Vulnerabilities > CVE-2023-36834 - Incomplete Internal State Distinction vulnerability in Juniper Junos

CVSS 6.5 - MEDIUM

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

low complexity

juniper

CWE-372

NVD

Published: 2023-07-14

Updated: 2023-07-27

Summary

An Incomplete Internal State Distinction vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX 4600 and SRX 5000 Series allows an adjacent attacker to cause a Denial of Service (DoS). If an SRX is configured in L2 transparent mode the receipt of a specific genuine packet can cause a single Packet Processing Engines (PPE) component of the PFE to run into a loop, which in turn will render the PPE unavailable. Each packet will cause one PPE to get into a loop, leading to a gradual performance degradation until all PPEs are unavailable and all traffic processing stops. To recover the affected FPC need to be restarted. This issue affects Juniper Networks Junos OS on SRX 4600 and SRX 5000 Series: 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S7; 20.3 version 20.3R1 and later versions; 20.4 versions prior to 20.4R3-S7; 21.1 versions prior to 21.1R3-S5; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3-S1; 22.1 versions prior to 22.1R3; 22.2 versions prior to 22.2R2; 22.3 versions prior to 22.3R1-S1, 22.3R2.

Vulnerable Configurations

Part	Description	Count
OS	Juniper Juniper Junos 20.1 Juniper Junos 20.2 Juniper Junos 20.3 Juniper Junos 20.4 Juniper Junos 21.1 Juniper Junos 21.2 Juniper Junos 21.3 Juniper Junos 21.4	94
Hardware	Juniper Juniper Srx4600 - Juniper Srx5400 - Juniper Srx5600 - Juniper Srx5800 -	4

Common Weakness Enumeration (CWE)

CWE-372 - Incomplete Internal State Distinction

Common Attack Pattern Enumeration and Classification (CAPEC)

Removing/short-circuiting 'guard logic'
Attackers can, in some cases, get around logic put in place to 'guard' sensitive functionality or data. The attack may involve gaining access to and calling protected functionality (or accessing protected data) directly, may involve subverting some aspect of the guard's implementation, or outright removal of the guard, if possible.
Manipulating User State
An attacker modifies state information maintained by the target software in user-accessible locations. If successful, the target software will use this tainted state information and execute in an unintended manner. State management is an important function within an application. User state maintained by the application can include usernames, payment information, browsing history as well as application-specific contents such as items in a shopping cart. Manipulating user state can be employed by an attacker to elevate privilege, conduct fraudulent transactions or otherwise modify the flow of the application to derive certain benefits.

References

https://supportportal.juniper.net/JSA71641