CVE-2023-28975Unexpected Status Code or Return Value in Networks Junos OS

CWE-394Unexpected Status Code or Return ValueCWE-754Improper Check for Unusual or Exceptional Conditions4 documents4 sources
Severity
4.6MEDIUMNVD
EPSS
0.1%
top 67.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedApr 17
Latest updateApr 18

Description

An Unexpected Status Code or Return Value vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated attacker with physical access to the device to cause a Denial of Service (DoS). When certain USB devices are connected to a USB port of the routing-engine (RE), the kernel will crash leading to a reboot of the device. The device will continue to crash as long as the USB device is connected. This issue affects Juniper Networks Junos OS: All versions prior to 19.4R3-S10; 20.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 0.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5juniper_networks/junos_osunspecified19.4R3-S10+11
NVDjuniper/junos< 19.4+12

🔴Vulnerability Details

2
GHSA
GHSA-gvw8-8fq4-qmw5: An Unexpected Status Code or Return Value vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated attacker with physical ac2023-04-18
CVEList
Junos OS: The kernel will crash when certain USB devices are inserted2023-04-17

📋Vendor Advisories

1
Juniper
CVE-2023-28975: An Unexpected Status Code or Return Value vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated attacker with physical ac2023-04-17
CVE-2023-28975 — Unexpected Status Code or Return Value | cvebase