{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-22405", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "dateUpdated": "2025-04-07T15:38:23.836Z", "dateReserved": "2022-12-27T00:00:00.000Z", "datePublished": "2023-01-12T00:00:00.000Z"}, "containers": {"cna": {"title": "Junos OS: QFX5k Series, EX46xx Series: MAC limiting feature stops working after PFE restart or device reboot", "datePublic": "2023-01-11T00:00:00.000Z", "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2023-01-12T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "An Improper Preservation of Consistency Between Independent Representations of Shared State vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS) to device due to out of resources. When a device is configured with \"service-provider/SP style\" switching, and mac-limiting is configured on an Aggregated Ethernet (ae) interface, and then a PFE is restarted or the device is rebooted, mac-limiting doesn't work anymore. Please note that the issue might not be apparent as traffic will continue to flow through the device although the mac table and respective logs will indicate that mac limit is reached. Functionality can be restored by removing and re-adding the MAC limit configuration. This issue affects Juniper Networks Junos OS on QFX5k Series, EX46xx Series: All versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3 on; 21.4 versions prior to 21.4R3 on; 22.1 versions prior to 22.1R2 on."}], "affected": [{"vendor": "Juniper Networks", "product": "Junos OS", "versions": [{"version": "unspecified", "lessThan": "20.2R3-S5", "status": "affected", "versionType": "custom"}, {"version": "20.3", "status": "affected", "lessThan": "20.3R3-S5", "versionType": "custom"}, {"version": "20.4", "status": "affected", "lessThan": "20.4R3-S4", "versionType": "custom"}, {"version": "21.1", "status": "affected", "lessThan": "21.1R3-S3", "versionType": "custom"}, {"version": "21.2", "status": "affected", "lessThan": "21.2R3-S1", "versionType": "custom"}, {"version": "21.3", "status": "affected", "lessThan": "21.3R3", "versionType": "custom"}, {"version": "21.4", "status": "affected", "lessThan": "21.4R3", "versionType": "custom"}, {"version": "22.1", "status": "affected", "lessThan": "22.1R2", "versionType": "custom"}], "platforms": ["QFX5k Series, EX46xx Series"]}], "references": [{"url": "https://kb.juniper.net/JSA70201"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-1250 Improper Preservation of Consistency Between Independent Representations of Shared State", "cweId": "CWE-1250"}]}, {"descriptions": [{"type": "text", "lang": "en", "description": "Denial of Service (DoS)"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"advisory": "JSA70201", "defect": ["1659873"], "discovery": "USER"}, "configurations": [{"lang": "en", "value": "To be vulnerable to this issue a \"service provider/SP\"-style configuration like the following needs to be present:\n\n  [interfaces <interface> ether-options 802.3ad ae<#>]\n  [interfaces ae<#> unit <unit> vlan-id <id>]\n  [switch-options interface ae<#>.<id> interface-mac-limit <limit>]\n  [switch-options interface ae<#>.<id> interface-mac-limit packet-action <action>]"}], "workarounds": [{"lang": "en", "value": "There are no known workarounds for this issue."}], "exploits": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "solutions": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue: 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R3-S3, 21.2R3-S1, 21.3R3, 21.4R3, 22.1R2, 22.2R1, and all subsequent releases."}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:07:06.650Z"}, "title": "CVE Program Container", "references": [{"url": "https://kb.juniper.net/JSA70201", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-07T15:00:37.278215Z", "id": "CVE-2023-22405", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-07T15:38:23.836Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://kb.juniper.net/JSA70201", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:07:06.650Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-22405", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-07T15:00:37.278215Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-07T15:00:42.506Z"}}], "cna": {"title": "Junos OS: QFX5k Series, EX46xx Series: