Lucene search
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.JUNIPER_JSA70196.NASLHistoryJul 20, 2023 - 12:00 a.m.
Juniper Junos OS Vulnerability (JSA70196)
2023-07-2000:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
juniper junos os
uncontrolled resource consumption
vulnerability
denial of service
fpc crash
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
38.2%
The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA70196 advisory.
- An Uncontrolled Resource Consumption vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause an FPC crash leading to a Denial of Service (DoS). When a specific SNMP GET operation or a specific CLI command is executed this will cause a GUID resource leak, eventually leading to exhaustion and result in an FPC crash and reboot. GUID exhaustion will trigger a syslog message like one of the following for example: evo- pfemand[<pid>]: get_next_guid: Ran out of Guid Space … evo-aftmand-zx[<pid>]: get_next_guid: Ran out of Guid Space … This leak can be monitored by running the following command and taking note of the value in the rightmost column labeled Guids: user@host> show platform application-info allocations app evo-pfemand | match IFDId|IFLId|Context Node Application Context Name Live Allocs Fails Guids re0 evo-pfemand net::juniper::interfaces::IFDId 0 3448 0 3448 re0 evo-pfemand net::juniper::interfaces::IFLId 0 561 0 561 user@host> show platform application-info allocations app evo-pfemand | match IFDId|IFLId|Context Node Application Context Name Live Allocs Fails Guids re0 evo-pfemand net::juniper::interfaces::IFDId 0 3784 0 3784 re0 evo-pfemand net::juniper::interfaces::IFLId 0 647 0 647 This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S3-EVO; 21.1-EVO version 21.1R1-EVO and later versions; 21.2-EVO versions prior to 21.2R3-S4-EVO; 21.3-EVO version 21.3R1-EVO and later versions; 21.4-EVO versions prior to 21.4R2-EVO. (CVE-2023-22400)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(178639);
script_version("1.0");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/20");
script_cve_id("CVE-2023-22400");
script_xref(name:"JSA", value:"JSA70196");
script_name(english:"Juniper Junos OS Vulnerability (JSA70196)");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
script_set_attribute(attribute:"description", value:
"The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA70196
advisory.
- An Uncontrolled Resource Consumption vulnerability in the PFE management daemon (evo-pfemand) of Juniper
Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause an FPC crash leading
to a Denial of Service (DoS). When a specific SNMP GET operation or a specific CLI command is executed
this will cause a GUID resource leak, eventually leading to exhaustion and result in an FPC crash and
reboot. GUID exhaustion will trigger a syslog message like one of the following for example: evo-
pfemand[<pid>]: get_next_guid: Ran out of Guid Space ... evo-aftmand-zx[<pid>]: get_next_guid: Ran out of
Guid Space ... This leak can be monitored by running the following command and taking note of the value in
the rightmost column labeled Guids: user@host> show platform application-info allocations app evo-pfemand
| match IFDId|IFLId|Context Node Application Context Name Live Allocs Fails Guids re0 evo-pfemand
net::juniper::interfaces::IFDId 0 3448 0 3448 re0 evo-pfemand net::juniper::interfaces::IFLId 0 561 0 561
user@host> show platform application-info allocations app evo-pfemand | match IFDId|IFLId|Context Node
Application Context Name Live Allocs Fails Guids re0 evo-pfemand net::juniper::interfaces::IFDId 0 3784 0
3784 re0 evo-pfemand net::juniper::interfaces::IFLId 0 647 0 647 This issue affects Juniper Networks Junos
OS Evolved: All versions prior to 20.4R3-S3-EVO; 21.1-EVO version 21.1R1-EVO and later versions; 21.2-EVO
versions prior to 21.2R3-S4-EVO; 21.3-EVO version 21.3R1-EVO and later versions; 21.4-EVO versions prior
to 21.4R2-EVO. (CVE-2023-22400)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
# https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-Evolved-A-specific-SNMP-GET-operation-and-a-specific-CLI-commands-cause-resources-to-leak-and-eventually-the-evo-pfemand-process-will-crash-CVE-2023-22400
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?868b59e8");
script_set_attribute(attribute:"solution", value:
"Apply the relevant Junos software release referenced in Juniper advisory JSA70196");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-22400");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/01/11");
script_set_attribute(attribute:"patch_publication_date", value:"2023/01/11");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/07/20");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/o:juniper:junos");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Junos Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("junos_version.nasl");
script_require_keys("Host/Juniper/JUNOS/Version");
exit(0);
}
include('junos.inc');
var ver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version');
var vuln_ranges = [
{'min_ver':'0.0', 'fixed_ver':'20.4R3-S3-EVO'},
{'min_ver':'21.1-EVO', 'fixed_ver':'21.1R1-EVO'},
{'min_ver':'21.2-EVO', 'fixed_ver':'21.2R3-S4-EVO'},
{'min_ver':'21.3-EVO', 'fixed_ver':'21.3R1-EVO'},
{'min_ver':'21.4-EVO', 'fixed_ver':'21.4R2-EVO'}
];
var fix = junos_compare_range(target_version:ver, vuln_ranges:vuln_ranges);
if (empty_or_null(fix)) audit(AUDIT_INST_VER_NOT_VULN, 'Junos OS', ver);
var report = get_report(ver:ver, fix:fix);
security_report_v4(severity:SECURITY_HOLE, port:0, extra:report);
Related
cvelist
cvelist
nvd
nvd
CVE-2023-22400
2023-01-13 00:15:10
prion
prion
Design/Logic Flaw
2023-01-13 00:15:00
cve
cve
CVE-2023-22400
2023-01-13 00:15:10
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
38.2%
Related for JUNIPER_JSA70196.NASL