Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-20089

Summary
Assigner-cisco
Assigner Org ID-d1c1063e-7a18-46af-9102-31f8928bc633
Published At-23 Feb, 2023 | 00:00
Updated At-25 Oct, 2024 | 16:03
Rejected At-
Credits

Cisco Nexus 9000 Series Fabric Switches in ACI Mode Link Layer Discovery Protocol Memory Leak Denial of Service Vulnerability

A vulnerability in the Link Layer Discovery Protocol (LLDP) feature for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) Mode could allow an unauthenticated, adjacent attacker to cause a memory leak, which could result in an unexpected reload of the device. This vulnerability is due to incorrect error checking when parsing ingress LLDP packets. An attacker could exploit this vulnerability by sending a steady stream of crafted LLDP packets to an affected device. A successful exploit could allow the attacker to cause a memory leak, which could result in a denial of service (DoS) condition when the device unexpectedly reloads. Note: This vulnerability cannot be exploited by transit traffic through the device. The crafted LLDP packet must be targeted to a directly connected interface, and the attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). In addition, the attack surface for this vulnerability can be reduced by disabling LLDP on interfaces where it is not required.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:cisco
Assigner Org ID:d1c1063e-7a18-46af-9102-31f8928bc633
Published At:23 Feb, 2023 | 00:00
Updated At:25 Oct, 2024 | 16:03
Rejected At:
â–¼CVE Numbering Authority (CNA)
Cisco Nexus 9000 Series Fabric Switches in ACI Mode Link Layer Discovery Protocol Memory Leak Denial of Service Vulnerability

A vulnerability in the Link Layer Discovery Protocol (LLDP) feature for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) Mode could allow an unauthenticated, adjacent attacker to cause a memory leak, which could result in an unexpected reload of the device. This vulnerability is due to incorrect error checking when parsing ingress LLDP packets. An attacker could exploit this vulnerability by sending a steady stream of crafted LLDP packets to an affected device. A successful exploit could allow the attacker to cause a memory leak, which could result in a denial of service (DoS) condition when the device unexpectedly reloads. Note: This vulnerability cannot be exploited by transit traffic through the device. The crafted LLDP packet must be targeted to a directly connected interface, and the attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). In addition, the attack surface for this vulnerability can be reduced by disabling LLDP on interfaces where it is not required.

Affected Products
Vendor
Cisco Systems, Inc.Cisco
Product
Cisco NX-OS System Software in ACI Mode
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
CWECWE-789CWE-789
Type: CWE
CWE ID: CWE-789
Description: CWE-789
Metrics
VersionBase scoreBase severityVector
3.17.4HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Version: 3.1
Base score: 7.4
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits

The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-lldp-dos-ySCNZOpX
vendor-advisory
Hyperlink: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-lldp-dos-ySCNZOpX
Resource:
vendor-advisory
â–¼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-lldp-dos-ySCNZOpX
vendor-advisory
x_transferred
Hyperlink: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-lldp-dos-ySCNZOpX
Resource:
vendor-advisory
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:ykramarz@cisco.com
Published At:23 Feb, 2023 | 20:15
Updated At:07 Nov, 2023 | 04:06

A vulnerability in the Link Layer Discovery Protocol (LLDP) feature for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) Mode could allow an unauthenticated, adjacent attacker to cause a memory leak, which could result in an unexpected reload of the device. This vulnerability is due to incorrect error checking when parsing ingress LLDP packets. An attacker could exploit this vulnerability by sending a steady stream of crafted LLDP packets to an affected device. A successful exploit could allow the attacker to cause a memory leak, which could result in a denial of service (DoS) condition when the device unexpectedly reloads. Note: This vulnerability cannot be exploited by transit traffic through the device. The crafted LLDP packet must be targeted to a directly connected interface, and the attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). In addition, the attack surface for this vulnerability can be reduced by disabling LLDP on interfaces where it is not required.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.5MEDIUM
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Secondary3.17.4HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Type: Primary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 7.4
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CPE Matches
Cisco Systems, Inc.
cisco
>>nx-os>>15.2\(1g\)
cpe:2.3:o:cisco:nx-os:15.2\(1g\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nx-os>>15.2\(2e\)
cpe:2.3:o:cisco:nx-os:15.2\(2e\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nx-os>>15.2\(2f\)
cpe:2.3:o:cisco:nx-os:15.2\(2f\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nx-os>>15.2\(2g\)
cpe:2.3:o:cisco:nx-os:15.2\(2g\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nx-os>>15.2\(2h\)
cpe:2.3:o:cisco:nx-os:15.2\(2h\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nx-os>>15.2\(3e\)
cpe:2.3:o:cisco:nx-os:15.2\(3e\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nx-os>>15.2\(3f\)
cpe:2.3:o:cisco:nx-os:15.2\(3f\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nx-os>>15.2\(3g\)
cpe:2.3:o:cisco:nx-os:15.2\(3g\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nx-os>>15.2\(4d\)
cpe:2.3:o:cisco:nx-os:15.2\(4d\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nx-os>>15.2\(4e\)
cpe:2.3:o:cisco:nx-os:15.2\(4e\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nx-os>>15.2\(4f\)
cpe:2.3:o:cisco:nx-os:15.2\(4f\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nx-os>>15.2\(5c\)
cpe:2.3:o:cisco:nx-os:15.2\(5c\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nx-os>>15.2\(5d\)
cpe:2.3:o:cisco:nx-os:15.2\(5d\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nx-os>>15.2\(5e\)
cpe:2.3:o:cisco:nx-os:15.2\(5e\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nx-os>>16.0\(1g\)
cpe:2.3:o:cisco:nx-os:16.0\(1g\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nx-os>>16.0\(1j\)
cpe:2.3:o:cisco:nx-os:16.0\(1j\):*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_9000v>>-
cpe:2.3:h:cisco:nexus_9000v:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_92160yc-x>>-
cpe:2.3:h:cisco:nexus_92160yc-x:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_92300yc>>-
cpe:2.3:h:cisco:nexus_92300yc:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_92304qc>>-
cpe:2.3:h:cisco:nexus_92304qc:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_92348gc-x>>-
cpe:2.3:h:cisco:nexus_92348gc-x:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_9236c>>-
cpe:2.3:h:cisco:nexus_9236c:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_9272q>>-
cpe:2.3:h:cisco:nexus_9272q:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_93108tc-ex>>-
cpe:2.3:h:cisco:nexus_93108tc-ex:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_93108tc-ex-24>>-
cpe:2.3:h:cisco:nexus_93108tc-ex-24:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_93108tc-fx>>-
cpe:2.3:h:cisco:nexus_93108tc-fx:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_93108tc-fx-24>>-
cpe:2.3:h:cisco:nexus_93108tc-fx-24:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_93108tc-fx3p>>-
cpe:2.3:h:cisco:nexus_93108tc-fx3p:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_93120tx>>-
cpe:2.3:h:cisco:nexus_93120tx:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_93128tx>>-
cpe:2.3:h:cisco:nexus_93128tx:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_9316d-gx>>-
cpe:2.3:h:cisco:nexus_9316d-gx:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_93180lc-ex>>-
cpe:2.3:h:cisco:nexus_93180lc-ex:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_93180yc-ex>>-
cpe:2.3:h:cisco:nexus_93180yc-ex:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_93180yc-ex-24>>-
cpe:2.3:h:cisco:nexus_93180yc-ex-24:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_93180yc-fx>>-
cpe:2.3:h:cisco:nexus_93180yc-fx:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_93180yc-fx-24>>-
cpe:2.3:h:cisco:nexus_93180yc-fx-24:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_93180yc-fx3>>-
cpe:2.3:h:cisco:nexus_93180yc-fx3:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_93180yc-fx3s>>-
cpe:2.3:h:cisco:nexus_93180yc-fx3s:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_93216tc-fx2>>-
cpe:2.3:h:cisco:nexus_93216tc-fx2:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_93240yc-fx2>>-
cpe:2.3:h:cisco:nexus_93240yc-fx2:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_9332c>>-
cpe:2.3:h:cisco:nexus_9332c:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_9332d-gx2b>>-
cpe:2.3:h:cisco:nexus_9332d-gx2b:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_9332pq>>-
cpe:2.3:h:cisco:nexus_9332pq:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_93360yc-fx2>>-
cpe:2.3:h:cisco:nexus_93360yc-fx2:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_9336c-fx2>>-
cpe:2.3:h:cisco:nexus_9336c-fx2:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_9336c-fx2-e>>-
cpe:2.3:h:cisco:nexus_9336c-fx2-e:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_9336pq_aci_spine>>-
cpe:2.3:h:cisco:nexus_9336pq_aci_spine:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_9348d-gx2a>>-
cpe:2.3:h:cisco:nexus_9348d-gx2a:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_9348gc-fxp>>-
cpe:2.3:h:cisco:nexus_9348gc-fxp:-:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>nexus_93600cd-gx>>-
cpe:2.3:h:cisco:nexus_93600cd-gx:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-401Primarynvd@nist.gov
CWE-789Secondaryykramarz@cisco.com
CWE ID: CWE-401
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-789
Type: Secondary
Source: ykramarz@cisco.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-lldp-dos-ySCNZOpXykramarz@cisco.com
Mitigation
Vendor Advisory
Hyperlink: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-lldp-dos-ySCNZOpX
Source: ykramarz@cisco.com
Resource:
Mitigation
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

