CVE-2023-36850

Summary

CVE-2023-36850 is a vulnerability affecting Juniper Networks Junos OS on MX Series (excluding MPC10, MPC11, and LC9600) that allows an adjacent attacker on the local broadcast domain to cause a Denial of Service (DoS). This issue arises due to an Improper Validation of Specified Index, Position, or Offset in Input in the Connectivity Fault Management (CFM) module. Upon receiving a malformed CFM packet, the MPC crashes, and continued receipt of these packets results in a sustained denial of service. This vulnerability can only be triggered when CFM hasn't been configured. Affected versions include all prior to 19.1R3-S10 on MX Series, 19.2 versions prior to 19.2R3-S7, 19.3 versions prior to 19.3R3-S8, 19.4 versions prior to 19.4R3-S12, 20.1 version 20.1R1 and later versions, 20.2 versions prior to 20.2R3-S7, 20.3 version 20.3R1 and later versions, 20.4 versions prior to 20.4R3-S7, 21.1 versions prior to 21.1R3-S5, 21.2 versions prior to 21.2R3-S4, 21.3 versions prior to 21.3R3-S4, 21.4 versions prior to 21.4R3-S3, 22.1 versions prior to 22.1R3-S2, 22.2 versions prior to 22.2R3, 22.3 versions prior to 22.3R2 and 22.3R3, and 22.4 versions prior to 22.4R2 on MX Series.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.