How severe is CVE-2023-28970?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2023-28970?

This is classified as CWE-703, which is a common weakness in software security.

CVE-2023-28970 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

An Improper Check or Handling of Exceptional Conditions vulnerability in packet processing on the network interfaces of Juniper Networks Junos OS on JRR200 route reflector appliances allows an adjacent, network-based attacker sending a specific packet to the device to cause a kernel crash, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue can only be triggered by an attacker on the local broadcast domain. Packets routed to the device are unable to trigger this crash. This issue affects Juniper Networks Junos OS on JRR200: All versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3-S4; 21.4 versions prior to 21.4R3-S3; 22.1 versions prior to 22.1R3-S1; 22.2 versions prior to 22.2R2-S2, 22.2R3; 22.3 versions prior to 22.3R1-S2, 22.3R2; 22.4 versions prior to 22.4R1-S1, 22.4R2.

Related Vulnerabilities

CVE-2019-10927

MEDIUM

CVSS:6.5(Medium)

A vulnerability has been identified in SCALANCE SC-600 (V2.0), SCALANCE XB-200 (V4.1), SCALANCE XC-200 (V4.1), SCALANCE XF-200BA (V4.1), SCALANCE XP-200 (V4.1), SCALANCE XR-300WG (V4.1). An authentica...

CWE-7032019

CVE-2021-0221

MEDIUM

CVSS:6.5(Medium)

In an EVPN/VXLAN scenario, if an IRB interface with a virtual gateway address (VGA) is configured on a PE, a traffic loop may occur upon receipt of specific IP multicast traffic. The traffic loop will...

CWE-7032021

CVE-2021-0240

MEDIUM

CVSS:6.5(Medium)

On Juniper Networks Junos OS platforms configured as DHCPv6 local server or DHCPv6 Relay Agent, the Juniper Networks Dynamic Host Configuration Protocol Daemon (JDHCPD) process might crash if a malfor...

CWE-7032021

CVE-2021-0241

MEDIUM

CVSS:6.5(Medium)

On Juniper Networks Junos OS platforms configured as DHCPv6 local server or DHCPv6 Relay Agent, Juniper Networks Dynamic Host Configuration Protocol Daemon (JDHCPD) process might crash with a core dum...

CWE-7032021

CVE-2021-25419

MEDIUM

CVSS:6.5(Medium)

Non-compliance of recommended secure coding scheme in Samsung Internet prior to version 14.0.1.62 allows attackers to display fake URL in address bar via phising URL link.

CWE-7032021

CVE-2021-25525

MEDIUM

CVSS:6.5(Medium)

Improper check or handling of exception conditions vulnerability in Samsung Pay (US only) prior to version 4.0.65 allows attacker to use NFC without user recognition.

CWE-7032021