CVE-2023-22415 (GCVE-0-2023-22415)
Vulnerability from cvelistv5
Published
2023-01-12 00:00
Modified
2025-04-07 19:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write
- Denial of Service (DoS)
Summary
An Out-of-Bounds Write vulnerability in the H.323 ALG of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On all MX Series and SRX Series platform, when H.323 ALG is enabled and specific H.323 packets are received simultaneously, a flow processing daemon (flowd) crash will occur. Continued receipt of these specific packets will cause a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS on MX Series and SRX Series All versions prior to 19.4R3-S10; 20.2 versions prior to 20.2R3-S6; 20.3 versions prior to 20.3R3-S6; 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R2-S1, 22.1R3; 22.2 versions prior to 22.2R1-S2, 22.2R2.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Version: unspecified < 19.4R3-S10 Version: 20.2 < 20.2R3-S6 Version: 20.3 < 20.3R3-S6 Version: 20.4 < 20.4R3-S5 Version: 21.1 < 21.1R3-S4 Version: 21.2 < 21.2R3-S3 Version: 21.3 < 21.3R3-S3 Version: 21.4 < 21.4R3 Version: 22.1 < 22.1R2-S1, 22.1R3 Version: 22.2 < 22.2R1-S2, 22.2R2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.541Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.juniper.net/JSA70211"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22415",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T19:54:09.137124Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T19:54:19.819Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"MX Series, SRX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "19.4R3-S10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "20.2R3-S6",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R3-S6",
"status": "affected",
"version": "20.3",
"versionType": "custom"
},
{
"lessThan": "20.4R3-S5",
"status": "affected",
"version": "20.4",
"versionType": "custom"
},
{
"lessThan": "21.1R3-S4",
"status": "affected",
"version": "21.1",
"versionType": "custom"
},
{
"lessThan": "21.2R3-S3",
"status": "affected",
"version": "21.2",
"versionType": "custom"
},
{
"lessThan": "21.3R3-S3",
"status": "affected",
"version": "21.3",
"versionType": "custom"
},
{
"lessThan": "21.4R3",
"status": "affected",
"version": "21.4",
"versionType": "custom"
},
{
"lessThan": "22.1R2-S1, 22.1R3",
"status": "affected",
"version": "22.1",
"versionType": "custom"
},
{
"lessThan": "22.2R1-S2, 22.2R2",
"status": "affected",
"version": "22.2",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "To be affected the H.323 ALG needs to be enabled, either implicitly / by default or by way of configuration. Please verify with:\n\nCheck if H.323 ALG is enabled by default with:\n user@host\u003e show security alg status | match H323\n H323 : Enabled\n\nConfigure H.323 ALG to receive incoming calls with following commands.\n [set interfaces ge-0/0/0 unit 0 family inet address 10.1.1.1/24]\n [set interfaces ge-0/0/1 unit 0 family inet address 172.16.1.1/24]\n [set security zones security-zone private address-book address IP-Phone1 10.1.1.5/32] \n [set security zones security-zone private address-book address gatekeeper 10.1.1.25/32 ]\n [set security zones security-zone private interfaces ge-0/0/0.0 ]\n [set security zones security-zone public address-book address IP-Phone2 172.16.1.5/32 ]\n [set security zones security-zone public interfaces ge-0/0/1.0]\n [set security policies from-zone private to-zone public policy private-to-public match source-address IP-Phone1 ]\n [set security policies from-zone private to-zone public policy private-to-public match source-address gatekeeper ]\n [set security policies from-zone private to-zone public policy private-to-public match destination-address IP-Phone2 ]\n [set security policies from-zone private to-zone public policy private-to-public match application junos-h323 ]\n [set security policies from-zone private to-zone public policy private-to-public then permit ]\n [set security policies from-zone public to-zone private policy public-to-private match source-address IP-Phone2 ]\n [set security policies from-zone public to-zone private policy public-to-private match destination-address IP-Phone1 ]\n [set security policies from-zone public to-zone private policy public-to-private match destination-address gatekeeper]\n [set security policies from-zone public to-zone private policy public-to-private match application junos-h323 ]\n [set security policies from-zone public to-zone private policy public-to-private then permit ]\n"
}
],
"datePublic": "2023-01-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Out-of-Bounds Write vulnerability in the H.323 ALG of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On all MX Series and SRX Series platform, when H.323 ALG is enabled and specific H.323 packets are received simultaneously, a flow processing daemon (flowd) crash will occur. Continued receipt of these specific packets will cause a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS on MX Series and SRX Series All versions prior to 19.4R3-S10; 20.2 versions prior to 20.2R3-S6; 20.3 versions prior to 20.3R3-S6; 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R2-S1, 22.1R3; 22.2 versions prior to 22.2R1-S2, 22.2R2."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-12T00:00:00.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"url": "https://kb.juniper.net/JSA70211"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 19.4R3-S10, 20.2R3-S6, 20.3R3-S6, 20.4R3-S5, 21.1R3-S4, 21.2R3-S3, 21.3R3-S3, 21.4R3, 22.1R2-S1, 22.1R3, 22.2R1-S2, 22.2R2, 22.3R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA70211",
"defect": [
"1666996"
],
"discovery": "USER"
},
"title": "Junos OS: MX Series and SRX Series: The flow processing daemon (flowd) will crash when specific H.323 packets are received",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue, but it should be considered to disable the H.323 ALG if it\u0027s not strictly needed."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2023-22415",
