Vulnerability Database

289,784

Total vulnerabilities in the database

CVE-2023-44184

An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the management daemon (mgd) process of Juniper Networks Junos OS and Junos OS Evolved allows a network-based authenticated low-privileged attacker, by executing a specific command via NETCONF, to cause a CPU Denial of Service to the device's control plane.

This issue affects:

Juniper Networks Junos OS

  • All versions prior to 20.4R3-S7;
  • 21.2 versions prior to 21.2R3-S5;
  • 21.3 versions prior to 21.3R3-S5;
  • 21.4 versions prior to 21.4R3-S4;
  • 22.1 versions prior to 22.1R3-S2;
  • 22.2 versions prior to 22.2R3;
  • 22.3 versions prior to 22.3R2-S1, 22.3R3;
  • 22.4 versions prior to 22.4R1-S2, 22.4R2.

Juniper Networks Junos OS Evolved

  • All versions prior to 21.4R3-S4-EVO;
  • 22.1 versions prior to 22.1R3-S2-EVO;
  • 22.2 versions prior to 22.2R3-EVO;
  • 22.3 versions prior to 22.3R3-EVO;
  • 22.4 versions prior to 22.4R2-EVO.

An indicator of compromise can be seen by first determining if the NETCONF client is logged in and fails to log out after a reasonable period of time and secondly reviewing the WCPU percentage for the mgd process by running the following command:

mgd process example:

user@device-re#> show system processes extensive | match "mgd|PID" | except last PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND 92476 root 100 0 500M 89024K CPU3 3 57.5H 89.60% mgd <<<<<<<<<<< review the high cpu percentage. Example to check for NETCONF activity:

While there is no specific command that shows a specific session in use for NETCONF, you can review logs for UI_LOG_EVENT with "client-mode 'netconf'"

For example:

mgd[38121]: UI_LOGIN_EVENT: User 'root' login, class 'super-user' [38121], ssh-connection '10.1.1.1 201 55480 10.1.1.2 22', client-mode 'netconf'

  • Published: Oct 13, 2023
  • Updated: Oct 21, 2023
  • CVE: CVE-2023-44184
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 6.5
  • AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWEs:

