CVE-2023-44181

An Improperly Implemented Security Check for Standard vulnerability in storm control of Juniper Networks Junos OS QFX5k devices allows packets to be punted to ARP queue causing a l2 loop resulting in a DDOS violations and DDOS syslog. This issue is triggered when Storm control is enabled and ICMPv6 packets are present on device. This issue affects Juniper Networks: Junos OS * All versions prior to 20.2R3-S6 on QFX5k; * 20.3 versions prior to 20.3R3-S5 on QFX5k; * 20.4 versions prior to 20.4R3-S5 on QFX5k; * 21.1 versions prior to 21.1R3-S4 on QFX5k; * 21.2 versions prior to 21.2R3-S3 on QFX5k; * 21.3 versions prior to 21.3R3-S2 on QFX5k; * 21.4 versions prior to 21.4R3 on QFX5k; * 22.1 versions prior to 22.1R3 on QFX5k; * 22.2 versions prior to 22.2R2 on QFX5k.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://supportportal.juniper.net/JSA73145	Vendor Advisory
https://www.juniper.net/documentation/us/en/software/junos/security-services/topics/task/rate-limiting-storm-control-disabling-cli-els.html	Technical Description
https://supportportal.juniper.net/JSA73145	Vendor Advisory
https://www.juniper.net/documentation/us/en/software/junos/security-services/topics/task/rate-limiting-storm-control-disabling-cli-els.html	Technical Description

