CVE-2023-36833: Junos OS Evolved: PTX10001-36MR, and PTX10004, PTX10008, PTX10016 with LC1201/1202: The aftman-bt process will crash in a MoFRR scenario after multiple link flaps
First published: Fri Jul 14 2023(Updated: )
A Use After Free vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS Evolved on PTX10001-36MR, and PTX10004, PTX10008, PTX10016 with LC1201/1202 allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). The process 'aftman-bt' will crash after multiple flaps on a multicast-only fast reroute (MoFRR) enabled interface. This will cause the respective FPC to stop forwarding traffic and it needs to be rebooted to restore the service. An indication that the system experienced this issue is the following log message: <date> <hostname> evo-aftmand-bt[<pid>]: [Error] jexpr_fdb: sanity check failed, ... , app_name L3 Mcast Routes This issue affects Juniper Networks Junos OS Evolved on PTX10001-36MR, PTX10004, PTX10008, PTX10016 with LC1201/1202: 21.2 version 21.2R1-EVO and later versions; 21.3 version 21.3R1-EVO and later versions; 21.4 versions prior to 21.4R3-S3-EVO; 22.1 version 22.1R1-EVO and later versions; 22.2 versions prior to 22.2R3-S2-EVO; 22.3 versions prior to 22.3R3-EVO; 22.4 versions prior to 22.4R1-S2-EVO, 22.4R2-EVO.
Credit: sirt@juniper.net
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Juniper Networks Junos OS | =21.2 | |
| Juniper Networks Junos OS | =21.2-r1 | |
| Juniper Networks Junos OS | =21.2-r1-s1 | |
| Juniper Networks Junos OS | =21.2-r1-s2 | |
| Juniper Networks Junos OS | =21.2-r2 | |
| Juniper Networks Junos OS | =21.2-r2-s1 | |
| Juniper Networks Junos OS | =21.2-r2-s2 | |
| Juniper Networks Junos OS | =21.2-r3 | |
| Juniper Networks Junos OS | =21.2-r3-s1 | |
| Juniper Networks Junos OS | =21.2-r3-s2 | |
| Juniper Networks Junos OS | =21.2-r3-s3 | |
| Juniper Networks Junos OS | =21.2-r3-s4 | |
| Juniper Networks Junos OS | =21.2-r3-s5 | |
| Juniper Networks Junos OS | =21.3 | |
| Juniper Networks Junos OS | =21.3-r1 | |
| Juniper Networks Junos OS | =21.3-r1-s1 | |
| Juniper Networks Junos OS | =21.3-r2 | |
| Juniper Networks Junos OS | =21.3-r2-s1 | |
| Juniper Networks Junos OS | =21.3-r2-s2 | |
| Juniper Networks Junos OS | =21.3-r3 | |
| Juniper Networks Junos OS | =21.3-r3-s1 | |
| Juniper Networks Junos OS | =21.3-r3-s2 | |
| Juniper Networks Junos OS | =21.3-r3-s3 | |
| Juniper Networks Junos OS | =21.3-r3-s4 | |
| Juniper Networks Junos OS | =21.4 | |
| Juniper Networks Junos OS | =21.4-r1 | |
| Juniper Networks Junos OS | =21.4-r1-s1 | |
| Juniper Networks Junos OS | =21.4-r1-s2 | |
| Juniper Networks Junos OS | =21.4-r2 | |
| Juniper Networks Junos OS | =21.4-r2-s1 | |
| Juniper Networks Junos OS | =21.4-r2-s2 | |
| Juniper Networks Junos OS | =21.4-r3 | |
| Juniper Networks Junos OS | =21.4-r3-s1 | |
| Juniper Networks Junos OS | =21.4-r3-s2 | |
| Juniper Networks Junos OS | =22.1-r1 | |
| Juniper Networks Junos OS | =22.1-r1-s1 | |
| Juniper Networks Junos OS | =22.1-r1-s2 | |
| Juniper Networks Junos OS | =22.1-r2 | |
| Juniper Networks Junos OS | =22.1-r2-s1 | |
| Juniper Networks Junos OS | =22.1-r3 | |
| Juniper Networks Junos OS | =22.1-r3-s1 | |
| Juniper Networks Junos OS | =22.1-r3-s2 | |
| Juniper Networks Junos OS | =22.1-r3-s3 | |
| Juniper Networks Junos OS | =22.2-r1 | |
| Juniper Networks Junos OS | =22.2-r1-s1 | |
| Juniper Networks Junos OS | =22.2-r2 | |
| Juniper Networks Junos OS | =22.2-r2-s1 | |
| Juniper Networks Junos OS | =22.2-r2-s2 | |
| Juniper Networks Junos OS | =22.2-r3 | |
| Juniper Networks Junos OS | =22.2-r3-s1 | |
| Juniper Networks Junos OS | =22.3-r1 | |
| Juniper Networks Junos OS | =22.3-r1-s1 | |
| Juniper Networks Junos OS | =22.3-r1-s2 | |
| Juniper Networks Junos OS | =22.3-r2 | |
| Juniper Networks Junos OS | =22.3-r2-s1 | |
| Juniper Networks Junos OS | =22.4-r1 | |
| Juniper Networks Junos OS | =22.4-r1-s1 | |
| juniper ptx10001-36mr | ||
| juniper ptx10004 | ||
| juniper ptx10008 | ||
| juniper ptx10016 |
Remedy
The following software releases have been updated to resolve this specific issue: Junos OS Evolved 21.4R3-S3-EVO, 22.2R3-S2-EVO*, 22.3R3-EVO, 22.4R1-S2-EVO, 22.4R2-EVO, 23.1R1-EVO, and all subsequent releases.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-36833?
