CVE-2023-36833Use After Free in Networks Junos OS Evolved

CWE-416Use After Free4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 70.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OS EvolvedJuniper Junos OS Evolved
Timeline
PublishedJul 14

Description

A Use After Free vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS Evolved on PTX10001-36MR, and PTX10004, PTX10008, PTX10016 with LC1201/1202 allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). The process 'aftman-bt' will crash after multiple flaps on a multicast-only fast reroute (MoFRR) enabled interface. This will cause the respective FPC to stop forwarding traffic and it needs to be rebooted to restore the service. An indication

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5juniper_networks/junos_os_evolved21.221.2*+6
NVDjuniper/junos_os_evolved7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-c9pw-fcq9-5p4q: A Use After Free vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS Evolved on PTX10001-36MR, and PTX10004, PTX10008, PT2023-07-14
CVEList
Junos OS Evolved: PTX10001-36MR, and PTX10004, PTX10008, PTX10016 with LC1201/1202: The aftman-bt process will crash in a MoFRR scenario after multiple link flaps2023-07-14

📋Vendor Advisories

1
Juniper
CVE-2023-36833: A Use After Free vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS Evolved on PTX10001-36MR, and PTX10004, PTX10008, PT2023-07-14
CVE-2023-36833 — Use After Free | cvebase