gsd-2023-36831
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
An Improper Check or Handling of Exceptional Conditions vulnerability in the UTM (Unified Threat Management) Web-Filtering feature of Juniper Networks Junos OS on SRX Series causes a jbuf memory leak to occur when accessing certain websites, eventually leading to a Denial of Service (DoS) condition. Service restoration is only possible by rebooting the system.
The jbuf memory leak only occurs in SSL Proxy and UTM Web-Filtering configurations. Other products, platforms, and configurations are not affected by this vulnerability.
This issue affects Juniper Networks Junos OS on SRX Series:
22.2 versions prior to 22.2R3;
22.3 versions prior to 22.3R2-S1, 22.3R3;
22.4 versions prior to 22.4R1-S2, 22.4R2.
This issue does not affect Juniper Networks Junos OS versions prior to 22.2R2.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2023-36831", "id": "GSD-2023-36831" }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2023-36831" ], "details": "An Improper Check or Handling of Exceptional Conditions vulnerability in the UTM (Unified Threat Management) Web-Filtering feature of Juniper Networks Junos OS on SRX Series causes a jbuf memory leak to occur when accessing certain websites, eventually leading to a Denial of Service (DoS) condition. Service restoration is only possible by rebooting the system.\n\nThe jbuf memory leak only occurs in SSL Proxy and UTM Web-Filtering configurations. Other products, platforms, and configurations are not affected by this vulnerability.\n\nThis issue affects Juniper Networks Junos OS on SRX Series:\n22.2 versions prior to 22.2R3;\n22.3 versions prior to 22.3R2-S1, 22.3R3;\n22.4 versions prior to 22.4R1-S2, 22.4R2.\n\nThis issue does not affect Juniper Networks Junos OS versions prior to 22.2R2.\n", "id": "GSD-2023-36831", "modified": "2023-12-13T01:20:33.952548Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "sirt@juniper.net", "ID": "CVE-2023-36831", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Junos OS", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unaffected", "versions": [ { "lessThan": "22.2R3", "status": "affected", "version": "22.2", "versionType": "custom" }, { "lessThan": "22.3R2-S1, 22.3R3", "status": "affected", "version": "22.3", "versionType": "custom" }, { "lessThan": "22.4R1-S2, 22.4R2", "status": "affected", "version": "22.4", "versionType": "custom" }, { "lessThan": "22.2R2", "status": "unaffected", "version": "unspecified", "versionType": "custom" } ] } } ] } } ] }, "vendor_name": "Juniper Networks" } ] } }, "configuration": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "The following sample configuration options highlight the features required to be affected by this issue:\u003cbr\u003e\u003ctt\u003e\u0026nbsp; set services ssl proxy profile SSL-PROXY protocol-version tls12-and-lower\u003cbr\u003e\u0026nbsp; set services ssl proxy profile SSL-PROXY trusted-ca all\u003cbr\u003e\u0026nbsp; set services ssl proxy profile SSL-PROXY root-ca ssl-proxy-ecdsa1\u003cbr\u003e\u0026nbsp; set security pki ca-profile SECURITY-CA-GROUP_1 ca-identity SECURITY-CA-GROUP_1\u003cbr\u003e\u003c/tt\u003e...\u003cbr\u003e\u003ctt\u003e\u0026nbsp; set security utm default-configuration web-filtering juniper-enhanced default log-and-permit\u003cbr\u003e\u0026nbsp; set security utm feature-profile web-filtering juniper-enhanced profile 2 category ... action block\u003cbr\u003e\u003c/tt\u003e...\u003cbr\u003e\u003ctt\u003e\u0026nbsp; set security utm utm-policy 1 web-filtering http-profile 2\u003cbr\u003e\u003c/tt\u003e...\u003cbr\u003e\u003ctt\u003e\u0026nbsp; set security policies from-zone private to-zone internet policy 1 then permit application-services ssl-proxy profile-name SSL-PROXY\u003cbr\u003e\u0026nbsp; set security policies from-zone private to-zone internet policy 1 then permit application-services utm-policy 1\u003c/tt\u003e\u003cbr\u003e" } ], "value": "The following sample configuration options highlight the features required to be affected by this issue:\n\u00a0 set services ssl proxy profile SSL-PROXY protocol-version tls12-and-lower\n\u00a0 set services ssl proxy profile SSL-PROXY trusted-ca all\n\u00a0 set services ssl proxy profile SSL-PROXY root-ca ssl-proxy-ecdsa1\n\u00a0 set security pki ca-profile SECURITY-CA-GROUP_1 ca-identity SECURITY-CA-GROUP_1\n...\n\u00a0 set security utm default-configuration web-filtering juniper-enhanced default log-and-permit\n\u00a0 set security utm feature-profile web-filtering juniper-enhanced profile 2 category ... action block\n...\n\u00a0 set security utm utm-policy 1 web-filtering http-profile 2\n...\n\u00a0 set security policies from-zone private to-zone internet policy 1 then permit application-services ssl-proxy profile-name SSL-PROXY\n\u00a0 set security policies from-zone private to-zone internet policy 1 then permit application-services utm-policy 1\n" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An Improper Check or Handling of Exceptional Conditions vulnerability in the UTM (Unified Threat Management) Web-Filtering feature of Juniper Networks Junos OS on SRX Series causes a jbuf memory leak to occur when accessing certain websites, eventually leading to a Denial of Service (DoS) condition. Service restoration is only possible by rebooting the system.\n\nThe jbuf memory leak only occurs in SSL Proxy and UTM Web-Filtering configurations. Other products, platforms, and configurations are not affected by this vulnerability.\n\nThis issue affects Juniper Networks Junos OS on SRX Series:\n22.2 versions prior to 22.2R3;\n22.3 versions prior to 22.3R2-S1, 22.3R3;\n22.4 versions prior to 22.4R1-S2, 22.4R2.\n\nThis issue does not affect Juniper Networks Junos OS versions prior to 22.2R2.