supportportal.juniper.net
Open in
urlscan Pro
85.222.140.6
Public Scan
Submitted URL: https://supportportal.juniper.net/s/article/2023-10-Security-Bulletin-Junos-OS-MX-Series-An-FPC-crash-is-observed-when-CFM-is-enab...
Effective URL: https://supportportal.juniper.net/s/article/2023-10-Security-Bulletin-Junos-OS-MX-Series-An-FPC-crash-is-observed-when-CFM-is-enab...
Submission: On December 06 via api from IN — Scanned from DE
Effective URL: https://supportportal.juniper.net/s/article/2023-10-Security-Bulletin-Junos-OS-MX-Series-An-FPC-crash-is-observed-when-CFM-is-enab...
Submission: On December 06 via api from IN — Scanned from DE
Form analysis
3 forms found in the DOM<form novalidate="">
<slot>
<slot>
<div c-kcs_headerlwc_kcs_headerlwc="" class="titleSection">
<p c-kcs_headerlwc_kcs_headerlwc="" class="slds-p-bottom_small">2023-10 Security Bulletin: Junos OS: MX Series: An FPC crash is observed when CFM is enabled in a VPLS scenario and a specific LDP related command is run (CVE-2023-44193)</p>
<div c-kcs_headerlwc_kcs_headerlwc="" class="slds-grid slds-wrap slds-m-top_xxx-small">
<div c-kcs_headerlwc_kcs_headerlwc="" class="headerSection">
<div c-kcs_headerlwc_kcs_headerlwc="" class="slds-m-top_small"><label c-kcs_headerlwc_kcs_headerlwc="" class="headerLabel slds-m-right_small">Article ID</label><span c-kcs_headerlwc_kcs_headerlwc=""
class="slds-m-right_large">JSA73157</span></div>
<div c-kcs_headerlwc_kcs_headerlwc="" class="slds-m-top_small"><label c-kcs_headerlwc_kcs_headerlwc="" class="headerLabel slds-m-right_small">Created</label><span c-kcs_headerlwc_kcs_headerlwc=""
class="slds-m-right_large">2023-10-11</span></div>
<div c-kcs_headerlwc_kcs_headerlwc="" class="slds-m-top_small"><label c-kcs_headerlwc_kcs_headerlwc="" class="headerLabel slds-m-right_small">Last Updated</label><span c-kcs_headerlwc_kcs_headerlwc=""
class="slds-m-right_large">2023-10-11</span></div>
</div>
<div c-kcs_headerlwc_kcs_headerlwc="" class="slds-text-align_right slds-no-print btnContainer"><button c-kcs_headerlwc_kcs_headerlwc="" class="slds-button headerbtn slds-m-right_x-small slds-m-top_small"><lightning-icon
c-kcs_headerlwc_kcs_headerlwc="" class="slds-m-right_x-small slds-icon-utility-print slds-icon_container" icon-name="utility:print"><span style="--sds-c-icon-color-background: var(--slds-c-icon-color-background, transparent)"
part="boundary"><lightning-primitive-icon size="x-small" variant=""><svg class="slds-icon slds-icon-text-default slds-icon_x-small" focusable="false" data-key="print" aria-hidden="true" viewBox="0 0 52 52" part="icon">
<g>
<g>
<path
d="M46.5 17.4h-41c-2.2 0-4 1.8-4 4v14c0 2.2 1.8 4 4 4h5.9v5.8c0 2.2 1.8 4 4 4h21.3c2.2 0 4-1.8 4-4v-5.8h5.9c2.2 0 4-1.8 4-4v-14c-.1-2.2-1.9-4-4.1-4zM8.3 27.7c-1.7 0-3-1.3-3-3s1.3-3 3-3 3 1.3 3 3-1.3 3-3 3zm27.6 15.4c0 .8-.7 1.5-1.5 1.5h-17c-.8 0-1.5-.7-1.5-1.5v-9.8c0-.8.7-1.5 1.5-1.5h17c.8 0 1.5.7 1.5 1.5v9.8zM40.5 11.1c0 .8-.7 1.5-1.5 1.5H12.8c-.8 0-1.5-.7-1.5-1.5V4.3c0-.8.7-1.5 1.5-1.5H39c.8 0 1.5.7 1.5 1.5v6.8z">
</path>
</g>
</g>
</svg></lightning-primitive-icon></span></lightning-icon>Print</button><button c-kcs_headerlwc_kcs_headerlwc="" class="slds-button headerbtn slds-m-top_small"><lightning-icon c-kcs_headerlwc_kcs_headerlwc=""
