CVE-2023-22407 : Vulnerability Insights and Analysis
CVE-2023-22407: Incomplete Cleanup flaw in Juniper Networks Junos OS allows a DoS attack via rpd crash triggered by MPLS TE tunnel change. Learn impact, affected versions, and mitigation steps.
This CVE record was published on January 12, 2023, by Juniper, describing an Incomplete Cleanup vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved that allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS) by triggering an rpd crash through an MPLS TE tunnel configuration change on a directly connected router.
Understanding CVE-2023-22407
This section delves into the specifics of CVE-2023-22407, detailing the impact, technical aspects, affected systems, and mitigation strategies.
What is CVE-2023-22407?
The CVE-2023-22407 vulnerability is classified as an Incomplete Cleanup flaw in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved. It allows an adjacent, unauthenticated attacker to instigate a Denial of Service (DoS) attack by causing an rpd crash with a specific MPLS TE tunnel configuration change on a directly connected router.
The Impact of CVE-2023-22407
The vulnerability presents a medium severity risk, with a CVSSv3.1 base score of 6.5. It poses a high availability impact, potentially leading to service disruption due to an rpd crash triggered by a malicious MPLS TE tunnel configuration change.
Technical Details of CVE-2023-22407
In this section, we will explore the vulnerability description, affected systems and versions, as well as the exploitation mechanism.
Vulnerability Description
The vulnerability arises from inadequate cleanup in the rpd of Juniper Networks Junos OS and Junos OS Evolved, enabling unauthorized entities to induce a DoS condition by causing an rpd crash via specific MPLS TE tunnel configuration changes.
Affected Systems and Versions
The impacted systems include Juniper Networks Junos OS versions prior to 18.4R2-S7, 19.1 versions prior to 19.1R3-S2, 19.2 versions prior to 19.2R3, 19.3 versions prior to 19.3R3, 19.4 versions prior to 19.4R3, 20.1 versions prior to 20.1R2, and 20.2 versions prior to 20.2R2. Similarly, Juniper Networks Junos OS Evolved versions affected are those preceding 19.2R3-EVO, 19.3 versions before 19.3R3-EVO, 19.4 versions prior to 19.4R3-EVO, 20.1 versions before 20.1R3-EVO, and 20.2 versions prior to 20.2R2-EVO.
Exploitation Mechanism
As of the latest information, there is no reported malicious exploitation of this vulnerability by threat actors, as confirmed by the Juniper SIRT team.
Mitigation and Prevention
This segment provides insights into immediate steps to take, long-term security practices, and information about patching and updates.
Immediate Steps to Take
To mitigate the risk posed by CVE-2023-22407, it is recommended to remove the problematic configuration "protocols rsvp interface <interface> link-protection max-bypasses" from the affected devices running vulnerable versions of Junos OS and Junos OS Evolved.
Long-Term Security Practices
Implementing stringent access controls, network segmentation, and regular security audits can bolster the overall security posture, reducing the likelihood of successful attacks exploiting similar vulnerabilities.
Patching and Updates
Juniper Networks has released software updates aimed at addressing CVE-2023-22407. Users are advised to upgrade their Junos OS installations to versions 18.4R2-S7, 19.1R3-S2, 19.2R3, 19.3R3, 19.4R3, 20.1R2, 20.2R2, 20.3R1, or subsequent releases. For Junos OS Evolved, the fixed versions are 19.2R3-EVO, 19.3R3-EVO, 19.4R3-EVO, 20.1R3-EVO, 20.2R2-EVO, 20.3R1-EVO, and all subsequent releases.