{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-44189","assignerOrgId":"8cbe9d5a-a066-4c94-8978-4b15efeae968","state":"PUBLISHED","assignerShortName":"juniper","dateReserved":"2023-09-26T19:30:27.953Z","datePublished":"2023-10-11T21:00:54.637Z","dateUpdated":"2024-09-18T14:34:40.247Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","platforms":["PTX10003 Series"],"product":"Junos OS Evolved","vendor":"Juniper Networks","versions":[{"lessThan":"21.4R3-S4-EVO","status":"affected","version":"0","versionType":"semver"},{"lessThan":"22.1R3-S3-EVO","status":"affected","version":"22.1","versionType":"semver"},{"lessThan":"22.2*-EVO","status":"affected","version":"22.2R1-EVO","versionType":"semver"},{"lessThan":"22.3R2-S2-EVO, 22.3R3-S1-EVO","status":"affected","version":"22.3","versionType":"semver"},{"lessThan":"22.4R2-S1-EVO, 22.4R3-EVO","status":"affected","version":"22.4","versionType":"semver"},{"lessThan":"23.2R2-EVO","status":"affected","version":"23.2","versionType":"semver"}]}],"configurations":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>No specific configuration is required.</p>"}],"value":"No specific configuration is required.\n\n"}],"datePublic":"2023-10-11T16:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"\n\n<p>An Origin Validation vulnerability in MAC address validation of Juniper Networks Junos OS Evolved on PTX10003 Series allows a network-adjacent attacker to bypass MAC address checking, allowing MAC addresses not intended to reach the adjacent LAN to be forwarded to the downstream network. Due to this issue, the router will start forwarding traffic if a valid route is present in forwarding-table, causing a loop and congestion in the downstream layer-2 domain connected to the device.</p><p>This issue affects Juniper Networks Junos OS Evolved on PTX10003 Series:</p><p></p><ul><li>All versions prior to 21.4R3-S4-EVO;</li><li>22.1 versions prior to 22.1R3-S3-EVO;</li><li>22.2 version 22.2R1-EVO and later versions;</li><li>22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO;</li><li>22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO;</li><li>23.2 versions prior to 23.2R2-EVO.</li></ul><p></p>\n\n"}],"value":"\nAn Origin Validation vulnerability in MAC address validation of Juniper Networks Junos OS Evolved on PTX10003 Series allows a network-adjacent attacker to bypass MAC address checking, allowing MAC addresses not intended to reach the adjacent LAN to be forwarded to the downstream network. Due to this issue, the router will start forwarding traffic if a valid route is present in forwarding-table, causing a loop and congestion in the downstream layer-2 domain connected to the device.\n\nThis issue affects Juniper Networks Junos OS Evolved on PTX10003 Series:\n\n\n\n  *  All versions prior to 21.4R3-S4-EVO;\n  *  22.1 versions prior to 22.1R3-S3-EVO;\n  *  22.2 version 22.2R1-EVO and later versions;\n  *  22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO;\n  *  22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO;\n  *  23.2 versions prior to 23.2R2-EVO.\n\n\n\n\n\n\n"}],"exploits":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>Juniper SIRT is not aware of any malicious exploitation of this vulnerability.</p>"}],"value":"Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n"}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"ADJACENT_NETWORK","availabilityImpact":"LOW","baseScore":6.1,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-346","description":"CWE-346 Origin Validation Error","lang":"en","type":"CWE"}]},{"descriptions":[{"description":"Denial of Service (DoS)","lang":"en"}]}],"providerMetadata":{"orgId":"8cbe9d5a-a066-4c94-8978-4b15efeae968","shortName":"juniper","dateUpdated":"2023-10-11T21:10:46.791Z"},"references":[{"tags":["vendor-advisory"],"url":"https://supportportal.juniper.net/JSA73153"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>The following software releases have been updated to resolve this specific issue: Junos OS Evolved 21.4R3-S4-EVO, 22.1R3-S3-EVO, 22.3R2-S2-EVO, 22.3R3-S1-EVO, 22.4R2-S1-EVO, 22.4R3-EVO, 23.2R2-EVO, 23.3R1-EVO, and all subsequent releases.</p>"}],"value":"The following software releases have been updated to resolve this specific issue: Junos OS Evolved 21.4R3-S4-EVO, 22.1R3-S3-EVO, 22.3R2-S2-EVO, 22.3R3-S1-EVO, 22.4R2-S1-EVO, 22.4R3-EVO, 23.2R2-EVO, 23.3R1-EVO, and all subsequent releases.\n\n"}],"source":{"advisory":"JSA73153","defect":["1732283"],"discovery":"USER"},"timeline":[{"lang":"en","time":"2023-10-11T16:00:00.000Z","value":"Initial Publication"}],"title":"Junos OS Evolved: PTX10003 Series: MAC address validation bypass vulnerability","workarounds":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>There are no known workarounds for this issue.</p>"}],"value":"There are no known workarounds for this issue.\n\n"}],"x_generator":{"engine":"Vulnogram 0.1.0-av217"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T19:59:51.251Z"},"title":"CVE Program Container","references":[{"tags":["vendor-advisory","x_transferred"],"url":"https://supportportal.juniper.net/JSA73153"}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-09-18T14:34:36.367068Z","id":"CVE-2023-44189","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-18T14:34:40.247Z"}}]}}