class="slds-m-right_x-small slds-icon-utility-user slds-icon_container" icon-name="utility:user"><span style="--sds-c-icon-color-background: var(--slds-c-icon-color-background, transparent)" part="boundary"><lightning-primitive-icon
size="x-small" variant=""><svg class="slds-icon slds-icon-text-default slds-icon_x-small" focusable="false" data-key="user" aria-hidden="true" viewBox="0 0 52 52" part="icon">
<g>
<path
d="M50 43v2.2c0 2.6-2.2 4.8-4.8 4.8H6.8C4.2 50 2 47.8 2 45.2V43c0-5.8 6.8-9.4 13.2-12.2l.6-.3c.5-.2 1-.2 1.5.1 2.6 1.7 5.5 2.6 8.6 2.6s6.1-1 8.6-2.6c.5-.3 1-.3 1.5-.1l.6.3C43.2 33.6 50 37.1 50 43zM26 2c6.6 0 11.9 5.9 11.9 13.2S32.6 28.4 26 28.4s-11.9-5.9-11.9-13.2S19.4 2 26 2z">
</path>
</g>
</svg></lightning-primitive-icon></span></lightning-icon>Report a Security Vulnerability</button></div>
</div>
</div>
</slot>
</slot>
</form>
<form novalidate="">
<slot>
<slot>
<div c-kcs_articleinfolwc_kcs_articleinfolwc="" class="detailSection">
<div c-kcs_articleinfolwc_kcs_articleinfolwc="" class="slds-p-around_large section2">
<div c-kcs_articleinfolwc_kcs_articleinfolwc="" class="slds-grid slds-wrap slds-m-top_medium">
<div c-kcs_articleinfolwc_kcs_articleinfolwc="" class="jsaDiv slds-p-right_medium"><label c-kcs_articleinfolwc_kcs_articleinfolwc="" class="slds-p-bottom_small">Product Affected</label><lightning-formatted-rich-text
c-kcs_articleinfolwc_kcs_articleinfolwc="" class="slds-p-bottom_large slds-rich-text-editor__output"><span part="formatted-rich-text">This issue affects all versions of Junos OS. Affected platforms: MX
Series.</span></lightning-formatted-rich-text></div>
<div c-kcs_articleinfolwc_kcs_articleinfolwc="" class="jsaDiv slds-m-bottom_small">
<div c-kcs_articleinfolwc_kcs_articleinfolwc="" class="severityJsa jsaBorder slds-m-right_medium"><label class="slds-p-bottom_x-small slds-p-top_x-small spanBlock slds-p-left_x-small slds-p-right_x-small"
c-kcs_articleinfolwc_kcs_articleinfolwc="">Severity</label><span c-kcs_articleinfolwc_kcs_articleinfolwc="" class="slds-p-bottom_x-small slds-p-top_xx-small slds-p-left_x-small slds-p-right_x-small"><lightning-formatted-rich-text
c-kcs_articleinfolwc_kcs_articleinfolwc="" class="slds-rich-text-editor__output"><span part="formatted-rich-text">Medium</span></lightning-formatted-rich-text></span></div>
<div c-kcs_articleinfolwc_kcs_articleinfolwc="" class="cvvscore jsaBorder"><label class="slds-p-bottom_x-small slds-p-top_x-small spanBlock slds-p-left_x-small slds-p-right_x-small" c-kcs_articleinfolwc_kcs_articleinfolwc="">Severity
Assessment (CVSS) Score</label><span c-kcs_articleinfolwc_kcs_articleinfolwc="" class="slds-p-bottom_x-small slds-p-top_xx-small slds-p-left_x-small slds-p-right_x-small"><lightning-formatted-rich-text
c-kcs_articleinfolwc_kcs_articleinfolwc="" class="slds-rich-text-editor__output"><span part="formatted-rich-text">5.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)</span></lightning-formatted-rich-text></span></div>
</div>
</div><label c-kcs_articleinfolwc_kcs_articleinfolwc="" class="slds-p-bottom_small">Problem</label><lightning-formatted-rich-text c-kcs_articleinfolwc_kcs_articleinfolwc="" class="slds-p-bottom_large slds-rich-text-editor__output"><span
part="formatted-rich-text">
