CVE-2023-36843

An Improper Handling of Inconsistent Special Elements vulnerability in the Junos Services Framework (jsf) module of Juniper Networks Junos OS allows an unauthenticated network based attacker to cause a crash in the Packet Forwarding Engine (pfe) and thereby resulting in a Denial of Service (DoS). Upon receiving malformed SSL traffic, the PFE crashes. A manual restart will be needed to recover the device. This issue only affects devices with Juniper Networks Advanced Threat Prevention (ATP) Cloud enabled with Encrypted Traffic Insights (configured via ‘security-metadata-streaming policy’). This issue affects Juniper Networks Junos OS: * All versions prior to 20.4R3-S8, 20.4R3-S9; * 21.1 version 21.1R1 and later versions; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2-S1, 22.4R3;

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://supportportal.juniper.net/JSA73174	Vendor Advisory
https://supportportal.juniper.net/JSA73174	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:juniper:junos::::::::
	cpe:2.3:o:juniper:junos:20.4:-::::::
	cpe:2.3:o:juniper:junos:20.4:r1::::::
	cpe:2.3:o:juniper:junos:20.4:r1-s1::::::
	cpe:2.3:o:juniper:junos:20.4:r2::::::
	cpe:2.3:o:juniper:junos:20.4:r2-s1::::::
	cpe:2.3:o:juniper:junos:20.4:r2-s2::::::
	cpe:2.3:o:juniper:junos:20.4:r3::::::
	cpe:2.3:o:juniper:junos:20.4:r3-s1::::::
	cpe:2.3:o:juniper:junos:20.4:r3-s2::::::
	cpe:2.3:o:juniper:junos:20.4:r3-s3::::::
	cpe:2.3:o:juniper:junos:20.4:r3-s4::::::
	cpe:2.3:o:juniper:junos:20.4:r3-s5::::::
	cpe:2.3:o:juniper:junos:20.4:r3-s6::::::
	cpe:2.3:o:juniper:junos:20.4:r3-s7::::::
	cpe:2.3:o:juniper:junos:20.4:r3-s9::::::
	cpe:2.3:o:juniper:junos:21.1:r1::::::
	cpe:2.3:o:juniper:junos:21.1:r1-s1::::::
	cpe:2.3:o:juniper:junos:21.1:r2::::::
	cpe:2.3:o:juniper:junos:21.1:r2-s1::::::
	cpe:2.3:o:juniper:junos:21.1:r2-s2::::::
	cpe:2.3:o:juniper:junos:21.1:r3::::::
	cpe:2.3:o:juniper:junos:21.1:r3-s1::::::
	cpe:2.3:o:juniper:junos:21.1:r3-s2::::::
	cpe:2.3:o:juniper:junos:21.1:r3-s3::::::
	cpe:2.3:o:juniper:junos:21.1:r3-s4::::::
	cpe:2.3:o:juniper:junos:21.1:r3-s5::::::
	cpe:2.3:o:juniper:junos:21.2:-::::::
	cpe:2.3:o:juniper:junos:21.2:r1::::::
	cpe:2.3:o:juniper:junos:21.2:r1-s1::::::
	cpe:2.3:o:juniper:junos:21.2:r1-s2::::::
	cpe:2.3:o:juniper:junos:21.2:r2::::::
	cpe:2.3:o:juniper:junos:21.2:r2-s1::::::
	cpe:2.3:o:juniper:junos:21.2:r2-s2::::::
	cpe:2.3:o:juniper:junos:21.2:r3::::::
	cpe:2.3:o:juniper:junos:21.2:r3-s1::::::
	cpe:2.3:o:juniper:junos:21.2:r3-s2::::::
	cpe:2.3:o:juniper:junos:21.2:r3-s3::::::
	cpe:2.3:o:juniper:junos:21.2:r3-s4::::::
	cpe:2.3:o:juniper:junos:21.2:r3-s5::::::
