Multiple vulnerabilities were identified in Juniper Junos OS. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, remote code execution, security restriction bypass, sensitive information disclosure and data manipulation on the targeted system.
Impact
Denial of Service
Elevation of Privilege
Remote Code Execution
Security Restriction Bypass
Information Disclosure
Data Manipulation
System / Technologies affected
Juniper Networks Junos OS
18.4 version 18.4R2 and later versions prior to 20.4R3-S8
20.3 versions prior to 20.3R3-S5 on QFX5k
20.4 versions prior to 20.4R3-S5
20.4 versions prior to 20.4R3-S5 on QFX5k
20.4 versions prior to 20.4R3-S9
21.1 version 21.1R1 and later versions
21.1 version 21.1R1 and later versions prior to 21.2R3-S6
21.1 version 21.1R1-EVO and later versions
21.1 versions 21.1R1 and later
21.1 versions 21.1R1-EVO and later
21.1 versions prior to 21.1R3-S2-EVO
21.1 versions prior to 21.1R3-S4
21.1 versions prior to 21.1R3-S4 on QFX5k
21.1 versions prior to 21.1R3-S5
21.1-EVO version 21.1R1 and later versions
21.1-EVO version 21.1R1-EVO and later
21.1-EVO version 21.1R1-EVO and later versions
21.1-EVO version 21.1R1-EVO and later versions prior to 21.2R3-S4-EVO
21.1-EVO version 21.1R1-EVO and later versions prior to 21.2R3-S6-EVO
21.2 versions prior to 21.2R3-S2
21.2 versions prior to 21.2R3-S2-EVO
21.2 versions prior to 21.2R3-S3
21.2 versions prior to 21.2R3-S3 on QFX5k
21.2 versions prior to 21.2R3-S4
21.2 versions prior to 21.2R3-S5
21.2 versions prior to 21.2R3-S5-EVO
21.2 versions prior to 21.2R3-S6
21.2 versions prior to 21.2R3-S6-EVO
21.2-EVO version 21.2R1 and later versions
21.2-EVO versions prior to 21.2R3-S2-EVO
21.2-EVO versions prior to 21.2R3-S6-EVO
21.3 versions prior to 21.3R2-S2, 21.3R3-S1
21.3 versions prior to 21.3R3
21.3 versions prior to 21.3R3-S1-EVO
21.3 versions prior to 21.3R3-S2 on QFX5k
21.3 versions prior to 21.3R3-S3
21.3 versions prior to 21.3R3-S4
21.3 versions prior to 21.3R3-S4-EVO
21.3 versions prior to 21.3R3-S5
21.3 versions prior to 21.3R3-S5-EVO
21.3-EVO version 21.3R1-EVO and later
21.3-EVO version 21.3R1-EVO and later versions
21.3-EVO versions prior to 21.3R3-S2-EVO
21.3-EVO versions prior to 21.3R3-S3-EVO
21.3-EVO versions prior to 21.3R3-S5-EVO
21.4 versions prior to 21.4R2-S1, 21.4R3
21.4 versions prior to 21.4R2-S1, 21.4R3-S5
21.4 versions prior to 21.4R2-S2, 21.4R3
21.4 versions prior to 21.4R2-S2-EVO
21.4 versions prior to 21.4R3
21.4 versions prior to 21.4R3 on QFX5k
21.4 versions prior to 21.4R3-S1
21.4 versions prior to 21.4R3-S2
21.4 versions prior to 21.4R3-S3
21.4 versions prior to 21.4R3-S3-EVO
21.4 versions prior to 21.4R3-S4
21.4 versions prior to 21.4R3-S4-EVO
21.4 versions prior to 21.4R3-S5
21.4 versions prior to 21.4R3-S5-EVO
21.4-EVO versions prior to 21.4R2-S1-EVO, 21.4R3-EVO
21.4-EVO versions prior to 21.4R2-S1-EVO, 21.4R3-S5-EVO
21.4-EVO versions prior to 21.4R3-S3-EVO
21.4-EVO versions prior to 21.4R3-S4-EVO
22.1 versions prior to 22.1R1-S2, 22.1R2
22.1 versions prior to 22.1R2-S2, 22.1R3
22.1 versions prior to 22.1R3
22.1 versions prior to 22.1R3 on QFX5k
22.1 versions prior to 22.1R3-S1
22.1 versions prior to 22.1R3-S2
22.1 versions prior to 22.1R3-S2-EVO
22.1 versions prior to 22.1R3-S3
22.1 versions prior to 22.1R3-S3-EVO
22.1 versions prior to 22.1R3-S4
22.1 versions prior to 22.1R3-S4-EVO
22.1-EVO version 22.1R1-EVO and later
22.1-EVO version 22.1R1-EVO and later versions prior to 22.2R2-S2-EVO, 22.2R3-EVO
22.1-EVO versions prior to 22.1R3-EVO
22.1-EVO versions prior to 22.1R3-S3-EVO
22.1-EVO versions prior to 22.1R3-S4-EVO
22.2 versions 22.2R1-EVO and later
22.2 versions prior to 22.2R1-S1, 22.2R2
22.2 versions prior to 22.2R2
22.2 versions prior to 22.2R2 on QFX5k
22.2 versions prior to 22.2R2-EVO
22.2 versions prior to 22.2R2-S1, 22.2R3
22.2 versions prior to 22.2R2-S2, 22.2R3
22.2 versions prior to 22.2R3
22.2 versions prior to 22.2R3-EVO
22.2 versions prior to 22.2R3-S1
22.2 versions prior to 22.2R3-S1-EVO
22.2 versions prior to 22.2R3-S2
22.2 versions prior to 22.2R3-S2-EVO
22.2 versions prior to 22.2R3-S3-EVO
22.2-EVO version 22.2R1-EVO and later
22.2-EVO versions prior to 22.2R2-S1-EVO, 22.2R3-EVO
22.2-EVO versions prior to 22.2R3-S2-EVO
22.2-EVO versions prior to 22.2R3-S3-EVO
22.3 versions prior to 22.3R1-S2, 22.3R2
22.3 versions prior to 22.3R1-S2, 22.3R2.
