CVE-2023-28968 Information

Apr 18, 2023 cve

Description

An Improperly Controlled Sequential Memory Allocation vulnerability in the Juniper Networks Deep Packet Inspection-Decoder (JDPI-Decoder) Application Signature component of Junos OS’s AppID service on SRX Series devices will stop the JDPI-Decoder from identifying dynamic application traffic allowing an unauthenticated network-based attacker to send traffic to the target device using the JDPI-Decoder designed to inspect dynamic application traffic and take action upon this traffic to instead begin to not take action and to pass the traffic through. An example session can be seen by running the following command and evaluating the output. user@device run show security flow session source-prefix <address/mask> extensive Session ID: Status: Normal State: Active Policy name: Dynamic application: junos:UNKNOWN ««< LOOK HERE Please note the JDPI-Decoder and the AppID SigPack are both affected and both must be upgraded along with the operating system to address the matter. By default none of this is auto-enabled for automatic updates. This issue affects: Juniper Networks any version of the JDPI-Decoder Engine prior to version 5.7.0-47 with the JDPI-Decoder enabled using any version of the AppID SigPack prior to version 1.550.2-31 (SigPack 3533) on Junos OS on SRX Series: All versions prior to 19.1R3-S10; 19.2 versions prior to 19.2R3-S7; 19.3 versions prior to 19.3R3-S8; 19.4 versions prior to 19.4R3-S11; 20.1 version 20.1R1 and later versions prior to 20.2R3-S7; 20.3 version 20.3R1 and later versions prior to 20.4R3-S6; 21.1 versions prior to 21.1R3-S5; 21.2 versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3-S3; 22.1 versions prior to 22.1R3-S1; 22.2 versions prior to 22.2R2-S1 22.2R3; 22.3 versions prior to 22.3R1-S2 22.3R2;

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Reference

https://supportportal.juniper.net/s/article/SRX-How-to-update-IDP-signature-database-automatically-on-a-SRX https://supportportal.juniper.net/JSA70592 https://www.juniper.net/documentation/us/en/software/jdpi/release-notes/jdpi-decoder-release-notes-october-2022/jdpi-decoder-release-notes-october-2022.pdf

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

LOW

Base Score

NONE

Base Severity

5.3

Share on: