Lucene search

JuniperCVELIST:CVE-2023-36833

HistoryJul 14, 2023 - 4:56 p.m.

CVE-2023-36833 Junos OS Evolved: PTX10001-36MR, and PTX10004, PTX10008, PTX10016 with LC1201/1202: The aftman-bt process will crash in a MoFRR scenario after multiple link flaps

2023-07-1416:56:37

CWE-416

juniper

www.cve.org

juniper networks

use after free vulnerability

denial of service

pfe

aftman-bt

mofrr

fpc

multicast routes

junos os evolved

ptx10001-36mr

ptx10004

ptx10008

ptx10016

lc1201/1202

cve-2023-36833

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

18.0%

JSON

A Use After Free vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS Evolved on PTX10001-36MR, and PTX10004, PTX10008, PTX10016 with LC1201/1202 allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS).

The process ‘aftman-bt’ will crash after multiple flaps on a multicast-only fast reroute (MoFRR) enabled interface. This will cause the respective FPC to stop forwarding traffic and it needs to be rebooted to restore the service.

An indication that the system experienced this issue is the following log message:

<date> <hostname> evo-aftmand-bt[<pid>]: [Error] jexpr_fdb: sanity check failed, … , app_name L3 Mcast Routes

This issue affects Juniper Networks Junos OS Evolved on PTX10001-36MR, PTX10004, PTX10008, PTX10016 with LC1201/1202:
21.2 version 21.2R1-EVO and later versions;
21.3 version 21.3R1-EVO and later versions;
21.4 versions prior to 21.4R3-S3-EVO;
22.1 version 22.1R1-EVO and later versions;
22.2 versions prior to 22.2R3-S2-EVO;
22.3 versions prior to 22.3R3-EVO;
22.4 versions prior to 22.4R1-S2-EVO, 22.4R2-EVO.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "PTX10001-36MR",
      "PTX10004",
      "PTX10008",
      "PTX10016"
    ],
    "product": "Junos OS Evolved",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "changes": [
          {
            "at": "21.2R1-EVO",
            "status": "affected"
          }
        ],
        "lessThan": "21.2*",
        "status": "affected",
        "version": "21.2",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "21.3R1-EVO",
            "status": "affected"
          }
        ],
        "lessThan": "21.3*",
        "status": "affected",
        "version": "21.3",
        "versionType": "custom"
      },
      {
        "lessThan": "21.4R3-S3-EVO",
        "status": "affected",
        "version": "21.4",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "22.1R1-EVO",
            "status": "affected"
          }
        ],
        "lessThan": "22.1*",
        "status": "affected",
        "version": "22.1",
        "versionType": "custom"
      },
      {
        "lessThan": "22.2R3-S2-EVO",
        "status": "affected",
        "version": "22.2",
        "versionType": "custom"
      },
      {
        "lessThan": "22.3R3-EVO",
        "status": "affected",
        "version": "22.3",
        "versionType": "custom"
      },
      {
        "lessThan": "22.4R1-S2-EVO, 22.4R2-EVO",
        "status": "affected",
        "version": "22.4",
        "versionType": "custom"
      }
    ]
  }
]

References

supportportal.juniper.net/JSA71640

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

18.0%

JSON

Related for CVELIST:CVE-2023-36833