{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2023-28979","assignerOrgId":"8cbe9d5a-a066-4c94-8978-4b15efeae968","assignerShortName":"juniper","dateUpdated":"2025-02-26T19:21:39.224Z","dateReserved":"2023-03-29T00:00:00.000Z","datePublished":"2023-04-17T00:00:00.000Z"},"containers":{"cna":{"title":"Junos OS: In a 6PE scenario upon receipt of a specific IPv6 packet an integrity check fails","datePublic":"2023-04-12T00:00:00.000Z","providerMetadata":{"orgId":"8cbe9d5a-a066-4c94-8978-4b15efeae968","shortName":"juniper","dateUpdated":"2023-04-17T00:00:00.000Z"},"descriptions":[{"lang":"en","value":"An Improper Check for Unusual or Exceptional Conditions vulnerability in the kernel of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to bypass an integrity check. In a 6PE scenario and if an additional integrity check is configured, it will fail to drop specific malformed IPv6 packets, and then these packets will be forwarded to other connected networks. This issue affects Juniper Networks Junos OS: All versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R3-S9; 20.2 versions prior to 20.2R3-S7; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S2; 21.3 versions prior to 21.3R3-S1; 21.4 versions prior to 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R2; 22.2 versions prior to 22.2R2."}],"affected":[{"vendor":"Juniper Networks","product":"Junos OS","versions":[{"version":"unspecified","lessThan":"19.3R3-S7","status":"affected","versionType":"custom"},{"version":"19.4","status":"affected","lessThan":"19.4R3-S9","versionType":"custom"},{"version":"20.2","status":"affected","lessThan":"20.2R3-S7","versionType":"custom"},{"version":"20.3","status":"affected","lessThan":"20.3R3-S5","versionType":"custom"},{"version":"20.4","status":"affected","lessThan":"20.4R3-S4","versionType":"custom"},{"version":"21.1","status":"affected","lessThan":"21.1R3-S3","versionType":"custom"},{"version":"21.2","status":"affected","lessThan":"21.2R3-S2","versionType":"custom"},{"version":"21.3","status":"affected","lessThan":"21.3R3-S1","versionType":"custom"},{"version":"21.4","status":"affected","lessThan":"21.4R2-S1, 21.4R3","versionType":"custom"},{"version":"22.1","status":"affected","lessThan":"22.1R2","versionType":"custom"},{"version":"22.2","status":"affected","lessThan":"22.2R2","versionType":"custom"}]}],"references":[{"url":"https://supportportal.juniper.net/JSA70604"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":4.7,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-754 Improper Check for Unusual or Exceptional Conditions","cweId":"CWE-754"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"advisory":"JSA70604","defect":["1662400"],"discovery":"USER"},"configurations":[{"lang":"en","value":"For a system to be affected it would need to be configured for 6PE where the following command is required:\n\n  [protocols mpls ipv6-tunneling]"}],"workarounds":[{"lang":"en","value":"There are no known workarounds for this issue."}],"exploits":[{"lang":"en","value":"Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}],"solutions":[{"lang":"en","value":"The following software releases have been updated to resolve this specific issue: 19.3R3-S7, 19.4R3-S9, 20.2R3-S7, 20.3R3-S5, 20.4R3-S4, 21.1R3-S3, 21.2R3-S2, 21.3R3-S1, 21.4R2-S1, 21.4R3, 22.1R2, 22.2R2, 22.3R1, and all subsequent releases.\n"}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T13:51:38.950Z"},"title":"CVE Program Container","references":[{"url":"https://supportportal.juniper.net/JSA70604","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-02-12T18:26:28.099464Z","id":"CVE-2023-28979","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-02-26T19:21:39.224Z"}}]}}