CVE-2023-28970Improper Check or Handling of Exceptional Conditions in Networks Junos OS

CWE-703Improper Check or Handling of Exceptional ConditionsCWE-755Improper Handling of Exceptional Conditions4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 73.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedApr 17
Latest updateApr 18

Description

An Improper Check or Handling of Exceptional Conditions vulnerability in packet processing on the network interfaces of Juniper Networks Junos OS on JRR200 route reflector appliances allows an adjacent, network-based attacker sending a specific packet to the device to cause a kernel crash, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue can only be triggered by an attacker on the local b

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5juniper_networks/junos_osunspecified21.2R3-S4+6
NVDjuniper/junos< 21.2+7

🔴Vulnerability Details

2
GHSA
GHSA-c5x8-2v3c-q27c: An Improper Check or Handling of Exceptional Conditions vulnerability in packet processing on the network interfaces of Juniper Networks Junos OS on J2023-04-18
CVEList
Junos OS: JRR200: Kernel crash upon receipt of a specific packet2023-04-17

📋Vendor Advisories

1
Juniper
CVE-2023-28970: An Improper Check or Handling of Exceptional Conditions vulnerability in packet processing on the network interfaces of Juniper Networks Junos OS on J2023-04-17
CVE-2023-28970 — Networks Junos OS vulnerability | cvebase