Juniper Junos OS Vulnerability (JSA73153)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(312369);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/05/06");

  script_cve_id("CVE-2023-44189");
  script_xref(name:"JSA", value:"JSA73153");

  script_name(english:"Juniper Junos OS Vulnerability (JSA73153)");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
  script_set_attribute(attribute:"description", value:
"The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA73153
advisory.

  - An Origin Validation vulnerability in MAC address validation of Juniper Networks Junos OS Evolved on
    PTX10003 Series allows a network-adjacent attacker to bypass MAC address checking, allowing MAC addresses
    not intended to reach the adjacent LAN to be forwarded to the downstream network. Due to this issue, the
    router will start forwarding traffic if a valid route is present in forwarding-table, causing a loop and
    congestion in the downstream layer-2 domain connected to the device. This issue affects Juniper Networks
    Junos OS Evolved on PTX10003 Series: * All versions prior to 21.4R3-S4-EVO; * 22.1 versions prior to
    22.1R3-S3-EVO; * 22.2 version 22.2R1-EVO and later versions; * 22.3 versions prior to 22.3R2-S2-EVO,
    22.3R3-S1-EVO; * 22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO; * 23.2 versions prior to 23.2R2-EVO.
    (CVE-2023-44189)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  # https://supportportal.juniper.net/s/article/Overview-of-the-Juniper-Networks-SIRT-Quarterly-Security-Bulletin-Publication-Process?r=50&ui-knowledge-components-aura-actions.KnowledgeArticleVersionCreateDraftFromOnlineAction.createDraftFromOnlineArticle=1
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?34013a7f");
  # https://supportportal.juniper.net/s/article/In-which-releases-are-vulnerabilities-fixed?r=50&ui-knowledge-components-aura-actions.KnowledgeArticleVersionCreateDraftFromOnlineAction.createDraftFromOnlineArticle=1
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?16b0da3e");
  # https://supportportal.juniper.net/s/article/Common-Vulnerability-Scoring-System-CVSS-and-Juniper-s-Security-Advisories?r=50&ui-knowledge-components-aura-actions.KnowledgeArticleVersionCreateDraftFromOnlineAction.createDraftFromOnlineArticle=1
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d0103bc5");
  script_set_attribute(attribute:"see_also", value:"https://supportportal.juniper.net/JSA73153");
  # https://supportportal.juniper.net/s/article/2023-10-Security-Bulletin-Junos-OS-Evolved-PTX10003-Series-MAC-address-validation-bypass-vulnerability-CVE-2023-44189
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f33bcccf");
  script_set_attribute(attribute:"solution", value:
"Apply the relevant Junos software release referenced in Juniper advisory JSA73153");
  script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:N/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-44189");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/10/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/10/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/05/06");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:juniper:junos");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Junos Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("junos_version.nasl");
  script_require_keys("Host/Juniper/JUNOS/Version", "Host/Juniper/model");

  exit(0);
}

include('junos.inc');

var model = get_kb_item_or_exit('Host/Juniper/model');
if (model !~ "^PTX1")
{
  audit(AUDIT_DEVICE_NOT_VULN, model);
}

var ver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version');

var vuln_ranges = [
  {'min_ver':'0.0-EVO', 'fixed_ver':'21.4R3-S4-EVO', 'model':'^PTX1'},
  {'min_ver':'22.1-EVO', 'fixed_ver':'22.1R3-S3-EVO', 'model':'^PTX1'},
  {'min_ver':'22.2-EVO', 'fixed_ver':'22.2R1-EVO', 'model':'^PTX1'},
  {'min_ver':'22.3-EVO', 'fixed_ver':'22.3R2-S2-EVO', 'model':'^PTX1'},
  {'min_ver':'22.3R3-EVO', 'fixed_ver':'22.3R3-S1-EVO', 'model':'^PTX1'},
  {'min_ver':'22.4-EVO', 'fixed_ver':'22.4R2-S1-EVO', 'model':'^PTX1'},
  {'min_ver':'22.4R3-EVO', 'fixed_ver':'22.4R3-EVO', 'model':'^PTX1'},
  {'min_ver':'23.2-EVO', 'fixed_ver':'23.2R2-EVO', 'model':'^PTX1'}
];

var fix = junos_compare_range(target_version:ver, vuln_ranges:vuln_ranges);
if (empty_or_null(fix)) audit(AUDIT_INST_VER_NOT_VULN, 'Junos OS', ver);
var report = get_report(ver:ver, fix:fix);
security_report_v4(severity:SECURITY_WARNING, port:0, extra:report);