CVE-2023-36833 - Vulnerability Details

CVE-2023-36833 - Junos OS Evolved: PTX10001-36MR, and PTX10004, PTX10008, PTX10016 with LC1201/1202: The aftman-bt process will crash in a MoFRR scenario after multiple link flaps

A Use After Free vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS Evolved on PTX10001-36MR, and PTX10004, PTX10008, PTX10016 with LC1201/1202 allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS).

The process 'aftman-bt' will crash after multiple flaps on a multicast-only fast reroute (MoFRR) enabled interface. This will cause the respective FPC to stop forwarding traffic and it needs to be rebooted to restore the service.

An indication that the system experienced this issue is the following log message:

<date> <hostname> evo-aftmand-bt[<pid>]: [Error] jexpr_fdb: sanity check failed, ... , app_name L3 Mcast Routes

This issue affects Juniper Networks Junos OS Evolved on PTX10001-36MR, PTX10004, PTX10008, PTX10016 with LC1201/1202:
21.2 version 21.2R1-EVO and later versions;
21.3 version 21.3R1-EVO and later versions;
21.4 versions prior to 21.4R3-S3-EVO;
22.1 version 22.1R1-EVO and later versions;
22.2 versions prior to 22.2R3-S2-EVO;
22.3 versions prior to 22.3R3-EVO;
22.4 versions prior to 22.4R1-S2-EVO, 22.4R2-EVO.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00101.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Juniper	Junos Os Evolved Ptx10001-36mr Ptx10004 Ptx10008 Ptx10016

Configuration 1 [-]

AND

OR	cpe:2.3:o:juniper:junos_os_evolved:21.2:-::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.2:r1::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.2:r1-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.2:r1-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.2:r2::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.2:r2-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.2:r2-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.2:r3::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s3::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s4::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s5::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.3:-::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.3:r1::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.3:r1-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.3:r2::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.3:r2-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.3:r2-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.3:r3::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.3:r3-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.3:r3-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.3:r3-s3::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.3:r3-s4::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:-::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r1::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r2::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r3::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.1:r1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.1:r1-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.1:r1-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.1:r2::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.1:r2-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.1:r3::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.1:r3-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.1:r3-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.1:r3-s3::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.2:r1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.2:r1-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.2:r2::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.2:r2-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.2:r2-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.2:r3::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.2:r3-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.3:r1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.3:r1-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.3:r1-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.3:r2::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.3:r2-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.4:r1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s1::::::

OR	cpe:2.3:h:juniper:ptx10001-36mr:-:::::::*
	cpe:2.3:h:juniper:ptx10004:-:::::::*
	cpe:2.3:h:juniper:ptx10008:-:::::::*
	cpe:2.3:h:juniper:ptx10016:-:::::::*

No data.

References

Link	Providers
https://supportportal.juniper.net/JSA71640

History

Tue, 22 Oct 2024 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: juniper

Published: 2023-07-14T16:56:37.708Z

Updated: 2024-10-22T14:31:21.501Z

Reserved: 2023-06-27T16:17:25.275Z

Link: CVE-2023-36833

Vulnrichment

Updated: 2024-08-02T17:01:09.767Z

NVD

Status : Modified

Published: 2023-07-14T17:15:09.133

Modified: 2024-11-21T08:10:42.170

Link: CVE-2023-36833

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object