CVE-2023-36832
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS on MX Series allows an unauthenticated network-based attacker to send specific packets to an Aggregated Multiservices (AMS) interface on the device, causing the packet forwarding engine (PFE) to crash, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.
This issue is only triggered by packets destined to a local-interface via a service-interface (AMS). AMS is only supported on the MS-MPC, MS-MIC, and MX-SPC3 cards. This issue is not experienced on other types of interfaces or configurations. Additionally, transit traffic does not trigger this issue.
This issue affects Juniper Networks Junos OS on MX Series: All versions prior to 19.1R3-S10; 19.2 versions prior to 19.2R3-S7; 19.3 versions prior to 19.3R3-S8; 19.4 versions prior to 19.4R3-S12; 20.2 versions prior to 20.2R3-S8; 20.4 versions prior to 20.4R3-S7; 21.1 versions prior to 21.1R3-S5; 21.2 versions prior to 21.2R3-S5; 21.3 versions prior to 21.3R3-S4; 21.4 versions prior to 21.4R3-S3; 22.1 versions prior to 22.1R3-S2; 22.2 versions prior to 22.2R3; 22.3 versions prior to 22.3R2-S1, 22.3R3; 22.4 versions prior to 22.4R1-S2, 22.4R2.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Juniper Networks | Junos OS | unspecified < 19.1R3-S10 | affected |
| Juniper Networks | Junos OS | 19.2 < 19.2R3-S7 | affected |
| Juniper Networks | Junos OS | 19.3 < 19.3R3-S8 | affected |
| Juniper Networks | Junos OS | 19.4 < 19.4R3-S12 | affected |
| Juniper Networks | Junos OS | 20.2 < 20.2R3-S8 | affected |
| Juniper Networks | Junos OS | 20.4 < 20.4R3-S7 | affected |
| Juniper Networks | Junos OS | 21.1 < 21.1R3-S5 | affected |
| Juniper Networks | Junos OS | 21.2 < 21.2R3-S5 | affected |
| Juniper Networks | Junos OS | 21.3 < 21.3R3-S4 | affected |
| Juniper Networks | Junos OS | 21.4 < 21.4R3-S3 | affected |
| Juniper Networks | Junos OS | 22.1 < 22.1R3-S2 | affected |
| Juniper Networks | Junos OS | 22.2 < 22.2R3 | affected |
| Juniper Networks | Junos OS | 22.3 < 22.3R2-S1, 22.3R3 | affected |
| Juniper Networks | Junos OS | 22.4 < 22.4R1-S2, 22.4R2 | affected |
Weaknesses
- CWE-755: CWE-755 Improper Handling of Exceptional Conditions
- Denial of Service (DoS)
Workarounds
Modify the configuration to not have local/host bound ICMP traffic processed by Service Card (MS-MPC/SPC3) or add protect-RE filter to discard ICMP packets.
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.