CVE-2023-44183Improper Input Validation in Networks Junos OS

CWE-20Improper Input ValidationCWE-401Missing Release of Memory after Effective Lifetime4 documents4 sources
Severity
5.3MEDIUMNVD
CNA6.5
EPSS
0.0%
top 88.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedOct 13

Description

An Improper Input Validation vulnerability in the VxLAN packet forwarding engine (PFE) of Juniper Networks Junos OS on QFX5000 Series, EX4600 Series devices allows an unauthenticated, adjacent attacker, sending two or more genuine packets in the same VxLAN topology to possibly cause a DMA memory leak to occur under various specific operational conditions. The scenario described here is the worst-case scenario. There are other scenarios that require operator action to occur. An indicator of comp

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 1.6 | Impact: 3.6

Affected Packages2 packages

CVEListV5juniper_networks/junos_os18.4R218.4*+9
NVDjuniper/junos17 versions+16

🔴Vulnerability Details

2
GHSA
GHSA-x9hv-97wr-x4j8: An Improper Input Validation vulnerability in the VxLAN packet forwarding engine (PFE) of Juniper Networks Junos OS on QFX5000 Series, EX4600 Series d2023-10-13
CVEList
Junos OS: QFX5000 Series, EX4600 Series: In a VxLAN scenario an adjacent attacker within the VxLAN sending genuine packets may cause a DMA memory leak to occur.2023-10-12

📋Vendor Advisories

1
Juniper
CVE-2023-44183: An Improper Input Validation vulnerability in the VxLAN packet forwarding engine (PFE) of Juniper Networks Junos OS on QFX5000 Series, EX4600 Series2023-10-13
CVE-2023-44183 — Improper Input Validation | cvebase