160Records found
CVE-2020-8551
Matching Score-4
Assigner-Kubernetes
ShareView Details
Matching Score-4
Assigner-Kubernetes
CVSS Score-4.3||MEDIUM
EPSS-0.61% / 69.45%
||
7 Day CHG~0.00%
Published-27 Mar, 2020 | 14:25
Updated-04 Aug, 2024 | 10:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kubernetes kubelet denial of service

The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP read-only API typically served on port 10255, and the authenticated HTTPS API typically served on port 10250.

Action-Not Available
Vendor-Fedora ProjectKubernetes
Product-kubernetesfedoraKubernetes
CWE ID-CWE-789
Memory Allocation with Excessive Size Value
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2020-9249
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 15.55%
||
7 Day CHG~0.00%
Published-31 Jul, 2020 | 12:22
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HUAWEI P30 smartphones with versions earlier than 10.1.0.160(C00E160R2P11) have a denial of service vulnerability. A module does not deal with mal-crafted messages and it leads to memory leak. Attackers can exploit this vulnerability to make the device denial of service.Affected product versions include: HUAWEI P30 versions Versions earlier than 10.1.0.160(C00E160R2P11).

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-p30_firmwarep30HUAWEI P30
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2023-2683
Matching Score-4
Assigner-Silicon Labs
ShareView Details
Matching Score-4
Assigner-Silicon Labs
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 9.37%
||
7 Day CHG~0.00%
Published-15 Jun, 2023 | 19:05
Updated-11 Dec, 2024 | 21:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Connection update while closing connection may lead to denial-of-service

A memory leak in the EFR32 Bluetooth LE stack 5.1.0 through 5.1.1 allows an attacker to send an invalid pairing message and cause future legitimate connection attempts to fail. A reset of the device immediately clears the error.