"datePublished": "2023-01-12T00:00:00.000Z",
"dateReserved": "2022-12-27T00:00:00.000Z",
"dateUpdated": "2025-04-07T19:54:19.819Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://kb.juniper.net/JSA70211\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T10:07:06.541Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-22415\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-07T19:54:09.137124Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-07T19:54:15.959Z\"}}], \"cna\": {\"title\": \"Junos OS: MX Series and SRX Series: The flow processing daemon (flowd) will crash when specific H.323 packets are received\", \"source\": {\"defect\": [\"1666996\"], \"advisory\": \"JSA70211\", \"discovery\": \"USER\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"Juniper Networks\", \"product\": \"Junos OS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"19.4R3-S10\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"20.2\", \"lessThan\": \"20.2R3-S6\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"20.3\", \"lessThan\": \"20.3R3-S6\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"20.4\", \"lessThan\": \"20.4R3-S5\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"21.1\", \"lessThan\": \"21.1R3-S4\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"21.2\", \"lessThan\": \"21.2R3-S3\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"21.3\", \"lessThan\": \"21.3R3-S3\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"21.4\", \"lessThan\": \"21.4R3\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"22.1\", \"lessThan\": \"22.1R2-S1, 22.1R3\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"22.2\", \"lessThan\": \"22.2R1-S2, 22.2R2\", \"versionType\": \"custom\"}], \"platforms\": [\"MX Series, SRX Series\"]}], \"exploits\": [{\"lang\": \"en\", \"value\": \"Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"The following software releases have been updated to resolve this specific issue: 19.4R3-S10, 20.2R3-S6, 20.3R3-S6, 20.4R3-S5, 21.1R3-S4, 21.2R3-S3, 21.3R3-S3, 21.4R3, 22.1R2-S1, 22.1R3, 22.2R1-S2, 22.2R2, 22.3R1, and all subsequent releases.\"}], \"datePublic\": \"2023-01-11T00:00:00.000Z\", \"references\": [{\"url\": \"https://kb.juniper.net/JSA70211\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"There are no known workarounds for this issue, but it should be considered to disable the H.323 ALG if it\u0027s not strictly needed.\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An Out-of-Bounds Write vulnerability in the H.323 ALG of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On all MX Series and SRX Series platform, when H.323 ALG is enabled and specific H.323 packets are received simultaneously, a flow processing daemon (flowd) crash will occur. Continued receipt of these specific packets will cause a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS on MX Series and SRX Series All versions prior to 19.4R3-S10; 20.2 versions prior to 20.2R3-S6; 20.3 versions prior to 20.3R3-S6; 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R2-S1, 22.1R3; 22.2 versions prior to 22.2R1-S2, 22.2R2.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-787\", \"description\": \"CWE-787 Out-of-bounds Write\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Denial of Service (DoS)\"}]}], \"configurations\": [{\"lang\": \"en\", \"value\": \"To be affected the H.323 ALG needs to be enabled, either implicitly / by default or by way of configuration. Please verify with:\\n\\nCheck if H.323 ALG is enabled by default with:\\n user@host\u003e show security alg status | match H323\\n H323 : Enabled\\n\\nConfigure H.323 ALG to receive incoming calls with following commands.\\n [set interfaces ge-0/0/0 unit 0 family inet address 10.1.1.1/24]\\n [set interfaces ge-0/0/1 unit 0 family inet address 172.16.1.1/24]\\n [set security zones security-zone private address-book address IP-Phone1 10.1.1.5/32] \\n [set security zones security-zone private address-book address gatekeeper 10.1.1.25/32 ]\\n [set security zones security-zone private interfaces ge-0/0/0.0 ]\\n [set security zones security-zone public address-book address IP-Phone2 172.16.1.5/32 ]\\n [set security zones security-zone public interfaces ge-0/0/1.0]\\n [set security policies from-zone private to-zone public policy private-to-public match source-address IP-Phone1 ]\\n [set security policies from-zone private to-zone public policy private-to-public match source-address gatekeeper ]\\n [set security policies from-zone private to-zone public policy private-to-public match destination-address IP-Phone2 ]\\n [set security policies from-zone private to-zone public policy private-to-public match application junos-h323 ]\\n [set security policies from-zone private to-zone public policy private-to-public then permit ]\\n [set security policies from-zone public to-zone private policy public-to-private match source-address IP-Phone2 ]\\n [set security policies from-zone public to-zone private policy public-to-private match destination-address IP-Phone1 ]\\n [set security policies from-zone public to-zone private policy public-to-private match destination-address gatekeeper]\\n [set security policies from-zone public to-zone private policy public-to-private match application junos-h323 ]\\n [set security policies from-zone public to-zone private policy public-to-private then permit ]\\n\"}], \"providerMetadata\": {\"orgId\": \"8cbe9d5a-a066-4c94-8978-4b15efeae968\", \"shortName\": \"juniper\", \"dateUpdated\": \"2023-01-12T00:00:00.000Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-22415\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-07T19:54:19.819Z\", \"dateReserved\": \"2022-12-27T00:00:00.000Z\", \"assignerOrgId\": \"8cbe9d5a-a066-4c94-8978-4b15efeae968\", \"datePublished\": \"2023-01-12T00:00:00.000Z\", \"assignerShortName\": \"juniper\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…