{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-44195", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "state": "PUBLISHED", "assignerShortName": "juniper", "dateReserved": "2023-09-26T19:30:32.349Z", "datePublished": "2023-10-12T23:04:32.068Z", "dateUpdated": "2023-10-12T23:04:32.068Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Junos OS Evolved", "vendor": "Juniper Networks", "versions": [{"lessThan": "21.3R1-EVO", "status": "unaffected", "version": "0", "versionType": "semver"}, {"lessThan": "21.3R3-S5-EVO", "status": "affected", "version": "21.3-EVO", "versionType": "semver"}, {"lessThan": "21.4R3-S4-EVO", "status": "affected", "version": "21.4-EVO", "versionType": "semver"}, {"lessThan": "22.1*-EVO", "status": "affected", "version": "22.1R1-EVO", "versionType": "semver"}, {"lessThan": "22.2*-EVO", "status": "affected", "version": "22.2R1-EVO", "versionType": "semver"}, {"lessThan": "22.3R2-S2-EVO, 22.3R3-S1-EVO", "status": "affected", "version": "22.3-EVO", "versionType": "semver"}, {"lessThan": "22.4R3-EVO", "status": "affected", "version": "22.4-EVO", "versionType": "semver"}]}], "datePublic": "2023-10-11T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<p>An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the NetworkStack agent daemon (nsagentd) of Juniper Networks Junos OS Evolved allows an unauthenticated network based attacker to cause limited impact to the availability of the system.</p><p>If specific packets reach the Routing-Engine (RE) these will be processed normally even if firewall filters are in place which should have prevented this. This can lead to a limited, increased consumption of resources resulting in a Denial-of-Service (DoS), and unauthorized access.</p><p>CVE-2023-44196 is a prerequisite for this issue.</p><p>This issue affects Juniper Networks Junos OS Evolved:</p><p></p><ul><li>21.3-EVO versions prior to 21.3R3-S5-EVO;</li><li>21.4-EVO versions prior to 21.4R3-S4-EVO;</li><li>22.1-EVO version 22.1R1-EVO and later;</li><li>22.2-EVO version 22.2R1-EVO and later;</li><li>22.3-EVO versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO;</li><li>22.4-EVO versions prior to 22.4R3-EVO.</li></ul><p></p><p>This issue doesn't not affected Junos OS Evolved versions prior to 21.3R1-EVO.</p>\n\n"}], "value": "\nAn Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the NetworkStack agent daemon (nsagentd) of Juniper Networks Junos OS Evolved allows an unauthenticated network based attacker to cause limited impact to the availability of the system.\n\nIf specific packets reach the Routing-Engine (RE) these will be processed normally even if firewall filters are in place which should have prevented this. This can lead to a limited, increased consumption of resources resulting in a Denial-of-Service (DoS), and unauthorized access.\n\nCVE-2023-44196 is a prerequisite for this issue.\n\nThis issue affects Juniper Networks Junos OS Evolved:\n\n\n\n * 21.3-EVO versions prior to 21.3R3-S5-EVO;\n * 21.4-EVO versions prior to 21.4R3-S4-EVO;\n * 22.1-EVO version 22.1R1-EVO and later;\n * 22.2-EVO version 22.2R1-EVO and later;\n * 22.3-EVO versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO;\n * 22.4-EVO versions prior to 22.4R3-EVO.\n\n\n\n\nThis issue doesn't not affected Junos OS Evolved versions prior to 21.3R1-EVO.\n\n\n\n"}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Juniper SIRT is not aware of any malicious exploitation of this vulnerability.</p>"}], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-923", "description": "CWE-923 Improper Restriction of Communication Channel to Intended Endpoints", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2023-10-12T23:04:32.068Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://supportportal.juniper.net/JSA73160"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>The following software releases have been updated to resolve this specific issue: Junos OS Evolved 21.3R3-S5-EVO, 21.4R3-S4-EVO, 22.3R2-S2-EVO, 22.3R3-S1-EVO, 22.4R3-EVO, 23.2R1-EVO, and all subsequent releases.