Software From Fixed in
juniper / junos 20.4-r1 20.4-r1.x
juniper / junos 20.4-r1-s1 20.4-r1-s1.x
juniper / junos 20.4-r2 20.4-r2.x
juniper / junos 21.2-r1 21.2-r1.x
juniper / junos 20.4-r2-s1 20.4-r2-s1.x
juniper / junos 21.2-r1-s1 21.2-r1-s1.x
juniper / junos 20.4-r3 20.4-r3.x
juniper / junos 21.3-r1 21.3-r1.x
juniper / junos 21.3-r2 21.3-r2.x
juniper / junos 21.2-r2 21.2-r2.x
juniper / junos 20.4-r3-s1 20.4-r3-s1.x
juniper / junos 20.4-r2-s2 20.4-r2-s2.x
juniper / junos 21.2 21.2.x
juniper / junos 20.4 20.4.x
juniper / junos 21.2-r1-s2 21.2-r1-s2.x
juniper / junos 21.2-r2-s1 21.2-r2-s1.x
juniper / junos 21.2-r2-s2 21.2-r2-s2.x
juniper / junos 21.4-r1-s1 21.4-r1-s1.x
juniper / junos 21.3-r1-s1 21.3-r1-s1.x
juniper / junos 21.3-r1-s2 21.3-r1-s2.x
juniper / junos 21.4-r1 21.4-r1.x
juniper / junos_os_evolved 21.4-r1 21.4-r1.x
juniper / junos_os_evolved 21.4-r1-s1 21.4-r1-s1.x
juniper / junos 21.3-r2-s1 21.3-r2-s1.x
juniper / junos 21.3-r2-s2 21.3-r2-s2.x
juniper / junos 21.4-r1-s2 21.4-r1-s2.x
juniper / junos 20.4-r3-s2 20.4-r3-s2.x
juniper / junos 21.2-r3 21.2-r3.x
juniper / junos 22.1-r1 22.1-r1.x
juniper / junos 21.3-r3 21.3-r3.x
juniper / junos 21.3-r3-s1 21.3-r3-s1.x
juniper / junos 21.4-r2 21.4-r2.x
juniper / junos 21.4-r2-s1 21.4-r2-s1.x
juniper / junos 20.4-r3-s3 20.4-r3-s3.x
juniper / junos 21.4 21.4.x
juniper / junos 21.3 21.3.x
juniper / junos_os_evolved 21.4 21.4.x
juniper / junos 22.1-r1-s1 22.1-r1-s1.x
juniper / junos 22.1-r2 22.1-r2.x
juniper / junos 21.4-r3 21.4-r3.x
juniper / junos 22.1-r1-s2 22.1-r1-s2.x
juniper / junos 22.1-r2-s2 22.1-r2-s2.x
juniper / junos 21.4-r2-s2 21.4-r2-s2.x
juniper / junos_os_evolved 22.1-r1 22.1-r1.x
juniper / junos_os_evolved 21.4-r2 21.4-r2.x
juniper / junos_os_evolved 21.4-r2-s1 21.4-r2-s1.x
juniper / junos_os_evolved 21.4-r2-s2 21.4-r2-s2.x
juniper / junos_os_evolved 22.1-r1-s1 22.1-r1-s1.x
juniper / junos_os_evolved 22.1-r1-s2 22.1-r1-s2.x
juniper / junos_os_evolved 21.4-r1-s2 21.4-r1-s2.x
juniper / junos 22.2-r1 22.2-r1.x
juniper / junos 22.2-r1-s1 22.2-r1-s1.x
juniper / junos_os_evolved 22.2-r1-s1 22.2-r1-s1.x
juniper / junos_os_evolved 22.2-r1 22.2-r1.x
juniper / junos 20.4-r3-s4 20.4-r3-s4.x
juniper / junos 21.2-r3-s2 21.2-r3-s2.x
juniper / junos 21.2-r3-s1 21.2-r3-s1.x
juniper / junos 22.3-r1 22.3-r1.x
juniper / junos_os_evolved 22.3-r1 22.3-r1.x
juniper / junos 22.2-r2 22.2-r2.x
juniper / junos_os_evolved 22.1-r2 22.1-r2.x
juniper / junos_os_evolved 21.4-r3 21.4-r3.x
juniper / junos_os_evolved 22.2-r2 22.2-r2.x
juniper / junos 22.1-r3-s1 22.1-r3-s1.x
juniper / junos 21.3-r3-s2 21.3-r3-s2.x
juniper / junos 22.3-r2 22.3-r2.x
juniper / junos 22.1-r3 22.1-r3.x
juniper / junos 20.4-r3-s5 20.4-r3-s5.x
juniper / junos 22.2-r1-s2 22.2-r1-s2.x
juniper / junos - 20.4
juniper / junos 21.4-r3-s1 21.4-r3-s1.x
juniper / junos 22.2-r2-s1 22.2-r2-s1.x
juniper / junos 22.1-r2-s1 22.1-r2-s1.x
juniper / junos 21.2-r3-s3 21.2-r3-s3.x
juniper / junos 21.3-r3-s3 21.3-r3-s3.x
juniper / junos 21.4-r3-s2 21.4-r3-s2.x
juniper / junos 20.4-r3-s6 20.4-r3-s6.x
juniper / junos 22.3-r1-s1 22.3-r1-s1.x
juniper / junos_os_evolved 21.4-r3-s1 21.4-r3-s1.x
juniper / junos_os_evolved 21.4-r3-s2 21.4-r3-s2.x
juniper / junos_os_evolved 21.4-r3-s3 21.4-r3-s3.x
juniper / junos 22.4-r1 22.4-r1.x
juniper / junos_os_evolved 22.2-r2-s1 22.2-r2-s1.x
juniper / junos_os_evolved 22.1-r2-s1 22.1-r2-s1.x
juniper / junos_os_evolved 22.1-r3 22.1-r3.x
juniper / junos 21.3-r3-s4 21.3-r3-s4.x
juniper / junos 21.4-r3-s3 21.4-r3-s3.x
juniper / junos 22.2-r2-s2 22.2-r2-s2.x
juniper / junos 22.3-r1-s2 22.3-r1-s2.x
juniper / junos 22.4-r1-s1 22.4-r1-s1.x
juniper / junos 21.2-r3-s4 21.2-r3-s4.x
juniper / junos_os_evolved 22.1-r3-s1 22.1-r3-s1.x
juniper / junos_os_evolved 22.2-r2-s2 22.2-r2-s2.x
juniper / junos_os_evolved 22.3-r1-s1 22.3-r1-s1.x
juniper / junos_os_evolved 22.3-r1-s2 22.3-r1-s2.x
juniper / junos_os_evolved 22.3-r2 22.3-r2.x
juniper / junos_os_evolved 22.4-r1 22.4-r1.x
juniper / junos_os_evolved 22.4-r1-s1 22.4-r1-s1.x
juniper / junos_os_evolved 22.4-r1-s2 22.4-r1-s2.x
juniper / junos_os_evolved 22.3-r2-s1 22.3-r2-s1.x
juniper / junos_os_evolved - 21.4
juniper / junos_os_evolved 22.3-r2-s2 22.3-r2-s2.x
juniper / junos 22.2 22.2.x
juniper / junos 22.3 22.3.x
juniper / junos 22.1 22.1.x
juniper / junos 22.4 22.4.x