Multiple Vulnerabilities in Junos OS Could Allow for Denial of Service

ITS ADVISORY NUMBER:
2023-006

DATE(S) ISSUED:
01/14/2023

SUBJECT:
Multiple Vulnerabilities in Junos OS Could Allow for Denial of Service

OVERVIEW:
Multiple vulnerabilities have been discovered in Junos OS, the most severe of which could allow for denial of service. Junos OS is an operating system that runs across all Juniper routing, switching, and security infrastructure. Successful exploitation of the most severe of these vulnerabilities could create denial of service conditions across a network.

THREAT INTELLIGENCE:
There are currently no reports of these vulnerabilities being exploited in the wild

SYSTEMS AFFECTED:

  • Junos OS 12.3 version 12.3R12-S19 and later versions
  • Junos OS 15.1 version 15.1R7-S10 and later versions
  • Junos OS 17.3 version 17.3R3-S12 and later versions
  • Junos OS 18.4 version 18.4R3-S9 and later versions
  • Junos OS 19.1 version 19.1R3-S7 and later versions
  • Junos OS 19.2 version 19.2R3-S3 and later versions
  • Junos OS 19.3 version 19.3R2-S7, 19.3R3-S3 and later versions prior to 19.3R3-S7
  • Junos OS 19.4 version 19.4R2-S7, 19.4R3-S5 and later versions prior to 19.4R3-S10
  • Junos OS 20.1 version 20.1R3-S1 and later versions
  • Junos OS 20.2 version 20.2R3-S2 and later versions prior to 20.2R3-S6
  • Junos OS 20.3 version 20.3R3-S1 and later versions prior to 20.3R3-S6
  • Junos OS 20.4 version 20.4R2-S2, 20.4R3 and later versions prior to 20.4R3-S5
  • Junos OS 21.1 version 21.1R2 and later versions prior to 21.1R3-S4
  • Junos OS 21.2 version 21.2R1-S1, 21.2R2 and later versions prior to 21.2R3-S3
  • Junos OS 21.3 versions prior to 21.3R3-S2
  • Junos OS 21.4 versions prior to 21.4R3
  • Junos OS 22.1 versions prior to 22.1R2-S1, 22.1R3
  • Junos OS 22.2 versions prior to 22.2R1-S2, 22.2R2
  • Junos OS 22.3 versions prior to 22.3R1-S1, 22.3R2
  • Junos OS on QFX5k and EX46xx Series, all versions prior to 20.2R3-S5
  • Junos OS on QFX5k and EX46xx Series, 20.3 versions prior to 20.3R3-S5
  • Junos OS on QFX5k and EX46xx Series, 20.4 versions prior to 20.4R3-S4
  • Junos OS on QFX5k and EX46xx Series, 21.1 versions prior to 21.1R3-S3
  • Junos OS on QFX5k and EX46xx Series, 21.2 versions prior to 21.2R3-S1
  • Junos OS on QFX5k and EX46xx Series, 21.3 versions prior to 21.3R3 on
  • Junos OS on QFX5k and EX46xx Series, 21.4 versions prior to 21.4R3 on
  • Junos OS on QFX5k and EX46xx Series, 22.1 versions prior to 22.1R2 on

 

RISK:
Government:

  • Large and medium government entities: Medium
  • Small government entities: Medium

 

Businesses:

  • Large and medium business entities: Medium
  • Small business entities: Medium

Home users: Low

TECHNICAL SUMMARY:
Multiple vulnerabilities have been discovered in Junos OS, the most severe of which could allow for denial of service. Details of these vulnerabilities are as follows: 

TacticImpact (TA0040):

Technique: Network Denial of Service (T1498):

  • Receipt of crafted TCP packets destined to the device results in MBUF leak (CVE-2023-22396)
  • MAC limiting feature stops working after PFE restart/device reboot (CVE-2023-22405)

Successful exploitation of the most severe of these vulnerabilities could allow for denial of service conditions in the targeted networking device. Depending on how the network is set up, there is a possibility of a network outage.

RECOMMENDATIONS:
We recommend the following actions be taken:

  • Apply appropriate updates provided by Juniper Networks to vulnerable systems immediately after appropriate testing. (M1051: Update Software)
    • Safeguard 7.1: Establish and Maintain a Vulnerability Management Process: Establish and maintain a documented vulnerability management process for enterprise assets. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.
    • Safeguard 7.4: Perform Automated Application Patch Management: Perform application updates on enterprise assets through automated patch management on a monthly, or more frequent, basis.
    • Safeguard 7.6 : Perform Automated Vulnerability Scans of Externally-Exposed Enterprise Assets: Perform automated vulnerability scans of externally-exposed enterprise assets using a SCAP-compliant vulnerability scanning tool. Perform scans on a monthly, or more frequent, basis.
    • Safeguard 7.7: Remediate Detected Vulnerabilities: Remediate detected vulnerabilities in software through processes and tooling on a monthly, or more frequent, basis, based on the remediation process.

REFERENCES:

Juniper Networks:
https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-Receipt-of-crafted-TCP-packets-on-Ethernet-console-port-results-in-MBUF-leak-leading-to-Denial-of-Service-DoS-CVE-2023-22396
https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-QFX5k-Series-EX46xx-Series-MAC-limiting-feature-stops-working-after-PFE-restart-device-reboot--CVE-2023-22405

CVE:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22405
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22396