Three new vulnerabilities have been discovered in Junos OS: password disclosure, MAC address validation bypass, and Time-of-check Time-of-use (TOCTOU) Race Condition. The severity of these vulnerabilities ranges between 5.3 (Medium) to 6.1 (Medium).
Juniper Networks has released patches and security advisories for addressing these vulnerabilities. It is worth mentioning that there was a command injection vulnerability previously discovered in the SRX and EX series firewalls that affected more than 15,000 firewalls worldwide.
Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware
Vulnerability details
This vulnerability can be exploited by an authenticated threat actor with shell access to execute the ‘file copy’ command on the Junos OS evolved, which allows viewing passwords supplied on the CLI command line.
These credentials can later be used by threat actors for various malicious purposes, which include unauthorized remote access to vulnerable systems. The severity of this vulnerability has been given as 5.9 (Medium).
Products | Affected versions | Fixed in Versions |
Juniper Networks Junos OS Evolved | All versions prior to 20.4R3-S7-EVO;21.1 versions 21.1R1-EVO and later;21.2 versions prior to 21.2R3-S5-EVO;21.3 versions prior to 21.3R3-S4-EVO;21.4 versions prior to 21.4R3-S4-EVO;22.1 versions prior to 22.1R3-S2-EVO;22.2 versions prior to 22.2R2-EVO. | Junos OS Evolved: 20.4R3-S7-EVO, 21.2R3-S5-EVO, 21.3R3-S4-EVO, 21.4R3-S4-EVO, 22.1R3-S2-EVO, 22.2R2-EVO, 22.3R1-EVO, and all subsequent releases |
CVE-2023-44189: MAC Address Validation Bypass
This particular vulnerability exists in insufficient validation in MAC address validation used blocking MAC addresses not intended to reach the adjacent LANs. This vulnerability allows a network-adjacent threat actor to bypass MAC address checking, causing a loop and congestion condition.
The severity of this vulnerability has been given as 6.1 (Medium). However, this vulnerability exists in the Junos OS Evolved: PTX10003 Series routers.
Products | Affected versions | Fixed in Versions |
Junos OS Evolved on PTX10003 Series | All versions prior to 21.4R3-S4-EVO;22.1 versions prior to 22.1R3-S3-EVO;22.2 version 22.2R1-EVO and later versions;22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO;22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO;23.2 versions prior to 23.2R2-EVO. | Junos OS Evolved: 21.4R3-S4-EVO, 22.1R3-S3-EVO, 22.3R2-S2-EVO, 22.3R3-S1-EVO, 22.4R2-S1-EVO, 22.4R3-EVO, 23.2R2-EVO, 23.3R1-EVO, and all subsequent releases. |
This is a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability, which allows network-based authenticated threat actors to flood the system with multiple telemetry requests, which could cause the Junos Kernel Debugging Streaming Daemon (jkdsd) process to crash, resulting in a Denial of Service (DoS).
Furthermore, this denial-of-service condition persists due to the continued receipt and processing of multiple telemetry requests, which repeatedly crashes the jkdsd process. The severity of this vulnerability has been given as 5.3 (Medium).
Products | Affected versions | Fixed in Versions |
Juniper Networks Junos OS | 20.4 versions prior to 20.4R3-S9;21.1 versions 21.1R1 and later;21.2 versions prior to 21.2R3-S6;21.3 versions prior to 21.3R3-S5;21.4 versions prior to 21.4R3-S5;22.1 versions prior to 22.1R3-S4;22.2 versions prior to 22.2R3-S2;22.3 versions prior to 22.3R2-S1, 22.3R3-S1;22.4 versions prior to 22.4R2-S2, 22.4R3;23.1 versions prior to 23.1R2;23.2 versions prior to 23.2R2. | Junos OS: 20.4R3-S9, 21.2R3-S6, 21.4R3-S5, 22.1R3-S4, 22.2R3-S2, 22.3R2-S1, 22.3R2-S2, 22.3R3-S1, 22.4R2-S2, 22.4R3, 23.1R2, 23.2R1, 23.2R2, 23.3R1, and all subsequent |
Users of these products are recommended to upgrade to the fixed versions to prevent these vulnerabilities from getting exploited.
Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Take advantage of the free trial to ensure 100% security.