Action-Not Available
Vendor-silabssilabs.com
Product-bluetooth_low_energy_software_development_kitBluetooth SDK
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-22395
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 29.00%
||
7 Day CHG~0.00%
Published-12 Jan, 2023 | 00:00
Updated-07 Apr, 2025 | 15:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: In an MPLS scenario the processing of specific packets to the device causes a buffer leak and ultimately a loss of connectivity

A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). In an MPLS scenario specific packets destined to an Integrated Routing and Bridging (irb) interface of the device will cause a buffer (mbuf) to leak. Continued receipt of these specific packets will eventually cause a loss of connectivity to and from the device, and requires a reboot to recover. These mbufs can be monitored by using the CLI command 'show system buffers': user@host> show system buffers 783/1497/2280 mbufs in use (current/cache/total) user@host> show system buffers 793/1487/2280 mbufs in use (current/cache/total) <<<<<< mbuf usage increased This issue affects Juniper Networks Junos OS: All versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R3-S9; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S2; 21.3 versions prior to 21.3R3-S1; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junosJunos OS
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2023-22406
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 31.21%
||
7 Day CHG~0.00%
Published-12 Jan, 2023 | 00:00
Updated-07 Apr, 2025 | 15:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS and Junos OS Evolved: A memory leak which will ultimately lead to an rpd crash will be observed when a peer interface flaps continuously in a Segment Routing scenario using OSPF

A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). In a segment-routing scenario with OSPF as IGP, when a peer interface continuously flaps, next-hop churn will happen and a continuous increase in Routing Protocol Daemon (rpd) memory consumption will be observed. This will eventually lead to an rpd crash and restart when the memory is full. The memory consumption can be monitored using the CLI command "show task memory detail" as shown in the following example: user@host> show task memory detail | match "RT_NEXTHOPS_TEMPLATE|RT_TEMPLATE_BOOK_KEE" RT_NEXTHOPS_TEMPLATE 1008 1024 T 50 51200 50 51200 RT_NEXTHOPS_TEMPLATE 688 768 T 50 38400 50 38400 RT_NEXTHOPS_TEMPLATE 368 384 T 412330 158334720 412330 158334720 RT_TEMPLATE_BOOK_KEE 2064 2560 T 33315 85286400 33315 85286400 user@host> show task memory detail | match "RT_NEXTHOPS_TEMPLATE|RT_TEMPLATE_BOOK_KEE" RT_NEXTHOPS_TEMPLATE 1008 1024 T 50 51200 50 51200 RT_NEXTHOPS_TEMPLATE 688 768 T 50 38400 50 38400 RT_NEXTHOPS_TEMPLATE 368 384 T 419005 160897920 419005 160897920 <=== RT_TEMPLATE_BOOK_KEE 2064 2560 T 39975 102336000 39975 10233600 <=== This issue affects: Juniper Networks Junos OS All versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S8, 19.4R3-S9; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S2; 21.3 versions prior to 21.3R3-S1; 21.4 versions prior to 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S4-EVO; 21.4 versions prior to 21.4R2-S1-EVO, 21.4R3-EVO; 22.1 versions prior to 22.1R2-EVO.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_os_evolvedjunosJunos OSJunos OS Evolved
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2023-22410
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-0.48% / 64.67%
||
7 Day CHG~0.00%
Published-12 Jan, 2023 | 00:00
Updated-07 Apr, 2025 | 15:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: MX Series with MPC10/MPC11: When Suspicious Control Flow Detection (scfd) is enabled and an attacker is sending specific traffic, this causes a memory leak.

