HIGH🇬🇧 English

CVE-2023-22394

CVSS 7.5v3.1pub. 2023-01-13upd. 2024-11-21

An Improper Handling of Unexpected Data Type vulnerability in the handling of SIP calls in Juniper Networks Junos OS on SRX Series and MX Series platforms allows an attacker to cause a memory leak leading to Denial of Services (DoS). This issue occurs on all MX Series platforms with MS-MPC or MS-MIC card and all SRX Series platforms where SIP ALG is enabled. Successful exploitation of this vulnerability prevents additional SIP calls and applications from succeeding. The SIP ALG needs to be enabled, either implicitly / by default or by way of configuration. To confirm whether SIP ALG is enabled on SRX use the following command: user@host> show security alg status | match sip SIP : Enabled This issue affects Juniper Networks Junos OS on SRX Series and on MX Series: All versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S8, 19.4R3-S10; 20.1 versions 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S6; 20.3 versions prior to 20.3R3-S6; 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S5; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2-S2, 21.4R3; 22.1 versions prior to 22.1R1-S2, 22.1R2, 22.1R3-S1. This issue does not affect Juniper Networks Junos OS on SRX Series and on MX Series: All versions prior to 18.2R1.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Juniper Junos

    OS
    Juniper
    19.319.420.120.220.320.421.121.221.321.422.1< 19.3
  • Juniper Mx10

    HW
    Juniper
    wszystkie wersje
  • Juniper Mx10000

    HW
    Juniper
    wszystkie wersje
  • Juniper Mx10003

    HW
    Juniper
    wszystkie wersje
  • Juniper Mx10008

    HW
    Juniper
    wszystkie wersje
  • Juniper Mx10016

    HW
    Juniper
    wszystkie wersje
  • Juniper Mx104

    HW
    Juniper
    wszystkie wersje
  • Juniper Mx150

    HW
    Juniper
    wszystkie wersje
  • Juniper Mx2008

    HW
    Juniper
    wszystkie wersje
  • Juniper Mx2010

    HW
    Juniper
    wszystkie wersje
  • Juniper Mx2020

    HW
    Juniper
    wszystkie wersje
  • Juniper Mx204

    HW
    Juniper
    wszystkie wersje
  • Juniper Mx240

    HW
    Juniper
    wszystkie wersje
  • Juniper Mx40

    HW
    Juniper
    wszystkie wersje
  • Juniper Mx480

    HW
    Juniper
    wszystkie wersje
  • Juniper Mx5

    HW
    Juniper
    wszystkie wersje
  • Juniper Mx80

    HW
    Juniper
    wszystkie wersje
  • Juniper Mx960

    HW
    Juniper
    wszystkie wersje
  • Juniper Srx100

    HW
    Juniper
    wszystkie wersje
  • Juniper Srx110

    HW
    Juniper
    wszystkie wersje
  • Juniper Srx1400

    HW
    Juniper
    wszystkie wersje
  • Juniper Srx1500

    HW
    Juniper
    wszystkie wersje
  • Juniper Srx210

    HW
    Juniper
    wszystkie wersje
  • Juniper Srx220

    HW
    Juniper
    wszystkie wersje
  • Juniper Srx240

    HW
    Juniper
    wszystkie wersje
  • Juniper Srx240h2

    HW
    Juniper
    wszystkie wersje
  • Juniper Srx240m

    HW
    Juniper
    wszystkie wersje
  • Juniper Srx300

    HW
    Juniper
    wszystkie wersje
  • Juniper Srx320

    HW
    Juniper
    wszystkie wersje
  • Juniper Srx340

    HW
    Juniper
    wszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
DoS
CWE
Referencje

Powiązane podatności

CVE-2023-36845CRITICAL9.8⚠ KEVten sam produkt

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SR...

CVE-2024-21591CRITICAL9.8PL ✓ten sam produkt

Out-of-bounds Write w J-Web Juniper Junos OS — RCE z uprawnieniami root

CVE-2021-0248CRITICAL10.0ten sam produkt

This issue is not applicable to NFX NextGen Software. On NFX Series devices the use of Hard-coded Credentials ...

CVE-2021-0254CRITICAL9.8ten sam produkt

A buffer size validation vulnerability in the overlayd service of Juniper Networks Junos OS may allow an unaut...

CVE-2021-0211CRITICAL10.0ten sam produkt

An improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved Rout...