Junos OS Flaw Allows Attackers to Flood System and Expose Sensitive Data

Three new vulnerabilities have been discovered in Junos OS: password disclosure, MAC address validation bypass, and Time-of-check Time-of-use (TOCTOU) Race Condition. The severity of these vulnerabilities ranges between 5.3 (Medium) to 6.1 (Medium).

Juniper Networks has released patches and security advisories for addressing these vulnerabilities. It is worth mentioning that there was a command injection vulnerability previously discovered in the SRX and EX series firewalls that affected more than 15,000 firewalls worldwide.

Vulnerability details

CVE-2023-44187: Passwords Disclosure

This vulnerability can be exploited by an authenticated threat actor with shell access to execute the ‘file copy’ command on the Junos OS evolved, which allows viewing passwords supplied on the CLI command line. 

These credentials can later be used by threat actors for various malicious purposes, which include unauthorized remote access to vulnerable systems. The severity of this vulnerability has been given as 5.9 (Medium).

Products	Affected versions	Fixed in Versions
Juniper Networks Junos OS Evolved	All versions prior to 20.4R3-S7-EVO;21.1 versions 21.1R1-EVO and later;21.2 versions prior to 21.2R3-S5-EVO;21.3 versions prior to 21.3R3-S4-EVO;21.4 versions prior to 21.4R3-S4-EVO;22.1 versions prior to 22.1R3-S2-EVO;22.2 versions prior to 22.2R2-EVO.	Junos OS Evolved: 20.4R3-S7-EVO, 21.2R3-S5-EVO, 21.3R3-S4-EVO, 21.4R3-S4-EVO, 22.1R3-S2-EVO, 22.2R2-EVO, 22.3R1-EVO, and all subsequent releases

CVE-2023-44189: MAC Address Validation Bypass

This particular vulnerability exists in insufficient validation in MAC address validation used blocking MAC addresses not intended to reach the adjacent LANs. This vulnerability allows a network-adjacent threat actor to bypass MAC address checking, causing a loop and congestion condition.

The severity of this vulnerability has been given as 6.1 (Medium). However, this vulnerability exists in the Junos OS Evolved: PTX10003 Series routers. 

Products	Affected versions	Fixed in Versions
Junos OS Evolved on PTX10003 Series	All versions prior to 21.4R3-S4-EVO;22.1 versions prior to 22.1R3-S3-EVO;22.2 version 22.2R1-EVO and later versions;22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO;22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO;23.2 versions prior to 23.2R2-EVO.	Junos OS Evolved: 21.4R3-S4-EVO, 22.1R3-S3-EVO, 22.3R2-S2-EVO, 22.3R3-S1-EVO, 22.4R2-S1-EVO, 22.4R3-EVO, 23.2R2-EVO, 23.3R1-EVO, and all subsequent releases.

CVE-2023-44188: Junos OS jkdsd Crash

This is a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability, which allows network-based authenticated threat actors to flood the system with multiple telemetry requests, which could cause the Junos Kernel Debugging Streaming Daemon (jkdsd) process to crash, resulting in a Denial of Service (DoS). 

Furthermore, this denial-of-service condition persists due to the continued receipt and processing of multiple telemetry requests, which repeatedly crashes the jkdsd process. The severity of this vulnerability has been given as 5.3 (Medium).

Products	Affected versions	Fixed in Versions
Juniper Networks Junos OS	20.4 versions prior to 20.4R3-S9;21.1 versions 21.1R1 and later;21.2 versions prior to 21.2R3-S6;21.3 versions prior to 21.3R3-S5;21.4 versions prior to 21.4R3-S5;22.1 versions prior to 22.1R3-S4;22.2 versions prior to 22.2R3-S2;22.3 versions prior to 22.3R2-S1, 22.3R3-S1;22.4 versions prior to 22.4R2-S2, 22.4R3;23.1 versions prior to 23.1R2;23.2 versions prior to 23.2R2.	Junos OS: 20.4R3-S9, 21.2R3-S6, 21.4R3-S5, 22.1R3-S4, 22.2R3-S2, 22.3R2-S1, 22.3R2-S2, 22.3R3-S1, 22.4R2-S2, 22.4R3, 23.1R2, 23.2R1, 23.2R2, 23.3R1, and all subsequent

Users of these products are recommended to upgrade to the fixed versions to prevent these vulnerabilities from getting exploited.

Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Take advantage of the free trial to ensure 100% security.