CVE-2023-36835 — Improper Check for Unusual or Exceptional Conditions in Networks Junos OS

CWE-754 — Improper Check for Unusual or Exceptional Conditions4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.2%

top 53.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos

Timeline

PublishedJul 14

Description

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on QFX10000 Series allows a network based attacker to cause a Denial of Service (DoS). If a specific valid IP packet is received and that packet needs to be routed over a VXLAN tunnel, this will result in a PFE wedge condition due to which traffic gets impacted. As this is not a crash and restart scenario, this condition will persist until the system is reboot…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_os20.3 — 20.3*+8

▶NVDjuniper/junos9 versions+8

🔴Vulnerability Details

CVEList

Junos OS: QFX10000 Series: All traffic will be dropped after a specific valid IP packet has been received which needs to be routed over a VXLAN tunnel↗2023-07-14

▶

GHSA

GHSA-3xwf-x58p-42cm: An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on QFX10000 S↗2023-07-14

▶

📋Vendor Advisories

Juniper

CVE-2023-36835: An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on QFX10000 S↗2023-07-14

▶