CVE-2023-36833 has been classified as a Denial of Service vulnerability with a high severity due to its potential impact on affected systems.
How do I fix CVE-2023-36833?
To mitigate CVE-2023-36833, ensure you update your Junos OS Evolved to a version that is not affected by this vulnerability as per the vendor's guidance.
Which versions are affected by CVE-2023-36833?
CVE-2023-36833 affects Junos OS Evolved versions 21.2, 21.3, 21.4, and several revisions within these versions.
What kind of attack can exploit CVE-2023-36833?
CVE-2023-36833 can be exploited by an adjacent, unauthenticated attacker to cause a Denial of Service condition.
What products are impacted by CVE-2023-36833?
The vulnerable products include Juniper Networks PTX10001-36MR, PTX10004, PTX10008, and PTX10016 running specific versions of Junos OS Evolved.
- collector/nvd-latest
- agent/author
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/remedy
- agent/references
- agent/last-modified-date
- agent/title
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/softwarecombine
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- vendor/juniper
- canonical/juniper networks junos os
- version/juniper networks junos os/21.2
- version/juniper networks junos os/21.2-r1
- version/juniper networks junos os/21.2-r1-s1
- version/juniper networks junos os/21.2-r1-s2
- version/juniper networks junos os/21.2-r2
- version/juniper networks junos os/21.2-r2-s1
- version/juniper networks junos os/21.2-r2-s2
- version/juniper networks junos os/21.2-r3
- version/juniper networks junos os/21.2-r3-s1
- version/juniper networks junos os/21.2-r3-s2
- version/juniper networks junos os/21.2-r3-s3
- version/juniper networks junos os/21.2-r3-s4
- version/juniper networks junos os/21.2-r3-s5
- version/juniper networks junos os/21.3
- version/juniper networks junos os/21.3-r1
- version/juniper networks junos os/21.3-r1-s1
- version/juniper networks junos os/21.3-r2
- version/juniper networks junos os/21.3-r2-s1
- version/juniper networks junos os/21.3-r2-s2
- version/juniper networks junos os/21.3-r3
- version/juniper networks junos os/21.3-r3-s1
- version/juniper networks junos os/21.3-r3-s2
- version/juniper networks junos os/21.3-r3-s3
- version/juniper networks junos os/21.3-r3-s4
- version/juniper networks junos os/21.4
- version/juniper networks junos os/21.4-r1
- version/juniper networks junos os/21.4-r1-s1
- version/juniper networks junos os/21.4-r1-s2
- version/juniper networks junos os/21.4-r2
- version/juniper networks junos os/21.4-r2-s1
- version/juniper networks junos os/21.4-r2-s2
- version/juniper networks junos os/21.4-r3
- version/juniper networks junos os/21.4-r3-s1
- version/juniper networks junos os/21.4-r3-s2
- version/juniper networks junos os/22.1-r1
- version/juniper networks junos os/22.1-r1-s1
- version/juniper networks junos os/22.1-r1-s2
- version/juniper networks junos os/22.1-r2
- version/juniper networks junos os/22.1-r2-s1
- version/juniper networks junos os/22.1-r3
- version/juniper networks junos os/22.1-r3-s1
- version/juniper networks junos os/22.1-r3-s2
- version/juniper networks junos os/22.1-r3-s3
- version/juniper networks junos os/22.2-r1
- version/juniper networks junos os/22.2-r1-s1
- version/juniper networks junos os/22.2-r2
- version/juniper networks junos os/22.2-r2-s1
- version/juniper networks junos os/22.2-r2-s2
- version/juniper networks junos os/22.2-r3
- version/juniper networks junos os/22.2-r3-s1
- version/juniper networks junos os/22.3-r1
- version/juniper networks junos os/22.3-r1-s1
- version/juniper networks junos os/22.3-r1-s2
- version/juniper networks junos os/22.3-r2
- version/juniper networks junos os/22.3-r2-s1
- version/juniper networks junos os/22.4-r1
- version/juniper networks junos os/22.4-r1-s1
- canonical/juniper ptx10001-36mr
- canonical/juniper ptx10004
- canonical/juniper ptx10008
- canonical/juniper ptx10016