CVE-2023-28959 — Improper Check or Handling of Exceptional Conditions in Networks Junos OS

CWE-703 — Improper Check or Handling of Exceptional Conditions4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 73.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos

Timeline

PublishedApr 17

Latest updateApr 18

Description

An Improper Check or Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS on QFX10002 allows an unauthenticated, adjacent attacker on the local broadcast domain sending a malformed packet to the device, causing all PFEs other than the inbound PFE to wedge and to eventually restart, resulting in a Denial of Service (DoS) condition. Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue can…

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_osunspecified — 19.1R3-S10+10

▶NVDjuniper/junos< 19.1+11

🔴Vulnerability Details

GHSA

GHSA-h5hc-qpqf-p7r8: An Improper Check or Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS on QFX10002 allows an unauthen↗2023-04-18

▶

CVEList

Junos OS: QFX10002: PFE wedges and restarts upon receipt of specific malformed packets↗2023-04-17

▶

📋Vendor Advisories

Juniper

CVE-2023-28959: An Improper Check or Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS on QFX10002 allows an unauthen↗2023-04-17

▶