Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-22392

Published: 12/10/2023 Updated: 21/02/2024
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Junos

Vulnerability Summary

A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenticated malicious user to cause a Denial of Service (DoS). PTX3000, PTX5000, QFX10000, PTX1000, PTX10002, and PTX10004, PTX10008 and PTX10016 with LC110x FPCs do not support certain flow-routes. Once a flow-route is received over an established BGP session and an attempt is made to install the resulting filter into the PFE, FPC heap memory is leaked. The FPC heap memory can be monitored using the CLI command "show chassis fpc". The following syslog messages can be observed if the respective filter derived from a flow-route cannot be installed. expr_dfw_sfm_range_add:661 SFM packet-length Unable to get a sfm entry for updating the hw expr_dfw_hw_sfm_add:750 Unable to add the filter secondarymatch to the hardware expr_dfw_base_hw_add:52 Failed to add h/w sfm data. expr_dfw_base_hw_create:114 Failed to add h/w data. expr_dfw_base_pfe_inst_create:241 Failed to create base inst for sfilter 0 on PFE 0 for __flowspec_default_inet__ expr_dfw_flt_inst_change:1368 Failed to create __flowspec_default_inet__ on PFE 0 expr_dfw_hw_pgm_fnum:465 dfw_pfe_inst_old not found for pfe_index 0! expr_dfw_bp_pgm_flt_num:548 Failed to pgm bind-point in hw: generic failure expr_dfw_bp_topo_handler:1102 Failed to program fnum. expr_dfw_entry_process_change:679 Failed to change instance for filter __flowspec_default_inet__. This issue affects Juniper Networks Junos OS: on PTX1000, PTX10002, and PTX10004, PTX10008 and PTX10016 with LC110x FPCs: * All versions before 20.4R3-S5; * 21.1 versions before 21.1R3-S4; * 21.2 versions before 21.2R3-S2; * 21.3 versions before 21.3R3; * 21.4 versions before 21.4R2-S2, 21.4R3; * 22.1 versions before 22.1R1-S2, 22.1R2. on PTX3000, PTX5000, QFX10000: * All versions before 20.4R3-S8; * 21.1 version 21.1R1 and later versions; * 21.2 versions before 21.2R3-S6; * 21.3 versions before 21.3R3-S5; * 21.4 versions before 21.4R3-S4; * 22.1 versions before 22.1R3-S3 * 22.2 versions before 22.2R3-S1 * 22.3 versions before 22.3R2-S2, 22.3R3 * 22.4 versions before 22.4R2.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

juniper junos

juniper junos 20.4

juniper junos 21.1

juniper junos 21.2

juniper junos 21.3

juniper junos 21.4

juniper junos 22.1

juniper junos 22.2

juniper junos 22.3

juniper junos 22.4

References

CWE-401https://supportportal.juniper.net/JSA73530https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-29895injectCVE-2023-52689CVE-2024-5049CVE-2024-5051privilege escalationphysicalCVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook