CVE-2023-28970

Summary

An Improper Check or Handling of Exceptional Conditions vulnerability in packet processing on the network interfaces of Juniper Networks Junos OS on JRR200 route reflector appliances allows an adjacent, network-based attacker sending a specific packet to the device to cause a kernel crash, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue can only be triggered by an attacker on the local broadcast domain. Packets routed to the device are unable to trigger this crash. This issue affects Juniper Networks Junos OS on JRR200: All versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3-S4; 21.4 versions prior to 21.4R3-S3; 22.1 versions prior to 22.1R3-S1; 22.2 versions prior to 22.2R2-S2, 22.2R3; 22.3 versions prior to 22.3R1-S2, 22.3R2; 22.4 versions prior to 22.4R1-S1, 22.4R2.

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksJunos OSunspecified < 21.2R3-S4affected
Juniper NetworksJunos OS21.3 < 21.3R3-S4affected
Juniper NetworksJunos OS21.4 < 21.4R3-S3affected
Juniper NetworksJunos OS22.1 < 22.1R3-S1affected
Juniper NetworksJunos OS22.2 < 22.2R2-S2, 22.2R3affected
Juniper NetworksJunos OS22.3 < 22.3R1-S2, 22.3R2affected
Juniper NetworksJunos OS22.4 < 22.4R1-S1, 22.4R2affected

Weaknesses

  • CWE-703: CWE-703 Improper Check or Handling of Exceptional Conditions

Workarounds

Limit direct access to the device to only from trusted hosts and administrators.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References