CVE-2023-22403

HIGH

Juniper Junos OS QFX10K < 20.2R3-S7/20.4R3-S4/21.1R3-S3/21.2R3-S1/21.3R3/21.4R3/22.1R2 DoS via ICCP

Title source: llm

Description

An Allocation of Resources Without Limits or Throttling vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). On QFX10K Series, Inter-Chassis Control Protocol (ICCP) is used in MC-LAG topologies to exchange control information between the devices in the topology. ICCP connection flaps and sync issues will be observed due to excessive specific traffic to the local device. This issue affects Juniper Networks Junos OS on QFX10K Series: * All versions prior to 20.2R3-S7; * 20.4 versions prior to 20.4R3-S4; * 21.1 versions prior to 21.1R3-S3; * 21.2 versions prior to 21.2R3-S1; * 21.3 versions prior to 21.3R3; * 21.4 versions prior to 21.4R3; * 22.1 versions prior to 22.1R2.

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory

https://kb.juniper.net/JSA70199

Scores

CVSS v3 7.5

EPSS 0.0044

EPSS Percentile 63.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-770

Status published

Products (5)

juniper/junos 20.2 (16 CPE variants)

juniper/junos 20.4 (10 CPE variants)

juniper/junos 21.1 (9 CPE variants)

juniper/junos 21.2 (8 CPE variants)

juniper/junos 21.3 (7 CPE variants)

Published Jan 13, 2023

Tracked Since Feb 18, 2026