Rewterz Threat Advisory –Multiple Juniper Networks Junos OS and Junos OS Evolved Vulnerabilities

Severity

High

Analysis Summary

CVE-2023-22406 CVSS:7.5

Juniper Networks Junos OS and Junos OS Evolved is vulnerable to a denial of service, caused by a memory leak flaw. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2023-22396 CVSS:7.5

Juniper Networks Junos OS is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw in TCP processing on the Routing Engine (RE). By sending specially-crafted TCP packets, a remote attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2023-22410 CVSS:7.5

Juniper Networks Junos OS is vulnerable to a denial of service, caused by a memory leak when Control Flow Detection (scfd) is enabled. By sending a specially-crafted traffic, a remote attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2023-22414 CVSS:6.5

Juniper Networks Junos OS is vulnerable to a denial of service, caused by a memory leak flaw in the Flexible PIC Concentrator (FPC). By sending specially-crafted SIP calls, a remote attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2023-22393 CVSS:7.5

Juniper Networks Junos OS and Junos OS Evolved are vulnerable to a denial of service, caused by improper check for unusual or exceptional conditions flaw in BGP route processing. By sending a specially-crafted BGP route with invalid next-hop, a remote attacker could exploit this vulnerability to cause Routing Protocol Daemon (RPD) to crash, and results in a denial of service condition.

CVE-2023-22416 CVSS:7.5

Juniper Networks Junos OS is vulnerable to a denial of service, caused by a buffer overflow vulnerability in SIP ALG. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2023-22409 CVSS:5.5

Juniper Networks Junos OS is vulnerable to a denial of service, caused by an unchecked input for loop condition vulnerability in a NAT library. By sending a specially-crafted request, a local autehtnicated attacker could exploit this vulnerability to cause a denial of service.

CVE-2023-22415 CVSS:7.5

Juniper Networks Junos OS is vulnerable to a denial of service, caused by an out-of-bounds write vulnerability in the H.323 ALG. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2023-22399 CVSS:7.5

Juniper Networks Junos OS is vulnerable to a denial of service, caused by a buffer management vulnerability in the dcpfe process. By sending specific genuine packets, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2023-22407 CVSS:6.5

Juniper Networks Junos OS and Junos OS Evolved is vulnerable to a denial of service, caused by an incomplete cleanup vulnerability in the Routing Protocol Daemon (rpd). By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2023-22408 CVSS:7.5

Juniper Networks Junos OS is vulnerable to a denial of service, caused by an improper validation of array index vulnerability in the SIP ALG. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2023-22403 CVSS:7.5

Juniper Networks Junos OS is vulnerable to a denial of service, caused by an allocation of resources without limits or throttling vulnerability in the Packet Forwarding Engine (PFE). By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2023-22405 CVSS:6.5

Juniper Networks Junos OS is vulnerable to a denial of service, caused by an improper preservation of consistency between independent representations of shared state vulnerability in the Packet Forwarding Engine (PFE). By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2023-22402 CVSS:5.9

Juniper Networks Junos OS Evolved is vulnerable to a denial of service, caused by a use-after-free flaw in the kernel when “bgp auto-discovery” is enabled. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the kernel to restart, and results in a denial of service condition.

CVE-2023-22394 CVSS:7.5

Juniper Networks Junos OS is vulnerable to a denial of service, caused by a memory leak flaw when handling of SIP calls. By sending specially-crafted SIP calls, a remote attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2023-22404 CVSS:7.5

Juniper Networks Junos OS is vulnerable to a denial of service, caused by an out-of-bounds write flaw in the Internet Key Exchange Protocol daemon (iked). By sending a specially-crafted payload, a remote attacker could exploit this vulnerability to cause iked to crash and restart, and results in a denial of service condition.

CVE-2023-22417 CVSS:7.5

Juniper Networks Junos OS is vulnerable to a denial of service, caused by memory leak flaw in the Flow Processing Daemon (flowd). By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause FPC to crash, and results in a denial of service condition.

CVE-2023-22412 CVSS:7.5

Juniper Networks Junos OS is vulnerable to a denial of service, caused by an improper locking vulnerability in the SIP ALG. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a flow processing daemon (flowd) crash

CVE-2023-22401 CVSS:7.5

Juniper Networks Junos OS and Junos OS Evolved is vulnerable to a denial of service, caused by an improper validation of array Index vulnerability in the Advanced Forwarding Toolkit Manager daemon (aftmand). By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2023-22397 CVSS:7.4

Juniper Networks Junos OS is vulnerable to a denial of service, caused by an allocation of resources without limits or throttling weakness in the memory management of the Packet Forwarding Engine (PFE). By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2023-22398 CVSS:5.5

Juniper Networks Junos OS is vulnerable to a denial of service, caused by an access of uninitialized pointer vulnerability in the Routing Protocol Daemon (rpd). By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.