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:juniper:junos::::::::
	cpe:2.3:o:juniper:junos:20.2:-::::::
	cpe:2.3:o:juniper:junos:20.2:r1::::::
	cpe:2.3:o:juniper:junos:20.2:r1-s1::::::
	cpe:2.3:o:juniper:junos:20.2:r1-s2::::::
	cpe:2.3:o:juniper:junos:20.2:r1-s3::::::
	cpe:2.3:o:juniper:junos:20.2:r2::::::
	cpe:2.3:o:juniper:junos:20.2:r2-s1::::::
	cpe:2.3:o:juniper:junos:20.2:r2-s2::::::
	cpe:2.3:o:juniper:junos:20.2:r2-s3::::::
	cpe:2.3:o:juniper:junos:20.2:r3::::::
	cpe:2.3:o:juniper:junos:20.2:r3-s1::::::
	cpe:2.3:o:juniper:junos:20.2:r3-s2::::::
	cpe:2.3:o:juniper:junos:20.2:r3-s3::::::
	cpe:2.3:o:juniper:junos:20.2:r3-s4::::::
	cpe:2.3:o:juniper:junos:20.2:r3-s5::::::
	cpe:2.3:o:juniper:junos:20.3:-::::::
	cpe:2.3:o:juniper:junos:20.3:r1::::::
	cpe:2.3:o:juniper:junos:20.3:r1-s1::::::
	cpe:2.3:o:juniper:junos:20.3:r1-s2::::::
	cpe:2.3:o:juniper:junos:20.3:r2::::::
	cpe:2.3:o:juniper:junos:20.3:r2-s1::::::
	cpe:2.3:o:juniper:junos:20.3:r3::::::
	cpe:2.3:o:juniper:junos:20.3:r3-s1::::::
	cpe:2.3:o:juniper:junos:20.3:r3-s2::::::
	cpe:2.3:o:juniper:junos:20.3:r3-s3::::::
	cpe:2.3:o:juniper:junos:20.3:r3-s4::::::
	cpe:2.3:o:juniper:junos:20.4:-::::::
	cpe:2.3:o:juniper:junos:20.4:r1::::::
	cpe:2.3:o:juniper:junos:20.4:r1-s1::::::
	cpe:2.3:o:juniper:junos:20.4:r2::::::
	cpe:2.3:o:juniper:junos:20.4:r2-s1::::::
	cpe:2.3:o:juniper:junos:20.4:r2-s2::::::
	cpe:2.3:o:juniper:junos:20.4:r3::::::
	cpe:2.3:o:juniper:junos:20.4:r3-s1::::::
	cpe:2.3:o:juniper:junos:20.4:r3-s2::::::
	cpe:2.3:o:juniper:junos:20.4:r3-s3::::::
	cpe:2.3:o:juniper:junos:20.4:r3-s4::::::
	cpe:2.3:o:juniper:junos:21.1:-::::::
	cpe:2.3:o:juniper:junos:21.1:r1::::::
	cpe:2.3:o:juniper:junos:21.1:r1-s1::::::
	cpe:2.3:o:juniper:junos:21.1:r2::::::
	cpe:2.3:o:juniper:junos:21.1:r2-s1::::::
	cpe:2.3:o:juniper:junos:21.1:r2-s2::::::
	cpe:2.3:o:juniper:junos:21.1:r3::::::
	cpe:2.3:o:juniper:junos:21.1:r3-s1::::::
	cpe:2.3:o:juniper:junos:21.1:r3-s2::::::
	cpe:2.3:o:juniper:junos:21.1:r3-s3::::::
	cpe:2.3:o:juniper:junos:21.2:-::::::
	cpe:2.3:o:juniper:junos:21.2:r1::::::
	cpe:2.3:o:juniper:junos:21.2:r1-s1::::::
	cpe:2.3:o:juniper:junos:21.2:r1-s2::::::
	cpe:2.3:o:juniper:junos:21.2:r2::::::
	cpe:2.3:o:juniper:junos:21.2:r2-s1::::::
	cpe:2.3:o:juniper:junos:21.2:r2-s2::::::
	cpe:2.3:o:juniper:junos:21.2:r3::::::
	cpe:2.3:o:juniper:junos:21.2:r3-s1::::::
	cpe:2.3:o:juniper:junos:21.2:r3-s2::::::
	cpe:2.3:o:juniper:junos:21.3:-::::::
	cpe:2.3:o:juniper:junos:21.3:r1::::::
	cpe:2.3:o:juniper:junos:21.3:r1-s1::::::
	cpe:2.3:o:juniper:junos:21.3:r1-s2::::::
	cpe:2.3:o:juniper:junos:21.3:r2::::::
	cpe:2.3:o:juniper:junos:21.3:r2-s1::::::
cpe:2.3:o:juniper:junos:21.3:r2-s2::::::
cpe:2.3:o:juniper:junos:21.3:r3::::::
cpe:2.3:o:juniper:junos:21.3:r3-s1::::::
cpe:2.3:o:juniper:junos:21.4:-::::::
cpe:2.3:o:juniper:junos:21.4:r1::::::
cpe:2.3:o:juniper:junos:21.4:r1-s1::::::
cpe:2.3:o:juniper:junos:21.4:r1-s2::::::
cpe:2.3:o:juniper:junos:21.4:r2::::::
cpe:2.3:o:juniper:junos:21.4:r2-s1::::::
cpe:2.3:o:juniper:junos:21.4:r2-s2::::::
cpe:2.3:o:juniper:junos:22.1:r1::::::
cpe:2.3:o:juniper:junos:22.1:r1-s1::::::
cpe:2.3:o:juniper:junos:22.1:r1-s2::::::
cpe:2.3:o:juniper:junos:22.1:r2::::::
cpe:2.3:o:juniper:junos:22.1:r2-s1::::::
cpe:2.3:o:juniper:junos:22.1:r2-s2::::::
cpe:2.3:o:juniper:junos:22.2:-::::::
cpe:2.3:o:juniper:junos:22.2:r1::::::
cpe:2.3:o:juniper:junos:22.2:r1-s1::::::
cpe:2.3:o:juniper:junos:22.2:r1-s2::::::

OR	cpe:2.3:h:juniper:qfk5110:-:::::::*
	cpe:2.3:h:juniper:qfk5120:-:::::::*
	cpe:2.3:h:juniper:qfk5130:-:::::::*
	cpe:2.3:h:juniper:qfk5200:-:::::::*
	cpe:2.3:h:juniper:qfk5210:-:::::::*
	cpe:2.3:h:juniper:qfk5220:-:::::::*
	cpe:2.3:h:juniper:qfk5230:-:::::::*
	cpe:2.3:h:juniper:qfk5700:-:::::::*

History

21 Nov 2024, 08:25

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-10-13 00:15

Updated : 2024-11-21 08:25

NVD link : CVE-2023-44181

Mitre link : CVE-2023-44181

CVE.ORG link : CVE-2023-44181

JSON object : View

Products Affected

juniper

qfk5700
qfk5230
junos
qfk5210
qfk5220
qfk5130
qfk5120
qfk5110
qfk5200

CWE

CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')

7.5 /10