First published: Thu Oct 12 2023(Updated: )
An Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on QFX5000 Series, EX2300, EX3400, EX4100, EX4400 and EX4600 allows a adjacent attacker to send specific traffic, which leads to packet flooding, resulting in a Denial of Service (DoS). When a specific IGMP packet is received in an isolated VLAN, it is duplicated to all other ports under the primary VLAN, which causes a flood. This issue affects QFX5000 series, EX2300, EX3400, EX4100, EX4400 and EX4600 platforms only. This issue affects Juniper Junos OS on on QFX5000 Series, EX2300, EX3400, EX4100, EX4400 and EX4600: * All versions prior to 20.4R3-S5; * 21.1 versions prior to 21.1R3-S4; * 21.2 versions prior to 21.2R3-S3; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S2; * 22.1 versions prior to 22.1R3; * 22.2 versions prior to 22.2R3; * 22.3 versions prior to 22.3R2.
Credit: sirt@juniper.net
Affected Software | Affected Version | How to fix |
---|---|---|
Junos OS Evolved | <20.4 | |
Junos OS Evolved | =20.4 | |
Junos OS Evolved | =20.4-r1 | |
Junos OS Evolved | =20.4-r1-s1 | |
Junos OS Evolved | =20.4-r2 | |
Junos OS Evolved | =20.4-r2-s1 | |
Junos OS Evolved | =20.4-r2-s2 | |
Junos OS Evolved | =20.4-r3 | |
Junos OS Evolved | =20.4-r3-s1 | |
Junos OS Evolved | =20.4-r3-s2 | |
Junos OS Evolved | =20.4-r3-s3 | |
Junos OS Evolved | =20.4-r3-s4 | |
Junos OS Evolved | =21.1 | |
Junos OS Evolved | =21.1-r1 | |
Junos OS Evolved | =21.1-r1-s1 | |
Junos OS Evolved | =21.1-r2 | |
Junos OS Evolved | =21.1-r2-s1 | |
Junos OS Evolved | =21.1-r2-s2 | |
Junos OS Evolved | =21.1-r3 | |
Junos OS Evolved | =21.1-r3-s1 | |
Junos OS Evolved | =21.1-r3-s2 | |
Junos OS Evolved | =21.1-r3-s3 | |
Junos OS Evolved | =21.2 | |
Junos OS Evolved | =21.2-r1 | |
Junos OS Evolved | =21.2-r1-s1 | |
Junos OS Evolved | =21.2-r1-s2 | |
Junos OS Evolved | =21.2-r2 | |
Junos OS Evolved | =21.2-r2-s1 | |
Junos OS Evolved | =21.2-r2-s2 | |
Junos OS Evolved | =21.2-r3 | |
Junos OS Evolved | =21.2-r3-s1 | |
Junos OS Evolved | =21.2-r3-s2 | |
Junos OS Evolved | =21.3 | |
Junos OS Evolved | =21.3-r1 | |
Junos OS Evolved | =21.3-r1-s1 | |
Junos OS Evolved | =21.3-r1-s2 | |
Junos OS Evolved | =21.3-r2 | |
Junos OS Evolved | =21.3-r2-s1 | |
Junos OS Evolved | =21.3-r2-s2 | |
Junos OS Evolved | =21.3-r3 | |
Junos OS Evolved | =21.3-r3-s1 | |
Junos OS Evolved | =21.3-r3-s2 | |
Junos OS Evolved | =21.3-r3-s3 | |
Junos OS Evolved | =21.3-r3-s4 | |
Junos OS Evolved | =21.4 | |
Junos OS Evolved | =21.4-r1 | |
Junos OS Evolved | =21.4-r1-s1 | |
Junos OS Evolved | =21.4-r1-s2 | |
Junos OS Evolved | =21.4-r2 | |
Junos OS Evolved | =21.4-r2-s1 | |
Junos OS Evolved | =21.4-r2-s2 | |
Junos OS Evolved | =21.4-r3 | |
Junos OS Evolved | =21.4-r3-s1 | |
Junos OS Evolved | =22.1-r1 | |
Junos OS Evolved | =22.1-r1-s1 | |
Junos OS Evolved | =22.1-r1-s2 | |
Junos OS Evolved | =22.1-r2 | |
Junos OS Evolved | =22.1-r2-s1 | |
Junos OS Evolved | =22.1-r2-s2 | |
Junos OS Evolved | =22.2-r1 | |
Junos OS Evolved | =22.2-r1-s1 | |
Junos OS Evolved | =22.2-r1-s2 | |
Junos OS Evolved | =22.2-r2 | |
Junos OS Evolved | =22.2-r2-s1 | |
Junos OS Evolved | =22.2-r2-s2 | |
Junos OS Evolved | =22.3-r1 | |
Junos OS Evolved | =22.3-r1-s1 | |
Junos OS Evolved | =22.3-r1-s2 | |
Juniper EX2300-24T | ||
Juniper EX2300 Multigigabit | ||
Juniper EX2300-24P | ||
Juniper EX2300-24T | ||
Juniper EX2300-48MP | ||
Juniper EX2300-48P | ||
Juniper EX2300-48T | ||
Juniper EX2300-C | ||
Juniper EX2300 | ||
Juniper EX3400 | ||
Juniper EX Series | ||
Juniper EX4100 | ||
Juniper EX4400-24X | ||
Juniper EX4600 | ||
Juniper QFX5100 | ||
Juniper QFX5100 | ||
Juniper QFX5110 | ||
Juniper QFX5120 | ||
Juniper Networks QFX-Series | ||
Juniper QFX5200-32C | ||
Juniper QFX5200 | ||
Juniper QFX5200 | ||
Juniper QFX5210-64C | ||
Juniper QFX5210 | ||
Juniper QFX5220 |
The following software releases have been updated to resolve this specific issue: Junos OS 20.4R3-S5, 21.1R3-S4, 21.2R3-S3, 21.3R3-S5, 21.4R3-S2, 22.1R3, 22.2R3, 22.3R2, 22.4R1, and all subsequent releases.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-44203 is rated as a high severity vulnerability due to its potential to allow packet flooding by an adjacent attacker.
To remediate CVE-2023-44203, update your Junos OS to a version that addresses this vulnerability.
CVE-2023-44203 affects Juniper Networks JUNOS on QFX5000 Series, EX2300, EX3400, EX4100, EX4400, and EX4600 devices.
CVE-2023-44203 requires an adjacent attacker, meaning it cannot be exploited remotely without physical access.
The main impact of CVE-2023-44203 is packet flooding, which could lead to service disruptions.