CVE-2023-1697Improper Handling of Missing Values in Networks Junos OS

CWE-230Improper Handling of Missing Values4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 67.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedApr 17
Latest updateApr 18

Description

An Improper Handling of Missing Values vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a dcpfe process core and thereby a Denial of Service (DoS). Continued receipt of these specific frames will cause a sustained Denial of Service condition. This issue occurs when a specific malformed ethernet frame is received. This issue affects Juniper Networks Junos OS on QFX10000 Series, PTX1000 Series Series: All version

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5juniper_networks/junos_osunspecified19.4R3-S10+10
NVDjuniper/junos< 19.4+11

🔴Vulnerability Details

2
GHSA
GHSA-9q54-8gxw-xrfh: An Improper Handling of Missing Values vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenti2023-04-18
CVEList
Junos OS: QFX10000 Series, PTX1000 Series: The dcpfe process will crash when a malformed ethernet frame is received2023-04-17

📋Vendor Advisories

1
Juniper
CVE-2023-1697: An Improper Handling of Missing Values vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenti2023-04-17
CVE-2023-1697 — Improper Handling of Missing Values | cvebase