CVE-2023-22396 — Uncontrolled Resource Consumption in Networks Junos OS

CWE-400 — Uncontrolled Resource Consumption4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.1%

top 78.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos

Timeline

PublishedJan 13

Description

An Uncontrolled Resource Consumption vulnerability in TCP processing on the Routing Engine (RE) of Juniper Networks Junos OS allows an unauthenticated network-based attacker to send crafted TCP packets destined to the device, resulting in an MBUF leak that ultimately leads to a Denial of Service (DoS). The system does not recover automatically and must be manually restarted to restore service. This issue occurs when crafted TCP packets are sent directly to a configured IPv4 or IPv6 interface on …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_os12.3R12-S19 — 12.3*+18

▶NVDjuniper/junos19 versions+18

🔴Vulnerability Details

GHSA

GHSA-6c7f-v79h-5rvh: An Uncontrolled Resource Consumption vulnerability in TCP processing on the Routing Engine (RE) of Juniper Networks Junos OS allows an unauthenticated↗2023-01-13

▶

CVEList

Junos OS: Receipt of crafted TCP packets destined to the device results in MBUF leak leading to a Denial of Service (DoS)↗2023-01-12

▶

📋Vendor Advisories

Juniper

CVE-2023-22396: An Uncontrolled Resource Consumption vulnerability in TCP processing on the Routing Engine (RE) of Juniper Networks Junos OS allows an unauthenticated↗2023-01-13

▶