Researchers have discovered an Improper Check for Unusual or Exceptional Conditions vulnerability (CVE-2023-28974) in the bbe-smgd component of Juniper Networks Junos OS which can lead to a Denial of Service (DoS) attack. The vulnerability affects MX Series devices in a Broadband Edge/Subscriber Management scenario, allowing an unauthenticated, adjacent attacker to cause a DoS through a specifically malformed ICMP packet sent to the device from a subscriber.
When the device receives this malformed ICMP packet, the bbe-smgd component crashes, which then affects subscriber sessions that are in the process of connecting, updating, or terminating. If these packets are continually received, a sustained DoS condition occurs.
To determine if this issue is happening on the device, check for logs with traceoptions enabled for the smg-service processes. If affected, the following log message will appear:
BBE_TRACE(TRACE_LEVEL_INFO, "%s: Dropped unsupported ICMP PKT ...
Exploit Details
The vulnerability is triggered by receiving a specifically malformed ICMP packet from a subscriber, which arrives at the device and crashes the bbe-smgd component. The attacker does not need any authentication to exploit this vulnerability but must be adjacent to the targeted device.
Mitigation
Users of affected Juniper Networks Junos OS versions on MX Series devices are advised to update to the latest fixed versions as mentioned above. Additionally, it is recommended to enable traceoptions for smg-service processes to monitor potential exploitation attempts.
For more information and updates, please refer to the original advisory posted by Juniper Networks
- Juniper Networks Security Advisory
Conclusion
CVE-2023-28974 represents a significant risk to MX Series devices with Juniper Networks Junos OS, as it allows unauthenticated, adjacent attackers to cause a DoS attack using malformed ICMP packets. It is crucial that network administrators take the necessary steps to update their devices to the latest fixed versions and enable traceoptions for smg-service processes to minimize the risk of exploitation.
Timeline
Published on: 04/17/2023 22:15:00 UTC
Last modified on: 04/18/2023 03:15:00 UTC