CVE-2023-36850Improper Validation of Specified Index, Position, or Offset in Input in Networks Junos OS

CWE-1285Improper Validation of Specified Index, Position, or Offset in Input4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 79.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedJul 14

Description

An Improper Validation of Specified Index, Position, or Offset in Input vulnerability in the Connectivity Fault Management(CFM) module of Juniper Networks Junos OS on MX Series(except MPC10, MPC11 and LC9600) allows an adjacent attacker on the local broadcast domain to cause a Denial of Service(DoS). Upon receiving a malformed CFM packet, the MPC crashes. Continued receipt of these packets causes a sustained denial of service. This issue can only be triggered when CFM hasn't been configured. T

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5juniper_networks/junos_osunspecified19.1R3-S10+15
NVDjuniper/junos16 versions+15

🔴Vulnerability Details

2
CVEList
Junos OS: MX Series: An MPC will crash upon receipt of a malformed CFM packet.2023-07-14
GHSA
GHSA-386p-7ccc-jwxx: An Improper Validation of Specified Index, Position, or Offset in Input vulnerability in the Connectivity Fault Management(CFM) module of Juniper Netw2023-07-14

📋Vendor Advisories

1
Juniper
CVE-2023-36850: An Improper Validation of Specified Index, Position, or Offset in Input vulnerability in the Connectivity Fault Management(CFM) module of Juniper Netw2023-07-14
CVE-2023-36850 — Networks Junos OS vulnerability | cvebase