A Missing Release of Memory after Effective Lifetime vulnerability in the Juniper Networks Junos OS on MX Series platforms with MPC10/MPC11 line cards, allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS). Devices are only vulnerable when the Suspicious Control Flow Detection (scfd) feature is enabled. Upon enabling this specific feature, an attacker sending specific traffic is causing memory to be allocated dynamically and it is not freed. Memory is not freed even after deactivating this feature. Sustained processing of such traffic will eventually lead to an out of memory condition that prevents all services from continuing to function, and requires a manual restart to recover. The FPC memory usage can be monitored using the CLI command "show chassis fpc". On running the above command, the memory of AftDdosScfdFlow can be observed to detect the memory leak. This issue affects Juniper Networks Junos OS on MX Series: All versions prior to 20.2R3-S5; 20.3 version 20.3R1 and later versions.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-mx2008mx960mx240mx10008mx150mx10mx2020mx10003mx10016mx2010mx5mx10000mx204mx480mx104junosmx80mx40Junos OS
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2023-22392
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 20.28%
||
7 Day CHG~0.00%
Published-12 Oct, 2023 | 22:55
Updated-02 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: PTX Series and QFX10000 Series: Received flow-routes which aren't installed as the hardware doesn't support them, lead to an FPC heap memory leak

A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). PTX3000, PTX5000, QFX10000, PTX1000, PTX10002, and PTX10004, PTX10008 and PTX10016 with LC110x FPCs do not support certain flow-routes. Once a flow-route is received over an established BGP session and an attempt is made to install the resulting filter into the PFE, FPC heap memory is leaked. The FPC heap memory can be monitored using the CLI command "show chassis fpc". The following syslog messages can be observed if the respective filter derived from a flow-route cannot be installed. expr_dfw_sfm_range_add:661 SFM packet-length Unable to get a sfm entry for updating the hw expr_dfw_hw_sfm_add:750 Unable to add the filter secondarymatch to the hardware expr_dfw_base_hw_add:52 Failed to add h/w sfm data. expr_dfw_base_hw_create:114 Failed to add h/w data. expr_dfw_base_pfe_inst_create:241 Failed to create base inst for sfilter 0 on PFE 0 for __flowspec_default_inet__ expr_dfw_flt_inst_change:1368 Failed to create __flowspec_default_inet__ on PFE 0 expr_dfw_hw_pgm_fnum:465 dfw_pfe_inst_old not found for pfe_index 0! expr_dfw_bp_pgm_flt_num:548 Failed to pgm bind-point in hw: generic failure expr_dfw_bp_topo_handler:1102 Failed to program fnum. expr_dfw_entry_process_change:679 Failed to change instance for filter __flowspec_default_inet__. This issue affects Juniper Networks Junos OS: on PTX1000, PTX10002, and PTX10004, PTX10008 and PTX10016 with LC110x FPCs: * All versions prior to 20.4R3-S5; * 21.1 versions prior to 21.1R3-S4; * 21.2 versions prior to 21.2R3-S2; * 21.3 versions prior to 21.3R3; * 21.4 versions prior to 21.4R2-S2, 21.4R3; * 22.1 versions prior to 22.1R1-S2, 22.1R2. on PTX3000, PTX5000, QFX10000: * All versions prior to 20.4R3-S8; * 21.1 version 21.1R1 and later versions; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S3 * 22.2 versions prior to 22.2R3-S1 * 22.3 versions prior to 22.3R2-S2, 22.3R3 * 22.4 versions prior to 22.4R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-ptx5000qfx10000ptx10002-60cptx3000ptx10016junosptx10002ptx10008ptx10004ptx1000-72qptx1000Junos OS
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2023-22414
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 31.21%
||
7 Day CHG~0.00%
Published-12 Jan, 2023 | 00:00
Updated-07 Apr, 2025 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: PTX Series and QFX10000 Series: An FPC memory leak is observed when specific EVPN VXLAN Multicast packets are processed