22.3 versions prior to 22.3R2
22.3 versions prior to 22.3R2-S1, 22.3R3
22.3 versions prior to 22.3R2-S1, 22.3R3-S1
22.3 versions prior to 22.3R2-S2
22.3 versions prior to 22.3R2-S2, 22.3R3
22.3 versions prior to 22.3R2-S2, 22.3R3-S1
22.3 versions prior to 22.3R2-S2-EVO
22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO
22.3 versions prior to 22.3R3
22.3 versions prior to 22.3R3-EVO
22.3-EVO versions prior to 22.3R1-S2-EVO, 22.3R2-EVO
22.3-EVO versions prior to 22.3R2-S2-EVO, 22.3R3-EVO
22.3-EVO versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO
22.4 versions prior to 22.4R1-S1-EVO
22.4 versions prior to 22.4R1-S2, 22.4R2
22.4 versions prior to 22.4R2
22.4 versions prior to 22.4R2-EVO
22.4 versions prior to 22.4R2-EVO.
22.4 versions prior to 22.4R2-S1, 22.4R3
22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO
22.4 versions prior to 22.4R2-S2, 22.4R3
22.4 versions prior to 22.4R3
22.4 versions prior to 22.4R3-EVO
22.4-EVO versions prior to 22.4R2-EVO
22.4-EVO versions prior to 22.4R2-S1-EVO, 22.4R3-EVO
22.4-EVO versions prior to 22.4R3-EVO
23.1 versions prior to 23.1R2
23.2 versions prior to 23.2R1, 23.2R2
23.2 versions prior to 23.2R1-S1-EVO, 23.2R2-EVO
23.2 versions prior to 23.2R2
23.2 versions prior to 23.2R2-EVO
23.2-EVO versions prior to 23.2R1-EVO
All versions prior to 20.2R3-S6 on QFX5k
All versions prior to 20.4R3-S4
All versions prior to 20.4R3-S4-EVO
All versions prior to 20.4R3-S5
All versions prior to 20.4R3-S6
All versions prior to 20.4R3-S6-EVO
All versions prior to 20.4R3-S7
All versions prior to 20.4R3-S7-EVO
All versions prior to 20.4R3-S8
All versions prior to 20.4R3-S8, 20.4R3-S9
All versions prior to 20.4R3-S8-EVO
All versions prior to 21.4R3-S3-EVO
All versions prior to 21.4R3-S4-EVO
All versions prior to 21.4R3-S5-EVO
All versions prior to 22.3R3-EVO
Solutions
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor. For detail, please refer to the link below:
https://supportportal.juniper.net/s/article/2023-10-Security-Bulletin-Junos-OS-An-unauthenticated-attacker-with-local-access-to-the-device-can-create-a-backdoor-with-root-privileges-CVE-2023-44194
https://supportportal.juniper.net/s/article/2023-10-Security-Bulletin-Junos-OS-Evolved-PTX10001-PTX10004-PTX10008-PTX10016-MAC-address-validation-bypass-vulnerability-CVE-2023-44190
https://supportportal.juniper.net/s/article/2023-10-Security-Bulletin-Junos-OS-Evolved-PTX10003-Series-MAC-address-validation-bypass-vulnerability-CVE-2023-44189
https://supportportal.juniper.net/s/article/2023-10-Security-Bulletin-Junos-OS-Evolved-PTX10003-Series-Packets-which-are-not-destined-to-the-router-can-reach-the-RE-CVE-2023-44196
https://supportportal.juniper.net/s/article/2023-10-Security-Bulletin-Junos-OS-Evolved-Packets-which-are-not-destined-to-the-router-can-reach-the-RE-CVE-2023-44195
https://supportportal.juniper.net/s/article/2023-10-Security-Bulletin-Junos-OS-Evolved-Specific-TCP-packets-will-bypass-a-control-plane-firewall-filter-CVE-2023-44202
https://supportportal.juniper.net/s/article/2023-10-Security-Bulletin-Junos-OS-Evolved-file-copy-CLI-command-can-disclose-password-to-shell-users-CVE-2023-44187
https://supportportal.juniper.net/s/article/2023-10-Security-Bulletin-Junos-OS-MX-Series-An-FPC-crash-is-observed-when-CFM-is-enabled-in-a-VPLS-scenario-and-a-specific-LDP-related-command-is-run-CVE-2023-44193
https://supportportal.juniper.net/s/article/2023-10-Security-Bulletin-Junos-OS-MX-Series-In-a-PTP-scenario-a-prolonged-routing-protocol-churn-can-trigger-an-FPC-reboot-CVE-2023-44199
https://supportportal.juniper.net/s/article/2023-10-Security-Bulletin-Junos-OS-MX-Series-Receipt-of-malformed-TCP-traffic-will-cause-a-Denial-of-Service-CVE-2023-36841