MAC limiting feature stops working after PFE restart or device reboot", "source": {"defect": ["1659873"], "advisory": "JSA70201", "discovery": "USER"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Juniper Networks", "product": "Junos OS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "20.2R3-S5", "versionType": "custom"}, {"status": "affected", "version": "20.3", "lessThan": "20.3R3-S5", "versionType": "custom"}, {"status": "affected", "version": "20.4", "lessThan": "20.4R3-S4", "versionType": "custom"}, {"status": "affected", "version": "21.1", "lessThan": "21.1R3-S3", "versionType": "custom"}, {"status": "affected", "version": "21.2", "lessThan": "21.2R3-S1", "versionType": "custom"}, {"status": "affected", "version": "21.3", "lessThan": "21.3R3", "versionType": "custom"}, {"status": "affected", "version": "21.4", "lessThan": "21.4R3", "versionType": "custom"}, {"status": "affected", "version": "22.1", "lessThan": "22.1R2", "versionType": "custom"}], "platforms": ["QFX5k Series, EX46xx Series"]}], "exploits": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "solutions": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue: 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R3-S3, 21.2R3-S1, 21.3R3, 21.4R3, 22.1R2, 22.2R1, and all subsequent releases."}], "datePublic": "2023-01-11T00:00:00.000Z", "references": [{"url": "https://kb.juniper.net/JSA70201"}], "workarounds": [{"lang": "en", "value": "There are no known workarounds for this issue."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "descriptions": [{"lang": "en", "value": "An Improper Preservation of Consistency Between Independent Representations of Shared State vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS) to device due to out of resources. When a device is configured with \"service-provider/SP style\" switching, and mac-limiting is configured on an Aggregated Ethernet (ae) interface, and then a PFE is restarted or the device is rebooted, mac-limiting doesn't work anymore. Please note that the issue might not be apparent as traffic will continue to flow through the device although the mac table and respective logs will indicate that mac limit is reached. Functionality can be restored by removing and re-adding the MAC limit configuration. This issue affects Juniper Networks Junos OS on QFX5k Series, EX46xx Series: All versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3 on; 21.4 versions prior to 21.4R3 on; 22.1 versions prior to 22.1R2 on."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1250", "description": "CWE-1250 Improper Preservation of Consistency Between Independent Representations of Shared State"}]}, {"descriptions": [{"lang": "en", "type": "text", "description": "Denial of Service (DoS)"}]}], "configurations": [{"lang": "en", "value": "To be vulnerable to this issue a \"service provider/SP\"-style configuration like the following needs to be present:\n\n  [interfaces <interface> ether-options 802.3ad ae<#>]\n  [interfaces ae<#> unit <unit> vlan-id <id>]\n  [switch-options interface ae<#>.<id> interface-mac-limit <limit>]\n  [switch-options interface ae<#>.<id> interface-mac-limit packet-action <action>]"}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2023-01-12T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2023-22405", "state": "PUBLISHED", "dateUpdated": "2025-04-07T15:38:23.836Z", "dateReserved": "2022-12-27T00:00:00.000Z", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "datePublished": "2023-01-12T00:00:00.000Z", "assignerShortName": "juniper"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*", "matchCriteriaId": "9D5DC3ED-1843-467F-903D-2DB6CDFF06F1", "versionEndExcluding": "20.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.2:-:*:*:*:*:*:*", "matchCriteriaId": "D4CF52CF-F911-4615-9171-42F84429149F", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.2:r1:*:*:*:*:*:*", "matchCriteriaId": "CD07B7E2-F5C2-4610-9133-FDA9E66DFF4F", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.2:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "D3C23AEB-34DE-44FB-8D64-E69D6E8B7401", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.2:r1-s2:*:*:*:*:*:*", "matchCriteriaId": "18DB9401-5A51-4BB3-AC2F-58F58F1C788C", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.2:r1-s3:*:*:*:*:*:*", "matchCriteriaId": "06F53DA5-59AE-403C-9B1E-41CE267D8BB1", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.2:r2:*:*:*:*:*:*", "matchCriteriaId": "3332262F-81DA-4D78-99C9-514CADA46611", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.2:r2-s1:*:*:*:*:*:*", "matchCriteriaId": "B46B63A2-1518-4A29-940C-F05624C9658D", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.2:r2-s2:*:*:*:*:*:*", "matchCriteriaId": "8E0D4959-3865-42A7-98CD-1103EBD84528", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.2:r2-s3:*:*:*:*:*:*", "matchCriteriaId": "3A58292B-814C-49E7-8D6D-BE26EFB9ADDF", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.2:r3:*:*:*:*:*:*", "matchCriteriaId": "681AE183-7183-46E7-82EA-28C398FA1C3D", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.2:r3-s1:*:*:*:*:*:*", "matchCriteriaId": "8A6E9627-8BF1-4BE8-844B-EE8F1C9478F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.2:r3-s2:*:*:*:*:*:*", "matchCriteriaId": "0A80F23B-CD13-4745-BA92-67C23B297A18", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.2:r3-s3:*:*:*:*:*:*", "matchCriteriaId": "67D4004B-1233-4258-9C7A-F05189146B44", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.2:r3-s4:*:*:*:*:*:*", "matchCriteriaId": "69E33F24-D480-4B5F-956D-D435A551CBE7", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.3:-:*:*:*:*:*:*", "matchCriteriaId": "03009CC1-21AC-4A46-A747-D0C67FCD41DA", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.3:r1:*:*:*:*:*:*", "matchCriteriaId": "5C9BC697-C7C9-447D-9EBD-E9711462583E", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.3:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "7B80433B-57B1-49EF-B1A1-83781D6102E3", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.3:r1-s2:*:*:*:*:*:*", "matchCriteriaId": "A352BB7A-6F17-4E64-BC02-1A7E4CD42653", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.3:r2:*:*:*:*:*:*", "matchCriteriaId": "05D8427C-CDDE-4B2F-9CB8-41B9137660E4", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.3:r2-s1:*:*:*:*:*:*", "matchCriteriaId": "F3DC01F2-6DFE-4A8E-9962-5E59AA965935", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.3:r3:*:*:*:*:*:*", "matchCriteriaId": "7DA0E196-925E-4056-B411-E158702D5D4F", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.3:r3-s1:*:*:*:*:*:*", "matchCriteriaId": "E33A522F-E35C-4473-9CBD-9C6E5A831086", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.3:r3-s2:*:*:*:*:*:*", "matchCriteriaId": "E9AE26EB-699B-4B10-87E2-9E731B820F32", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.3:r3-s3:*:*:*:*:*:*", "matchCriteriaId": "A29E0070-47E9-43DD-9303-C732FE8CC851", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.3:r3-s4:*:*:*:*:*:*", "matchCriteriaId": "A5E7E8D2-5D08-492E-84FC-8803E50F2CA7", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.4:-:*:*:*:*:*:*", "matchCriteriaId": "3D361B23-A3C2-444B-BEB8-E231DA950567", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.4:r1:*:*:*:*:*:*", "matchCriteriaId": "20DDC6B7-BFC4-4F0B-8E68-442C23765BF2", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.4:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "037BA01C-3F5C-4503-A633-71765E9EF774", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.4:r2:*:*:*:*:*:*", "matchCriteriaId": "C54B047C-4B38-40C0-9855-067DCF7E48BD", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.4:r2-s1:*:*:*:*:*:*", "matchCriteriaId": "38984199-E332-4A9C-A4C0-78083D052E15", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.4:r2-s2:*:*:*:*:*:*", "matchCriteriaId": "AA6526FB-2941-4D18-9B2E-472AD5A62A53", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.4:r3:*:*:*:*:*:*", "matchCriteriaId": "09876787-A40A-4340-9C12-8628C325353B", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s1:*:*:*:*:*:*", "matchCriteriaId": "41615104-C17E-44DA-AB0D-6E2053BD4EF4", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s2:*:*:*:*:*:*", "matchCriteriaId": "1981DE38-36B5-469D-917E-92717EE3ED53", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s3:*:*:*:*:*:*", "matchCriteriaId": "AFA68ACD-AAE5-4577-B734-23AAF77BC85A", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.1:-:*:*:*:*:*:*", "matchCriteriaId": "6FDB5B7D-FB37-47E3-8678-B9ED578CCA5F", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.1:r1:*:*:*:*:*:*", "matchCriteriaId": "625BA7