CVE-2023-44203 — MEDIUM (6.5)

Q: How severe is CVE-2023-44203?

CVE-2023-44203 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-44203?

Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos, Juniper Ex2300, Juniper Ex2300-24Mp, Juniper Ex2300-24P, Juniper Ex2300-24T.

Vulnerability Description

An Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on QFX5000 Series, EX2300, EX3400, EX4100, EX4400 and EX4600 allows a adjacent attacker to send specific traffic, which leads to packet flooding, resulting in a Denial of Service (DoS). When a specific IGMP packet is received in an isolated VLAN, it is duplicated to all other ports under the primary VLAN, which causes a flood. This issue affects QFX5000 series, EX2300, EX3400, EX4100, EX4400 and EX4600 platforms only. This issue affects Juniper Junos OS on on QFX5000 Series, EX2300, EX3400, EX4100, EX4400 and EX4600: * All versions prior to 20.4R3-S5; * 21.1 versions prior to 21.1R3-S4; * 21.2 versions prior to 21.2R3-S3; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S2; * 22.1 versions prior to 22.1R3; * 22.2 versions prior to 22.2R3; * 22.3 versions prior to 22.3R2.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Juniper	Junos	< 20.4
Juniper	Ex2300	-
Juniper	Ex2300-24Mp	-
Juniper	Ex2300-24P	-
Juniper	Ex2300-24T	-
Juniper	Ex2300-48Mp	-
Juniper	Ex2300-48P	-
Juniper	Ex2300-48T	-
Juniper	Ex2300-C	-
Juniper	Ex2300M	-
Juniper	Ex3400	-
Juniper	Ex4100	-
Juniper	Ex4100-F	-
Juniper	Ex4400	-
Juniper	Ex4600	-
Juniper	Qfx5100	-
Juniper	Qfx5100-96S	-
Juniper	Qfx5110	-
Juniper	Qfx5120	-
Juniper	Qfx5130	-

Related Weaknesses (CWE)

CWE-703

References

https://supportportal.juniper.net/JSA73169Vendor Advisory
https://supportportal.juniper.net/JSA73169Vendor Advisory

FAQ

What is CVE-2023-44203?

CVE-2023-44203 is a vulnerability with a CVSS score of 6.5 (MEDIUM). An Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on QFX5000 Series, EX2300, EX3400, EX4100, EX4400 and EX4600 a...

How severe is CVE-2023-44203?

CVE-2023-44203 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-44203?

Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos, Juniper Ex2300, Juniper Ex2300-24Mp, Juniper Ex2300-24P, Juniper Ex2300-24T.