CVE-2023-44192 — HIGH (7.5)

Q: How severe is CVE-2023-44192?

CVE-2023-44192 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-44192?

Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos, Juniper Qfk5110, Juniper Qfk5120, Juniper Qfk5130, Juniper Qfk5200.

Vulnerability Description

An Improper Input Validation vulnerability in the Packet Forwarding Engine of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause memory leak, leading to Denial of Service (DoS). On all Junos OS QFX5000 Series platforms, when pseudo-VTEP (Virtual Tunnel End Point) is configured under EVPN-VXLAN scenario, and specific DHCP packets are transmitted, DMA memory leak is observed. Continuous receipt of these specific DHCP packets will cause memory leak to reach 99% and then cause the protocols to stop working and traffic is impacted, leading to Denial of Service (DoS) condition. A manual reboot of the system recovers from the memory leak. To confirm the memory leak, monitor for "sheaf:possible leak" and "vtep not found" messages in the logs. This issue affects: Juniper Networks Junos OS QFX5000 Series: * All versions prior to 20.4R3-S6; * 21.1 versions prior to 21.1R3-S5; * 21.2 versions prior to 21.2R3-S5; * 21.3 versions prior to 21.3R3-S4; * 21.4 versions prior to 21.4R3-S3; * 22.1 versions prior to 22.1R3-S2; * 22.2 versions prior to 22.2R2-S2, 22.2R3; * 22.3 versions prior to 22.3R2-S1, 22.3R3; * 22.4 versions prior to 22.4R1-S2, 22.4R2.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Juniper	Junos	< 20.4
Juniper	Qfk5110	-
Juniper	Qfk5120	-
Juniper	Qfk5130	-
Juniper	Qfk5200	-
Juniper	Qfk5210	-
Juniper	Qfk5220	-
Juniper	Qfk5230	-
Juniper	Qfk5700	-

Related Weaknesses (CWE)

CWE-20 CWE-401

References

https://supportportal.juniper.net/JSA73156Vendor Advisory
https://supportportal.juniper.net/JSA73156Vendor Advisory

FAQ

What is CVE-2023-44192?

CVE-2023-44192 is a vulnerability with a CVSS score of 7.5 (HIGH). An Improper Input Validation vulnerability in the Packet Forwarding Engine of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause memory leak, leading to Denial of Se...

How severe is CVE-2023-44192?

CVE-2023-44192 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-44192?

Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos, Juniper Qfk5110, Juniper Qfk5120, Juniper Qfk5130, Juniper Qfk5200.