Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-28959

An Improper Check or Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS on QFX10002 allows an unauthenticated, adjacent attacker on the local broadcast domain sending a malformed packet to the device, causing all PFEs other than the inbound PFE to wedge and to eventually restart, resulting in a Denial of Service (DoS) condition. Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue can only be triggered by sending a specific malformed packet to the device. Transit traffic does not trigger this issue. An indication of this issue occurring can be seen through the following log messages: fpc0 expr_hostbound_packet_handler: Receive pe 73? fpc0 Cmerror Op Set: PE Chip: PE0[0]: PGQ:misc_intr: 0x00000020: Enqueue of a packet with out-of-range VOQ in 192K-VOQ mode (URI: /fpc/0/pfe/0/cm/0/PE_Chip/0/PECHIP_CMERROR_PGQ_MISC_INT_EVENTS_ENQ_192K_VIOL) The logs list below can also be observed when this issue occurs fpc0 Error: /fpc/0/pfe/0/cm/0/PE_Chip/0/PECHIP_CMERROR_PGQ_MISC_INT_EVENTS_ENQ_192K_VIOL (0x210107), scope: pfe, category: functional, severity: major, module: PE Chip, type: Description for PECHIP_CMERROR_PGQ_MISC_INT_EVENTS_ENQ_192K_VIOL fpc0 Performing action cmalarm for error /fpc/0/pfe/0/cm/0/PE_Chip/0/PECHIP_CMERROR_PGQ_MISC_INT_EVENTS_ENQ_192K_VIOL (0x210107) in module: PE Chip with scope: pfe category: functional level: major fpc0 Error: /fpc/0/pfe/0/cm/0/PE_Chip/0/PECHIP_CMERROR_CM_INT_REG_DCHK_PIPE (0x21011a), scope: pfe, category: functional, severity: fatal, module: PE Chip, type: Description for PECHIP_CMERROR_CM_INT_REG_DCHK_PIPE fpc0 Performing action cmalarm for error /fpc/0/pfe/0/cm/0/PE_Chip/0/PECHIP_CMERROR_CM_INT_REG_DCHK_PIPE (0x21011a) in module: PE Chip with scope: pfe category: functional level: fatal fpc0 Performing action disable-pfe for error /fpc/0/pfe/0/cm/0/PE_Chip/0/PECHIP_CMERROR_CM_INT_REG_DCHK_PIPE (0x21011a) in module: PE Chip with scope: pfe category: functional level: fatal This issue affects Juniper Networks Junos OS on QFX10002: All versions prior to 19.1R3-S10; 19.4 versions prior to 19.4R3-S11; 20.2 versions prior to 20.2R3-S7; 20.4 versions prior to 20.4R3-S6; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3-S2; 22.1 versions prior to 22.1R3-S1; 22.2 versions prior to 22.2R2-S1, 22.2R3; 22.3 versions prior to 22.3R1-S2, 22.3R2.

