Beware of SNMP Vulnerability Impacting Juniper Networks Routers

CVECVE-2023-22401
CVSScvssV3_1: 7.5
SourceCVE-2023-22401

Juniper Networks routers running specific versions of Junos OS and Junos OS Evolved are affected by a vulnerability that could allow remote attackers to cause denial of service (DoS).

The vulnerability resides in the Advanced Forwarding Toolkit Manager daemon (aftmand) which is a component that manages forwarding tables and configurations on Juniper’s PTX routers. By sending a specially crafted SNMP query, an unauthenticated attacker can cause the affected routers’ forwarding plane processors (FPCs) to crash, rendering them unusable until a system restart is performed.

Routers running versions 22.1R2 and earlier of Junos OS as well as versions prior to 22.1R3, 22.2R2 are vulnerable. Junos OS Evolved versions 21.3R3-EVO and earlier, 21.4R1-S2-EVO, 21.4R2-EVO and prior to 21.4R2-S1-EVO and 22.1R2-EVO and earlier prior to 22.1R3-EVO, 22.2R2-EVO and prior are also affected.

To protect your network, ensure your Juniper routers are running fixed versions mentioned by the vendor. Monitor network traffic for signs of unusual SNMP queries. Consider blocking SNMP access from untrusted networks as a precaution until upgrades can be performed. Stay updated on advisories from Juniper Networks for the latest patches.

References