A Missing Release of Memory after Effective Lifetime vulnerability in Flexible PIC Concentrator (FPC) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker from the same shared physical or logical network, to cause a heap memory leak and leading to FPC crash. On all Junos PTX Series and QFX10000 Series, when specific EVPN VXLAN Multicast packets are processed, an FPC heap memory leak is observed. The FPC memory usage can be monitored using the CLI command "show heap extensive". Following is an example output. ID Base Total(b) Free(b) Used(b) % Name Peak used % -- -------- --------- --------- --------- --- ----------- ----------- 0 37dcf000 3221225472 1694526368 1526699104 47 Kernel 47 1 17dcf000 1048576 1048576 0 0 TOE DMA 0 2 17ecf000 1048576 1048576 0 0 DMA 0 3 17fcf000 534773760 280968336 253805424 47 Packet DMA 47 This issue affects: Juniper Networks Junos OS PTX Series and QFX10000 Series 20.2 versions prior to 20.2R3-S6; 20.3 versions prior to 20.3R3-S6; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R2; 22.2 versions prior to 22.2R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.1R1 on PTX Series and QFX10000 Series.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-qfx10008qfx10002junosqfx10002-32qqfx10000qfx10002-72qqfx10016qfx10002-60cJunos OS
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2020-1678
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.76%
||
7 Day CHG~0.00%
Published-16 Oct, 2020 | 20:31
Updated-16 Sep, 2024 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS and Junos OS Evolved: RPD can crash due to a slow memory leak.

On Juniper Networks Junos OS and Junos OS Evolved platforms with EVPN configured, receipt of specific BGP packets causes a slow memory leak. If the memory is exhausted the rpd process might crash. If the issue occurs, the memory leak could be seen by executing the "show task memory detail | match policy | match evpn" command multiple times to check if memory (Alloc Blocks value) is increasing. root@device> show task memory detail | match policy | match evpn ------------------------ Allocator Memory Report ------------------------ Name | Size | Alloc DTXP Size | Alloc Blocks | Alloc Bytes | MaxAlloc Blocks | MaxAlloc Bytes Policy EVPN Params 20 24 3330678 79936272 3330678 79936272 root@device> show task memory detail | match policy | match evpn ------------------------ Allocator Memory Report ------------------------ Name | Size | Alloc DTXP Size | Alloc Blocks | Alloc Bytes | MaxAlloc Blocks | MaxAlloc Bytes Policy EVPN Params 20 24 36620255 878886120 36620255 878886120 This issue affects: Juniper Networks Junos OS 19.4 versions prior to 19.4R2; 20.1 versions prior to 20.1R1-S4, 20.1R2; Juniper Networks Junos OS Evolved: 19.4 versions; 20.1 versions prior to 20.1R1-S4-EVO, 20.1R2-EVO; 20.2 versions prior to 20.2R1-EVO; This issue does not affect: Juniper Networks Junos OS releases prior to 19.4R1. Juniper Networks Junos OS Evolved releases prior to 19.4R1-EVO.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_os_evolvedjunosJunos OSJunos OS Evolved
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2023-44183
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 11.57%
||
7 Day CHG~0.00%
Published-12 Oct, 2023 | 23:02
Updated-18 Sep, 2024 | 14:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: QFX5000 Series, EX4600 Series: In a VxLAN scenario an adjacent attacker within the VxLAN sending genuine packets may cause a DMA memory leak to occur.

An Improper Input Validation vulnerability in the VxLAN packet forwarding engine (PFE) of Juniper Networks Junos OS on QFX5000 Series, EX4600 Series devices allows an unauthenticated, adjacent attacker, sending two or more genuine packets in the same VxLAN topology to possibly cause a DMA memory leak to occur under various specific operational conditions. The scenario described here is the worst-case scenario. There are other scenarios that require operator action to occur. An indicator of compromise may be seen when multiple devices indicate that FPC0 has gone missing when issuing a show chassis fpc command for about 10 to 20 minutes, and a number of interfaces have also gone missing. Use the following command to determine if FPC0 has gone missing from the device. show chassis fpc detail This issue affects: Juniper Networks Junos OS on QFX5000 Series, EX4600 Series: * 18.4 version 18.4R2 and later versions prior to 20.4R3-S8; * 21.1 version 21.1R1 and later versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S1; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-qfk5210qfk5700ex4650qfk5110ex4600qfk5130junosqfk5200qfk5230qfk5220qfk5120Junos OS
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found