E6-D2AD-4A48-9B94-24328BE5B06A", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.1:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "F462F4E3-762C-429F-8D25-5521100DD37C", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.1:r2:*:*:*:*:*:*", "matchCriteriaId": "C0BC9DAC-D6B5-4C5E-8C73-6E550D9A30F5", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.1:r2-s1:*:*:*:*:*:*", "matchCriteriaId": "689FE1AE-7A85-4FB6-AB02-E732F23581B6", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.1:r2-s2:*:*:*:*:*:*", "matchCriteriaId": "79E56DAC-75AD-4C81-9835-634B40C15DA6", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.1:r3:*:*:*:*:*:*", "matchCriteriaId": "A0040FE2-7ECD-4755-96CE-E899BA298E0C", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.1:r3-s1:*:*:*:*:*:*", "matchCriteriaId": "076AB086-BB79-4583-AAF7-A5233DFB2F95", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.1:r3-s2:*:*:*:*:*:*", "matchCriteriaId": "72E2DDF6-01DF-4880-AB60-B3DA3281E88D", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*", "matchCriteriaId": "216E7DDE-453D-481F-92E2-9F8466CDDA3F", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:r1:*:*:*:*:*:*", "matchCriteriaId": "A52AF794-B36B-43A6-82E9-628658624B0A", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "3998DC76-F72F-4452-9150-652140B113EB", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:r1-s2:*:*:*:*:*:*", "matchCriteriaId": "36ED4552-2420-45F9-B6E4-6DA2B2B12870", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:r2:*:*:*:*:*:*", "matchCriteriaId": "C28A14E7-7EA0-4757-9764-E39A27CFDFA5", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:r2-s1:*:*:*:*:*:*", "matchCriteriaId": "4A43752D-A4AF-4B4E-B95B-192E42883A5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:r2-s2:*:*:*:*:*:*", "matchCriteriaId": "42986538-E9D0-4C2E-B1C4-A763A4EE451B", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:r3:*:*:*:*:*:*", "matchCriteriaId": "DE22CA01-EA7E-4EE5-B59F-EE100688C1DA", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.3:-:*:*:*:*:*:*", "matchCriteriaId": "2E7D597D-F6B6-44C3-9EBC-4FA0686ACB5C", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.3:r1:*:*:*:*:*:*", "matchCriteriaId": "CC78A4CB-D617-43FC-BB51-287D2D0C44ED", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.3:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "30FF67F8-1E3C-47A8-8859-709B3614BA6E", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.3:r1-s2:*:*:*:*:*:*", "matchCriteriaId": "0C7C507E-C85E-4BC6-A3B0-549516BAB524", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.3:r2:*:*:*:*:*:*", "matchCriteriaId": "6514CDE8-35DC-469F-89A3-078684D18F7A", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.3:r2-s1:*:*:*:*:*:*", "matchCriteriaId": "4624565D-8F59-44A8-B7A8-01AD579745E7", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.3:r2-s2:*:*:*:*:*:*", "matchCriteriaId": "4BF8CD82-C338-4D9A-8C98-FCB3CEAA9227", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.4:-:*:*:*:*:*:*", "matchCriteriaId": "79ED3CE8-CC57-43AB-9A26-BBC87816062D", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.4:r1:*:*:*:*:*:*", "matchCriteriaId": "4310D2D9-A8A6-48F8-9384-0A0692A1E1C3", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "9962B01C-C57C-4359-9532-676AB81CE8B0", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s2:*:*:*:*:*:*", "matchCriteriaId": "62178549-B679-4902-BFDB-2993803B7FCE", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.4:r2:*:*:*:*:*:*", "matchCriteriaId": "9AD697DF-9738-4276-94ED-7B9380CD09F5", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:22.1:r1:*:*:*:*:*:*", "matchCriteriaId": "3F96EBE9-2532-4E35-ABA5-CA68830476A4", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:22.1:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "B4D936AE-FD74-4823-A824-2D9F24C25BFB", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*", "matchCriteriaId": "D1BB20B5-EA30-4E8E-9055-2E629648436A", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex4600-vc:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3ECB975-D1A0-4318-9C5E-752A3C98F76F", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*", "matchCriteriaId": "2B425BB1-3C78-42B1-A6C1-216E514191F0", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:qfx5100:-:*:*:*:*:*:*:*", "matchCriteriaId": "E974