CVE-2023-36838Out-of-bounds Read in Networks Junos OS

CWE-125Out-of-bounds Read4 documents4 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 84.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedJul 14

Description

An Out-of-bounds Read vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX Series allows a local, authenticated attacker with low privileges, to cause a Denial of Service (DoS). If a low privileged user executes a specific CLI command, flowd which is responsible for traffic forwarding in SRX crashes and generates a core dump. This will cause temporary traffic interruption until the flowd process is restarted automatically. Continued execution of this command w

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5juniper_networks/junos_osunspecified20.2R3-S7+10
NVDjuniper/junos< 20.2+11

🔴Vulnerability Details

2
CVEList
Junos OS: SRX Series: A flowd core occurs when running a low privileged CLI command2023-07-14
GHSA
GHSA-xfjj-5jcc-72cx: An Out-of-bounds Read vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX Series allows a local, authenticated att2023-07-14

📋Vendor Advisories

1
Juniper
CVE-2023-36838: An Out-of-bounds Read vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX Series allows a local, authenticated att2023-07-14
CVE-2023-36838 — Out-of-bounds Read | cvebase