CVE-2023-44189 — Origin Validation Error in Networks Junos OS Evolved

CWE-346 — Origin Validation Error4 documents4 sources

Severity

5.4MEDIUMNVD

CNA6.1

EPSS

0.0%

top 99.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Evolved Juniper Junos OS Evolved

Timeline

PublishedOct 11

Latest updateOct 12

Description

An Origin Validation vulnerability in MAC address validation of Juniper Networks Junos OS Evolved on PTX10003 Series allows a network-adjacent attacker to bypass MAC address checking, allowing MAC addresses not intended to reach the adjacent LAN to be forwarded to the downstream network. Due to this issue, the router will start forwarding traffic if a valid route is present in forwarding-table, causing a loop and congestion in the downstream layer-2 domain connected to the device. This issue af…

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:LExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_os_evolved22.1 — 22.1R3-S3-EVO+5

▶NVDjuniper/junos_os_evolved< 21.4+6

🔴Vulnerability Details

GHSA

GHSA-fwh4-pm54-qx88: An Origin Validation vulnerability in MAC address validation of Juniper Networks Junos OS Evolved on PTX10003 Series allows a network-adjacent attacke↗2023-10-12

▶

CVEList

Junos OS Evolved: PTX10003 Series: MAC address validation bypass vulnerability↗2023-10-11

▶

📋Vendor Advisories

Juniper

CVE-2023-44189: An Origin Validation vulnerability in MAC address validation of Juniper Networks Junos OS Evolved on PTX10003 Series allows a network-adjacent attack↗2023-10-11

▶