MEDIUM🇬🇧 English

CVE-2023-36848

CVSS 6.5v3.1pub. 2023-07-14upd. 2024-11-21

An Improper Handling of Undefined Values vulnerability in the periodic packet management daemon (PPMD) of Juniper Networks Junos OS on MX Series(except MPC10, MPC11 and LC9600) allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS). When a malformed CFM packet is received, it leads to an FPC crash. Continued receipt of these packets causes a sustained denial of service. This vulnerability occurs only when CFM has been configured on the interface. This issue affects Juniper Networks Junos OS: versions prior to 19.1R3-S10 on MX Series; 19.2 versions prior to 19.2R3-S7 on MX Series; 19.3 versions prior to 19.3R3-S8 on MX Series; 19.4 versions prior to 19.4R3-S12 on MX Series; 20.1 version 20.1R1 and later versions on MX Series; 20.2 versions prior to 20.2R3-S8 on MX Series; 20.3 version 20.3R1 and later versions on MX Series; 20.4 versions prior to 20.4R3-S7 on MX Series; 21.1 versions prior to 21.1R3-S5 on MX Series; 21.2 versions prior to 21.2R3-S5 on MX Series; 21.3 versions prior to 21.3R3-S4 on MX Series; 21.4 versions prior to 21.4R3-S4 on MX Series; 22.1 versions prior to 22.1R3-S3 on MX Series; 22.2 versions prior to 22.2R3-S1 on MX Series; 22.3 versions prior to 22.3R3 on MX Series; 22.4 versions prior to 22.4R1-S2, 22.4R2 on MX Series.

oryginał EN
CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Juniper Junos

    OS
    Juniper
    19.119.219.319.420.120.220.320.421.121.221.321.422.122.222.3+ 1 więcej
  • Juniper Mx10

    HW
    Juniper
    wszystkie wersje
  • Juniper Mx10000

    HW
    Juniper
    wszystkie wersje
  • Juniper Mx10003

    HW
    Juniper
    wszystkie wersje
  • Juniper Mx10008

    HW
    Juniper
    wszystkie wersje
  • Juniper Mx10016

    HW
    Juniper
    wszystkie wersje
  • Juniper Mx104

    HW
    Juniper
    wszystkie wersje
  • Juniper Mx150

    HW
    Juniper
    wszystkie wersje
  • Juniper Mx2008

    HW
    Juniper
    wszystkie wersje
  • Juniper Mx2010

    HW
    Juniper
    wszystkie wersje
  • Juniper Mx2020

    HW
    Juniper
    wszystkie wersje
  • Juniper Mx204

    HW
    Juniper
    wszystkie wersje
  • Juniper Mx240

    HW
    Juniper
    wszystkie wersje
  • Juniper Mx40

    HW
    Juniper
    wszystkie wersje
  • Juniper Mx480

    HW
    Juniper
    wszystkie wersje
  • Juniper Mx5

    HW
    Juniper
    wszystkie wersje
  • Juniper Mx80

    HW
    Juniper
    wszystkie wersje
  • Juniper Mx960

    HW
    Juniper
    wszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
DoS
CWE
Referencje

Powiązane podatności

CVE-2023-36845CRITICAL9.8⚠ KEVten sam produkt

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SR...

CVE-2024-21591CRITICAL9.8PL ✓ten sam produkt

Out-of-bounds Write w J-Web Juniper Junos OS — RCE z uprawnieniami root

CVE-2021-0248CRITICAL10.0ten sam produkt

This issue is not applicable to NFX NextGen Software. On NFX Series devices the use of Hard-coded Credentials ...

CVE-2021-0254CRITICAL9.8ten sam produkt

A buffer size validation vulnerability in the overlayd service of Juniper Networks Junos OS may allow an unaut...

CVE-2021-0211CRITICAL10.0ten sam produkt

An improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved Rout...