Lucene search

JuniperCVELIST:CVE-2023-28968

HistoryApr 17, 2023 - 12:00 a.m.

CVE-2023-28968 Junos OS: SRX Series: Policies that rely on JDPI-Decoder actions may fail open

2023-04-1700:00:00

CWE-1325

juniper

www.cve.org

junos os

srx series

jdpi-decoder

memory allocation

vulnerability

unauthenticated

network-based attacker

bypass

srx series

cve-2023-28968

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

5.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.3%

JSON

An Improperly Controlled Sequential Memory Allocation vulnerability in the Juniper Networks Deep Packet Inspection-Decoder (JDPI-Decoder) Application Signature component of Junos OS’s AppID service on SRX Series devices will stop the JDPI-Decoder from identifying dynamic application traffic, allowing an unauthenticated network-based attacker to send traffic to the target device using the JDPI-Decoder, designed to inspect dynamic application traffic and take action upon this traffic, to instead begin to not take action and to pass the traffic through. An example session can be seen by running the following command and evaluating the output. user@device# run show security flow session source-prefix <address/mask> extensive Session ID: <session ID>, Status: Normal, State: Active Policy name: <name of policy> Dynamic application: junos:UNKNOWN, <<<<< LOOK HERE Please note, the JDPI-Decoder and the AppID SigPack are both affected and both must be upgraded along with the operating system to address the matter. By default, none of this is auto-enabled for automatic updates. This issue affects: Juniper Networks any version of the JDPI-Decoder Engine prior to version 5.7.0-47 with the JDPI-Decoder enabled using any version of the AppID SigPack prior to version 1.550.2-31 (SigPack 3533) on Junos OS on SRX Series: All versions prior to 19.1R3-S10; 19.2 versions prior to 19.2R3-S7; 19.3 versions prior to 19.3R3-S8; 19.4 versions prior to 19.4R3-S11; 20.1 version 20.1R1 and later versions prior to 20.2R3-S7; 20.3 version 20.3R1 and later versions prior to 20.4R3-S6; 21.1 versions prior to 21.1R3-S5; 21.2 versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3-S3; 22.1 versions prior to 22.1R3-S1; 22.2 versions prior to 22.2R2-S1, 22.2R3; 22.3 versions prior to 22.3R1-S2, 22.3R2;

CNA Affected

[
  {
    "vendor": "Juniper Networks",
    "product": " Junos OS",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "19.1R3-S10",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "19.2",
        "status": "affected",
        "lessThan": "19.2R3-S7",
        "versionType": "custom"
      },
      {
        "version": "19.3",
        "status": "affected",
        "lessThan": "19.3R3-S8",
        "versionType": "custom"
      },
      {
        "version": "19.4",
        "status": "affected",
        "lessThan": "19.4R3-S11",
        "versionType": "custom"
      },
      {
        "version": "20.1R1",
        "status": "affected",
        "lessThan": "20.1*",
        "versionType": "custom"
      },
      {
        "version": "20.2",
        "status": "affected",
        "lessThan": "20.2R3-S7",
        "versionType": "custom"
      },
      {
        "version": "20.3R1",
        "status": "affected",
        "lessThan": "20.3*",
        "versionType": "custom"
      },
      {
        "version": "20.4",
        "status": "affected",
        "lessThan": "20.4R3-S6",
        "versionType": "custom"
      },
      {
        "version": "21.1",
        "status": "affected",
        "lessThan": "21.1R3-S5",
        "versionType": "custom"
      },
      {
        "version": "21.2",
        "status": "affected",
        "lessThan": "21.2R3-S4",
        "versionType": "custom"
      },
      {
        "version": "21.3",
        "status": "affected",
        "lessThan": "21.3R3-S3",
        "versionType": "custom"
      },
      {
        "version": "21.4",
        "status": "affected",
        "lessThan": "21.4R3-S3",
        "versionType": "custom"
      },
      {
        "version": "22.1",
        "status": "affected",
        "lessThan": "22.1R3-S1",
        "versionType": "custom"
      },
      {
        "version": "22.2",
        "status": "affected",
        "lessThan": "22.2R2-S1, 22.2R3",
        "versionType": "custom"
      },
      {
        "version": "22.3",
        "status": "affected",
        "lessThan": "22.3R2",
        "versionType": "custom"
      }
    ],
    "platforms": [
      "SRX Series"
    ]
  },
  {
    "vendor": "Juniper Networks",
    "product": "AppID Service Sigpack",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "1.550.2-31",
        "status": "affected",
        "versionType": "custom"
      }
    ],
    "platforms": [
      "SRX Series"
    ]
  },
  {
    "vendor": "Juniper Networks",
    "product": "JDPI-Decoder Engine",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "5.7.0-47",
        "status": "affected",
        "versionType": "custom"
      }
    ],
    "platforms": [
      "SRX Series"
    ]
  }
]

References

supportportal.juniper.net/JSA70592

supportportal.juniper.net/s/article/SRX-How-to-update-IDP-signature-database-automatically-on-a-SRX

www.juniper.net/documentation/us/en/software/jdpi/release-notes/jdpi-decoder-release-notes-october-2022/jdpi-decoder-release-notes-october-2022.pdf

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

5.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.3%

JSON

Related for CVELIST:CVE-2023-28968