CVE-2023-22399
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
When sFlow is enabled and it monitors a packet forwarded via ECMP, a buffer management vulnerability in the dcpfe process of Juniper Networks Junos OS on QFX10K Series systems allows an attacker to cause the Packet Forwarding Engine (PFE) to crash and restart by sending specific genuine packets to the device, resulting in a Denial of Service (DoS) condition. The dcpfe process tries to copy more data into a smaller buffer, which overflows and corrupts the buffer, causing a crash of the dcpfe process. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS on QFX10K Series: All versions prior to 19.4R3-S9; 20.2 versions prior to 20.2R3-S6; 20.3 versions prior to 20.3R3-S6; 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S2; 21.4 versions prior to 21.4R2-S2, 21.4R3; 22.1 versions prior to 22.1R2; 22.2 versions prior to 22.2R1-S2, 22.2R2.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Juniper Networks | Junos OS | unspecified < 19.4R3-S9 | affected |
| Juniper Networks | Junos OS | 20.2 < 20.2R3-S6 | affected |
| Juniper Networks | Junos OS | 20.3 < 20.3R3-S6 | affected |
| Juniper Networks | Junos OS | 20.4 < 20.4R3-S5 | affected |
| Juniper Networks | Junos OS | 21.1 < 21.1R3-S4 | affected |
| Juniper Networks | Junos OS | 21.2 < 21.2R3-S3 | affected |
| Juniper Networks | Junos OS | 21.3 < 21.3R3-S2 | affected |
| Juniper Networks | Junos OS | 21.4 < 21.4R2-S2, 21.4R3 | affected |
| Juniper Networks | Junos OS | 22.1 < 22.1R2 | affected |
| Juniper Networks | Junos OS | 22.2 < 22.2R1-S2, 22.2R2 | affected |
Weaknesses
- CWE-120: CWE-120 Buffer Overflow
- Denial of Service (DoS)
Workarounds
Prevent sflow from monitoring ECMP forwarded packets.
Temporarily disable sFlow to mitigate this issue.
ADP Enrichment
CVE Program Container
Additional References
- https://kb.juniper.net/JSA70195
- https://www.juniper.net/documentation/us/en/software/junos/network-mgmt/topics/topic-map/sflow-monitoring-technology.html
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://kb.juniper.net/JSA70195
- https://www.juniper.net/documentation/us/en/software/junos/network-mgmt/topics/topic-map/sflow-monitoring-technology.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.