CVE-2023-22402: Use After Free Vulnerability in Juniper Networks Junos OS Evolved Kernel Leading to DoS

A Use After Free vulnerability has been discovered in the kernel of Juniper Networks Junos OS Evolved. This vulnerability, tracked as CVE-2023-22402, enables an unauthenticated, network-based attacker to cause a Denial of Service (DoS) condition. The issue occurs in a Non Stop Routing (NSR) scenario when the "bgp auto-discovery" feature is enabled, and there is a BGP neighbor flap of auto-discovery sessions for any reason. Being a race condition, this vulnerability is outside an attacker's direct control and dependent on internal system timing. This issue affects Juniper Networks Junos OS Evolved versions 21.3, 21.4, 22.1, and 22.2.

Code Snippet

The vulnerability is related to the BGP feature "bgp auto-discovery," which is enabled using the following configuration snippet:

protocols {
  bgp {
    auto-discovery {
      enable;
    }
  }
}

However, the issue occurs only during a BGP neighbor flap of auto-discovery sessions, which is not directly controllable by an attacker. Therefore, no specific exploit code is provided.

Original References

1. Juniper Networks Security Advisory: https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11379&cat=SIRT_1&actp=LIST&showDraft=false
2. MITRE CVE Details: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22402
3. NIST National Vulnerability Database: https://nvd.nist.gov/vuln/detail/CVE-2023-22402

Exploit Details

This Use After Free vulnerability is triggered when two or more BGP auto-discovery sessions flap, causing a race condition in memory handling. A malicious attacker could potentially exploit the vulnerability by causing an unexpected kernel restart, resulting in a Denial of Service (DoS) condition. This issue can be exploited by an unauthenticated, network-based attacker. However, it is important to note that the attacker has no direct control over the race condition and depends on internal system timing, which makes it more complex to exploit.

Conclusion

The CVE-2023-22402 vulnerability highlights the importance of keeping network devices updated and ensuring that configurations are suited to the environment in which they operate. Although the exploitation of this vulnerability is dependent on system internal timing, making it less likely to be exploited in the wild, it is advisable to upgrade to the latest patched Juniper Networks Junos OS Evolved versions to mitigate the risk.

Timeline

Published on: 01/13/2023 00:15:00 UTC
Last modified on: 01/20/2023 14:53:00 UTC