Junos OS Evolved: PTX10003 Series: MAC address validation bypass vulnerability
CVE-2023-44189

6.1MEDIUM

Key Information:

Vendor
Juniper Networks
Status
Junos Os Evolved
Vendor
CVE Published:
11 October 2023

Badges

๐Ÿ‘พ Exploit Exists๐Ÿ“ฐ News Worthy

Summary

An Origin Validation vulnerability in MAC address validation of Juniper Networks Junos OS Evolved on PTX10003 Series allows a network-adjacent attacker to bypass MAC address checking, allowing MAC addresses not intended to reach the adjacent LAN to be forwarded to the downstream network. Due to this issue, the router will start forwarding traffic if a valid route is present in forwarding-table, causing a loop and congestion in the downstream layer-2 domain connected to the device.

This issue affects Juniper Networks Junos OS Evolved on PTX10003 Series:

  • All versions prior to 21.4R3-S4-EVO;
  • 22.1 versions prior to 22.1R3-S3-EVO;
  • 22.2 version 22.2R1-EVO and later versions;
  • 22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO;
  • 22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO;
  • 23.2 versions prior to 23.2R2-EVO.

Affected Version(s)

Junos OS Evolved PTX10003 Series 0 < 21.4R3-S4-EVO

Junos OS Evolved PTX10003 Series 22.1 < 22.1R3-S3-EVO

Junos OS Evolved PTX10003 Series 22.2R1-EVO < 22.2*-EVO

News Articles

๐Ÿ”—GBHackers News

Juniper Networks Junos OS Flaw Let Attackers Flood the system

Three new vulnerabilities have been discovered in Junos OS which were associated with password disclosure, MAC address validation bypass.

5 months ago

References

https://supportportal.juniper.net/JSA73153
vendor-advisory

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • ๐Ÿ‘พ

    Exploit known to exist

  • ๐Ÿ“ฐ

    First article discovered by GBHackers News

  • Vulnerability published

  • Vulnerability Reserved

.