CVE-2023-22409Improper Validation of Specified Quantity in Input in Networks Junos OS

CWE-1284Improper Validation of Specified Quantity in Input4 documents4 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 84.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedJan 13

Description

An Unchecked Input for Loop Condition vulnerability in a NAT library of Juniper Networks Junos OS allows a local authenticated attacker with low privileges to cause a Denial of Service (DoS). When an inconsistent "deterministic NAT" configuration is present on an SRX, or MX with SPC3 and then a specific CLI command is issued the SPC will crash and restart. Repeated execution of this command will lead to a sustained DoS. Such a configuration is characterized by the total number of port blocks bei

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5juniper_networks/junos_osunspecified19.4R3-S10+10
NVDjuniper/junos< 19.4+11

🔴Vulnerability Details

2
GHSA
GHSA-4xhc-3779-5pc3: An Unchecked Input for Loop Condition vulnerability in a NAT library of Juniper Networks Junos OS allows a local authenticated attacker with low privi2023-01-13
CVEList
Junos OS: SRX Series, MX Series with SPC3: When an inconsistent NAT configuration exists and a specific CLI command is issued the SPC will reboot2023-01-12

📋Vendor Advisories

1
Juniper
CVE-2023-22409: An Unchecked Input for Loop Condition vulnerability in a NAT library of Juniper Networks Junos OS allows a local authenticated attacker with low privi2023-01-13
CVE-2023-22409 — Networks Junos OS vulnerability | cvebase