Published

2023-04-17T22:15:08.320

Last Modified

2024-11-21T07:56:17.097

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Primary
CWE-703

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	juniper	junos	< 19.1	Yes
Operating System	juniper	junos	19.1	Yes
Operating System	juniper	junos	19.1	Yes
Operating System	juniper	junos	19.1	Yes
Operating System	juniper	junos	19.1	Yes
Operating System	juniper	junos	19.1	Yes
Operating System	juniper	junos	19.1	Yes
Operating System	juniper	junos	19.1	Yes
Operating System	juniper	junos	19.1	Yes
Operating System	juniper	junos	19.1	Yes
Operating System	juniper	junos	19.1	Yes
Operating System	juniper	junos	19.1	Yes
Operating System	juniper	junos	19.1	Yes
Operating System	juniper	junos	19.1	Yes
Operating System	juniper	junos	19.1	Yes
Operating System	juniper	junos	19.1	Yes
Operating System	juniper	junos	19.1	Yes
Operating System	juniper	junos	19.1	Yes
Operating System	juniper	junos	19.1	Yes
Operating System	juniper	junos	19.1	Yes
Operating System	juniper	junos	19.1	Yes
Operating System	juniper	junos	19.1	Yes
Operating System	juniper	junos	19.1	Yes
Operating System	juniper	junos	19.4	Yes
Operating System	juniper	junos	19.4	Yes
Operating System	juniper	junos	19.4	Yes
Operating System	juniper	junos	19.4	Yes
Operating System	juniper	junos	19.4	Yes
Operating System	juniper	junos	19.4	Yes
Operating System	juniper	junos	19.4	Yes
Operating System	juniper	junos	19.4	Yes
Operating System	juniper	junos	19.4	Yes
Operating System	juniper	junos	19.4	Yes
Operating System	juniper	junos	19.4	Yes
Operating System	juniper	junos	19.4	Yes
Operating System	juniper	junos	19.4	Yes
Operating System	juniper	junos	19.4	Yes
Operating System	juniper	junos	19.4	Yes
Operating System	juniper	junos	19.4	Yes
Operating System	juniper	junos	19.4	Yes
Operating System	juniper	junos	20.2	Yes
Operating System	juniper	junos	20.2	Yes
Operating System	juniper	junos	20.2	Yes
Operating System	juniper	junos	20.2	Yes
Operating System	juniper	junos	20.2	Yes
Operating System	juniper	junos	20.2	Yes
Operating System	juniper	junos	20.2	Yes
Operating System	juniper	junos	20.2	Yes
Operating System	juniper	junos	20.2	Yes
Operating System	juniper	junos	20.2	Yes
Operating System	juniper	junos	20.2	Yes
Operating System	juniper	junos	20.2	Yes
Operating System	juniper	junos	20.2	Yes
Operating System	juniper	junos	20.2	Yes
Operating System	juniper	junos	20.2	Yes
Operating System	juniper	junos	20.2	Yes
Operating System	juniper	junos	20.4	Yes
Operating System	juniper	junos	20.4	Yes
Operating System	juniper	junos	20.4	Yes
Operating System	juniper	junos	20.4	Yes
Operating System	juniper	junos	20.4	Yes
Operating System	juniper	junos	20.4	Yes
Operating System	juniper	junos	20.4	Yes
Operating System	juniper	junos	20.4	Yes
Operating System	juniper	junos	20.4	Yes
Operating System	juniper	junos	20.4	Yes
Operating System	juniper	junos	20.4	Yes
Operating System	juniper	junos	20.4	Yes
Operating System	juniper	junos	21.1	Yes
Operating System	juniper	junos	21.1	Yes
Operating System	juniper	junos	21.1	Yes
Operating System	juniper	junos	21.1	Yes
Operating System	juniper	junos	21.1	Yes
Operating System	juniper	junos	21.1	Yes
Operating System	juniper	junos	21.1	Yes
Operating System	juniper	junos	21.1	Yes
Operating System	juniper	junos	21.1	Yes
Operating System	juniper	junos	21.1	Yes
Operating System	juniper	junos	21.2	Yes
Operating System	juniper	junos	21.2	Yes
Operating System	juniper	junos	21.2	Yes
Operating System	juniper	junos	21.2	Yes
Operating System	juniper	junos	21.2	Yes
Operating System	juniper	junos	21.2	Yes
Operating System	juniper	junos	21.2	Yes
Operating System	juniper	junos	21.2	Yes
Operating System	juniper	junos	21.2	Yes
Operating System	juniper	junos	21.2	Yes
Operating System	juniper	junos	21.2	Yes
Operating System	juniper	junos	21.3	Yes
Operating System	juniper	junos	21.3	Yes
Operating System	juniper	junos	21.3	Yes
Operating System	juniper	junos	21.3	Yes
Operating System	juniper	junos	21.3	Yes
Operating System	juniper	junos	21.3	Yes
Operating System	juniper	junos	21.3	Yes
Operating System	juniper	junos	21.3	Yes
Operating System	juniper	junos	21.3	Yes
Operating System	juniper	junos	21.3	Yes
Operating System	juniper	junos	21.4	Yes
Operating System	juniper	junos	21.4	Yes
Operating System	juniper	junos	21.4	Yes
Operating System	juniper	junos	21.4	Yes
Operating System	juniper	junos	21.4	Yes
Operating System	juniper	junos	21.4	Yes
Operating System	juniper	junos	21.4	Yes
Operating System	juniper	junos	21.4	Yes
Operating System	juniper	junos	21.4	Yes
Operating System	juniper	junos	22.1	Yes
Operating System	juniper	junos	22.1	Yes
Operating System	juniper	junos	22.1	Yes
Operating System	juniper	junos	22.1	Yes
Operating System	juniper	junos	22.1	Yes
Operating System	juniper	junos	22.1	Yes
Operating System	juniper	junos	22.1	Yes
Operating System	juniper	junos	22.2	Yes
Operating System	juniper	junos	22.2	Yes
Operating System	juniper	junos	22.2	Yes
Operating System	juniper	junos	22.2	Yes
Operating System	juniper	junos	22.3	Yes
Operating System	juniper	junos	22.3	Yes
Hardware	juniper	qfx10002	-	No

References

https://supportportal.juniper.net/JSA70584 Vendor Advisory ([email protected])
https://supportportal.juniper.net/JSA70584 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)