CVE-2023-28965Improper Check or Handling of Exceptional Conditions in Networks Junos OS

CWE-703Improper Check or Handling of Exceptional ConditionsCWE-754Improper Check for Unusual or Exceptional Conditions4 documents4 sources
Severity
7.5HIGHNVD
CNA6.5
EPSS
0.2%
top 51.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedApr 17
Latest updateApr 18

Description

An Improper Check or Handling of Exceptional Conditions within the storm control feature of Juniper Networks Junos OS allows an attacker sending a high rate of traffic to cause a Denial of Service. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. Storm control monitors the level of applicable incoming traffic and compares it with the level specified. If the combined level of the applicable traffic exceeds the specified level, the switch

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5juniper_networks/junos_osunspecified19.3R3-S7+7
NVDjuniper/junos< 19.3+8

🔴Vulnerability Details

2
GHSA
GHSA-gp64-4ccq-3vpw: An Improper Check or Handling of Exceptional Conditions within the storm control feature of Juniper Networks Junos OS allows an attacker sending a hig2023-04-18
CVEList
Junos OS: QFX10002: Failure of storm control feature may lead to Denial of Service2023-04-17

📋Vendor Advisories

1
Juniper
CVE-2023-28965: An Improper Check or Handling of Exceptional Conditions within the storm control feature of Juniper Networks Junos OS allows an attacker sending a hig2023-04-17
CVE-2023-28965 — Networks Junos OS vulnerability | cvebase