CVE-2023-22401

Junos OS and Junos OS Evolved: PTX10008, PTX10016: When a specific SNMP MIB is queried the FPC will crash

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An Improper Validation of Array Index vulnerability in the Advanced Forwarding Toolkit Manager daemon (aftmand) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On the PTX10008 and PTX10016 platforms running Junos OS or Junos OS Evolved, when a specific SNMP MIB is queried this will cause a PFE crash and the FPC will go offline and not automatically recover. A system restart is required to get the affected FPC in an operational state again. This issue affects: Juniper Networks Junos OS 22.1 version 22.1R2 and later versions; 22.1 versions prior to 22.1R3; 22.2 versions prior to 22.2R2. Juniper Networks Junos OS Evolved 21.3-EVO version 21.3R3-EVO and later versions; 21.4-EVO version 21.4R1-S2-EVO, 21.4R2-EVO and later versions prior to 21.4R2-S1-EVO; 22.1-EVO version 22.1R2-EVO and later versions prior to 22.1R3-EVO; 22.2-EVO versions prior to 22.2R1-S1-EVO, 22.2R2-EVO.

Una vulnerabilidad de validación inadecuada del índice de matriz en el demonio Advanced Forwarding Toolkit Manager (aftmand) de Juniper Networks Junos OS y Junos OS Evolved permite que un atacante no autenticado basado en red provoque una denegación de servicio (DoS). En las plataformas PTX10008 y PTX10016 que ejecutan Junos OS o Junos OS Evolved, cuando se consulta una MIB SNMP específica, se producirá un bloqueo de PFE y el FPC se desconectará y no se recuperará automáticamente. Es necesario reiniciar el sistema para que el FPC afectado vuelva a estar operativo. Este problema afecta a: Juniper Networks Junos OS 22.1 versión 22.1R2 y versiones posteriores; Versiones 22.1 anteriores a 22.1R3; Versiones 22.2 anteriores a 22.2R2. Juniper Networks Junos OS Evolved 21.3-EVO versión 21.3R3-EVO y versiones posteriores; 21.4-EVO versión 21.4R1-S2-EVO, 21.4R2-EVO y versiones posteriores anteriores a 21.4R2-S1-EVO; 22.1-EVO versión 22.1R2-EVO y versiones posteriores anteriores a 22.1R3-EVO; Versiones 22.2-EVO anteriores a 22.2R1-S1-EVO, 22.2R2-EVO.

*Credits: N/A

CVSS Scores

NISTv3.1 7.5

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-12-27 CVE Reserved
2023-01-12 CVE Published
2024-08-02 CVE Updated
2024-08-04 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-129: Improper Validation of Array Index

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://kb.juniper.net/JSA70197	2023-01-24

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Juniper Search vendor "Juniper"		Junos Search vendor "Juniper" for product "Junos"				22.1 Search vendor "Juniper" for product "Junos" and version "22.1"		r2		Affected
Juniper Search vendor "Juniper"		Junos Search vendor "Juniper" for product "Junos"				22.1 Search vendor "Juniper" for product "Junos" and version "22.1"		r2-s2		Affected
Juniper Search vendor "Juniper"		Junos Search vendor "Juniper" for product "Junos"				22.2 Search vendor "Juniper" for product "Junos" and version "22.2"		r1		Affected
Juniper Search vendor "Juniper"		Junos Search vendor "Juniper" for product "Junos"				22.2 Search vendor "Juniper" for product "Junos" and version "22.2"		r1-s1		Affected
Juniper Search vendor "Juniper"		Junos Search vendor "Juniper" for product "Junos"				22.2 Search vendor "Juniper" for product "Junos" and version "22.2"		r1-s2		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				21.3 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.3"		r3		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				21.4 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.4"		r1-s2		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				21.4 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.4"		r2		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				22.1 Search vendor "Juniper" for product "Junos Os Evolved" and version "22.1"		r2		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				22.2 Search vendor "Juniper" for product "Junos Os Evolved" and version "22.2"		r1		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				22.2 Search vendor "Juniper" for product "Junos Os Evolved" and version "22.2"		r2		Affected