CVE-2023-28985
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
14/07/2023
Last modified:
27/07/2023
Description
An Improper Validation of Syntactic Correctness of Input vulnerability in Intrusion Detection and Prevention (IDP) of Juniper Networks SRX Series and MX Series allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). Continued receipt of this specific packet will cause a sustained Denial of Service condition.<br />
<br />
On all SRX Series and MX Series platforms, where IDP is enabled and a specific malformed SSL packet is received, the SSL detector crashes leading to an FPC core.<br />
<br />
This issue affects Juniper Networks SRX Series and MX Series prior to SigPack 3598.<br />
<br />
In order to identify the current SigPack version, following command can be used:<br />
<br />
user@junos# show security idp security-package-version
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:juniper:junos:-:*:*:*:*:*:*:* | ||
| cpe:2.3:a:juniper:vsrx:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:juniper:csrx:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:juniper:mx10:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:juniper:mx10000:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:juniper:mx10003:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:juniper:mx10008:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:juniper:mx10016:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:juniper:mx104:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:juniper:mx150:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:juniper:mx2008:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:juniper:mx2010:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:juniper:mx2020:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:juniper:mx204:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:juniper:mx240:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page