<p>An Improper Release of Memory Before Removing Last Reference vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a local, low privileged attacker to cause an FPC crash, leading to Denial of Service
(DoS).</p>
<p><br>On all Junos MX Series with MPC1 - MPC9, LC480, LC2101, MX10003, and MX80, when Connectivity-Fault-Management (CFM) is enabled in a VPLS scenario, and a specific LDP related command is run, an FPC will crash and reboot. Continued
execution of this specific LDP command can lead to sustained Denial of Service condition.</p>
<p><br>This issue affects:</p>
<p>Juniper Networks Junos OS on MX Series</p>
<ul>
<li>All versions prior to 20.4R3-S7;</li>
<li>21.1 versions prior to 21.1R3-S5;</li>
<li>21.2 versions prior to 21.2R3-S4;</li>
<li>21.3 versions prior to 21.3R3-S4;</li>
<li>21.4 versions prior to 21.4R3-S3;</li>
<li>22.1 versions prior to 22.1R3-S1;</li>
<li>22.2 versions prior to 22.2R2-S1, 22.2R3;</li>
<li>22.3 versions prior to 22.3R1-S2, 22.3R2.</li>
</ul>
<p><br>For this issue to occur, following minimal configuration is required.</p>
<code>[ ldp interface <interface1> ]</code><br><code>[ interfaces <interface1> flexible-vlan-tagging ]</code><br><code>[ interfaces <interface1> encapsulation vlan-vpls ]</code><br><code>[ protocols oam ethernet
connectivity-fault-management maintenance-domain <md-name> interface <interface2> ]</code><br><code>[ routing-instances <md-name> instance-type vpls ]</code><br><code>[ routing-instances <md-name> interface
<interface1> ]</code>
<p><br>Juniper SIRT is not aware of any malicious exploitation of this vulnerability.</p>
<p><br>This issue was seen during production usage.</p>
<p><br>This issue has been assigned <a target="_blank" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44193">CVE-2023-44193</a>.</p>
</span></lightning-formatted-rich-text><label c-kcs_articleinfolwc_kcs_articleinfolwc="" class="slds-p-bottom_small">Solution</label><lightning-formatted-rich-text c-kcs_articleinfolwc_kcs_articleinfolwc=""
class="slds-p-bottom_large slds-rich-text-editor__output"><span part="formatted-rich-text">
<p>The following software releases have been updated to resolve this specific issue: 20.4R3-S7, 21.1R3-S5, 21.2R3-S4, 21.3R3-S4, 21.4R3-S3, 22.1R3-S1, 22.2R2-S1, 22.2R3, 22.3R1-S2, 22.3R2, 22.4R1, and all subsequent releases.</p>
<p><br>This issue is being tracked as PR <a target="_blank" href="https://prsearch.juniper.net/problemreport/PR1668419">1668419</a> which is visible on the Customer Support website.</p>
<p><br><strong>Note</strong>: Juniper SIRT's <a target="_blank" href="https://kb.juniper.net/KB16765">policy</a> is not to evaluate releases which are beyond End of Engineering (EOE) or End of Life (EOL).</p>
</span></lightning-formatted-rich-text><label c-kcs_articleinfolwc_kcs_articleinfolwc="" class="slds-p-bottom_small">Workaround</label><lightning-formatted-rich-text c-kcs_articleinfolwc_kcs_articleinfolwc=""
class="slds-p-bottom_large slds-rich-text-editor__output"><span part="formatted-rich-text">
<p>This issue can be avoided by disabling CFM MIP functionality.</p>
<code>[ protocols oam ethernet connectivity-fault-management maintenance-domain <md-name> mip-half-function none ]</code>
