CVE-2023-22401: Junos OS and Junos OS Evolved: PTX10008, PTX10016: When a specific SNMP MIB is queried the FPC will crash
First published: Thu Jan 12 2023(Updated: )
An Improper Validation of Array Index vulnerability in the Advanced Forwarding Toolkit Manager daemon (aftmand) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On the PTX10008 and PTX10016 platforms running Junos OS or Junos OS Evolved, when a specific SNMP MIB is queried this will cause a PFE crash and the FPC will go offline and not automatically recover. A system restart is required to get the affected FPC in an operational state again. This issue affects: Juniper Networks Junos OS 22.1 version 22.1R2 and later versions; 22.1 versions prior to 22.1R3; 22.2 versions prior to 22.2R2. Juniper Networks Junos OS Evolved 21.3-EVO version 21.3R3-EVO and later versions; 21.4-EVO version 21.4R1-S2-EVO, 21.4R2-EVO and later versions prior to 21.4R2-S1-EVO; 22.1-EVO version 22.1R2-EVO and later versions prior to 22.1R3-EVO; 22.2-EVO versions prior to 22.2R1-S1-EVO, 22.2R2-EVO.
Credit: sirt@juniper.net
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Juniper JUNOS | =22.1-r2 | |
| Juniper JUNOS | =22.1-r2-s2 | |
| Juniper JUNOS | =22.2-r1 | |
| Juniper JUNOS | =22.2-r1-s1 | |
| Juniper JUNOS | =22.2-r1-s2 | |
| Juniper Junos Os Evolved | =21.3-r3 | |
| Juniper Junos Os Evolved | =21.4-r1-s2 | |
| Juniper Junos Os Evolved | =21.4-r2 | |
| Juniper Junos Os Evolved | =22.1-r2 | |
| Juniper Junos Os Evolved | =22.2-r1 | |
| Juniper Junos Os Evolved | =22.2-r2 |
Remedy
The following software releases have been updated to resolve this specific issue: Junos OS: 22.1R3, 22.2R2, and all subsequent releases. Junos OS Evolved: 21.4R2-S1-EVO, 22.1R3-EVO, 22.2R1-S1-EVO, 22.2R2-EVO, and all subsequent releases.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the CVE ID for this vulnerability?
The CVE ID for this vulnerability is CVE-2023-22401.
What is the severity of CVE-2023-22401?
The severity of CVE-2023-22401 is high with a CVSS score of 7.5.
Which software versions are affected by CVE-2023-22401?
Juniper Networks Junos OS versions 22.1-r2, 22.1-r2-s2, 22.2-r1, 22.2-r1-s1, 22.2-r1-s2 and Juniper Networks Junos OS Evolved versions 21.3-r3, 21.4-r1-s2, 21.4-r2, 22.1-r2, 22.2-r1, and 22.2-r2 are affected by CVE-2023-22401.
How does CVE-2023-22401 impact the system?
CVE-2023-22401 allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS) on the affected system.
Is there a fix available for CVE-2023-22401?
Please refer to the Juniper Networks advisory for information on patches or updates to address the CVE-2023-22401 vulnerability.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/tags
- agent/description
- agent/title
- agent/remedy
- agent/event
- agent/first-publish-date
- vendor/juniper
- canonical/juniper junos
- version/juniper junos/22.1-r2
- version/juniper junos/22.1-r2-s2
- version/juniper junos/22.2-r1
- version/juniper junos/22.2-r1-s1
- version/juniper junos/22.2-r1-s2
- canonical/juniper junos os evolved
- version/juniper junos os evolved/21.3-r3
- version/juniper junos os evolved/21.4-r1-s2
- version/juniper junos os evolved/21.4-r2
- version/juniper junos os evolved/22.1-r2
- version/juniper junos os evolved/22.2-r1
- version/juniper junos os evolved/22.2-r2