Detections
Analytics

Juniper Junos OS Vulnerability (JSA73154)

medium Nessus Plugin ID 310762

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA73154 advisory.

 - An Origin Validation vulnerability in MAC address validation of Juniper Networks Junos OS Evolved on PTX10001, PTX10004, PTX10008, and PTX10016 devices allows a network-adjacent attacker to bypass MAC address checking, allowing MAC addresses not intended to reach the adjacent LAN to be forwarded to the downstream network. Due to this issue, the router will start forwarding traffic if a valid route is present in forwarding-table, causing a loop and congestion in the downstream layer-2 domain connected to the device. This issue affects Juniper Networks Junos OS Evolved on PTX10001, PTX10004, PTX10008, and PTX10016: * All versions prior to 21.4R3-S5-EVO; * 22.1 versions prior to 22.1R3-S4-EVO; * 22.2 versions 22.2R1-EVO and later; * 22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO; * 22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO; * 23.2 versions prior to 23.2R1-S1-EVO, 23.2R2-EVO. (CVE-2023-44190)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Apply the relevant Junos software release referenced in Juniper advisory JSA73154

See Also

http://www.nessus.org/u?a76c1cd6

http://www.nessus.org/u?6b8af4cc

http://www.nessus.org/u?48d53d97

https://supportportal.juniper.net/JSA73154

http://www.nessus.org/u?468a8ec8

Plugin Details

Severity: Medium

ID: 310762

File Name: juniper_jsa73154.nasl

Version: 1.1

Type: Combined

Published: 4/29/2026

Updated: 4/29/2026

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.5

CVSS v2

Risk Factor: Medium

Base Score: 4.8

Temporal Score: 3.5

Vector: CVSS2#AV:A/AC:L/Au:N/C:N/I:P/A:P

CVSS Score Source: CVE-2023-44190

CVSS v3

Risk Factor: Medium

Base Score: 5.4

Temporal Score: 4.7

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:juniper:junos

Required KB Items: Host/Juniper/model, Host/Juniper/JUNOS/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 10/11/2023

Vulnerability Publication Date: 10/11/2023

Reference Information

CVE: CVE-2023-44190

JSA: JSA73154