Detections
Analytics
Juniper Junos OS Multiple Vulnerabilities (JSA73160)
medium Nessus Plugin ID 182930
Language:
Synopsis
The remote device is missing a vendor-supplied security patch.Description
The version of Junos OS installed on the remote host is affected by multiple vulnerabilities as referenced in the JSA73160 advisory.- An Improper Check for Unusual or Exceptional Conditions in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS Evolved on PTX10003 Series allows an unauthenticated adjacent attacker to cause an impact to the integrity of the system. (CVE-2023-44196)
- An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the NetworkStack agent daemon (nsagentd) of Juniper Networks Junos OS Evolved allows an unauthenticated network based attacker to cause limited impact to the availability of the system. (CVE-2023-44195)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Apply the relevant Junos software release referenced in Juniper advisory JSA73160See Also
Plugin Details
Severity: Medium
ID: 182930
File Name: juniper_jsa73160.nasl
Version: 1.3
Type: combined
Family: Junos Local Security Checks
Published: 10/11/2023
Updated: 10/25/2023
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: Medium
Base Score: 6.1
Temporal Score: 4.5
Vector: CVSS2#AV:A/AC:L/Au:N/C:N/I:C/A:N
CVSS Score Source: CVE-2023-44196
CVSS v3
Risk Factor: Medium
Base Score: 6.5
Temporal Score: 5.7
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:juniper:junos
Required KB Items: Host/Juniper/JUNOS/Version
Exploit Ease: No known exploits are available
Patch Publication Date: 10/11/2023
Vulnerability Publication Date: 10/11/2023
Reference Information
CVE: CVE-2023-44195, CVE-2023-44196
IAVA: 2023-A-0565
JSA: JSA73160