</span></lightning-formatted-rich-text><label c-kcs_articleinfolwc_kcs_articleinfolwc="" class="slds-p-bottom_small">Modification History</label><lightning-formatted-rich-text c-kcs_articleinfolwc_kcs_articleinfolwc=""
class="slds-p-bottom_large slds-rich-text-editor__output"><span part="formatted-rich-text">
<pre>2023-10-11: Initial Publication</pre>
</span></lightning-formatted-rich-text><label c-kcs_articleinfolwc_kcs_articleinfolwc="" class="slds-p-bottom_small">Related Information</label><lightning-formatted-rich-text c-kcs_articleinfolwc_kcs_articleinfolwc=""
class="slds-p-bottom_large slds-rich-text-editor__output"><span part="formatted-rich-text">
<ul>
<li><a target="_blank" href="/s/article/Overview-of-the-Juniper-Networks-SIRT-Quarterly-Security-Bulletin-Publication-Process">KB16613: Overview of the Juniper Networks SIRT Quarterly Security Bulletin Publication Process</a></li>
<li><a target="_blank" href="/s/article/In-which-releases-are-vulnerabilities-fixed">KB16765: In which releases are vulnerabilities fixed?</a></li>
<li><a target="_blank" href="/s/article/Common-Vulnerability-Scoring-System-CVSS-and-Juniper-s-Security-Advisories">KB16446: Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories</a></li>
<li><a target="_blank" href="https://www.juniper.net/security/report-vulnerability/">Report a Security Vulnerability - How to Contact the Juniper Networks Security Incident Response Team</a></li>
<li><a target="_blank" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44193">CVE-2023-44193 at cve.mitre.org</a></li>
<li><a target="_blank" href="https://supportportal.juniper.net/JSA73152">https://supportportal.juniper.net/JSA73157</a></li>
</ul>
</span></lightning-formatted-rich-text>
</div><lightning-accordion c-kcs_articleinfolwc_kcs_articleinfolwc="" role="list" class="slds-accordion" lwc-4fpb0t2acsh-host="">
<div lwc-4fpb0t2acsh="" part="accordion">
<slot lwc-4fpb0t2acsh=""><lightning-accordion-section c-kcs_articleinfolwc_kcs_articleinfolwc="" role="listitem" class="slds-accordion__list-item" lwc-3tfn8c53l4v-host="">
<div lwc-3tfn8c53l4v="" class="slds-accordion__list-item">
<section lwc-3tfn8c53l4v="" class="slds-accordion__section" part="accordion-section">
<div lwc-3tfn8c53l4v="" class="slds-accordion__summary">
<h2 lwc-3tfn8c53l4v="" class="slds-accordion__summary-heading"><button lwc-3tfn8c53l4v="" class="section-control slds-button slds-button_reset slds-accordion__summary-action" type="button" aria-expanded="false"
aria-controls="lgt-accordion-section-21" part="button"><lightning-primitive-icon lwc-3tfn8c53l4v="" size="x-small"><svg class="slds-button__icon slds-button__icon_left slds-icon slds-icon-text-default slds-icon_x-small"
focusable="false" data-key="chevronright" aria-hidden="true" viewBox="0 0 52 52" part="icon">
<g>
<path d="M17.9 4.4l20.7 20.5c.6.6.6 1.6 0 2.2L17.9 47.6c-.6.6-1.6.6-2.2 0l-2.2-2.2c-.6-.6-.6-1.6 0-2.2l16.3-16.1c.6-.6.6-1.6 0-2.2L13.6 8.8c-.6-.6-.6-1.6 0-2.2l2.2-2.2c.6-.5 1.5-.5 2.1 0z"></path>
</g>
</svg></lightning-primitive-icon><span lwc-3tfn8c53l4v="" class="slds-accordion__summary-content" title="AFFECTED PRODUCT SERIES / FEATURES">AFFECTED PRODUCT SERIES / FEATURES</span></button></h2>
<slot lwc-3tfn8c53l4v="" name="actions"></slot>
</div>
<div lwc-3tfn8c53l4v="" class="slds-accordion__content" id="lgt-accordion-section-21" hidden="" aria-hidden="true">
