CVE-2023-36841Uncontrolled Resource Consumption in Networks Junos OS

CWE-400Uncontrolled Resource Consumption4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.1%
top 68.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedOct 12
Latest updateOct 13

Description

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows a unauthenticated network-based attacker to cause an infinite loop, resulting in a Denial of Service (DoS). An attacker who sends malformed TCP traffic via an interface configured with PPPoE, causes an infinite loop on the respective PFE. This results in consuming all resources and a manual restart is needed to recover. This issue affects

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5juniper_networks/junos_os21.1R121.1*+8
NVDjuniper/junos< 20.4+9

🔴Vulnerability Details

2
GHSA
GHSA-j5xw-gh42-g53c: An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series2023-10-13
CVEList
Junos OS: MX Series: Receipt of malformed TCP traffic will cause a Denial of Service2023-10-12

📋Vendor Advisories

1
Juniper
CVE-2023-36841: An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series2023-10-12
CVE-2023-36841 — Uncontrolled Resource Consumption | cvebase