Main Vulnerability Database Vulnerabilities #VU82485

Improper check or handling of exceptional conditions in Juniper Junos OS - CVE-2023-22413

Published: January 11, 2023

Vulnerability identifier: #VU82485

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2023-22413

CWE-ID: CWE-703

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Juniper Junos OS

Software vendor:
Juniper Networks, Inc.

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper check or handling of exceptional conditions error in the IPsec library. A remote non-authenticated attacker can cause Denial of Service (DoS).

On all MX platforms with MS-MPC or MS-MIC card, when specific IPv4 packets are processed by an IPsec6 tunnel, the Multiservices PIC Management Daemon (mspmand) process will core and restart.

This will lead to FPC crash.

Remediation

Install updates from vendor's website.

External links

https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-MX-Series-FPC-crash-when-an-IPsec6-tunnel-processes-specific-IPv4-packets-CVE-2023-22413

Improper check or handling of exceptional conditions in Juniper Junos OS - CVE-2023-22413

Description

Remediation

External links

Please verify you're human