Sign-up

ID

VAR-202301-1138


CVE

CVE-2023-22400


TITLE

Juniper Networks Junos OS Evolved  Resource exhaustion vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-001551

DESCRIPTION

An Uncontrolled Resource Consumption vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause an FPC crash leading to a Denial of Service (DoS). When a specific SNMP GET operation or a specific CLI command is executed this will cause a GUID resource leak, eventually leading to exhaustion and result in an FPC crash and reboot. GUID exhaustion will trigger a syslog message like one of the following for example: evo-pfemand[<pid>]: get_next_guid: Ran out of Guid Space ... evo-aftmand-zx[<pid>]: get_next_guid: Ran out of Guid Space ... This leak can be monitored by running the following command and taking note of the value in the rightmost column labeled Guids: user@host> show platform application-info allocations app evo-pfemand | match "IFDId|IFLId|Context" Node Application Context Name Live Allocs Fails Guids re0 evo-pfemand net::juniper::interfaces::IFDId 0 3448 0 3448 re0 evo-pfemand net::juniper::interfaces::IFLId 0 561 0 561 user@host> show platform application-info allocations app evo-pfemand | match "IFDId|IFLId|Context" Node Application Context Name Live Allocs Fails Guids re0 evo-pfemand net::juniper::interfaces::IFDId 0 3784 0 3784 re0 evo-pfemand net::juniper::interfaces::IFLId 0 647 0 647 This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S3-EVO; 21.1-EVO version 21.1R1-EVO and later versions; 21.2-EVO versions prior to 21.2R3-S4-EVO; 21.3-EVO version 21.3R1-EVO and later versions; 21.4-EVO versions prior to 21.4R2-EVO

Trust: 1.8

sources: NVD: CVE-2023-22400 // JVNDB: JVNDB-2023-001551 // VULHUB: VHN-449816 // VULMON: CVE-2023-22400

AFFECTED PRODUCTS

vendor:junipermodel:junos os evolvedscope:eqversion:21.4

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:20.4

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:21.2

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:21.1

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:21.3

Trust: 1.0

vendor:ジュニパーネットワークスmodel:junos os evolvedscope:eqversion: -

Trust: 0.8

vendor:ジュニパーネットワークスmodel:junos os evolvedscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-001551 // NVD: CVE-2023-22400

CVSS

SEVERITY

CVSSV2

CVSSV3

sirt@juniper.net: CVE-2023-22400
value: HIGH

Trust: 1.0

OTHER: JVNDB-2023-001551
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202301-1027
value: HIGH

Trust: 0.6

sirt@juniper.net: CVE-2023-22400
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

OTHER: JVNDB-2023-001551
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-001551 // CNNVD: CNNVD-202301-1027 // NVD: CVE-2023-22400

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.1

problemtype:Resource exhaustion (CWE-400) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-449816 // JVNDB: JVNDB-2023-001551 // NVD: CVE-2023-22400

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202301-1027

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202301-1027

PATCH

title:JSA70196url:https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-Evolved-A-specific-SNMP-GET-operation-and-a-specific-CLI-commands-cause-resources-to-leak-and-eventually-the-evo-pfemand-process-will-crash-CVE-2023-22400?language=en_US

Trust: 0.8

title:Juniper Networks Junos OS Remediation of resource management error vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=222319

Trust: 0.6

title: - url:https://github.com/Live-Hack-CVE/CVE-2023-22400

Trust: 0.1

sources: VULMON: CVE-2023-22400 // JVNDB: JVNDB-2023-001551 // CNNVD: CNNVD-202301-1027

EXTERNAL IDS

db:NVDid:CVE-2023-22400

Trust: 3.4

db:JUNIPERid:JSA70196

Trust: 1.8

db:JVNDBid:JVNDB-2023-001551

Trust: 0.8

db:CNNVDid:CNNVD-202301-1027

Trust: 0.6

db:VULHUBid:VHN-449816

Trust: 0.1

db:VULMONid:CVE-2023-22400

Trust: 0.1

sources: VULHUB: VHN-449816 // VULMON: CVE-2023-22400 // JVNDB: JVNDB-2023-001551 // CNNVD: CNNVD-202301-1027 // NVD: CVE-2023-22400

REFERENCES

url:https://kb.juniper.net/jsa70196

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-22400

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2023-22400/

Trust: 0.6

url:https://github.com/live-hack-cve/cve-2023-22400

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-449816 // VULMON: CVE-2023-22400 // JVNDB: JVNDB-2023-001551 // CNNVD: CNNVD-202301-1027 // NVD: CVE-2023-22400

SOURCES

db:VULHUBid:VHN-449816
db:VULMONid:CVE-2023-22400
db:JVNDBid:JVNDB-2023-001551
db:CNNVDid:CNNVD-202301-1027
db:NVDid:CVE-2023-22400

LAST UPDATE DATE

2024-08-14T15:37:14.540000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-449816date:2023-01-24T00:00:00
db:VULMONid:CVE-2023-22400date:2023-01-13T00:00:00
db:JVNDBid:JVNDB-2023-001551date:2023-04-19T08:45:00
db:CNNVDid:CNNVD-202301-1027date:2023-01-28T00:00:00
db:NVDid:CVE-2023-22400date:2023-01-24T19:03:13.370

SOURCES RELEASE DATE

db:VULHUBid:VHN-449816date:2023-01-13T00:00:00
db:VULMONid:CVE-2023-22400date:2023-01-13T00:00:00
db:JVNDBid:JVNDB-2023-001551date:2023-04-19T00:00:00
db:CNNVDid:CNNVD-202301-1027date:2023-01-13T00:00:00
db:NVDid:CVE-2023-22400date:2023-01-13T00:15:10.540