</p>"}], "value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved 21.3R3-S5-EVO, 21.4R3-S4-EVO, 22.3R2-S2-EVO, 22.3R3-S1-EVO, 22.4R3-EVO, 23.2R1-EVO, and all subsequent releases.\n\n"}], "source": {"advisory": "JSA73160", "defect": ["1713989"], "discovery": "USER"}, "timeline": [{"lang": "en", "time": "2023-10-11T16:00:00.000Z", "value": "Initial Publication"}], "title": "Junos OS Evolved: Packets which are not destined to the router can reach the RE", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>There are no known workarounds for this issue.</p>"}], "value": "There are no known workarounds for this issue.\n\n"}], "x_generator": {"engine": "Vulnogram 0.1.0-av217"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:-:*:*:*:*:*:*", "matchCriteriaId": "2E907193-075E-45BC-9257-9607DB790D71", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1:*:*:*:*:*:*", "matchCriteriaId": "8B73A41D-3FF5-4E53-83FF-74DF58E0D6C3", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "CEDF46A8-FC3A-4779-B695-2CA11D045AEB", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s2:*:*:*:*:*:*", "matchCriteriaId": "39809219-9F87-4583-9DAD-9415DD320B36", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r2:*:*:*:*:*:*", "matchCriteriaId": "DB299492-A919-4EBA-A62A-B3CF02FC0A95", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s1:*:*:*:*:*:*", "matchCriteriaId": "74ED0939-D5F8-4334-9838-40F29DE3597F", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s2:*:*:*:*:*:*", "matchCriteriaId": "C6937069-8C19-4B01-8415-ED7E9EAE2CE2", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3:*:*:*:*:*:*", "matchCriteriaId": "97DB6DD5-F5DD-4AE1-AF2F-8DB9E18FF882", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s1:*:*:*:*:*:*", "matchCriteriaId": "21DF05B8-EF7E-422F-8831-06904160714C", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s2:*:*:*:*:*:*", "matchCriteriaId": "492FCE45-68A1-4378-85D4-C4034FE0D836", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s3:*:*:*:*:*:*", "matchCriteriaId": "522114CC-1505-4205-B4B8-797DE1BD833B", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:-:*:*:*:*:*:*", "matchCriteriaId": "C16434C0-21A7-4CE5-92E1-7D60A35EF5D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:-:*:*:*:*:*:*", "matchCriteriaId": "A3CA3365-F9AF-40DF-8700-30AD4BC58E27", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r1:*:*:*:*:*:*", "matchCriteriaId": "D77A072D-350A-42F2-8324-7D3AC1711BF9", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "83AE395C-A651-4568-88E3-3600544BF799", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r2:*:*:*:*:*:*", "matchCriteriaId": "B3BE1FD4-DAD9-4357-A2E9-20E5826B0D5C", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r2-s1:*:*:*:*:*:*", "matchCriteriaId": "81CC3480-4B65-4588-8D46-FA80A8F6D143", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r2-s2:*:*:*:*:*:*", "matchCriteriaId": "F7E76F5F-DB37-4B7F-9247-3CEB4EBD7696", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:-:*:*:*:*:*:*", "matchCriteriaId": "BE2EF84D-55A9-41DC-A324-69E1DC426D0B", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r1:*:*:*:*:*:*", "matchCriteriaId": "433631CA-3AC4-4D66-9B46-AEA4209347F1", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "6E4CD8AD-277A-4FC5-A102-3E151060C216", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r2:*:*:*:*:*:*", "matchCriteriaId": "FA4481D2-F693-48A5-8DBC-E86430987A25", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r2-s1:*:*:*:*:*:*", "matchCriteriaId": "136CA584-2475-4A14-9771-F367180201D4", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r2-s2:*:*:*:*:*:*", "matchCriteriaId": "4546776C-A657-42E3-9A36-47F9F59A88AD", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r3-s1:*:*:*:*:*:*", "matchCriteriaId": "10F9C2B1-BD81-4EDC-ADF5-4B0F39001C7A", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:-:*:*:*:*:*:*", "matchCriteriaId": "0A33C425-921F-4795-B834-608C8F1597E0", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:r1:*:*:*:*:*:*", "matchCriteriaId": "93887799-F62C-4A4A-BCF5-004D0B4D4154", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "62C473D2-2612-4480-82D8-8A24D0687BBD", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s2:*:*:*:*:*:*", "matchCriteriaId": "7FB4C5CA-A709-4B13-A9E0-372098A72AD3", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:r2:*:*:*:*:*:*", "matchCriteriaId": "04CE952D-E3C1-4B34-9E65-EC52BFE887AB", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:r2-s1:*:*:*:*:*:*", "matchCriteriaId": "8AE9D1A7-4721-4E1D-B965-FDC38126B1DD", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:r2-s2:*:*:*:*:*:*", "matchCriteriaId": "A8643AA3-29EF-48A7-B033-CB60988E214B", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:23.1:r1:*:*:*:*:*:*", "matchCriteriaId": "82A4E4C8-2D50-4675-8A96-8C9DADCE46CF", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:23.1:r2:*:*:*:*:*:*", "matchCriteriaId": "54B79847-EBC1-480E-87BE-60D411C93FC6", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:23.1:r3:*:*:*:*:*:*", "matchCriteriaId": "8135057E-D346-4925-96BA-FE22C7C03903", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:23.2:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "558D234D-BC50-415F-86D6-8E19D6C3ACE0", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:23.2:r1-s2:*:*:*:*:*:*", "matchCriteriaId": "33F4EEEE-77E9-4973-A770-99E7BA2F05F5", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:23.2:r2-s1:*:*:*:*:*:*", "matchCriteriaId": "D657944B-2066-4F2C-BC92-EDF4DE1C165C", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:23.2:r2-s2:*:*:*:*:*:*", "matchCriteriaId": "75A58924-6348-44CF-AB39-1FCE17FE81AC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "\nAn Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the NetworkStack agent daemon (nsagentd) of Juniper Networks Junos OS Evolved allows an unauthenticated network based attacker to cause limited impact to the availability of the system.\n\nIf specific packets reach the Routing-Engine (RE) these will be processed normally even if firewall filters are in place which should have prevented this. This can lead to a limited, increased consumption of resources resulting in a Denial-of-Service (DoS), and unauthorized access.\n\nCVE-2023-44196 is a prerequisite for this issue.\n\nThis issue affects Juniper Networks Junos OS Evolved:\n\n\n\n * 21.3-EVO versions prior to 21.3R3-S5-EVO;\n * 21.4-EVO versions prior to 21.4R3-S4-EVO;\n * 22.1-EVO version 22.1R1-EVO and later;\n * 22.2-EVO version 22.2R1-EVO and later;\n * 22.3-EVO versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO;\n * 22.4-EVO versions prior to 22.4R3-EVO.\n\n\n\n\nThis issue doesn't not affected Junos OS Evolved versions prior to 21.3R1-EVO.\n\n\n\n"}, {"lang": "es", "value": "Una vulnerabilidad de Restricci\u00f3n Inadecuada del Canal de Comunicaci\u00f3n a los Endpoints Previstos en el daemon del agente NetworkStack (nsagentd) de Juniper Networks Junos OS Evolved permite que un atacante basado en red no autenticado cause un impacto limitado en la disponibilidad del sistema. Si paquetes espec\u00edficos llegan al Routing-Engine (RE), se procesar\u00e1n normalmente incluso si existen filtros de firewall que deber\u00edan haberlo impedido. Esto puede provocar un consumo mayor y limitado de recursos, lo que resulta en una Denegaci\u00f3n de Servicio (DoS) y un acceso no autorizado. CVE-2023-44196 es un requisito previo para este problema. Este problema afecta a Juniper Networks Junos OS Evolved: * Versiones 21.3-EVO anteriores a 21.3R3-S5-EVO; * Versiones 21.4-EVO anteriores a 21.4R3-S4-EVO; * 22.1-EVO versi\u00f3n 22.1R1-EVO y posteriores; * 22.2-EVO versi\u00f3n 22.2R1-EVO y posteriores; * Versiones 22.3-EVO anteriores a 22.3R2-S2-EVO, 22.3R3-S1-EVO; * Versiones 22.4-EVO anteriores a 22.4R3-EVO. Este problema no afecta a las versiones evolucionadas de Junos OS anteriores a 21.3R1-EVO."}], "id": "CVE-2023-44195", "lastModified": "2023-10-24T12:55:50.237", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "sirt@juniper.net", "type": "Secondary"}]}, "published": "2023-10-13T00:15:12.530", "references": [{"source": "sirt@juniper.net", "tags": ["Vendor Advisory"], "url": "https://supportportal.juniper.net/JSA73160"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-923"}], "source": "sirt@juniper.net", "type": "Secondary"}]}

{}