CVE-2023-36843 — Improper Handling of Inconsistent Special Elements in Networks Junos OS

CWE-168 — Improper Handling of Inconsistent Special Elements4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.1%

top 75.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos

Timeline

PublishedOct 12

Latest updateOct 13

Description

An Improper Handling of Inconsistent Special Elements vulnerability in the Junos Services Framework (jsf) module of Juniper Networks Junos OS allows an unauthenticated network based attacker to cause a crash in the Packet Forwarding Engine (pfe) and thereby resulting in a Denial of Service (DoS). Upon receiving malformed SSL traffic, the PFE crashes. A manual restart will be needed to recover the device. This issue only affects devices with Juniper Networks Advanced Threat Prevention (ATP) Clo…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_os21.1R1 — 21.1*+8

▶NVDjuniper/junos< 20.4+9

🔴Vulnerability Details

GHSA

GHSA-f8h4-8cx8-j35m: An Improper Handling of Inconsistent Special Elements vulnerability in the Junos Services Framework (jsf) module of Juniper Networks Junos OS allows a↗2023-10-13

▶

CVEList

Junos OS: SRX Series: The PFE will crash on receiving malformed SSL traffic when Sky ATP is enabled↗2023-10-12

▶

📋Vendor Advisories

Juniper

CVE-2023-36843: An Improper Handling of Inconsistent Special Elements vulnerability in the Junos Services Framework (jsf) module of Juniper Networks Junos OS allows↗2023-10-12

▶