First published: Mon Apr 17 2023(Updated: )
A Use After Free vulnerability in the Layer 2 Address Learning Manager (l2alm) of Juniper Networks Junos OS on QFX Series allows an adjacent attacker to cause the Packet Forwarding Engine to crash and restart, leading to a Denial of Service (DoS). The PFE may crash when a lot of MAC learning and aging happens, but due to a Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization) that is outside the attackers direct control. This issue affects: Juniper Networks Junos OS versions prior to 19.4R3-S10 on QFX Series; 20.2 versions prior to 20.2R3-S7 on QFX Series; 20.3 versions prior to 20.3R3-S6 on QFX Series; 20.4 versions prior to 20.4R3-S5 on QFX Series; 21.1 versions prior to 21.1R3-S4 on QFX Series; 21.2 versions prior to 21.2R3-S3 on QFX Series; 21.3 versions prior to 21.3R3-S3 on QFX Series; 21.4 versions prior to 21.4R3 on QFX Series; 22.1 versions prior to 22.1R3 on QFX Series; 22.2 versions prior to 22.2R2 on QFX Series.
Credit: sirt@juniper.net
Affected Software | Affected Version | How to fix |
---|---|---|
Juniper Junos | =20.2 | |
Juniper Junos | =20.2-r1 | |
Juniper Junos | =20.2-r1-s1 | |
Juniper Junos | =20.2-r1-s2 | |
Juniper Junos | =20.2-r1-s3 | |
Juniper Junos | =20.2-r2 | |
Juniper Junos | =20.2-r2-s1 | |
Juniper Junos | =20.2-r2-s2 | |
Juniper Junos | =20.2-r2-s3 | |
Juniper Junos | =20.2-r3 | |
Juniper Junos | =20.2-r3-s1 | |
Juniper Junos | =20.2-r3-s2 | |
Juniper Junos | =20.2-r3-s3 | |
Juniper Junos | =20.2-r3-s4 | |
Juniper Junos | =20.2-r3-s5 | |
Juniper Junos | =20.2-r3-s6 | |
Juniper Junos | =20.3 | |
Juniper Junos | =20.3-r1 | |
Juniper Junos | =20.3-r1-s1 | |
Juniper Junos | =20.3-r1-s2 | |
Juniper Junos | =20.3-r2 | |
Juniper Junos | =20.3-r2-s1 | |
Juniper Junos | =20.3-r3 | |
Juniper Junos | =20.3-r3-s1 | |
Juniper Junos | =20.3-r3-s2 | |
Juniper Junos | =20.3-r3-s3 | |
Juniper Junos | =20.3-r3-s4 | |
Juniper Junos | =20.3-r3-s5 | |
Juniper Junos | =20.4 | |
Juniper Junos | =20.4-r1 | |
Juniper Junos | =20.4-r1-s1 | |
Juniper Junos | =20.4-r2 | |
Juniper Junos | =20.4-r2-s1 | |
Juniper Junos | =20.4-r2-s2 | |
Juniper Junos | =20.4-r3 | |
Juniper Junos | =20.4-r3-s1 | |
Juniper Junos | =20.4-r3-s2 | |
Juniper Junos | =20.4-r3-s3 | |
Juniper Junos | =20.4-r3-s4 | |
Juniper Junos | =21.1 | |
Juniper Junos | =21.1-r1 | |
Juniper Junos | =21.1-r1-s1 | |
Juniper Junos | =21.1-r2 | |
Juniper Junos | =21.1-r2-s1 | |
Juniper Junos | =21.1-r2-s2 | |
Juniper Junos | =21.1-r3 | |
Juniper Junos | =21.1-r3-s1 | |
Juniper Junos | =21.1-r3-s2 | |
Juniper Junos | =21.1-r3-s3 | |
Juniper Junos | =21.2 | |
Juniper Junos | =21.2-r1 | |
Juniper Junos | =21.2-r1-s1 | |
Juniper Junos | =21.2-r1-s2 | |
Juniper Junos | =21.2-r2 | |
Juniper Junos | =21.2-r2-s1 | |
Juniper Junos | =21.2-r2-s2 | |
Juniper Junos | =21.2-r3 | |
Juniper Junos | =21.2-r3-s1 | |
Juniper Junos | =21.2-r3-s2 | |
Juniper Junos | =21.3 | |
Juniper Junos | =21.3-r1 | |
Juniper Junos | =21.3-r1-s1 | |
Juniper Junos | =21.3-r1-s2 | |
Juniper Junos | =21.3-r2 | |
Juniper Junos | =21.3-r2-s1 | |
Juniper Junos | =21.3-r2-s2 | |
Juniper Junos | =21.3-r3 | |
Juniper Junos | =21.3-r3-s1 | |
Juniper Junos | =21.3-r3-s2 | |
Juniper Junos | =21.4 | |
Juniper Junos | =21.4-r1 | |
Juniper Junos | =21.4-r1-s1 | |
Juniper Junos | =21.4-r1-s2 | |
Juniper Junos | =21.4-r2 | |
Juniper Junos | =21.4-r2-s1 | |
Juniper Junos | =21.4-r2-s2 | |
Juniper Junos | =22.1-r1 | |
Juniper Junos | =22.1-r1-s1 | |
Juniper Junos | =22.1-r1-s2 | |
Juniper Junos | =22.1-r2 | |
Juniper Junos | =22.1-r2-s1 | |
Juniper Junos | =22.2-r1 | |
Juniper Junos | =22.2-r1-s1 | |
Juniper Junos | =22.2-r1-s2 | |
Juniper Junos | =22.3-r1 | |
Juniper Junos | =22.4-r1 | |
Juniper QFX10000 | ||
Juniper QFX10002-60C | ||
Juniper QFX10002-32Q | ||
Juniper QFX10002-60C | ||
Juniper QFX10002-72Q | ||
Juniper QFX10008 | ||
Juniper QFX10016 | ||
Juniper QFX10000 | ||
Juniper QFX3000-G | ||
Juniper QFX3000-M | ||
Juniper QFX3008-I | ||
Juniper QFX3100 | ||
Juniper QFX3500 | ||
Juniper QFX3600-I | ||
Juniper QFX3600 | ||
Juniper QFX5100 | ||
Juniper QFX5100 | ||
Juniper QFX5110 | ||
Juniper QFX5120 | ||
Juniper QFX5130 | ||
Juniper QFX5200-48Y | ||
Juniper QFX5200-32C | ||
Juniper QFX5200-48Y | ||
Juniper QFX5210-64C | ||
Juniper QFX5210-64C | ||
Juniper QFX5220 |
The following software releases have been updated to resolve this specific issue: 19.4R3-S10, 20.2R3-S7, 20.4R3-S5, 21.1R3-S4, 21.2R3-S3, 21.4R3, 22.1R3, 22.2R2, 22.3R1, and all subsequent releases.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2023-28984 is classified as high due to its potential to cause a Denial of Service (DoS) condition.
To fix CVE-2023-28984, update Junos OS to the latest patched version provided by Juniper Networks.
CVE-2023-28984 affects Juniper Networks Junos OS on various versions of QFX Series, including 20.2, 20.3, 20.4, and 21.x.
CVE-2023-28984 enables adjacent attackers to crash and restart the Packet Forwarding Engine, leading to a Denial of Service.
Currently, there are no specific workarounds recommended for CVE-2023-28984, and patching is advised.