Denial of service in Junos OS when handling TCP traffic
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2023-36841 |
| CWE-ID | CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Juniper Junos OS Operating systems & Components / Operating system |
| Vendor | Juniper Networks, Inc. |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Input validation error
EUVDB-ID: #VU82115
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-36841
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a unauthenticated network-based attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause an infinite loop, resulting in a Denial of Service (DoS). An attacker who sends malformed TCP traffic via an interface configured with PPPoE, causes an infinite loop on the respective PFE.
MitigationInstall updates from vendor's website.
Vulnerable software versionsJuniper Junos OS: 20.4 - 22.4R1-S2
CPE2.3- cpe:2.3:o:juniper_networks:juniper_junos_os:22.3R2-S1:*:*:*:*:*:*:*
- cpe:2.3:o:juniper_networks:juniper_junos_os:22.1R3-S3:*:*:*:*:*:*:*
- cpe:2.3:o:juniper_networks:juniper_junos_os:21.2R3-S5:*:*:*:*:*:*:*
- cpe:2.3:o:juniper_networks:juniper_junos_os:20.4R3-S6:*:*:*:*:*:*:*
- cpe:2.3:o:juniper_networks:juniper_junos_os:21.4R3-S2:*:*:*:*:*:*:*
- cpe:2.3:o:juniper_networks:juniper_junos_os:22.4R1-S2:*:*:*:*:*:*:*
- cpe:2.3:o:juniper_networks:juniper_junos_os:22.2R2-S2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
