Denial of service in Junos OS in a EVPN/VXLAN environment

1) Improperly implemented security check for standard

EUVDB-ID: #VU82231

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-44181

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improperly implemented security check for standard error in storm control when Storm control is enabled and ICMPv6(internet control message protocol) packets are present on device. A remote non-authenticated attacker can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Juniper Junos OS: 20.2 - 22.2R1-S2

CPE2.3

• cpe:2.3:o:juniper_networks:juniper_junos_os:21.1R3-S3:*:*:*:*:*:*:*
• cpe:2.3:o:juniper_networks:juniper_junos_os:20.2R3-S5:*:*:*:*:*:*:*
• cpe:2.3:o:juniper_networks:juniper_junos_os:20.4R3-S4:*:*:*:*:*:*:*
• cpe:2.3:o:juniper_networks:juniper_junos_os:22.2R1-S2:*:*:*:*:*:*:*
• cpe:2.3:o:juniper_networks:juniper_junos_os:22.1R2-S2:*:*:*:*:*:*:*
• cpe:2.3:o:juniper_networks:juniper_junos_os:21.2R3-S2:*:*:*:*:*:*:*
• cpe:2.3:o:juniper_networks:juniper_junos_os:21.3R3-S1:*:*:*:*:*:*:*
• cpe:2.3:o:juniper_networks:juniper_junos_os:20.3R3-S4:*:*:*:*:*:*:*
• cpe:2.3:o:juniper_networks:juniper_junos_os:21.4R2-S2:*:*:*:*:*:*:*

External links

http://supportportal.juniper.net/s/article/2023-10-Security-Bulletin-Junos-OS-QFX5k-l2-loop-in-the-overlay-impacts-the-stability-in-a-EVPN-VXLAN-environment-CVE-2023-44181

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.