CVE-2023-28961

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2023-28961
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2023-04-17 22:15:00 UTC
Updated2023-04-28 14:31:00 UTC
DescriptionAn Improper Handling of Unexpected Data Type vulnerability in IPv6 firewall filter processing of Juniper Networks Junos OS on the ACX Series devices will prevent a firewall filter with the term 'from next-header ah' from being properly installed in the packet forwarding engine (PFE). There is no immediate indication of an incomplete firewall filter commit shown at the CLI, which could allow an attacker to send valid packets to or through the device that were explicitly intended to be dropped. An indication that the filter was not installed can be identified with the following logs: fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_rule_prepare : Config failed: Unsupported Ip-protocol 51 in the filter lo0.0-inet6-i fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_rule_prepare : Please detach the filter, remove unsupported match and re-attach fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_process_rule : Status:104 dnx_dfw_rule_prepare failed fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_process_filter : Status:104 dnx_dfw_process_rule failed fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_update_filter_in_hw : Status:104 Could not process filter(lo0.0-inet6-i) for rule expansion Unsupported match, action present. fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_create_hw_instance : Status:104 Could not program dfw(lo0.0-inet6-i) type(IFP_DFLT_INET6_Lo0_FILTER)! [104] fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_bind_shim : [104] Could not create dfw(lo0.0-inet6-i) type(IFP_DFLT_INET6_Lo0_FILTER) fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_update_resolve : [100] Failed to bind filter(3) to bind point fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_change_end : dnx_dfw_update_resolve (resolve type) failed This issue affects Juniper Networks Junos OS on ACX Series: All versions prior to 20.2R3-S7; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R2.

Risk And Classification

Problem Types: NVD-CWE-Other

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Hardware Juniper Acx1000 - All All All
Hardware Juniper Acx1100 - All All All
Hardware Juniper Acx2000 - All All All
Hardware Juniper Acx2100 - All All All
Hardware Juniper Acx2200 - All All All
Hardware Juniper Acx4000 - All All All
Hardware Juniper Acx500 - All All All
Hardware Juniper Acx5000 - All All All
Hardware Juniper Acx5048 - All All All
Hardware Juniper Acx5096 - All All All
Hardware Juniper Acx5400 - All All All
Hardware Juniper Acx5448 - All All All
Hardware Juniper Acx5800 - All All All
Hardware Juniper Acx6300 - All All All
Hardware Juniper Acx6360 - All All All
Hardware Juniper Acx710 - All All All
Hardware Juniper Acx7100-32c - All All All
Hardware Juniper Acx7100-48l - All All All
Hardware Juniper Acx7509 - All All All
Operating System Juniper Junos All All All All
Operating System Juniper Junos 20.2 - All All
Operating System Juniper Junos 20.2 r1 All All
Operating System Juniper Junos 20.2 r1-s1 All All
Operating System Juniper Junos 20.2 r1-s2 All All
Operating System Juniper Junos 20.2 r1-s3 All All
Operating System Juniper Junos 20.2 r2 All All
Operating System Juniper Junos 20.2 r2-s1 All All
Operating System Juniper Junos 20.2 r2-s2 All All
Operating System Juniper Junos 20.2 r2-s3 All All
Operating System Juniper Junos 20.2 r3 All All
Operating System Juniper Junos 20.2 r3-s1 All All
Operating System Juniper Junos 20.2 r3-s2 All All
Operating System Juniper Junos 20.2 r3-s3 All All
Operating System Juniper Junos 20.2 r3-s4 All All
Operating System Juniper Junos 20.2 r3-s5 All All
Operating System Juniper Junos 20.2 r3-s6 All All
Operating System Juniper Junos 20.4 - All All
Operating System Juniper Junos 20.4 r1 All All
Operating System Juniper Junos 20.4 r1-s1 All All
Operating System Juniper Junos 20.4 r2 All All
Operating System Juniper Junos 20.4 r2-s1 All All
Operating System Juniper Junos 20.4 r2-s2 All All
Operating System Juniper Junos 20.4 r3 All All
Operating System Juniper Junos 20.4 r3-s1 All All
Operating System Juniper Junos 20.4 r3-s2 All All
Operating System Juniper Junos 20.4 r3-s3 All All
Operating System Juniper Junos 21.1 - All All
Operating System Juniper Junos 21.1 r1 All All
Operating System Juniper Junos 21.1 r1-s1 All All
Operating System Juniper Junos 21.1 r2 All All
Operating System Juniper Junos 21.1 r2-s1 All All
Operating System Juniper Junos 21.1 r2-s2 All All
Operating System Juniper Junos 21.1 r3 All All
Operating System Juniper Junos 21.1 r3-s1 All All
Operating System Juniper Junos 21.1 r3-s2 All All
Operating System Juniper Junos 21.2 - All All
Operating System Juniper Junos 21.2 r1 All All
Operating System Juniper Junos 21.2 r1-s1 All All
Operating System Juniper Junos 21.2 r1-s2 All All
Operating System Juniper Junos 21.2 r2 All All
Operating System Juniper Junos 21.2 r2-s1 All All
Operating System Juniper Junos 21.2 r2-s2 All All
Operating System Juniper Junos 21.2 r3 All All
Operating System Juniper Junos 21.2 r3-s1 All All
Operating System Juniper Junos 21.2 r3-s2 All All
Operating System Juniper Junos 21.2 r3-s3 All All
Operating System Juniper Junos 21.3 - All All
Operating System Juniper Junos 21.3 r1 All All
Operating System Juniper Junos 21.3 r1-s1 All All
Operating System Juniper Junos 21.3 r1-s2 All All
Operating System Juniper Junos 21.3 r2 All All
Operating System Juniper Junos 21.3 r2-s1 All All
Operating System Juniper Junos 21.3 r2-s2 All All
Operating System Juniper Junos 21.4 - All All
Operating System Juniper Junos 21.4 r1 All All
Operating System Juniper Junos 21.4 r1-s1 All All
Operating System Juniper Junos 21.4 r1-s2 All All
Operating System Juniper Junos 21.4 r2 All All
Operating System Juniper Junos 21.4 r2-s1 All All
Operating System Juniper Junos 21.4 r2-s2 All All
Operating System Juniper Junos 22.1 r1 All All
Operating System Juniper Junos 22.1 r1-s1 All All
Operating System Juniper Junos 22.1 r1-s2 All All

References

ReferenceSourceLinkTags
CEC Juniper Community CONFIRM supportportal.juniper.net
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 44023 Juniper Network Operating System (Junos OS) Unexpected Data Type Vulnerability (JSA70586)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report