MEDIUM🇵🇱 Wersja polska

CVE-2023-28961

CVSS 5.8v3.1pub. 2023-04-17upd. 2024-11-21

An Improper Handling of Unexpected Data Type vulnerability in IPv6 firewall filter processing of Juniper Networks Junos OS on the ACX Series devices will prevent a firewall filter with the term 'from next-header ah' from being properly installed in the packet forwarding engine (PFE). There is no immediate indication of an incomplete firewall filter commit shown at the CLI, which could allow an attacker to send valid packets to or through the device that were explicitly intended to be dropped. An indication that the filter was not installed can be identified with the following logs: fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_rule_prepare : Config failed: Unsupported Ip-protocol 51 in the filter lo0.0-inet6-i fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_rule_prepare : Please detach the filter, remove unsupported match and re-attach fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_process_rule : Status:104 dnx_dfw_rule_prepare failed fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_process_filter : Status:104 dnx_dfw_process_rule failed fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_update_filter_in_hw : Status:104 Could not process filter(lo0.0-inet6-i) for rule expansion Unsupported match, action present. fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_create_hw_instance : Status:104 Could not program dfw(lo0.0-inet6-i) type(IFP_DFLT_INET6_Lo0_FILTER)! [104] fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_bind_shim : [104] Could not create dfw(lo0.0-inet6-i) type(IFP_DFLT_INET6_Lo0_FILTER) fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_update_resolve : [100] Failed to bind filter(3) to bind point fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_change_end : dnx_dfw_update_resolve (resolve type) failed This issue affects Juniper Networks Junos OS on ACX Series: All versions prior to 20.2R3-S7; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R2.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
  • Juniper Acx1000

    HW
    Juniper
    wszystkie wersje
  • Juniper Acx1100

    HW
    Juniper
    wszystkie wersje
  • Juniper Acx2000

    HW
    Juniper
    wszystkie wersje
  • Juniper Acx2100

    HW
    Juniper
    wszystkie wersje
  • Juniper Acx2200

    HW
    Juniper
    wszystkie wersje
  • Juniper Acx4000

    HW
    Juniper
    wszystkie wersje
  • Juniper Acx500

    HW
    Juniper
    wszystkie wersje
  • Juniper Acx5000

    HW
    Juniper
    wszystkie wersje
  • Juniper Acx5048

    HW
    Juniper
    wszystkie wersje
  • Juniper Acx5096

    HW
    Juniper
    wszystkie wersje
  • Juniper Acx5400

    HW
    Juniper
    wszystkie wersje
  • Juniper Acx5448

    HW
    Juniper
    wszystkie wersje
  • Juniper Acx5800

    HW
    Juniper
    wszystkie wersje
  • Juniper Acx6300

    HW
    Juniper
    wszystkie wersje
  • Juniper Acx6360

    HW
    Juniper
    wszystkie wersje
  • Juniper Acx710

    HW
    Juniper
    wszystkie wersje
  • Juniper Acx7100 32c

    HW
    Juniper
    wszystkie wersje
  • Juniper Acx7100 48l

    HW
    Juniper
    wszystkie wersje
  • Juniper Acx7509

    HW
    Juniper
    wszystkie wersje
  • Juniper Junos

    OS
    Juniper
    20.220.421.121.221.321.422.1< 20.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Firewall
CWE
References

Related vulnerabilities

CVE-2023-36845CRITICAL9.8⚠ KEVten sam produkt

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SR...

CVE-2024-21591CRITICAL9.8PL ✓ten sam produkt

Out-of-bounds Write w J-Web Juniper Junos OS — RCE z uprawnieniami root

CVE-2021-0248CRITICAL10.0ten sam produkt

This issue is not applicable to NFX NextGen Software. On NFX Series devices the use of Hard-coded Credentials ...

CVE-2021-0254CRITICAL9.8ten sam produkt

A buffer size validation vulnerability in the overlayd service of Juniper Networks Junos OS may allow an unaut...

CVE-2021-0211CRITICAL10.0ten sam produkt

An improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved Rout...