CVE-2023-28984 — Race Condition in Networks Junos OS

CWE-362 — Race Condition CWE-416 — Use After Free4 documents4 sources

Severity

5.3MEDIUMNVD

EPSS

0.1%

top 78.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos

Timeline

PublishedApr 17

Latest updateApr 18

Description

A Use After Free vulnerability in the Layer 2 Address Learning Manager (l2alm) of Juniper Networks Junos OS on QFX Series allows an adjacent attacker to cause the Packet Forwarding Engine to crash and restart, leading to a Denial of Service (DoS). The PFE may crash when a lot of MAC learning and aging happens, but due to a Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization) that is outside the attackers direct control. This issue affects: Juniper Networks Ju…

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 1.6 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_osunspecified — 19.4R3-S10+9

▶NVDjuniper/junos11 versions+10

🔴Vulnerability Details

GHSA

GHSA-vx3w-5gr7-767w: A Use After Free vulnerability in the Layer 2 Address Learning Manager (l2alm) of Juniper Networks Junos OS on QFX Series allows an adjacent attacker↗2023-04-18

▶

CVEList

Junos OS: QFX Series: The PFE may crash when a lot of MAC addresses are being learned and aged↗2023-04-17

▶

📋Vendor Advisories

Juniper

CVE-2023-28984: A Use After Free vulnerability in the Layer 2 Address Learning Manager (l2alm) of Juniper Networks Junos OS on QFX Series allows an adjacent attacker↗2023-04-17

▶