CVE-2023-22411 CVSS:7.5

Juniper Networks Junos OS is vulnerable to a denial of service, caused by an out-of-bounds write flaw in the Flow Processing Daemon (flowd) when using Unified Policies with IPv6. By sending a specially-crafted IPv6 packet, a remote attacker could exploit this vulnerability to cause flowd daemon to crash, and results in a denial of service condition.

CVE-2023-22395 CVSS:6.5

Juniper Networks Junos OS is vulnerable to a denial of service, caused by a memory leak in the kernel. By sending specially-crafted packets, a remote attacker could exploit this vulnerability to cause a buffer leak and ultimately a loss of connectivity.

CVE-2023-22413 CVSS:7.5

Juniper Networks Junos OS is vulnerable to a denial of service, caused by improper check or handling of exceptional conditions flaw in the IPsec library. By sending specially-crafted IPv4 packets, a remote attacker could exploit this vulnerability to cause FPC to crash, and results in a denial of service condition.

CVE-2023-22391 CVSS:7.5

Juniper Networks Junos OS is vulnerable to a denial of service, caused by a flaw in the class-of-service (CoS) queue management. By sending specially-crafted packets, a remote attacker could exploit this vulnerability to cause delays in the processing of other traffic, and results in a denial of service condition.

CVE-2023-22400 CVSS:5.5

Juniper Networks Junos OS is Evolved vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw in the PFE management daemon (evo-pfemand). By sending a specially-crafted SNMP GET operation or a CLI command, a local authenticated attacker could exploit this vulnerability to cause FPC to crash, and results in a denial of service condition.

Impact

• Denial of Service

Indicators Of Compromise

CVE

• CVE-2023-22406
• CVE-2023-22396
• CVE-2023-22410
• CVE-2023-22414
• CVE-2023-22393
• CVE-2023-22416
• CVE-2023-22409
• CVE-2023-22415
• CVE-2023-22399
• CVE-2023-22407
• CVE-2023-22408
• CVE-2023-22403
• CVE-2023-22405
• CVE-2023-22402
• CVE-2023-22394
• CVE-2023-22404
• CVE-2023-22417
• CVE-2023-22412
• CVE-2023-22401
• CVE-2023-22397
• CVE-2023-22398
• CVE-2023-22411
• CVE-2023-22395
• CVE-2023-22413
• CVE-2023-22391
• CVE-2023-22400

Affected Vendors

Juniper

Affected Products

• Juniper Networks Junos OSJuniper Networks Junos OS 17.3
• Juniper Networks Junos OS 15.1Juniper Networks Junos OS 18.4
• Juniper Networks Junos OS 19.1Juniper Networks Junos OS 19.2
• Juniper Networks Junos OS 19.3Juniper Networks Junos OS 19.4
• Juniper Networks Junos OS 20.3Juniper Networks Junos OS 20.4
• Juniper Networks Junos OS EvolvedJuniper Networks MX Series
• Juniper Networks Junos OS 21.2Juniper Networks Junos OS 21.3
• Juniper Networks Junos OS 21.4Juniper Networks Junos OS 22.1
• Juniper Networks Junos OS 22.3Juniper Networks SRX Series
• Juniper Networks Junos OS Evolved 21.3-EVO
• Juniper Networks Junos OS Evolved 21.4-EVO
• Juniper Networks Junos OS Evolved 22.3R1-EVO
• Juniper Networks Junos OS Evolved 22.1-EVO

Remediation

Refer to Juniper Networks Security Advisory for patch, upgrade or suggested workaround information.

CVE-2023-22406

CVE-2023-22396

CVE-2023-22410

CVE-2023-22414

CVE-2023-22393

CVE-2023-22416 

CVE-2023-22409 

CVE-2023-22415 

CVE-2023-22399 

CVE-2023-22407 

CVE-2023-22408 

CVE-2023-22403 

CVE-2023-22405 

CVE-2023-22402 

CVE-2023-22394 

CVE-2023-22404 

CVE-2023-22417