CVE-2023-22394

Summary

An Improper Handling of Unexpected Data Type vulnerability in the handling of SIP calls in Juniper Networks Junos OS on SRX Series and MX Series platforms allows an attacker to cause a memory leak leading to Denial of Services (DoS). This issue occurs on all MX Series platforms with MS-MPC or MS-MIC card and all SRX Series platforms where SIP ALG is enabled. Successful exploitation of this vulnerability prevents additional SIP calls and applications from succeeding. The SIP ALG needs to be enabled, either implicitly / by default or by way of configuration. To confirm whether SIP ALG is enabled on SRX use the following command: user@host> show security alg status | match sip SIP : Enabled This issue affects Juniper Networks Junos OS on SRX Series and on MX Series: All versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S8, 19.4R3-S10; 20.1 versions 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S6; 20.3 versions prior to 20.3R3-S6; 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S5; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2-S2, 21.4R3; 22.1 versions prior to 22.1R1-S2, 22.1R2, 22.1R3-S1. This issue does not affect Juniper Networks Junos OS on SRX Series and on MX Series: All versions prior to 18.2R1.

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksJunos OSunspecified < 18.2R1unaffected
Juniper NetworksJunos OSunspecified < 19.3R3-S7affected
Juniper NetworksJunos OS19.4 < 19.4R2-S8, 19.4R3-S10affected
Juniper NetworksJunos OS20.1R1 < 20.1*affected
Juniper NetworksJunos OS20.2 < 20.2R3-S6affected
Juniper NetworksJunos OS20.3 < 20.3R3-S6affected
Juniper NetworksJunos OS20.4 < 20.4R3-S5affected
Juniper NetworksJunos OS21.1 < 21.1R3-S5affected
Juniper NetworksJunos OS21.2 < 21.2R3-S1affected
Juniper NetworksJunos OS21.3 < 21.3R3affected
Juniper NetworksJunos OS21.4 < 21.4R2-S2, 21.4R3affected
Juniper NetworksJunos OS22.1 < 22.1R1-S2, 22.1R2, 22.1R3-S1affected

Weaknesses

  • CWE-911: CWE-911 Improper Update of Reference Count
  • Denial of Service (DoS)

Workarounds

There are no known workarounds for this issue

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References