An Allocation of Resources Without Limits or Throttling vulnerability in Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS).
On all Junos OS QFX5000 Series and EX4000 Series platforms, when a high number of VLANs are configured, a specific DHCP packet will cause PFE hogging which will lead to dropping of socket connections.
This issue affects:
Juniper Networks Junos OS on QFX5000 Series and EX4000 Series
* 21.1 versions prior to 21.1R3-S5;
* 21.2 versions prior to 21.2R3-S5;
* 21.3 versions prior to 21.3R3-S5;
* 21.4 versions prior to 21.4R3-S4;
* 22.1 versions prior to 22.1R3-S3;
* 22.2 versions prior to 22.2R3-S1;
* 22.3 versions prior to 22.3R2-S2, 22.3R3;
* 22.4 versions prior to 22.4R2.
This issue does not affect Juniper Networks Junos OS versions prior to 21.1R1
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Juniper Networks | Junos OS | unaffected |
|
Configuration 1 [-]
| AND |
|
No data.
No data.
Project Subscriptions
| Vendors | Products |
|---|---|
|
Juniper
Subscribe
|
Ex2300
Subscribe
Ex2300-c
Subscribe
Ex2300 Multigigabit
Subscribe
Ex3400
Subscribe
Ex4100
Subscribe
Ex4100-f
Subscribe
Ex4100 Multigigabit
Subscribe
Ex4300
Subscribe
Ex4300 Multigigabit
Subscribe
Ex4400
Subscribe
Ex4400-24x
Subscribe
Ex4400 Multigigabit
Subscribe
Ex4600
Subscribe
Ex4650
Subscribe
Ex9200
Subscribe
Ex9250
Subscribe
Junos
Subscribe
Qfk5110
Subscribe
Qfk5120
Subscribe
Qfk5130
Subscribe
Qfk5200
Subscribe
Qfk5210
Subscribe
Qfk5220
Subscribe
Qfk5230
Subscribe
Qfk5700
Subscribe
|
|
Juniper Networks
Subscribe
|
Junos Os
Subscribe
|
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2023-48550 | An Allocation of Resources Without Limits or Throttling vulnerability in Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On all Junos OS QFX5000 Series and EX4000 Series platforms, when a high number of VLANs are configured, a specific DHCP packet will cause PFE hogging which will lead to dropping of socket connections. This issue affects: Juniper Networks Junos OS on QFX5000 Series and EX4000 Series * 21.1 versions prior to 21.1R3-S5; * 21.2 versions prior to 21.2R3-S5; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S1; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2. This issue does not affect Juniper Networks Junos OS versions prior to 21.1R1 |
Fixes
Solution
The following software releases have been updated to resolve this specific issue: Junos OS 21.2R3-S5, 21.3R3-S5, 21.4R3-S4, 22.1R3-S3, 22.2R3-S1, 22.3R2-S2, 22.3R3, 22.4R2, 23.2R1, and all subsequent releases.
Workaround
There are no known workarounds for this issue.
References
| Link | Providers |
|---|---|
| https://supportportal.juniper.net/JSA73155 |
|
History
Thu, 19 Sep 2024 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Juniper Networks
Juniper Networks junos Os |
|
| CPEs | cpe:2.3:o:juniper_networks:junos_os:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Juniper Networks
Juniper Networks junos Os |
|
| Metrics |
ssvc
|
Projects
Sign in to view the affected projects.
MITRE
Status: PUBLISHED
Assigner: juniper
Published:
Updated: 2024-09-19T14:14:17.438Z
Reserved: 2023-09-26T19:30:27.953Z
Link: CVE-2023-44191
Vulnrichment
Updated: 2024-08-02T19:59:51.578Z
NVD
Status : Modified
Published: 2023-10-13T00:15:12.220
Modified: 2024-11-21T08:25:24.570
Link: CVE-2023-44191
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses