CVE-2023-28979Improper Check for Unusual or Exceptional Conditions in Networks Junos OS

CWE-754Improper Check for Unusual or Exceptional Conditions4 documents4 sources
Severity
4.7MEDIUMNVD
EPSS
0.0%
top 94.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedApr 17
Latest updateApr 18

Description

An Improper Check for Unusual or Exceptional Conditions vulnerability in the kernel of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to bypass an integrity check. In a 6PE scenario and if an additional integrity check is configured, it will fail to drop specific malformed IPv6 packets, and then these packets will be forwarded to other connected networks. This issue affects Juniper Networks Junos OS: All versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R3-S9; 20.2 v

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5juniper_networks/junos_osunspecified19.3R3-S7+10
NVDjuniper/junos< 19.3+11

🔴Vulnerability Details

2
GHSA
GHSA-6p7r-3f3w-fj8c: An Improper Check for Unusual or Exceptional Conditions vulnerability in the kernel of Juniper Networks Junos OS allows an adjacent unauthenticated at2023-04-18
CVEList
Junos OS: In a 6PE scenario upon receipt of a specific IPv6 packet an integrity check fails2023-04-17

📋Vendor Advisories

1
Juniper
CVE-2023-28979: An Improper Check for Unusual or Exceptional Conditions vulnerability in the kernel of Juniper Networks Junos OS allows an adjacent unauthenticated at2023-04-17
CVE-2023-28979 — Networks Junos OS vulnerability | cvebase