior to 22.4R1-S2, 22.4R2.
Juniper Networks Junos OS Evolved
- All versions prior to 21.4R3-S4-EVO;
- 22.1 versions prior to 22.1R3-S2-EVO;
- 22.2 versions prior to 22.2R3-EVO;
- 22.3 versions prior to 22.3R3-EVO;
- 22.4 versions prior to 22.4R2-EVO.
An indicator of compromise can be seen by first determining if the NETCONF client is logged in and fails to log out after a reasonable period of time and secondly reviewing the WCPU percentage for the mgd process by running the following command:
mgd process example:
user@device-re#> show system processes extensive | match “mgd|PID” | except last
PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND
92476 root 100 0 500M 89024K CPU3 3 57.5H 89.60% mgd <<<<<<<<<<< review the high cpu percentage.
Example to check for NETCONF activity:
While there is no specific command that shows a specific session in use for NETCONF, you can review logs for UI_LOG_EVENT with “client-mode ‘netconf’”
For example:
mgd[38121]: UI_LOGIN_EVENT: User ‘root’ login, class ‘super-user’ [38121], ssh-connection ‘10.1.1.1 201 55480 10.1.1.2 22’, client-mode ‘netconf’
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S7",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.1R1",
"status": "affected",
"version": "21.1",
"versionType": "semver"
},
{
"lessThan": "21.2R3-S5",
"status": "affected",
"version": "21.2",
"versionType": "semver"
},
{
"lessThan": "21.3R3-S5",
"status": "affected",
"version": "21.3",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S4",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S2",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R2-S1, 22.3R3",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R1-S2, 22.4R2",
"status": "affected",
"version": "22.4",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.4R3-S4-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S2-EVO",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-EVO",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-EVO",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R2-EVO",
"status": "affected",
"version": "22.4",
"versionType": "semver"
}
]
}
]References
Related
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.0004 Low
EPSS
Percentile
13.3%