CVE-2023-44184 Information

Description

An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the management daemon (mgd) process of Juniper Networks Junos OS and Junos OS Evolved allows a network-based authenticated low-privileged attacker by executing a specific command via NETCONF to cause a CPU Denial of Service to the device’s control plane.

This issue affects:

Juniper Networks Junos OS

All versions prior to 20.4R3-S7;
21.2 versions prior to 21.2R3-S5;
21.3 versions prior to 21.3R3-S5;
21.4 versions prior to 21.4R3-S4;
22.1 versions prior to 22.1R3-S2;
22.2 versions prior to 22.2R3;
22.3 versions prior to 22.3R2-S1 22.3R3;
22.4 versions prior to 22.4R1-S2 22.4R2.

Juniper Networks Junos OS Evolved

All versions prior to 21.4R3-S4-EVO;
22.1 versions prior to 22.1R3-S2-EVO;
22.2 versions prior to 22.2R3-EVO;
22.3 versions prior to 22.3R3-EVO;
22.4 versions prior to 22.4R2-EVO.

An indicator of compromise can be seen by first determining if the NETCONF client is logged in and fails to log out after a reasonable period of time and secondly reviewing the WCPU percentage for the mgd process by running the following command:

mgd process example:

user@device-re> show system processes extensive | match \mgd|PID\ | except last PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND 92476 root 100 0 500M 89024K CPU3 3 57.5H 89.60% mgd «««««< review the high cpu percentage. Example to check for NETCONF activity:

While there is no specific command that shows a specific session in use for NETCONF you can review logs for UI_LOG_EVENT with ## Reference https://supportportal.juniper.net/JSA73147