CVE-2023-28965: Junos OS: QFX10002: Failure of storm control feature may lead to Denial of Service

First published: Mon Apr 17 2023(Updated: )

An Improper Check or Handling of Exceptional Conditions within the storm control feature of Juniper Networks Junos OS allows an attacker sending a high rate of traffic to cause a Denial of Service. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. Storm control monitors the level of applicable incoming traffic and compares it with the level specified. If the combined level of the applicable traffic exceeds the specified level, the switch drops packets for the controlled traffic types. This issue affects Juniper Networks Junos OS on QFX10002: All versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R3-S11; 20.2 versions prior to 20.2R3-S6; 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2.

Credit: sirt@juniper.net

Affected Software	Affected Version	How to fix
Juniper JUNOS	<19.3
Juniper JUNOS	=19.3
Juniper JUNOS	=19.3-r1
Juniper JUNOS	=19.3-r1-s1
Juniper JUNOS	=19.3-r2
Juniper JUNOS	=19.3-r2-s1
Juniper JUNOS	=19.3-r2-s2
Juniper JUNOS	=19.3-r2-s3
Juniper JUNOS	=19.3-r2-s4
Juniper JUNOS	=19.3-r2-s5
Juniper JUNOS	=19.3-r2-s6
Juniper JUNOS	=19.3-r2-s7
Juniper JUNOS	=19.3-r3
Juniper JUNOS	=19.3-r3-s1
Juniper JUNOS	=19.3-r3-s2
Juniper JUNOS	=19.3-r3-s3
Juniper JUNOS	=19.3-r3-s4
Juniper JUNOS	=19.3-r3-s5
Juniper JUNOS	=19.3-r3-s6
Juniper JUNOS	=19.4
Juniper JUNOS	=19.4-r1
Juniper JUNOS	=19.4-r1-s1
Juniper JUNOS	=19.4-r1-s2
Juniper JUNOS	=19.4-r1-s3
Juniper JUNOS	=19.4-r1-s4
Juniper JUNOS	=19.4-r2
Juniper JUNOS	=19.4-r2-s1
Juniper JUNOS	=19.4-r2-s2
Juniper JUNOS	=19.4-r2-s3
Juniper JUNOS	=19.4-r2-s4
Juniper JUNOS	=19.4-r2-s5
Juniper JUNOS	=19.4-r2-s6
Juniper JUNOS	=19.4-r2-s7
Juniper JUNOS	=19.4-r3
Juniper JUNOS	=19.4-r3-s1
Juniper JUNOS	=19.4-r3-s10
Juniper JUNOS	=19.4-r3-s2
Juniper JUNOS	=19.4-r3-s3
Juniper JUNOS	=19.4-r3-s4
Juniper JUNOS	=19.4-r3-s5
Juniper JUNOS	=19.4-r3-s6
Juniper JUNOS	=19.4-r3-s7
Juniper JUNOS	=19.4-r3-s8
Juniper JUNOS	=19.4-r3-s9
Juniper JUNOS	=20.2
Juniper JUNOS	=20.2-r1
Juniper JUNOS	=20.2-r1-s1
Juniper JUNOS	=20.2-r1-s2
Juniper JUNOS	=20.2-r1-s3
Juniper JUNOS	=20.2-r2
Juniper JUNOS	=20.2-r2-s1
Juniper JUNOS	=20.2-r2-s2
Juniper JUNOS	=20.2-r2-s3
Juniper JUNOS	=20.2-r3
Juniper JUNOS	=20.2-r3-s1
Juniper JUNOS	=20.2-r3-s2
Juniper JUNOS	=20.2-r3-s3
Juniper JUNOS	=20.2-r3-s4
Juniper JUNOS	=20.2-r3-s5
Juniper JUNOS	=20.4
Juniper JUNOS	=20.4-r1
Juniper JUNOS	=20.4-r1-s1
Juniper JUNOS	=20.4-r2
Juniper JUNOS	=20.4-r2-s1
Juniper JUNOS	=20.4-r2-s2
Juniper JUNOS	=20.4-r3
Juniper JUNOS	=20.4-r3-s1
Juniper JUNOS	=20.4-r3-s2
Juniper JUNOS	=20.4-r3-s3
Juniper JUNOS	=20.4-r3-s4
Juniper JUNOS	=21.1
Juniper JUNOS	=21.1-r1
Juniper JUNOS	=21.1-r1-s1
Juniper JUNOS	=21.1-r2
Juniper JUNOS	=21.1-r2-s1
Juniper JUNOS	=21.1-r2-s2
Juniper JUNOS	=21.1-r3
Juniper JUNOS	=21.1-r3-s1
Juniper JUNOS	=21.1-r3-s2
Juniper JUNOS	=21.1-r3-s3
Juniper JUNOS	=21.2
Juniper JUNOS	=21.2-r1
Juniper JUNOS	=21.2-r1-s1
Juniper JUNOS	=21.2-r1-s2
Juniper JUNOS	=21.2-r2
Juniper JUNOS	=21.2-r2-s1
Juniper JUNOS	=21.2-r2-s2
Juniper JUNOS	=21.2-r3
Juniper JUNOS	=21.2-r3-s1
Juniper JUNOS	=21.2-r3-s2
Juniper JUNOS	=21.3
Juniper JUNOS	=21.3-r1
Juniper JUNOS	=21.3-r1-s1
Juniper JUNOS	=21.3-r1-s2
Juniper JUNOS	=21.3-r2
Juniper JUNOS	=21.3-r2-s1
Juniper JUNOS	=21.3-r2-s2
Juniper JUNOS	=21.4
Juniper JUNOS	=21.4-r1
Juniper JUNOS	=21.4-r1-s1
Juniper JUNOS	=21.4-r1-s2
Juniper Qfx10002

Remedy

The following software releases have been updated to resolve this specific issue: 19.3R3-S7, 19.4R3-S11, 20.2R3-S6, 20.4R3-S5, 21.1R3-S4, 21.2R3-S3, 21.3R3, 21.4R2, 22.1R1 and all subsequent releases.

Never miss a vulnerability like this again

Reference Links

https://supportportal.juniper.net/JSA70589

collector/nvd-index
agent/weakness
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/remedy
agent/references
agent/severity
agent/title
agent/last-modified-date
agent/author
agent/tags
agent/event
agent/description
agent/first-publish-date
vendor/juniper
canonical/juniper junos
version/juniper junos/19.3
version/juniper junos/19.3-r1
version/juniper junos/19.3-r1-s1
version/juniper junos/19.3-r2
version/juniper junos/19.3-r2-s1
version/juniper junos/19.3-r2-s2
version/juniper junos/19.3-r2-s3
version/juniper junos/19.3-r2-s4
version/juniper junos/19.3-r2-s5
version/juniper junos/19.3-r2-s6
version/juniper junos/19.3-r2-s7
version/juniper junos/19.3-r3
version/juniper junos/19.3-r3-s1
version/juniper junos/19.3-r3-s2
version/juniper junos/19.3-r3-s3
version/juniper junos/19.3-r3-s4
version/juniper junos/19.3-r3-s5
version/juniper junos/19.3-r3-s6
version/juniper junos/19.4
version/juniper junos/19.4-r1
version/juniper junos/19.4-r1-s1
version/juniper junos/19.4-r1-s2
version/juniper junos/19.4-r1-s3
version/juniper junos/19.4-r1-s4
version/juniper junos/19.4-r2
version/juniper junos/19.4-r2-s1
version/juniper junos/19.4-r2-s2
version/juniper junos/19.4-r2-s3
version/juniper junos/19.4-r2-s4
version/juniper junos/19.4-r2-s5
version/juniper junos/19.4-r2-s6
version/juniper junos/19.4-r2-s7
version/juniper junos/19.4-r3
version/juniper junos/19.4-r3-s1
version/juniper junos/19.4-r3-s10
version/juniper junos/19.4-r3-s2
version/juniper junos/19.4-r3-s3
version/juniper junos/19.4-r3-s4
version/juniper junos/19.4-r3-s5
version/juniper junos/19.4-r3-s6
version/juniper junos/19.4-r3-s7
version/juniper junos/19.4-r3-s8
version/juniper junos/19.4-r3-s9
version/juniper junos/20.2
version/juniper junos/20.2-r1
version/juniper junos/20.2-r1-s1
version/juniper junos/20.2-r1-s2
version/juniper junos/20.2-r1-s3
version/juniper junos/20.2-r2
version/juniper junos/20.2-r2-s1
version/juniper junos/20.2-r2-s2
version/juniper junos/20.2-r2-s3
version/juniper junos/20.2-r3
version/juniper junos/20.2-r3-s1
version/juniper junos/20.2-r3-s2
version/juniper junos/20.2-r3-s3
version/juniper junos/20.2-r3-s4
version/juniper junos/20.2-r3-s5
version/juniper junos/20.4
version/juniper junos/20.4-r1
version/juniper junos/20.4-r1-s1
version/juniper junos/20.4-r2
version/juniper junos/20.4-r2-s1
version/juniper junos/20.4-r2-s2
version/juniper junos/20.4-r3
version/juniper junos/20.4-r3-s1
version/juniper junos/20.4-r3-s2
version/juniper junos/20.4-r3-s3
version/juniper junos/20.4-r3-s4
version/juniper junos/21.1
version/juniper junos/21.1-r1
version/juniper junos/21.1-r1-s1
version/juniper junos/21.1-r2
version/juniper junos/21.1-r2-s1
version/juniper junos/21.1-r2-s2
version/juniper junos/21.1-r3
version/juniper junos/21.1-r3-s1
version/juniper junos/21.1-r3-s2
version/juniper junos/21.1-r3-s3
version/juniper junos/21.2
version/juniper junos/21.2-r1
version/juniper junos/21.2-r1-s1
version/juniper junos/21.2-r1-s2
version/juniper junos/21.2-r2
version/juniper junos/21.2-r2-s1
version/juniper junos/21.2-r2-s2
version/juniper junos/21.2-r3
version/juniper junos/21.2-r3-s1
version/juniper junos/21.2-r3-s2
version/juniper junos/21.3
version/juniper junos/21.3-r1
version/juniper junos/21.3-r1-s1
version/juniper junos/21.3-r1-s2
version/juniper junos/21.3-r2
version/juniper junos/21.3-r2-s1
version/juniper junos/21.3-r2-s2
version/juniper junos/21.4
version/juniper junos/21.4-r1
version/juniper junos/21.4-r1-s1
version/juniper junos/21.4-r1-s2
canonical/juniper qfx10002

CVE-2023-28965: Junos OS: QFX10002: Failure of storm control feature may lead to Denial of Service

Remedy

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact