CVE-2023-44189

Published: Oct 11, 2023

Modified: Sep 18, 2024

PUBLISHED

CVSS v3.1

6.1

MEDIUM

Description

An Origin Validation vulnerability in MAC address validation of Juniper Networks Junos OS Evolved on PTX10003 Series allows a network-adjacent attacker to bypass MAC address checking, allowing MAC addresses not intended to reach the adjacent LAN to be forwarded to the downstream network. Due to this issue, the router will start forwarding traffic if a valid route is present in forwarding-table, causing a loop and congestion in the downstream layer-2 domain connected to the device. This issue affects Juniper Networks Junos OS Evolved on PTX10003 Series: * All versions prior to 21.4R3-S4-EVO; * 22.1 versions prior to 22.1R3-S3-EVO; * 22.2 version 22.2R1-EVO and later versions; * 22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO; * 22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO; * 23.2 versions prior to 23.2R2-EVO.

Vendor	Product	Versions
Juniper Networks	Junos OS Evolved	affected `0 - < 21.4R3-S4-EVO` affected `22.1 - < 22.1R3-S3-EVO` affected `22.2R1-EVO - < 22.2*-EVO` affected `22.3 - < 22.3R2-S2-EVO, 22.3R3-S1-EVO` affected `22.4 - < 22.4R2-S1-EVO, 22.4R3-EVO` +1 more versions

Weaknesses (CWE)

CWE-346

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

Low

Availability

Low

References

https://supportportal.juniper.net/JSA73153

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-44189

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References