CVE-2023-22404Out-of-bounds Write in Networks Junos OS

CWE-787Out-of-bounds Write4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.5%
top 35.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedJan 13

Description

An Out-of-bounds Write vulnerability in the Internet Key Exchange Protocol daemon (iked) of Juniper Networks Junos OS on SRX series and MX with SPC3 allows an authenticated, network-based attacker to cause a Denial of Service (DoS). iked will crash and restart, and the tunnel will not come up when a peer sends a specifically formatted payload during the negotiation. This will impact other IKE negotiations happening at the same time. Continued receipt of this specifically formatted payload will l

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5juniper_networks/junos_osunspecified19.3R3-S7+9
NVDjuniper/junos< 19.3+10

🔴Vulnerability Details

2
GHSA
GHSA-6pj2-5fm2-2pxx: An Out-of-bounds Write vulnerability in the Internet Key Exchange Protocol daemon (iked) of Juniper Networks Junos OS on SRX series and MX with SPC3 a2023-01-13
CVEList
Junos OS: SRX Series and MX Series with SPC3: When IPsec VPN is configured iked will core when a specifically formatted payload is received2023-01-12

📋Vendor Advisories

1
Juniper
CVE-2023-22404: An Out-of-bounds Write vulnerability in the Internet Key Exchange Protocol daemon (iked) of Juniper Networks Junos OS on SRX series and MX with SPC3 a2023-01-13
CVE-2023-22404 — Out-of-bounds Write | cvebase