CVE-2023-44195— Junos OS Evolved: Packets which are not destined to the router can reach the RE
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-44195
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Junos OS Evolved: Packets which are not destined to the router can reach the RE
Source: NVD (National Vulnerability Database)
Vulnerability Description
An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the NetworkStack agent daemon (nsagentd) of Juniper Networks Junos OS Evolved allows an unauthenticated network based attacker to cause limited impact to the availability of the system. If specific packets reach the Routing-Engine (RE) these will be processed normally even if firewall filters are in place which should have prevented this. This can lead to a limited, increased consumption of resources resulting in a Denial-of-Service (DoS), and unauthorized access. CVE-2023-44196 is a prerequisite for this issue. This issue affects Juniper Networks Junos OS Evolved: * 21.3-EVO versions prior to 21.3R3-S5-EVO; * 21.4-EVO versions prior to 21.4R3-S4-EVO; * 22.1-EVO version 22.1R1-EVO and later; * 22.2-EVO version 22.2R1-EVO and later; * 22.3-EVO versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO; * 22.4-EVO versions prior to 22.4R3-EVO. This issue doesn't not affected Junos OS Evolved versions prior to 21.3R1-EVO.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
通信信道对预期端点的不适当限制
Source: NVD (National Vulnerability Database)
Vulnerability Title
Juniper Networks Junos OS Evolved 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Juniper Networks Junos OS Evolved是美国瞻博网络(Juniper Networks)公司的Junos OS 的升级版系统。 Juniper Networks Junos OS Evolved 存在安全漏洞,该漏洞源于 NetworkStack 代理守护进程 (nsagentd) 中存在对预期端点的通信通道不当限制漏洞,允许未经身份验证的网络攻击者对系统的可用性造成有限的影响。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved | 21.3-EVO ~ 21.3R3-S5-EVO | - |
II. Public POCs for CVE-2023-44195
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-44195
请登录查看更多情报信息。
- https://supportportal.juniper.net/JSA73160vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-44195
Same Patch Batch · Juniper Networks · 2023-10-12 · 25 CVEs total
| CVE-2023-44194 | 8.4 HIGH | Junos OS: An unauthenticated attacker with local access to the device can create a backdoo |
| CVE-2023-44199 | 7.5 HIGH | Junos OS: MX Series: In a PTP scenario a prolonged routing protocol churn can trigger an F |
| CVE-2023-36841 | 7.5 HIGH | Junos OS: MX Series: Receipt of malformed TCP traffic will cause a Denial of Service |
| CVE-2023-44197 | 7.5 HIGH | Junos OS and Junos OS Evolved: An rpd crash may occur when BGP is processing newly learned |
| CVE-2023-36843 | 7.5 HIGH | Junos OS: SRX Series: The PFE will crash on receiving malformed SSL traffic when Sky ATP i |
| CVE-2023-44192 | 7.5 HIGH | Junos OS: QFX5000 Series: DMA memory leak is observed when specific DHCP packets are trans |
| CVE-2023-44191 | 7.5 HIGH | Junos OS: QFX5000 Series and EX4000 Series: Denial of Service (DoS) on a large scale VLAN |
| CVE-2023-44185 | 7.5 HIGH | Junos OS and Junos OS Evolved: In an BGP scenario RPD crashes upon receiving and processin |
| CVE-2023-44181 | 7.5 HIGH | Junos OS: QFX5k: l2 loop in the overlay impacts the stability in a EVPN/VXLAN environment |
| CVE-2023-44182 | 7.3 HIGH | Junos OS and Junos OS Evolved: An Unchecked Return Value in multiple users interfaces affe |
| CVE-2023-44184 | 6.5 MEDIUM | Junos OS and Junos OS Evolved: High CPU load due to specific NETCONF command |
| CVE-2023-22392 | 6.5 MEDIUM | Junos OS: PTX Series and QFX10000 Series: Received flow-routes which aren't installed as t |
| CVE-2023-36839 | 6.5 MEDIUM | Junos OS and Junos OS Evolved: An l2cpd crash will occur when specific LLDP packets are re |
| CVE-2023-44175 | 6.5 MEDIUM | Junos OS and Junos OS Evolved: Receipt of a specific genuine PIM packet causes RPD crash |
| CVE-2023-44183 | 6.5 MEDIUM | Junos OS: QFX5000 Series, EX4600 Series: In a VxLAN scenario an adjacent attacker within t |
| CVE-2023-44204 | 6.5 MEDIUM | Junos OS and Junos OS Evolved: The rpd will crash upon receiving a malformed BGP UPDATE me |
| CVE-2023-44196 | 6.5 MEDIUM | Junos OS Evolved: PTX10003 Series: Packets which are not destined to the router can reach |
| CVE-2023-44203 | 6.5 MEDIUM | Junos OS: QFX5000 Series, EX2300, EX3400, EX4100, EX4400 and EX4600: Packet flooding will |
| CVE-2023-44198 | 5.8 MEDIUM | Junos OS: SRX Series and MX Series: SIP ALG doesn't drop specifically malformed retransmit |
| CVE-2023-44178 | 5.5 MEDIUM | Junos OS : Stack overflow vulnerability in CLI command processing |
Showing top 20 of 25 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Junos OS Evolved
- CVE-2026-33783
Junos OS Evolved: PTX Series: If SRTE tunnels provisioned vi - CVE-2026-33788
Junos OS Evolved: Local, authenticated attacker can gain pri - CVE-2025-59969
Junos OS Evolved: QFX5000 Series and PTX Series: An attacker - CVE-2026-21902
Junos OS Evolved: PTX Series: A vulnerability allows a unaut - CVE-2026-21911
Junos OS Evolved: Flapping management interface causes MAC l
Same vendor: Juniper Networks
- CVE-2026-33791
Junos OS and Junos OS Evolved: Execution of crafted CLI comm - CVE-2026-33790
Junos OS: SRX Series: In a NAT64 configuration, receipt of a - CVE-2026-33787
Junos OS: SRX1500, SRX4100, SRX4200, SRX4600: When a specifi - CVE-2026-33785
Junos OS: MX Series: Missing Authorization for specific 'req - CVE-2026-33784
JSI Virtual Lightweight Collector: Default password is not r
V. Comments for CVE-2023-44195
No comments yet