\n" } ] }, "exploit": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003cbr\u003e" } ], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n" } ], "generator": { "engine": "Vulnogram 0.1.0-dev" }, "impact": { "cvss": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "cweId": "CWE-703", "lang": "eng", "value": "CWE-703 Improper Check or Handling of Exceptional Conditions" } ] }, { "description": [ { "lang": "eng", "value": "Denial of Service (DoS)" } ] } ] }, "references": { "reference_data": [ { "name": "https://supportportal.juniper.net/JSA71636", "refsource": "MISC", "url": "https://supportportal.juniper.net/JSA71636" } ] }, "solution": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "The following software releases have been updated to resolve this specific issue: Junos OS 22.2R3, 22.3R2-S1, 22.3R3, 22.4R1-S2, 22.4R2, 23.1R1, and all subsequent releases.\u003cbr\u003e" } ], "value": "The following software releases have been updated to resolve this specific issue: Junos OS 22.2R3, 22.3R2-S1, 22.3R3, 22.4R1-S2, 22.4R2, 23.1R1, and all subsequent releases.\n" } ], "source": { "defect": [ "1709031" ], "discovery": "USER" }, "work_around": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "There are no known workarounds for this issue.\u003cbr\u003e" } ], "value": "There are no known workarounds for this issue.\n" } ] }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:juniper:junos:22.2:r1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:juniper:junos:22.2:r1-s1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:juniper:junos:22.2:r2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:juniper:junos:22.2:r1-s2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:juniper:junos:22.2:r2-s1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:juniper:junos:22.2:r2-s2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:juniper:junos:22.3:r1-s2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:juniper:junos:22.3:r1-s1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:juniper:junos:22.3:r2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:juniper:junos:22.3:r1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:juniper:junos:22.4:r1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:juniper:junos:22.4:r1-s1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:juniper:vsrx:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:juniper:csrx:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:juniper:srx100:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:juniper:srx110:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:juniper:srx1400:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:juniper:srx1500:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:juniper:srx210:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:juniper:srx220:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:juniper:srx240:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:juniper:srx240h2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:juniper:srx240m:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:juniper:srx300:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:juniper:srx320:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:juniper:srx340:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:juniper:srx3400:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:juniper:srx345:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:juniper:srx3600:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:juniper:srx380:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:juniper:srx4000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:juniper:srx4100:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:juniper:srx4200:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:juniper:srx4600:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:juniper:srx5000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:juniper:srx5400:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:juniper:srx550:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:juniper:srx550_hm:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:juniper:srx550m:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:juniper:srx5600:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:juniper:srx5800:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:juniper:srx650:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "sirt@juniper.net", "ID": "CVE-2023-36831" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "An Improper Check or Handling of Exceptional Conditions vulnerability in the UTM (Unified Threat Management) Web-Filtering feature of Juniper Networks Junos OS on SRX Series causes a jbuf memory leak to occur when accessing certain websites, eventually leading to a Denial of Service (DoS) condition. Service restoration is only possible by rebooting the system.\n\nThe jbuf memory leak only occurs in SSL Proxy and UTM Web-Filtering configurations. Other products, platforms, and configurations are not affected by this vulnerability.\n\nThis issue affects Juniper Networks Junos OS on SRX Series:\n22.2 versions prior to 22.2R3;\n22.3 versions prior to 22.3R2-S1, 22.3R3;\n22.4 versions prior to 22.4R1-S2, 22.4R2.\n\nThis issue does not affect Juniper Networks Junos OS versions prior to 22.2R2.\n" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-703" } ] } ] }, "references": { "reference_data": [ { "name": "https://supportportal.juniper.net/JSA71636", "refsource": "MISC", "tags": [ "Vendor Advisory" ], "url": "https://supportportal.juniper.net/JSA71636" } ] } }, "impact": { "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6 } }, "lastModifiedDate": "2023-07-26T14:06Z", "publishedDate": "2023-07-14T15:15Z" } } }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.