CVE-2023-44195Improper Restriction of Communication Channel to Intended Endpoints in Networks Junos OS Evolved

CWE-923Improper Restriction of Communication Channel to Intended EndpointsCWE-754Improper Check for Unusual or Exceptional Conditions5 documents4 sources
Severity
5.3MEDIUMNVD
CNA5.4
EPSS
0.1%
top 72.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OS EvolvedJuniper Junos OS Evolved
Timeline
PublishedOct 13

Description

An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the NetworkStack agent daemon (nsagentd) of Juniper Networks Junos OS Evolved allows an unauthenticated network based attacker to cause limited impact to the availability of the system. If specific packets reach the Routing-Engine (RE) these will be processed normally even if firewall filters are in place which should have prevented this. This can lead to a limited, increased consumption of resources resulti

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5juniper_networks/junos_os_evolved21.3-EVO21.3R3-S5-EVO+14
NVDjuniper/junos_os_evolved7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-f7rx-678f-vf6q: An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the NetworkStack agent daemon (nsagentd) of Juniper Networks J2023-10-13
CVEList
Junos OS Evolved: Packets which are not destined to the router can reach the RE2023-10-12

📋Vendor Advisories

2
Juniper
CVE-2023-44195: An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the NetworkStack agent daemon (nsagentd) of Juniper Networks2023-10-13
Juniper
CVE-2023-44196: An Improper Check for Unusual or Exceptional Conditions in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS Evolved on PTX10003 Series2023-10-13
CVE-2023-44195 — MEDIUM severity | cvebase