https://supportportal.juniper.net/s/article/2023-10-Security-Bulletin-Junos-OS-PTX-Series-and-QFX10000-Series-Received-flow-routes-which-aren-t-installed-as-the-hardware-doesn-t-support-them-lead-to-an-FPC-heap-memory-leak-CVE-2023-22392
https://supportportal.juniper.net/s/article/2023-10-Security-Bulletin-Junos-OS-QFX5000-Series-DMA-memory-leak-is-observed-when-specific-DHCP-packets-are-transmitted-over-pseudo-VTEP-CVE-2023-44192
https://supportportal.juniper.net/s/article/2023-10-Security-Bulletin-Junos-OS-QFX5000-Series-EX4600-Series-In-a-VxLAN-scenario-an-adjacent-attacker-within-the-VxLAN-sending-genuine-packets-may-cause-a-DMA-memory-leak-to-occur-CVE-2023-44183
https://supportportal.juniper.net/s/article/2023-10-Security-Bulletin-Junos-OS-QFX5000-Series-and-EX4000-Series-Denial-of-Service-DoS-on-a-large-scale-VLAN-due-to-PFE-hogging-CVE-2023-44191
https://supportportal.juniper.net/s/article/2023-10-Security-Bulletin-Junos-OS-QFX5000-series-EX2300-EX3400-EX4100-EX4400-and-EX4600-Packet-flooding-will-occur-when-IGMP-traffic-is-sent-to-an-isolated-VLAN-CVE-2023-44203
https://supportportal.juniper.net/s/article/2023-10-Security-Bulletin-Junos-OS-QFX5k-l2-loop-in-the-overlay-impacts-the-stability-in-a-EVPN-VXLAN-environment-CVE-2023-44181
https://supportportal.juniper.net/s/article/2023-10-Security-Bulletin-Junos-OS-SRX-Series-and-MX-Series-SIP-ALG-doesn-t-drop-specifically-malformed-retransmitted-SIP-packets-CVE-2023-44198
https://supportportal.juniper.net/s/article/2023-10-Security-Bulletin-Junos-OS-Vulnerability-fixed-in-OpenSSL
https://supportportal.juniper.net/s/article/2023-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-local-attacker-can-retrieve-sensitive-information-and-elevate-privileges-on-the-devices-to-an-authorized-user-CVE-2023-44201
https://supportportal.juniper.net/s/article/2023-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-An-Unchecked-Return-Value-in-multiple-users-interfaces-affects-confidentiality-and-integrity-of-device-operations-CVE-2023-44182
https://supportportal.juniper.net/s/article/2023-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-An-l2cpd-crash-will-occur-when-specific-LLDP-packets-are-received-CVE-2023-36839
https://supportportal.juniper.net/s/article/2023-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-An-rpd-crash-may-occur-when-BGP-is-processing-newly-learned-routes-CVE-2023-44197
https://supportportal.juniper.net/s/article/2023-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-High-CPU-load-due-to-specific-NETCONF-command-CVE-2023-44184
https://supportportal.juniper.net/s/article/2023-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Multiple-NTP-vulnerabilities-resolved
https://supportportal.juniper.net/s/article/2023-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-RPD-crash-when-attempting-to-send-a-very-long-AS-PATH-to-a-non-4-byte-AS-capable-BGP-neighbor-CVE-2023-44186
https://supportportal.juniper.net/s/article/2023-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-specific-genuine-PIM-packet-causes-RPD-crash-CVE-2023-44175
https://supportportal.juniper.net/s/article/2023-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-The-rpd-will-crash-upon-receiving-a-malformed-BGP-UPDATE-message-CVE-2023-44204
https://supportportal.juniper.net/s/article/2023-10-Security-Bulletin-Junos-OS-jkdsd-crash-due-to-multiple-telemetry-requests-CVE-2023-44188
https://supportportal.juniper.net/s/article/2023-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Multiple-Vulnerabilities-in-CLI-command
https://supportportal.juniper.net/s/article/2023-10-Security-Bulletin-Junos-OS-SRX-Series-The-PFE-will-crash-on-receiving-malformed-SSL-traffic-when-ATP-is-enabled-CVE-2023-36843
https://supportportal.juniper.net/s/article/2023-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-a-BGP-scenario-RPD-crashes-upon-receiving-and-processing-a-specific-malformed-ISO-VPN–BGP-UPDATE-packet-CVE-2023-44185