An Allocation of Resources Without Limits or Throttling vulnerability in Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS).

On all Junos OS QFX5000 Series and EX4000 Series platforms, when a high number of VLANs are configured, a specific DHCP packet will cause PFE hogging which will lead to dropping of socket connections.

This issue affects:

Juniper Networks Junos OS on QFX5000 Series and EX4000 Series



* 21.1 versions prior to 21.1R3-S5;
* 21.2 versions prior to 21.2R3-S5;
* 21.3 versions prior to 21.3R3-S5;
* 21.4 versions prior to 21.4R3-S4;
* 22.1 versions prior to 22.1R3-S3;
* 22.2 versions prior to 22.2R3-S1;
* 22.3 versions prior to 22.3R2-S2, 22.3R3;
* 22.4 versions prior to 22.4R2.




This issue does not affect Juniper Networks Junos OS versions prior to 21.1R1



Advisories
Source ID Title
EUVD EUVD EUVD-2023-48550 An Allocation of Resources Without Limits or Throttling vulnerability in Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On all Junos OS QFX5000 Series and EX4000 Series platforms, when a high number of VLANs are configured, a specific DHCP packet will cause PFE hogging which will lead to dropping of socket connections. This issue affects: Juniper Networks Junos OS on QFX5000 Series and EX4000 Series * 21.1 versions prior to 21.1R3-S5; * 21.2 versions prior to 21.2R3-S5; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S1; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2. This issue does not affect Juniper Networks Junos OS versions prior to 21.1R1
Fixes

Solution

The following software releases have been updated to resolve this specific issue: Junos OS 21.2R3-S5, 21.3R3-S5, 21.4R3-S4, 22.1R3-S3, 22.2R3-S1, 22.3R2-S2, 22.3R3, 22.4R2, 23.2R1, and all subsequent releases.


Workaround

There are no known workarounds for this issue.

References
History

Thu, 19 Sep 2024 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Juniper Networks
Juniper Networks junos Os
CPEs cpe:2.3:o:juniper_networks:junos_os:*:*:*:*:*:*:*:*
Vendors & Products Juniper Networks
Juniper Networks junos Os
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: juniper

Published:

Updated: 2024-09-19T14:14:17.438Z

Reserved: 2023-09-26T19:30:27.953Z

Link: CVE-2023-44191

cve-icon Vulnrichment

Updated: 2024-08-02T19:59:51.578Z

cve-icon NVD

Status : Modified

Published: 2023-10-13T00:15:12.220

Modified: 2024-11-21T08:25:24.570

Link: CVE-2023-44191

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.