CVE-2023-28961Improper Handling of Unexpected Data Type in Networks Junos OS

CWE-241Improper Handling of Unexpected Data Type4 documents4 sources
Severity
5.3MEDIUMNVD
CNA5.8
EPSS
0.2%
top 58.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedApr 17
Latest updateApr 18

Description

An Improper Handling of Unexpected Data Type vulnerability in IPv6 firewall filter processing of Juniper Networks Junos OS on the ACX Series devices will prevent a firewall filter with the term 'from next-header ah' from being properly installed in the packet forwarding engine (PFE). There is no immediate indication of an incomplete firewall filter commit shown at the CLI, which could allow an attacker to send valid packets to or through the device that were explicitly intended to be dropped. An

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5juniper_networks/junos_osunspecified20.2R3-S7+6
NVDjuniper/junos< 20.2+7

🔴Vulnerability Details

2
GHSA
GHSA-6f32-4mw9-g5w4: An Improper Handling of Unexpected Data Type vulnerability in IPv6 firewall filter processing of Juniper Networks Junos OS on the ACX Series devices w2023-04-18
CVEList
Junos OS: ACX Series: IPv6 firewall filter is not installed in PFE when "from next-header ah" is used2023-04-17

📋Vendor Advisories

1
Juniper
CVE-2023-28961: An Improper Handling of Unexpected Data Type vulnerability in IPv6 firewall filter processing of Juniper Networks Junos OS on the ACX Series devices w2023-04-17
CVE-2023-28961 — Networks Junos OS vulnerability | cvebase