An Improper Validation of Syntactic Correctness of Input vulnerability in Intrusion Detection and Prevention (IDP) of Juniper Networks SRX Series and MX Series allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). Continued receipt of this specific packet will cause a sustained Denial of Service condition.
On all SRX Series and MX Series platforms, where IDP is enabled and a specific malformed SSL packet is received, the SSL detector crashes leading to an FPC core.
This issue affects Juniper Networks SRX Series and MX Series prior to SigPack 3598.
In order to identify the current SigPack version, following command can be used:
user@junos# show security idp security-package-version
On all SRX Series and MX Series platforms, where IDP is enabled and a specific malformed SSL packet is received, the SSL detector crashes leading to an FPC core.
This issue affects Juniper Networks SRX Series and MX Series prior to SigPack 3598.
In order to identify the current SigPack version, following command can be used:
user@junos# show security idp security-package-version
Metrics
Affected Vendors & Products
Advisories
Source | ID | Title |
---|---|---|
![]() |
EUVD-2023-32603 | An Improper Validation of Syntactic Correctness of Input vulnerability in Intrusion Detection and Prevention (IDP) of Juniper Networks SRX Series and MX Series allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). Continued receipt of this specific packet will cause a sustained Denial of Service condition. On all SRX Series and MX Series platforms, where IDP is enabled and a specific malformed SSL packet is received, the SSL detector crashes leading to an FPC core. This issue affects Juniper Networks SRX Series and MX Series prior to SigPack 3598. In order to identify the current SigPack version, following command can be used: user@junos# show security idp security-package-version |
Fixes
Solution
The following software releases have been updated to resolve this specific issue: SigPack 3598, and all subsequent releases.
Workaround
There are no known workarounds for this issue.
References
Link | Providers |
---|---|
https://supportportal.juniper.net/JSA71662 |
![]() ![]() |
History
Thu, 07 Nov 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Juniper Networks
Juniper Networks junos Os |
|
CPEs | cpe:2.3:o:juniper_networks:junos_os:*:*:*:*:*:*:*:* | |
Vendors & Products |
Juniper Networks
Juniper Networks junos Os |
|
Metrics |
ssvc
|

Status: PUBLISHED
Assigner: juniper
Published:
Updated: 2024-11-07T14:28:11.378Z
Reserved: 2023-03-29T08:44:10.679Z
Link: CVE-2023-28985

Updated: 2024-08-02T13:51:39.183Z

Status : Modified
Published: 2023-07-14T17:15:09.050
Modified: 2024-11-21T07:56:20.603
Link: CVE-2023-28985

No data.

No data.