CVE-2023-36834

Summary

CVE-2023-36834 is a vulnerability affecting Juniper Networks Junos OS on SRX 4600 and SRX 5000 Series. This issue is classified as an Incomplete Internal State Distinction vulnerability, which enables an adjacent attacker to cause a Denial of Service (DoS) by making the Packet Processing Engines (PPE) in the packet forwarding engine (PFE) enter into a loop. When an SRX is in L2 transparent mode, a specific genuine packet can trigger this loop, leading to the unavailability of one PPE at a time, causing a gradual performance degradation until all PPEs are unavailable, resulting in all traffic processing coming to a halt. The affected versions include 20.1, 20.2 prior to 20.2R3-S7, 20.3 and later, 20.4 prior to 20.4R3-S7, 21.1 prior to 21.1R3-S5, 21.2 prior to 21.2R3-S3, 21.3 prior to 21.3R3-S3, 21.4 prior to 21.4R3-S1, 22.1 prior to 22.1R3, 22.2 prior to 22.2R2, and 22.3 versions prior to 22.3R1-S1 and 22.3R2. To mitigate this vulnerability, it is recommended that affected devices are updated to the latest Junos OS versions.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.