1. Home
  2. CVE Database
  3. CVE-2023-44191
HIGH · 7.5

CVE-2023-44191

An Allocation of Resources Without Limits or Throttling vulnerability in Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On all Junos OS...

Vulnerability Description

An Allocation of Resources Without Limits or Throttling vulnerability in Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On all Junos OS QFX5000 Series and EX4000 Series platforms, when a high number of VLANs are configured, a specific DHCP packet will cause PFE hogging which will lead to dropping of socket connections. This issue affects: Juniper Networks Junos OS on QFX5000 Series and EX4000 Series * 21.1 versions prior to 21.1R3-S5; * 21.2 versions prior to 21.2R3-S5; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S1; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2. This issue does not affect Juniper Networks Junos OS versions prior to 21.1R1

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH

Affected Products

VendorProductVersions
JuniperJunos21.1
JuniperEx2300-
JuniperEx2300-C-
JuniperEx2300 Multigigabit-
JuniperEx3400-
JuniperEx4100-
JuniperEx4100-F-
JuniperEx4100 Multigigabit-
JuniperEx4300-
JuniperEx4300 Multigigabit-
JuniperEx4400-
JuniperEx4400-24X-
JuniperEx4400 Multigigabit-
JuniperEx4600-
JuniperEx4650-
JuniperEx9200-
JuniperEx9250-
JuniperQfk5110-
JuniperQfk5120-
JuniperQfk5130-

Related Weaknesses (CWE)

CWE-770

References

FAQ

What is CVE-2023-44191?

CVE-2023-44191 is a vulnerability with a CVSS score of 7.5 (HIGH). An Allocation of Resources Without Limits or Throttling vulnerability in Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On all Junos OS...

How severe is CVE-2023-44191?

CVE-2023-44191 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-44191?

Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos, Juniper Ex2300, Juniper Ex2300-C, Juniper Ex2300 Multigigabit, Juniper Ex3400.