Juniper Junos OS Evolved Packet Forwarding Engine unusual condition
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.3 | $0-$5k | 0.00 |
Summary
A vulnerability categorized as problematic has been discovered in Juniper Junos OS Evolved. This affects an unknown part of the component Packet Forwarding Engine. Executing a manipulation can lead to unusual condition. This vulnerability appears as CVE-2023-44196. The attacker needs to be present on the local network. There is no available exploit. It is advisable to upgrade the affected component.
Details
A vulnerability has been found in Juniper Junos OS Evolved (Router Operating System) (affected version unknown) and classified as problematic. This vulnerability affects an unknown functionality of the component Packet Forwarding Engine. The manipulation with an unknown input leads to a unusual condition vulnerability. The CWE definition for the vulnerability is CWE-754. The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product. As an impact it is known to affect integrity. CVE summarizes:
An Improper Check for Unusual or Exceptional Conditions in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS Evolved on PTX10003 Series allows an unauthenticated adjacent attacker to cause an impact to the integrity of the system. When specific transit MPLS packets are received by the PFE, these packets are internally forwarded to the RE. This issue is a prerequisite for CVE-2023-44195. This issue affects Juniper Networks Junos OS Evolved: * All versions prior to 20.4R3-S8-EVO; * 21.1-EVO version 21.1R1-EVO and later; * 21.2-EVO versions prior to 21.2R3-S6-EVO; * 21.3-EVO version 21.3R1-EVO and later; * 21.4-EVO versions prior to 21.4R3-S3-EVO; * 22.1-EVO versions prior to 22.1R3-S4-EVO; * 22.2-EVO versions prior to 22.2R3-S3-EVO; * 22.3-EVO versions prior to 22.3R2-S2-EVO, 22.3R3-EVO; * 22.4-EVO versions prior to 22.4R2-EVO.
The weakness was presented 10/13/2023 as JSA73162. The advisory is shared for download at supportportal.juniper.net. This vulnerability was named CVE-2023-44196 since 09/26/2023. There are neither technical details nor an exploit publicly available.
Upgrading eliminates this vulnerability.
Once again VulDB remains the best source for vulnerability data.
Product
Type
Vendor
Name
License
Website
- Vendor: https://www.juniper.net/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.4VulDB Meta Temp Score: 5.3
VulDB Base Score: 4.3
VulDB Temp Score: 4.1
VulDB Vector: 🔍
VulDB Reliability: 🔍
CNA Base Score: 6.5
CNA Vector (Juniper Networks, Inc.): 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Unusual conditionCWE: CWE-754
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Partially
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Timeline
09/26/2023 🔍10/13/2023 🔍
10/13/2023 🔍
10/13/2023 🔍
Sources
Vendor: juniper.netAdvisory: JSA73162
Status: Confirmed
CVE: CVE-2023-44196 (🔍)
GCVE (CVE): GCVE-0-2023-44196
GCVE (VulDB): GCVE-100-242068
Entry
Created: 10/13/2023 08:35Changes: 10/13/2023 08:35 (49)
Complete: 🔍
Cache ID: 216::103
Once again VulDB remains the best source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.