CVE-2023-36848Improper Handling of Undefined Values in Networks Junos OS

CWE-232Improper Handling of Undefined Values4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 74.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedJul 14

Description

An Improper Handling of Undefined Values vulnerability in the periodic packet management daemon (PPMD) of Juniper Networks Junos OS on MX Series(except MPC10, MPC11 and LC9600) allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS). When a malformed CFM packet is received, it leads to an FPC crash. Continued receipt of these packets causes a sustained denial of service. This vulnerability occurs only when CFM has been configured on the interface. This issue affects Juni

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5juniper_networks/junos_osunspecified19.1R3-S10+15
NVDjuniper/junos16 versions+15

🔴Vulnerability Details

2
CVEList
Junos OS: MX Series: The FPC will crash on receiving a malformed CFM packet2023-07-14
GHSA
GHSA-pv7q-j2wh-2hh7: An Improper Handling of Undefined Values vulnerability in the periodic packet management daemon (PPMD) of Juniper Networks Junos OS on MX Series(excep2023-07-14

📋Vendor Advisories

1
Juniper
CVE-2023-36848: An Improper Handling of Undefined Values vulnerability in the periodic packet management daemon (PPMD) of Juniper Networks Junos OS on MX Series(excep2023-07-14
CVE-2023-36848 — Improper Handling of Undefined Values | cvebase