	cpe:2.3:o:juniper:junos:21.3:-::::::
	cpe:2.3:o:juniper:junos:21.3:r1::::::
	cpe:2.3:o:juniper:junos:21.3:r1-s1::::::
	cpe:2.3:o:juniper:junos:21.3:r1-s2::::::
	cpe:2.3:o:juniper:junos:21.3:r2::::::
	cpe:2.3:o:juniper:junos:21.3:r2-s1::::::
	cpe:2.3:o:juniper:junos:21.3:r2-s2::::::
	cpe:2.3:o:juniper:junos:21.3:r3::::::
	cpe:2.3:o:juniper:junos:21.3:r3-s1::::::
	cpe:2.3:o:juniper:junos:21.3:r3-s2::::::
	cpe:2.3:o:juniper:junos:21.3:r3-s3::::::
	cpe:2.3:o:juniper:junos:21.3:r3-s4::::::
	cpe:2.3:o:juniper:junos:21.4:-::::::
	cpe:2.3:o:juniper:junos:21.4:r1::::::
	cpe:2.3:o:juniper:junos:21.4:r1-s1::::::
	cpe:2.3:o:juniper:junos:21.4:r1-s2::::::
	cpe:2.3:o:juniper:junos:21.4:r2::::::
	cpe:2.3:o:juniper:junos:21.4:r2-s1::::::
	cpe:2.3:o:juniper:junos:21.4:r2-s2::::::
	cpe:2.3:o:juniper:junos:21.4:r3::::::
	cpe:2.3:o:juniper:junos:21.4:r3-s1::::::
	cpe:2.3:o:juniper:junos:21.4:r3-s2::::::
	cpe:2.3:o:juniper:junos:21.4:r3-s3::::::
	cpe:2.3:o:juniper:junos:21.4:r3-s4::::::
cpe:2.3:o:juniper:junos:22.1:r1::::::
cpe:2.3:o:juniper:junos:22.1:r1-s1::::::
cpe:2.3:o:juniper:junos:22.1:r1-s2::::::
cpe:2.3:o:juniper:junos:22.1:r2::::::
cpe:2.3:o:juniper:junos:22.1:r2-s1::::::
cpe:2.3:o:juniper:junos:22.1:r2-s2::::::
cpe:2.3:o:juniper:junos:22.1:r3::::::
cpe:2.3:o:juniper:junos:22.1:r3-s1::::::
cpe:2.3:o:juniper:junos:22.2:r1::::::
cpe:2.3:o:juniper:junos:22.2:r1-s1::::::
cpe:2.3:o:juniper:junos:22.2:r1-s2::::::
cpe:2.3:o:juniper:junos:22.2:r2::::::
cpe:2.3:o:juniper:junos:22.2:r2-s1::::::
cpe:2.3:o:juniper:junos:22.2:r2-s2::::::
cpe:2.3:o:juniper:junos:22.2:r3::::::
cpe:2.3:o:juniper:junos:22.2:r3-s1::::::
cpe:2.3:o:juniper:junos:22.3:r1::::::
cpe:2.3:o:juniper:junos:22.3:r1-s1::::::
cpe:2.3:o:juniper:junos:22.3:r1-s2::::::
cpe:2.3:o:juniper:junos:22.3:r2::::::
cpe:2.3:o:juniper:junos:22.3:r2-s1::::::
cpe:2.3:o:juniper:junos:22.3:r3::::::
cpe:2.3:o:juniper:junos:22.4:r1::::::
cpe:2.3:o:juniper:junos:22.4:r1-s1::::::
cpe:2.3:o:juniper:junos:22.4:r1-s2::::::
cpe:2.3:o:juniper:junos:22.4:r2::::::
cpe:2.3:o:juniper:junos:22.4:r3::::::

History

21 Nov 2024, 08:10

Type	Values Removed	Values Added
References	~~() https://supportportal.juniper.net/JSA73174 - Vendor Advisory~~	() https://supportportal.juniper.net/JSA73174 - Vendor Advisory

18 Sep 2024, 18:35

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-10-12 23:15

Updated : 2024-11-21 08:10

NVD link : CVE-2023-36843

Mitre link : CVE-2023-36843

CVE.ORG link : CVE-2023-36843

JSON object : View

Products Affected

juniper

junos

CWE

CWE-168

Improper Handling of Inconsistent Special Elements

NVD-CWE-Other

7.5 /10