CVE-2023-36841: Junos OS: MX Series: Receipt of malformed TCP traffic will cause a Denial of Service
First published: Thu Oct 12 2023(Updated: )
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows a unauthenticated network-based attacker to cause an infinite loop, resulting in a Denial of Service (DoS). An attacker who sends malformed TCP traffic via an interface configured with PPPoE, causes an infinite loop on the respective PFE. This results in consuming all resources and a manual restart is needed to recover. This issue affects interfaces with PPPoE configured and tcp-mss enabled. This issue affects Juniper Networks Junos OS * All versions prior to 20.4R3-S7; * 21.1 version 21.1R1 and later versions; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S3; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3; * 22.3 versions prior to 22.3R2-S2; * 22.4 versions prior to 22.4R2;
Credit: sirt@juniper.net
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Juniper Junos | <20.4 | |
| Juniper Junos | =20.4 | |
| Juniper Junos | =20.4-r1 | |
| Juniper Junos | =20.4-r1-s1 | |
| Juniper Junos | =20.4-r2 | |
| Juniper Junos | =20.4-r2-s1 | |
| Juniper Junos | =20.4-r2-s2 | |
| Juniper Junos | =20.4-r3 | |
| Juniper Junos | =20.4-r3-s1 | |
| Juniper Junos | =20.4-r3-s2 | |
| Juniper Junos | =20.4-r3-s3 | |
| Juniper Junos | =20.4-r3-s4 | |
| Juniper Junos | =20.4-r3-s5 | |
| Juniper Junos | =20.4-r3-s6 | |
| Juniper Junos | =21.1-r1 | |
| Juniper Junos | =21.1-r1-s1 | |
| Juniper Junos | =21.1-r2 | |
| Juniper Junos | =21.1-r2-s1 | |
| Juniper Junos | =21.1-r2-s2 | |
| Juniper Junos | =21.1-r3 | |
| Juniper Junos | =21.1-r3-s1 | |
| Juniper Junos | =21.1-r3-s2 | |
| Juniper Junos | =21.1-r3-s3 | |
| Juniper Junos | =21.1-r3-s4 | |
| Juniper Junos | =21.1-r3-s5 | |
| Juniper Junos | =21.2 | |
| Juniper Junos | =21.2-r1 | |
| Juniper Junos | =21.2-r1-s1 | |
| Juniper Junos | =21.2-r1-s2 | |
| Juniper Junos | =21.2-r2 | |
| Juniper Junos | =21.2-r2-s1 | |
| Juniper Junos | =21.2-r2-s2 | |
| Juniper Junos | =21.2-r3 | |
| Juniper Junos | =21.2-r3-s1 | |
| Juniper Junos | =21.2-r3-s2 | |
| Juniper Junos | =21.2-r3-s3 | |
| Juniper Junos | =21.2-r3-s4 | |
| Juniper Junos | =21.2-r3-s5 | |
| Juniper Junos | =21.3 | |
| Juniper Junos | =21.3-r1 | |
| Juniper Junos | =21.3-r1-s1 | |
| Juniper Junos | =21.3-r1-s2 | |
| Juniper Junos | =21.3-r2 | |
| Juniper Junos | =21.3-r2-s1 | |
| Juniper Junos | =21.3-r2-s2 | |
| Juniper Junos | =21.3-r3 | |
| Juniper Junos | =21.3-r3-s1 | |
| Juniper Junos | =21.3-r3-s2 | |
| Juniper Junos | =21.3-r3-s3 | |
| Juniper Junos | =21.3-r3-s4 | |
| Juniper Junos | =21.4 | |
| Juniper Junos | =21.4-r1 | |
| Juniper Junos | =21.4-r1-s1 | |
| Juniper Junos | =21.4-r1-s2 | |
| Juniper Junos | =21.4-r2 | |
| Juniper Junos | =21.4-r2-s1 | |
| Juniper Junos | =21.4-r2-s2 | |
| Juniper Junos | =21.4-r3 | |
| Juniper Junos | =21.4-r3-s1 | |
| Juniper Junos | =21.4-r3-s2 | |
| Juniper Junos | =22.1-r1 | |
| Juniper Junos | =22.1-r1-s1 | |
| Juniper Junos | =22.1-r1-s2 | |
| Juniper Junos | =22.1-r2 | |
| Juniper Junos | =22.1-r2-s1 | |
| Juniper Junos | =22.1-r2-s2 | |
| Juniper Junos | =22.1-r3 | |
| Juniper Junos | =22.1-r3-s1 | |
| Juniper Junos | =22.1-r3-s2 | |
| Juniper Junos | =22.1-r3-s3 | |
| Juniper Junos | =22.2-r1 | |
| Juniper Junos | =22.2-r1-s1 | |
| Juniper Junos | =22.2-r1-s2 | |
| Juniper Junos | =22.2-r2 | |
| Juniper Junos | =22.2-r2-s1 | |
| Juniper Junos | =22.2-r2-s2 | |
| Juniper Junos | =22.3-r1 | |
| Juniper Junos | =22.3-r1-s1 | |
| Juniper Junos | =22.3-r1-s2 | |
| Juniper Junos | =22.3-r2 | |
| Juniper Junos | =22.3-r2-s1 | |
| Juniper Junos | =22.4-r1 | |
| Juniper Junos | =22.4-r1-s1 | |
| Juniper Junos | =22.4-r1-s2 |
Remedy
The following software releases have been updated to resolve this specific issue: Junos OS 20.4R3-S7, 21.2R3-S6, 21.4R3-S3, 22.1R3-S4, 22.2R3, 22.3R2-S2, 22.3R3, 22.4R2, 23.2R1, and all subsequent releases.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-36841?
