CVE-2023-28985

SRX Series and MX Series: An FPC core is observed when IDP is enabled on the device and a specific malformed SSL packet is received

Description

An Improper Validation of Syntactic Correctness of Input vulnerability in Intrusion Detection and Prevention (IDP) of Juniper Networks SRX Series and MX Series allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). Continued receipt of this specific packet will cause a sustained Denial of Service condition. On all SRX Series and MX Series platforms, where IDP is enabled and a specific malformed SSL packet is received, the SSL detector crashes leading to an FPC core. This issue affects Juniper Networks SRX Series and MX Series prior to SigPack 3598. In order to identify the current SigPack version, following command can be used: user@junos# show security idp security-package-version

Remediation

Solution:

The following software releases have been updated to resolve this specific issue: SigPack 3598, and all subsequent releases.

Workaround:

There are no known workarounds for this issue.

References

Link	Tags
https://supportportal.juniper.net/JSA71662	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2023-28985?: CVE-2023-28985 has been scored as a high severity vulnerability.
How to fix CVE-2023-28985?: To fix CVE-2023-28985: The following software releases have been updated to resolve this specific issue: SigPack 3598, and all subsequent releases.
Is CVE-2023-28985 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2023-28985 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-28985?: CVE-2023-28985 affects Juniper Networks Junos OS.

Description

Remediation

Category

CWE-1286 – Improper Validation of Syntactic Correctness of Input

References

Frequently Asked Questions