B4BC-64C5-4BB6-AF31-D46AF3763416", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:qfx5100-96s:-:*:*:*:*:*:*:*", "matchCriteriaId": "6BD0F680-ED30-48F3-A5D9-988D510CFC0D", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*", "matchCriteriaId": "79A8847B-4F98-4949-8639-5CD2B411D10F", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*", "matchCriteriaId": "09EBDE4B-764F-4DF1-844A-BB8A52CD53EF", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:qfx5130:-:*:*:*:*:*:*:*", "matchCriteriaId": "AB58A6E9-FFCF-4331-AC3B-45C37BD1943E", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*", "matchCriteriaId": "EDC5478F-A047-4F6D-BB11-0077A74C0174", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:qfx5200-32c:-:*:*:*:*:*:*:*", "matchCriteriaId": "38D790AD-D00F-4FED-96FE-3046C827356B", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:qfx5200-48y:-:*:*:*:*:*:*:*", "matchCriteriaId": "BAD9AD5C-947D-41EF-9969-FCCEB144984F", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*", "matchCriteriaId": "D877320D-1997-4B66-B11B-864020C755E1", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:qfx5210-64c:-:*:*:*:*:*:*:*", "matchCriteriaId": "B86047DE-A0A0-4698-9414-B66C0FA7B544", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:qfx5220:-:*:*:*:*:*:*:*", "matchCriteriaId": "D193BEBD-9436-468D-B89E-D5720603451D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An Improper Preservation of Consistency Between Independent Representations of Shared State vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS) to device due to out of resources. When a device is configured with \"service-provider/SP style\" switching, and mac-limiting is configured on an Aggregated Ethernet (ae) interface, and then a PFE is restarted or the device is rebooted, mac-limiting doesn't work anymore. Please note that the issue might not be apparent as traffic will continue to flow through the device although the mac table and respective logs will indicate that mac limit is reached. Functionality can be restored by removing and re-adding the MAC limit configuration. This issue affects Juniper Networks Junos OS on QFX5k Series, EX46xx Series: All versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3 on; 21.4 versions prior to 21.4R3 on; 22.1 versions prior to 22.1R2 on."}, {"lang": "es", "value": "Una preservaci\u00f3n inadecuada de la coherencia entre representaciones independientes de una vulnerabilidad de estado compartido en el Packet Forwarding Engine (PFE) de Juniper Networks Junos OS permite que un atacante adyacente no autenticado provoque una denegaci\u00f3n de servicio (DoS) en el dispositivo debido a la falta de recursos. Cuando un dispositivo est\u00e1 configurado con conmutaci\u00f3n de \"estilo proveedor de servicios/SP\" y la limitaci\u00f3n de mac est\u00e1 configurada en una interfaz Ethernet agregada (ae), y luego se reinicia un PFE o se reinicia el dispositivo, la limitaci\u00f3n de mac no funciona ya no. Tenga en cuenta que es posible que el problema no sea evidente ya que el tr\u00e1fico continuar\u00e1 fluyendo a trav\u00e9s del dispositivo, aunque la tabla de mac y los registros respectivos indicar\u00e1n que se alcanz\u00f3 el l\u00edmite de mac. La funcionalidad se puede restaurar eliminando y volviendo a agregar la configuraci\u00f3n del l\u00edmite MAC. Este problema afecta a Juniper Networks Junos OS en las series QFX5k y EX46xx: todas las versiones anteriores a 20.2R3-S5; Versiones 20.3 anteriores a 20.3R3-S5; Versiones 20.4 anteriores a 20.4R3-S4; Versiones 21.1 anteriores a 21.1R3-S3; Versiones 21.2 anteriores a 21.2R3-S1; Versiones 21.3 anteriores a 21.3R3 en adelante; Versiones 21.4 anteriores a 21.4R3 en adelante; Versiones 22.1 anteriores a 22.1R2 en adelante."}], "id": "CVE-2023-22405", "lastModified": "2024-11-21T07:44:45.083", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "sirt@juniper.net", "type": "Secondary"}]}, "published": "2023-01-13T00:15:10.913", "references": [{"source": "sirt@juniper.net", "tags": ["Vendor Advisory"], "url": "https://kb.juniper.net/JSA70201"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://kb.juniper.net/JSA70201"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1250"}], "source": "sirt@juniper.net", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}