← Back

CVE-2023-22403

nvd nist
Published: Jan 13, 2023Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: sirt@juniper.net (Secondary)

Description

An Allocation of Resources Without Limits or Throttling vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). On QFX10K Series, Inter-Chassis Control Protocol (ICCP) is used in MC-LAG topologies to exchange control information between the devices in the topology. ICCP connection flaps and sync issues will be observed due to excessive specific traffic to the local device. This issue affects Juniper Networks Junos OS on QFX10K Series: * All versions prior to 20.2R3-S7; * 20.4 versions prior to 20.4R3-S4; * 21.1 versions prior to 21.1R3-S3; * 21.2 versions prior to 21.2R3-S1; * 21.3 versions prior to 21.3R3; * 21.4 versions prior to 21.4R3; * 22.1 versions prior to 22.1R2.

Affected (61)

Products: Juniper: Junos
Juniper
1 product
Junos
Configuration A
61 vulnerable · 3 platform
Vulnerable SoftwareAffected Versions
Juniper
Junos
Before 20.2
Junos
Version 20.2
Junos
Version 20.2 r1-s1
Junos
Version 20.2 r1-s2
Junos
Version 20.2 r1-s3
Junos
Version 20.2 r1
Junos
Version 20.2 r2-s1
Junos
Version 20.2 r2-s2
Junos
Version 20.2 r2-s3
Junos
Version 20.2 r2
Junos
Version 20.2 r3-s1
Junos
Version 20.2 r3-s2
Junos
Version 20.2 r3-s3
Junos
Version 20.2 r3-s4
Junos
Version 20.2 r3-s5
Junos
Version 20.2 r3-s6
Junos
Version 20.2 r3
Junos
Version 20.4
Junos
Version 20.4 r1-s1
Junos
Version 20.4 r1
Junos
Version 20.4 r2-s1
Junos
Version 20.4 r2-s2
Junos
Version 20.4 r2
Junos
Version 20.4 r3-s1
Junos
Version 20.4 r3-s2
Junos
Version 20.4 r3-s3
Junos
Version 20.4 r3
Junos
Version 21.1
Junos
Version 21.1 r1-s1
Junos
Version 21.1 r1
Junos
Version 21.1 r2-s1
Junos
Version 21.1 r2-s2
Junos
Version 21.1 r2
Junos
Version 21.1 r3-s1
Junos
Version 21.1 r3-s2
Junos
Version 21.1 r3
Junos
Version 21.2
Junos
Version 21.2 r1-s1
Junos
Version 21.2 r1-s2
Junos
Version 21.2 r1
Junos
Version 21.2 r2-s1
Junos
Version 21.2 r2-s2
Junos
Version 21.2 r2
Junos
Version 21.2 r3
Junos
Version 21.3
Junos
Version 21.3 r1-s1
Junos
Version 21.3 r1-s2
Junos
Version 21.3 r1
Junos
Version 21.3 r2-s1
Junos
Version 21.3 r2-s2
Junos
Version 21.3 r2
Junos
Version 21.4
Junos
Version 21.4 r1-s1
Junos
Version 21.4 r1-s2
Junos
Version 21.4 r1
Junos
Version 21.4 r2-s1
Junos
Version 21.4 r2-s2
Junos
Version 21.4 r2
Junos
Version 22.1 r1-s1
Junos
Version 22.1 r1-s2
Junos
Version 22.1 r1
Running on/withPlatform Versions
Juniper
Qfx10002
All versions
Juniper
Qfx10008
All versions
Juniper
Qfx10016
All versions

Related CWEs

CWE-770
Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References (2)

Source: sirt@juniper.net
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.