<slot lwc-3tfn8c53l4v=""><c-kcs_affectedproduct-l-w-c c-kcs_articleinfolwc_kcs_articleinfolwc="" c-kcs_affectedproductlwc_kcs_affectedproductlwc-host="">
<div c-kcs_affectedproductlwc_kcs_affectedproductlwc="" class="afftedProd slds-m-top_small">
<a c-kcs_affectedproductlwc_kcs_affectedproductlwc="" href="https://supportportal.juniper.net/s/global-search/%40uri?language=en_US#sort=relevancy&f:level3=[MX-Series]">MX-Series</a></div>
</c-kcs_affectedproduct-l-w-c></slot>
</div>
</section>
</div>
</lightning-accordion-section></slot>
</div>
</lightning-accordion>
</div>
</slot>
</slot>
</form>
POST
<form id="fileUploadForm" enctype="multipart/form-data" method="post" target="fileUploadIframe"><input type="file" id="fileSelector" name="file" style="display: none;"><input name="filename" type="hidden"></form>
Text Content
Loading ×Sorry to interrupt This page has an error. You might just need to refresh it. [LWC component's @wire target property or method threw an error during value provisioning. Original error: [Cannot read properties of undefined (reading 'ContentDocumentId')]] Failing descriptor: {markup://c:kCS_fileCompLWC} Refresh Skip to Main Content Juniper Support Portal * Home * Knowledge * Quick Links * More Expand search SearchLoading Close search Log in Knowledge BaseBack 2023-10 Security Bulletin: Junos OS: MX Series: An FPC crash is observed when CFM is enabled in a VPLS scenario and a specific LDP related command is run (CVE-2023-44193) Article IDJSA73157 Created2023-10-11 Last Updated2023-10-11 PrintReport a Security Vulnerability Product AffectedThis issue affects all versions of Junos OS. Affected platforms: MX Series. SeverityMedium Severity Assessment (CVSS) Score5.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) Problem An Improper Release of Memory Before Removing Last Reference vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a local, low privileged attacker to cause an FPC crash, leading to Denial of Service (DoS). On all Junos MX Series with MPC1 - MPC9, LC480, LC2101, MX10003, and MX80, when Connectivity-Fault-Management (CFM) is enabled in a VPLS scenario, and a specific LDP related command is run, an FPC will crash and reboot. Continued execution of this specific LDP command can lead to sustained Denial of Service condition. This issue affects: Juniper Networks Junos OS on MX Series * All versions prior to 20.4R3-S7; * 21.1 versions prior to 21.1R3-S5; * 21.2 versions prior to 21.2R3-S4; * 21.3 versions prior to 21.3R3-S4; * 21.4 versions prior to 21.4R3-S3; * 22.1 versions prior to 22.1R3-S1; * 22.2 versions prior to 22.2R2-S1, 22.2R3; * 22.3 versions prior to 22.3R1-S2, 22.3R2. For this issue to occur, following minimal configuration is required. [ ldp interface <interface1> ] [ interfaces <interface1> flexible-vlan-tagging ] [ interfaces <interface1> encapsulation vlan-vpls ] [ protocols oam ethernet connectivity-fault-management maintenance-domain <md-name> interface <interface2> ] [ routing-instances <md-name> instance-type vpls ] [ routing-instances <md-name> interface <interface1> ] Juniper SIRT is not aware of any malicious exploitation of this vulnerability. This issue was seen during production usage. This issue