Vulnerability Description
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows a unauthenticated network-based attacker to cause an infinite loop, resulting in a Denial of Service (DoS). An attacker who sends malformed TCP traffic via an interface configured with PPPoE, causes an infinite loop on the respective PFE. This results in consuming all resources and a manual restart is needed to recover. This issue affects interfaces with PPPoE configured and tcp-mss enabled. This issue affects Juniper Networks Junos OS * All versions prior to 20.4R3-S7; * 21.1 version 21.1R1 and later versions; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S3; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3; * 22.3 versions prior to 22.3R2-S2; * 22.4 versions prior to 22.4R2;
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Juniper | Junos | < 20.4 |
Related Weaknesses (CWE)
References
- https://supportportal.juniper.net/JSA73172Vendor Advisory
- https://supportportal.juniper.net/JSA73172Vendor Advisory
FAQ
What is CVE-2023-36841?
CVE-2023-36841 is a vulnerability with a CVSS score of 7.5 (HIGH). An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows a unauthenticated network-based attacker t...
How severe is CVE-2023-36841?
CVE-2023-36841 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-36841?
Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos.