CVE-2023-28976: Junos OS: MX Series: If a specific traffic rate goes above the DDoS threshold it will lead to an FPC crash
First published: Mon Apr 17 2023(Updated: )
An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). If specific traffic is received on MX Series and its rate exceeds the respective DDoS protection limit the ingress PFE will crash and restart. Continued receipt of this traffic will create a sustained DoS condition. This issue affects Juniper Networks Junos OS on MX Series: All versions prior to 19.1R3-S10; 19.2 versions prior to 19.2R3-S7; 19.3 versions prior to 19.3R3-S8; 19.4 versions prior to 19.4R3-S11; 20.2 versions prior to 20.2R3-S5; 20.4 versions prior to 20.4R3-S6; 21.1 versions prior to 21.1R3-S5; 21.2 versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R2.
Credit: sirt@juniper.net
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Juniper JUNOS | <19.1 | |
| Juniper JUNOS | =19.1 | |
| Juniper JUNOS | =19.1-r1 | |
| Juniper JUNOS | =19.1-r1-s1 | |
| Juniper JUNOS | =19.1-r1-s2 | |
| Juniper JUNOS | =19.1-r1-s3 | |
| Juniper JUNOS | =19.1-r1-s4 | |
| Juniper JUNOS | =19.1-r1-s5 | |
| Juniper JUNOS | =19.1-r1-s6 | |
| Juniper JUNOS | =19.1-r2 | |
| Juniper JUNOS | =19.1-r2-s1 | |
| Juniper JUNOS | =19.1-r2-s2 | |
| Juniper JUNOS | =19.1-r2-s3 | |
| Juniper JUNOS | =19.1-r3 | |
| Juniper JUNOS | =19.1-r3-s1 | |
| Juniper JUNOS | =19.1-r3-s2 | |
| Juniper JUNOS | =19.1-r3-s3 | |
| Juniper JUNOS | =19.1-r3-s4 | |
| Juniper JUNOS | =19.1-r3-s5 | |
| Juniper JUNOS | =19.1-r3-s6 | |
| Juniper JUNOS | =19.1-r3-s7 | |
| Juniper JUNOS | =19.1-r3-s8 | |
| Juniper JUNOS | =19.1-r3-s9 | |
| Juniper JUNOS | =19.2 | |
| Juniper JUNOS | =19.2-r1 | |
| Juniper JUNOS | =19.2-r1-s1 | |
| Juniper JUNOS | =19.2-r1-s2 | |
| Juniper JUNOS | =19.2-r1-s3 | |
| Juniper JUNOS | =19.2-r1-s4 | |
| Juniper JUNOS | =19.2-r1-s5 | |
| Juniper JUNOS | =19.2-r1-s6 | |
| Juniper JUNOS | =19.2-r1-s7 | |
| Juniper JUNOS | =19.2-r1-s8 | |
| Juniper JUNOS | =19.2-r1-s9 | |
| Juniper JUNOS | =19.2-r2 | |
| Juniper JUNOS | =19.2-r2-s1 | |
| Juniper JUNOS | =19.2-r3 | |
| Juniper JUNOS | =19.2-r3-s1 | |
| Juniper JUNOS | =19.2-r3-s2 | |
| Juniper JUNOS | =19.2-r3-s3 | |
| Juniper JUNOS | =19.2-r3-s4 | |
| Juniper JUNOS | =19.2-r3-s5 | |
| Juniper JUNOS | =19.2-r3-s6 | |
| Juniper JUNOS | =19.3 | |
| Juniper JUNOS | =19.3-r1 | |
| Juniper JUNOS | =19.3-r1-s1 | |
| Juniper JUNOS | =19.3-r2 | |
| Juniper JUNOS | =19.3-r2-s1 | |
| Juniper JUNOS | =19.3-r2-s2 | |
| Juniper JUNOS | =19.3-r2-s3 | |
| Juniper JUNOS | =19.3-r2-s4 | |
| Juniper JUNOS | =19.3-r2-s5 | |
| Juniper JUNOS | =19.3-r2-s6 | |
| Juniper JUNOS | =19.3-r2-s7 | |
| Juniper JUNOS | =19.3-r3 | |
| Juniper JUNOS | =19.3-r3-s1 | |
| Juniper JUNOS | =19.3-r3-s2 | |
| Juniper JUNOS | =19.3-r3-s3 | |
| Juniper JUNOS | =19.3-r3-s4 | |
| Juniper JUNOS | =19.3-r3-s5 | |
| Juniper JUNOS | =19.3-r3-s6 | |
| Juniper JUNOS | =19.3-r3-s7 | |
| Juniper JUNOS | =19.4 | |
| Juniper JUNOS | =19.4-r1 | |
| Juniper JUNOS | =19.4-r1-s1 | |
| Juniper JUNOS | =19.4-r1-s2 | |
| Juniper JUNOS | =19.4-r1-s3 | |
| Juniper JUNOS | =19.4-r1-s4 | |
| Juniper JUNOS | =19.4-r2 | |
| Juniper JUNOS | =19.4-r2-s1 | |
| Juniper JUNOS | =19.4-r2-s2 | |
| Juniper JUNOS | =19.4-r2-s3 | |
| Juniper JUNOS | =19.4-r2-s4 | |
| Juniper JUNOS | =19.4-r2-s5 | |
| Juniper JUNOS | =19.4-r2-s6 | |
| Juniper JUNOS | =19.4-r2-s7 | |
| Juniper JUNOS | =19.4-r3 | |
| Juniper JUNOS | =19.4-r3-s1 | |
| Juniper JUNOS | =19.4-r3-s10 | |
| Juniper JUNOS | =19.4-r3-s2 | |
| Juniper JUNOS | =19.4-r3-s3 | |
| Juniper JUNOS | =19.4-r3-s4 | |
| Juniper JUNOS | =19.4-r3-s5 | |
| Juniper JUNOS | =19.4-r3-s6 | |
| Juniper JUNOS | =19.4-r3-s7 | |
| Juniper JUNOS | =19.4-r3-s8 | |
| Juniper JUNOS | =19.4-r3-s9 | |
| Juniper JUNOS | =20.2 | |
| Juniper JUNOS | =20.2-r1 | |
| Juniper JUNOS | =20.2-r1-s1 | |
| Juniper JUNOS | =20.2-r1-s2 | |
| Juniper JUNOS | =20.2-r1-s3 | |
| Juniper JUNOS | =20.2-r2 | |
| Juniper JUNOS | =20.2-r2-s1 | |
| Juniper JUNOS | =20.2-r2-s2 | |
| Juniper JUNOS | =20.2-r2-s3 | |
| Juniper JUNOS | =20.2-r3 | |
| Juniper JUNOS | =20.2-r3-s1 | |
| Juniper JUNOS | =20.2-r3-s2 | |
| Juniper JUNOS | =20.2-r3-s3 | |
| Juniper JUNOS | =20.2-r3-s4 | |
| Juniper JUNOS | =20.4 | |
| Juniper JUNOS | =20.4-r1 | |
| Juniper JUNOS | =20.4-r1-s1 | |
| Juniper JUNOS | =20.4-r2 | |
| Juniper JUNOS | =20.4-r2-s1 | |
| Juniper JUNOS | =20.4-r2-s2 | |
| Juniper JUNOS | =20.4-r3 | |
| Juniper JUNOS | =20.4-r3-s1 | |
| Juniper JUNOS | =20.4-r3-s2 | |
| Juniper JUNOS | =20.4-r3-s3 | |
| Juniper JUNOS | =20.4-r3-s4 | |
| Juniper JUNOS | =20.4-r3-s5 | |
| Juniper JUNOS | =21.1 | |
| Juniper JUNOS | =21.1-r1 | |
| Juniper JUNOS | =21.1-r1-s1 | |
| Juniper JUNOS | =21.1-r2 | |
| Juniper JUNOS | =21.1-r2-s1 | |
| Juniper JUNOS | =21.1-r2-s2 | |
| Juniper JUNOS | =21.1-r3 | |
| Juniper JUNOS | =21.1-r3-s1 | |
| Juniper JUNOS | =21.1-r3-s2 | |
| Juniper JUNOS | =21.1-r3-s3 | |
| Juniper JUNOS | =21.1-r3-s4 | |
| Juniper JUNOS | =21.2 | |
| Juniper JUNOS | =21.2-r1 | |
| Juniper JUNOS | =21.2-r1-s1 | |
| Juniper JUNOS | =21.2-r1-s2 | |
| Juniper JUNOS | =21.2-r2 | |
| Juniper JUNOS | =21.2-r2-s1 | |
| Juniper JUNOS | =21.2-r2-s2 | |
| Juniper JUNOS | =21.2-r3 | |
| Juniper JUNOS | =21.2-r3-s1 | |
| Juniper JUNOS | =21.2-r3-s2 | |
| Juniper JUNOS | =21.2-r3-s3 | |
| Juniper JUNOS | =21.3 | |
| Juniper JUNOS | =21.3-r1 | |
| Juniper JUNOS | =21.3-r1-s1 | |
| Juniper JUNOS | =21.3-r1-s2 | |
| Juniper JUNOS | =21.3-r2 | |
| Juniper JUNOS | =21.3-r2-s1 | |
| Juniper JUNOS | =21.3-r2-s2 | |
| Juniper JUNOS | =21.4 | |
| Juniper JUNOS | =21.4-r1 | |
| Juniper JUNOS | =21.4-r1-s1 | |
| Juniper JUNOS | =21.4-r1-s2 | |
| Juniper JUNOS | =21.4-r2 | |
| Juniper JUNOS | =21.4-r2-s1 | |
| Juniper JUNOS | =21.4-r2-s2 | |
| Juniper JUNOS | =22.1-r1 | |
| Juniper JUNOS | =22.1-r1-s1 | |
| Juniper JUNOS | =22.1-r1-s2 | |
| Juniper Mx | ||
| Juniper Mx10 | ||
| Juniper Mx10000 | ||
| Juniper Mx10003 | ||
| Juniper Mx10008 | ||
| Juniper Mx10016 | ||
| Juniper Mx104 | ||
| Juniper Mx150 | ||
| Juniper Mx2008 | ||
| Juniper Mx2010 | ||
| Juniper Mx2020 | ||
| Juniper Mx204 | ||
| Juniper Mx240 | ||
| Juniper Mx40 | ||
| Juniper Mx480 | ||
| Juniper Mx5 | ||
| Juniper Mx80 | ||
| Juniper Mx960 |
Remedy
The following software releases have been updated to resolve this specific issue: 19.4R3-S11, 20.2R3-S5, 20.4R3-S6, 21.1R3-S5, 21.2R3-S4, 21.3R3, 21.4R3, 22.1R2, 22.2R1, and all subsequent releases.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Juniper Networks Junos OS issue?
The vulnerability ID is CVE-2023-28976.
What is the severity level of CVE-2023-28976?
The severity level of CVE-2023-28976 is high with a CVSS score of 7.5.
Which software versions of Juniper Networks Junos OS are affected by CVE-2023-28976?
Juniper Networks Junos OS versions 19.1 and later are affected by CVE-2023-28976.
How can an attacker exploit CVE-2023-28976?
An unauthenticated, network-based attacker can exploit this vulnerability to cause a Denial of Service (DoS) by sending specific traffic with an excessive rate.
Where can I find more information about CVE-2023-28976?
You can find more information about CVE-2023-28976 on the Juniper Networks support portal under advisory JSA70601.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/references
- agent/severity
- agent/weakness
- agent/title
- agent/last-modified-date
- agent/author
- agent/tags
- agent/event
- agent/description
- agent/first-publish-date
- vendor/juniper
- canonical/juniper junos
- version/juniper junos/19.1
- version/juniper junos/19.1-r1
- version/juniper junos/19.1-r1-s1
- version/juniper junos/19.1-r1-s2
- version/juniper junos/19.1-r1-s3
- version/juniper junos/19.1-r1-s4
- version/juniper junos/19.1-r1-s5
- version/juniper junos/19.1-r1-s6
- version/juniper junos/19.1-r2
- version/juniper junos/19.1-r2-s1
- version/juniper junos/19.1-r2-s2
- version/juniper junos/19.1-r2-s3
- version/juniper junos/19.1-r3
- version/juniper junos/19.1-r3-s1
- version/juniper junos/19.1-r3-s2
- version/juniper junos/19.1-r3-s3
- version/juniper junos/19.1-r3-s4
- version/juniper junos/19.1-r3-s5
- version/juniper junos/19.1-r3-s6
- version/juniper junos/19.1-r3-s7
- version/juniper junos/19.1-r3-s8
- version/juniper junos/19.1-r3-s9
- version/juniper junos/19.2
- version/juniper junos/19.2-r1
- version/juniper junos/19.2-r1-s1
- version/juniper junos/19.2-r1-s2
- version/juniper junos/19.2-r1-s3
- version/juniper junos/19.2-r1-s4
- version/juniper junos/19.2-r1-s5
- version/juniper junos/19.2-r1-s6
- version/juniper junos/19.2-r1-s7
- version/juniper junos/19.2-r1-s8
- version/juniper junos/19.2-r1-s9
- version/juniper junos/19.2-r2
- version/juniper junos/19.2-r2-s1
- version/juniper junos/19.2-r3
- version/juniper junos/19.2-r3-s1
- version/juniper junos/19.2-r3-s2
- version/juniper junos/19.2-r3-s3
- version/juniper junos/19.2-r3-s4
- version/juniper junos/19.2-r3-s5
- version/juniper junos/19.2-r3-s6
- version/juniper junos/19.3
- version/juniper junos/19.3-r1
- version/juniper junos/19.3-r1-s1
- version/juniper junos/19.3-r2
- version/juniper junos/19.3-r2-s1
- version/juniper junos/19.3-r2-s2
- version/juniper junos/19.3-r2-s3
- version/juniper junos/19.3-r2-s4
- version/juniper junos/19.3-r2-s5
- version/juniper junos/19.3-r2-s6
- version/juniper junos/19.3-r2-s7
- version/juniper junos/19.3-r3
- version/juniper junos/19.3-r3-s1
- version/juniper junos/19.3-r3-s2
- version/juniper junos/19.3-r3-s3
- version/juniper junos/19.3-r3-s4
- version/juniper junos/19.3-r3-s5
- version/juniper junos/19.3-r3-s6
- version/juniper junos/19.3-r3-s7
- version/juniper junos/19.4
- version/juniper junos/19.4-r1
- version/juniper junos/19.4-r1-s1
- version/juniper junos/19.4-r1-s2
- version/juniper junos/19.4-r1-s3
- version/juniper junos/19.4-r1-s4
- version/juniper junos/19.4-r2
- version/juniper junos/19.4-r2-s1
- version/juniper junos/19.4-r2-s2
- version/juniper junos/19.4-r2-s3
- version/juniper junos/19.4-r2-s4
- version/juniper junos/19.4-r2-s5
- version/juniper junos/19.4-r2-s6
- version/juniper junos/19.4-r2-s7
- version/juniper junos/19.4-r3
- version/juniper junos/19.4-r3-s1
- version/juniper junos/19.4-r3-s10
- version/juniper junos/19.4-r3-s2
- version/juniper junos/19.4-r3-s3
- version/juniper junos/19.4-r3-s4
- version/juniper junos/19.4-r3-s5
- version/juniper junos/19.4-r3-s6
- version/juniper junos/19.4-r3-s7
- version/juniper junos/19.4-r3-s8
- version/juniper junos/19.4-r3-s9
- version/juniper junos/20.2
- version/juniper junos/20.2-r1
- version/juniper junos/20.2-r1-s1
- version/juniper junos/20.2-r1-s2
- version/juniper junos/20.2-r1-s3
- version/juniper junos/20.2-r2
- version/juniper junos/20.2-r2-s1
- version/juniper junos/20.2-r2-s2
- version/juniper junos/20.2-r2-s3
- version/juniper junos/20.2-r3
- version/juniper junos/20.2-r3-s1
- version/juniper junos/20.2-r3-s2
- version/juniper junos/20.2-r3-s3
- version/juniper junos/20.2-r3-s4
- version/juniper junos/20.4
- version/juniper junos/20.4-r1
- version/juniper junos/20.4-r1-s1
- version/juniper junos/20.4-r2
- version/juniper junos/20.4-r2-s1
- version/juniper junos/20.4-r2-s2
- version/juniper junos/20.4-r3
- version/juniper junos/20.4-r3-s1
- version/juniper junos/20.4-r3-s2
- version/juniper junos/20.4-r3-s3
- version/juniper junos/20.4-r3-s4
- version/juniper junos/20.4-r3-s5
- version/juniper junos/21.1
- version/juniper junos/21.1-r1
- version/juniper junos/21.1-r1-s1
- version/juniper junos/21.1-r2
- version/juniper junos/21.1-r2-s1
- version/juniper junos/21.1-r2-s2
- version/juniper junos/21.1-r3
- version/juniper junos/21.1-r3-s1
- version/juniper junos/21.1-r3-s2
- version/juniper junos/21.1-r3-s3
- version/juniper junos/21.1-r3-s4
- version/juniper junos/21.2
- version/juniper junos/21.2-r1
- version/juniper junos/21.2-r1-s1
- version/juniper junos/21.2-r1-s2
- version/juniper junos/21.2-r2
- version/juniper junos/21.2-r2-s1
- version/juniper junos/21.2-r2-s2
- version/juniper junos/21.2-r3
- version/juniper junos/21.2-r3-s1
- version/juniper junos/21.2-r3-s2
- version/juniper junos/21.2-r3-s3
- version/juniper junos/21.3
- version/juniper junos/21.3-r1
- version/juniper junos/21.3-r1-s1
- version/juniper junos/21.3-r1-s2
- version/juniper junos/21.3-r2
- version/juniper junos/21.3-r2-s1
- version/juniper junos/21.3-r2-s2
- version/juniper junos/21.4
- version/juniper junos/21.4-r1
- version/juniper junos/21.4-r1-s1
- version/juniper junos/21.4-r1-s2
- version/juniper junos/21.4-r2
- version/juniper junos/21.4-r2-s1
- version/juniper junos/21.4-r2-s2
- version/juniper junos/22.1-r1
- version/juniper junos/22.1-r1-s1
- version/juniper junos/22.1-r1-s2
- canonical/juniper mx
- canonical/juniper mx10
- canonical/juniper mx10000
- canonical/juniper mx10003
- canonical/juniper mx10008
- canonical/juniper mx10016
- canonical/juniper mx104
- canonical/juniper mx150
- canonical/juniper mx2008
- canonical/juniper mx2010
- canonical/juniper mx2020
- canonical/juniper mx204
- canonical/juniper mx240
- canonical/juniper mx40
- canonical/juniper mx480
- canonical/juniper mx5
- canonical/juniper mx80
- canonical/juniper mx960