The severity of CVE-2023-36841 is classified as high due to its potential to cause a Denial of Service (DoS) via an infinite loop.
How do I fix CVE-2023-36841?
To resolve CVE-2023-36841, upgrade to a fixed version of Junos OS as outlined in Juniper's security advisories.
Which versions of Junos OS are affected by CVE-2023-36841?
Versions of Junos OS affected by CVE-2023-36841 include those prior to 20.4 and several specific versions up to 22.4.
What are the potential impacts of CVE-2023-36841?
The potential impacts of CVE-2023-36841 include causing an infinite loop that results in Denial of Service conditions.
Is CVE-2023-36841 exploitable remotely?
Yes, CVE-2023-36841 can be exploited by an unauthenticated network-based attacker.
- agent/type
- agent/author
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/weakness
- agent/severity
- agent/references
- agent/remedy
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- vendor/juniper
- canonical/juniper junos
- version/juniper junos/20.4
- version/juniper junos/20.4-r1
- version/juniper junos/20.4-r1-s1
- version/juniper junos/20.4-r2
- version/juniper junos/20.4-r2-s1
- version/juniper junos/20.4-r2-s2
- version/juniper junos/20.4-r3
- version/juniper junos/20.4-r3-s1
- version/juniper junos/20.4-r3-s2
- version/juniper junos/20.4-r3-s3
- version/juniper junos/20.4-r3-s4
- version/juniper junos/20.4-r3-s5
- version/juniper junos/20.4-r3-s6
- version/juniper junos/21.1-r1
- version/juniper junos/21.1-r1-s1
- version/juniper junos/21.1-r2
- version/juniper junos/21.1-r2-s1
- version/juniper junos/21.1-r2-s2
- version/juniper junos/21.1-r3
- version/juniper junos/21.1-r3-s1
- version/juniper junos/21.1-r3-s2
- version/juniper junos/21.1-r3-s3
- version/juniper junos/21.1-r3-s4
- version/juniper junos/21.1-r3-s5
- version/juniper junos/21.2
- version/juniper junos/21.2-r1
- version/juniper junos/21.2-r1-s1
- version/juniper junos/21.2-r1-s2
- version/juniper junos/21.2-r2
- version/juniper junos/21.2-r2-s1
- version/juniper junos/21.2-r2-s2
- version/juniper junos/21.2-r3
- version/juniper junos/21.2-r3-s1
- version/juniper junos/21.2-r3-s2
- version/juniper junos/21.2-r3-s3
- version/juniper junos/21.2-r3-s4
- version/juniper junos/21.2-r3-s5
- version/juniper junos/21.3
- version/juniper junos/21.3-r1
- version/juniper junos/21.3-r1-s1
- version/juniper junos/21.3-r1-s2
- version/juniper junos/21.3-r2
- version/juniper junos/21.3-r2-s1
- version/juniper junos/21.3-r2-s2
- version/juniper junos/21.3-r3
- version/juniper junos/21.3-r3-s1
- version/juniper junos/21.3-r3-s2
- version/juniper junos/21.3-r3-s3
- version/juniper junos/21.3-r3-s4
- version/juniper junos/21.4
- version/juniper junos/21.4-r1
- version/juniper junos/21.4-r1-s1
- version/juniper junos/21.4-r1-s2
- version/juniper junos/21.4-r2
- version/juniper junos/21.4-r2-s1
- version/juniper junos/21.4-r2-s2
- version/juniper junos/21.4-r3
- version/juniper junos/21.4-r3-s1
- version/juniper junos/21.4-r3-s2
- version/juniper junos/22.1-r1
- version/juniper junos/22.1-r1-s1
- version/juniper junos/22.1-r1-s2
- version/juniper junos/22.1-r2
- version/juniper junos/22.1-r2-s1
- version/juniper junos/22.1-r2-s2
- version/juniper junos/22.1-r3
- version/juniper junos/22.1-r3-s1
- version/juniper junos/22.1-r3-s2
- version/juniper junos/22.1-r3-s3
- version/juniper junos/22.2-r1
- version/juniper junos/22.2-r1-s1
- version/juniper junos/22.2-r1-s2
- version/juniper junos/22.2-r2
- version/juniper junos/22.2-r2-s1
- version/juniper junos/22.2-r2-s2
- version/juniper junos/22.3-r1
- version/juniper junos/22.3-r1-s1
- version/juniper junos/22.3-r1-s2
- version/juniper junos/22.3-r2
- version/juniper junos/22.3-r2-s1
- version/juniper junos/22.4-r1
- version/juniper junos/22.4-r1-s1
- version/juniper junos/22.4-r1-s2