CVE-2023-28976

Summary

An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). If specific traffic is received on MX Series and its rate exceeds the respective DDoS protection limit the ingress PFE will crash and restart. Continued receipt of this traffic will create a sustained DoS condition. This issue affects Juniper Networks Junos OS on MX Series: All versions prior to 19.1R3-S10; 19.2 versions prior to 19.2R3-S7; 19.3 versions prior to 19.3R3-S8; 19.4 versions prior to 19.4R3-S11; 20.2 versions prior to 20.2R3-S5; 20.4 versions prior to 20.4R3-S6; 21.1 versions prior to 21.1R3-S5; 21.2 versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R2.

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksJunos OSunspecified < 19.1R3-S10affected
Juniper NetworksJunos OS19.2 < 19.2R3-S7affected
Juniper NetworksJunos OS19.3 < 19.3R3-S8affected
Juniper NetworksJunos OS19.4 < 19.4R3-S11affected
Juniper NetworksJunos OS20.2 < 20.2R3-S5affected
Juniper NetworksJunos OS20.4 < 20.4R3-S6affected
Juniper NetworksJunos OS21.1 < 21.1R3-S5affected
Juniper NetworksJunos OS21.2 < 21.2R3-S4affected
Juniper NetworksJunos OS21.3 < 21.3R3affected
Juniper NetworksJunos OS21.4 < 21.4R3affected
Juniper NetworksJunos OS22.1 < 22.1R2affected

Weaknesses

  • CWE-754: CWE-754 Improper Check for Unusual or Exceptional Conditions
  • Denial of Service (DoS)

Workarounds

There are no known workarounds for this issue.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References