CVE-2023-22400

{"id": "CVE-2023-22400", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "sirt@juniper.net", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-01-13T00:15:10.540", "references": [{"url": "https://kb.juniper.net/JSA70196", "tags": ["Vendor Advisory"], "source": "sirt@juniper.net"}, {"url": "https://kb.juniper.net/JSA70196", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "sirt@juniper.net", "description": [{"lang": "en", "value": "CWE-400"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "An Uncontrolled Resource Consumption vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause an FPC crash leading to a Denial of Service (DoS). When a specific SNMP GET operation or a specific CLI command is executed this will cause a GUID resource leak, eventually leading to exhaustion and result in an FPC crash and reboot. GUID exhaustion will trigger a syslog message like one of the following for example: evo-pfemand[<pid>]: get_next_guid: Ran out of Guid Space ... evo-aftmand-zx[<pid>]: get_next_guid: Ran out of Guid Space ... This leak can be monitored by running the following command and taking note of the value in the rightmost column labeled Guids: user@host> show platform application-info allocations app evo-pfemand | match \"IFDId|IFLId|Context\" Node Application Context Name Live Allocs Fails Guids re0 evo-pfemand net::juniper::interfaces::IFDId 0 3448 0 3448 re0 evo-pfemand net::juniper::interfaces::IFLId 0 561 0 561 user@host> show platform application-info allocations app evo-pfemand | match \"IFDId|IFLId|Context\" Node Application Context Name Live Allocs Fails Guids re0 evo-pfemand net::juniper::interfaces::IFDId 0 3784 0 3784 re0 evo-pfemand net::juniper::interfaces::IFLId 0 647 0 647 This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S3-EVO; 21.1-EVO version 21.1R1-EVO and later versions; 21.2-EVO versions prior to 21.2R3-S4-EVO; 21.3-EVO version 21.3R1-EVO and later versions; 21.4-EVO versions prior to 21.4R2-EVO."}, {"lang": "es", "value": "Una vulnerabilidad de consumo de recursos no controlado en el demonio de administraci\u00f3n de PFE (evo-pfemand) de Juniper Networks Junos OS Evolved permite que un atacante basado en red no autenticado provoque una falla de FPC que provoque una denegaci\u00f3n de servicio (DoS). Cuando se ejecuta una operaci\u00f3n SNMP GET espec\u00edfica o un comando CLI espec\u00edfico, esto provocar\u00e1 una fuga de recursos GUID, lo que eventualmente provocar\u00e1 el agotamiento y provocar\u00e1 un bloqueo y reinicio del FPC. El agotamiento del GUID activar\u00e1 un mensaje de syslog como uno de los siguientes, por ejemplo: evo-pfemand[]: get_next_guid: Se qued\u00f3 sin espacio Guid... evo-aftmand-zx[]: get_next_guid: Se qued\u00f3 sin espacio Guid... Esto La fuga se puede monitorear ejecutando el siguiente comando y tomando nota del valor en la columna de la derecha denominada Guids: usuario@host&gt; show platform application-info allocations app evo-pfemand | match \"IFDId|IFLId|Context\" Node Application Context Name Live Allocs Fails Guids re0 evo-pfemand net::juniper::interfaces::IFDId 0 3448 0 3448 re0 evo-pfemand net::juniper::interfaces::IFLId 0 561 0 561 user@host&gt; show platform application-info allocations app evo-pfemand | match \"IFDId|IFLId|Context\" Node Application Context Name Live Allocs Fails Guids re0 evo-pfemand net::juniper::interfaces::IFDId 0 3784 0 3784 re0 evo-pfemand net::juniper::interfaces::IFLId 0 647 0 647. Este problema afecta a Juniper Networks Junos OS Evolved: todas las versiones anteriores a 20.4R3-S3-EVO; 21.1-EVO versi\u00f3n 21.1R1-EVO y versiones posteriores; Versiones 21.2-EVO anteriores a 21.2R3-S4-EVO; 21.3-EVO versi\u00f3n 21.3R1-EVO y versiones posteriores; Versiones 21.4-EVO anteriores a 21.4R2-EVO."}], "lastModified": "2024-11-21T07:44:44.357", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "247FB9DF-7EC0-4298-B27C-3235D141C1D6"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C9C8866D-162F-4C9B-8167-2FBA25410368"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F85E5BC7-8607-4330-AA72-2273D32F8604"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1-s2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "878C81C9-A418-4A21-8FDB-2116A992679C"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7451A671-A3CC-4904-8D45-947B1D3783C9"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0108AD20-EAE6-41D1-AE48-254C46B5388A"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44FBCA6F-EB05-4EE4-85FD-944BDAF7D81B"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E554FD12-FE69-44D1-B2C9-4382F8CA4456"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0C1D53E-70BE-4246-89ED-1074C8C70747"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B39DDCF8-BB68-49F4-8AAF-AE25C9C13AC1"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B38A90A9-B739-49BE-8845-9ABF846CCC5D"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE674DD3-3590-4434-B144-5AD7EB5F039D"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r1-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0099BDA9-9D4B-4D6C-8234-EFD9E8C63476"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8729BC1-FB09-4E6D-A5D5-8BDC589555B6"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9D72C3DF-4513-48AC-AAED-C1AADF0794E1"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r3-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C583289-96C4-4451-A320-14CA1C390819"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "620B0CDD-5566-472E-B96A-31D2C12E3120"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3EA3DC63-B290-4D15-BEF9-21DEF36CA2EA"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r1-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E1E57AF-979B-4022-8AD6-B3558E06B718"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r1-s2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "144730FB-7622-4B3D-9C47-D1B7A7FB7EB0"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7BA246F0-154E-4F44-A97B-690D22FA73DD"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r2-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "25D6C07C-F96E-4523-BB54-7FEABFE1D1ED"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r2-s2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B70C784-534B-4FAA-A5ED-3709656E2B97"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "60448FFB-568E-4280-9261-ADD65244F31A"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B770C52-7E3E-4B92-9138-85DEC56F3B22"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E88AC378-461C-4EFA-A04B-5786FF21FE03"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B0AFB30-81DC-465C-9F63-D1B15EA4809A"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A4DD04A-DE52-46BE-8C34-8DB47F7500F0"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r1-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FEE0E145-8E1C-446E-90ED-237E3B9CAF47"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F26369D-21B2-4C6A-98C1-492692A61283"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r2-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24003819-1A6B-4BDF-B3DF-34751C137788"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r2-s2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF8D332E-9133-45B9-BB07-B33C790F737A"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E2A4377-D044-4E43-B6CC-B753D7F6ABD4"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E907193-075E-45BC-9257-9607DB790D71"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B73A41D-3FF5-4E53-83FF-74DF58E0D6C3"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CEDF46A8-FC3A-4779-B695-2CA11D045AEB"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "39809219-9F87-4583-9DAD-9415DD320B36"}], "operator": "OR"}]}], "sourceIdentifier": "sirt@juniper.net"}