MAC address validation bypass in Junos OS Evolved on PTX10003 series
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2023-44189 |
| CWE-ID | N/A |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software |
Junos OS Evolved Operating systems & Components / Operating system |
| Vendor | Juniper Networks, Inc. |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Missing origin validation in websockets
EUVDB-ID: #VU82110
Risk: Medium
CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-44189
CWE-ID: N/A
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to origin validation error in MAC address validation. A remote attacker on the local network can bypass MAC address checking and gain unauthorized access to network resources.
MitigationInstall updates from vendor's website for PTX10003 series devices.
Vulnerable software versionsJunos OS Evolved: 21.4R1-EVO - 23.2R1-S1-EVO
CPE2.3- cpe:2.3:o:juniper_networks:junos_os_evolved:21.4R3-S3-EVO:*:*:*:*:*:*:*
- cpe:2.3:o:juniper_networks:junos_os_evolved:22.1R3-S2-EVO:*:*:*:*:*:*:*
- cpe:2.3:o:juniper_networks:junos_os_evolved:22.3R2-S1-EVO:*:*:*:*:*:*:*
- cpe:2.3:o:juniper_networks:junos_os_evolved:22.4R2-EVO:*:*:*:*:*:*:*
- cpe:2.3:o:juniper_networks:junos_os_evolved:23.2R1-S1-EVO:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