has been assigned CVE-2023-44193. Solution The following software releases have been updated to resolve this specific issue: 20.4R3-S7, 21.1R3-S5, 21.2R3-S4, 21.3R3-S4, 21.4R3-S3, 22.1R3-S1, 22.2R2-S1, 22.2R3, 22.3R1-S2, 22.3R2, 22.4R1, and all subsequent releases. This issue is being tracked as PR 1668419 which is visible on the Customer Support website. Note: Juniper SIRT's policy is not to evaluate releases which are beyond End of Engineering (EOE) or End of Life (EOL). Workaround This issue can be avoided by disabling CFM MIP functionality. [ protocols oam ethernet connectivity-fault-management maintenance-domain <md-name> mip-half-function none ]Modification History 2023-10-11: Initial Publication Related Information * KB16613: Overview of the Juniper Networks SIRT Quarterly Security Bulletin Publication Process * KB16765: In which releases are vulnerabilities fixed? * KB16446: Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories * Report a Security Vulnerability - How to Contact the Juniper Networks Security Incident Response Team * CVE-2023-44193 at cve.mitre.org * https://supportportal.juniper.net/JSA73157 AFFECTED PRODUCT SERIES / FEATURES MX-Series PEOPLE ALSO VIEWED 2023-10 Security Bulletin: Junos OS: MX Series: Receipt of malformed TCP traffic will cause a Denial of Service (CVE-2023-36841) 2023-10 Security Bulletin: Junos OS: QFX5000 Series, EX4600 Series: In a VxLAN scenario an adjacent attacker within the VxLAN sending genuine packets may cause a DMA memory leak to occur. (CVE-2023-44183) 2023-10 Security Bulletin: Junos OS: MX Series: In a PTP scenario a prolonged routing protocol churn can trigger an FPC reboot (CVE-2023-44199) 2023-10 Security Bulletin: Junos OS: SRX Series and MX Series: SIP ALG doesn't drop specifically malformed retransmitted SIP packets (CVE-2023-44198) 2023-10 Security Bulletin: Junos OS and Junos OS Evolved: In a BGP scenario RPD crashes upon receiving and processing a specific malformed ISO VPN BGP UPDATE packet (CVE-2023-44185) 2023-10 Security Bulletin: Junos OS: SRX Series: The PFE will crash on receiving malformed SSL traffic when ATP is enabled (CVE-2023-36843) 2023-10 Security Bulletin: Junos OS and Junos OS Evolved: A local attacker can retrieve sensitive information and elevate privileges on the device to an authorized user. (CVE-2023-44201) 2023-10 Security Bulletin: Junos OS and Junos OS Evolved: Receipt of a specific genuine PIM packet causes RPD crash (CVE-2023-44175) 2023-10 Security Bulletin: Junos OS: PTX Series and QFX10000 Series: Received flow-routes which aren't installed as the hardware doesn't support them, lead to an FPC heap memory leak (CVE-2023-22392) 2023-10 Security Bulletin: Junos OS and Junos OS Evolved: Multiple Vulnerabilities in CLI command 2023-10 Security Bulletin: Junos OS: QFX5000 Series: DMA memory leak is observed when specific DHCP packets are transmitted over pseudo-VTEP (CVE-2023-44192) 2023-10 Security Bulletin: Junos OS: QFX5000 Series and EX4000 Series: Denial of Service (DoS) on a large scale VLAN due to PFE hogging (CVE-2023-44191) Results 1-12 of 12 Live chat: © 1999 - 2023 Juniper Networks, Inc. All rights reserved * Contacts * Feedback * Site Map * Privacy Policy * Legal Notices * DMCA Policy Loading