CVE-2023-22404: Junos OS: SRX Series and MX Series with SPC3: When IPsec VPN is configured iked will core when a specifically formatted payload is received
First published: Thu Jan 12 2023(Updated: )
An Out-of-bounds Write vulnerability in the Internet Key Exchange Protocol daemon (iked) of Juniper Networks Junos OS on SRX series and MX with SPC3 allows an authenticated, network-based attacker to cause a Denial of Service (DoS). iked will crash and restart, and the tunnel will not come up when a peer sends a specifically formatted payload during the negotiation. This will impact other IKE negotiations happening at the same time. Continued receipt of this specifically formatted payload will lead to continuous crashing of iked and thereby the inability for any IKE negotiations to take place. Note that this payload is only processed after the authentication has successfully completed. So the issue can only be exploited by an attacker who can successfully authenticate. This issue affects Juniper Networks Junos OS on SRX Series, and MX Series with SPC3: All versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R3-S9; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S2; 21.3 versions prior to 21.3R3-S1; 21.4 versions prior to 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R1-S2, 22.1R2.
Credit: sirt@juniper.net
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Junos OS Evolved | <19.3 | |
| Junos OS Evolved | =19.3 | |
| Junos OS Evolved | =19.3-r1 | |
| Junos OS Evolved | =19.3-r1-s1 | |
| Junos OS Evolved | =19.3-r2 | |
| Junos OS Evolved | =19.3-r2-s1 | |
| Junos OS Evolved | =19.3-r2-s2 | |
| Junos OS Evolved | =19.3-r2-s3 | |
| Junos OS Evolved | =19.3-r2-s4 | |
| Junos OS Evolved | =19.3-r2-s5 | |
| Junos OS Evolved | =19.3-r2-s6 | |
| Junos OS Evolved | =19.3-r3 | |
| Junos OS Evolved | =19.3-r3-s1 | |
| Junos OS Evolved | =19.3-r3-s2 | |
| Junos OS Evolved | =19.3-r3-s3 | |
| Junos OS Evolved | =19.3-r3-s4 | |
| Junos OS Evolved | =19.3-r3-s5 | |
| Junos OS Evolved | =19.3-r3-s6 | |
| Junos OS Evolved | =19.4 | |
| Junos OS Evolved | =19.4-r1 | |
| Junos OS Evolved | =19.4-r1-s1 | |
| Junos OS Evolved | =19.4-r1-s2 | |
| Junos OS Evolved | =19.4-r1-s3 | |
| Junos OS Evolved | =19.4-r1-s4 | |
| Junos OS Evolved | =19.4-r2 | |
| Junos OS Evolved | =19.4-r2-s1 | |
| Junos OS Evolved | =19.4-r2-s2 | |
| Junos OS Evolved | =19.4-r2-s3 | |
| Junos OS Evolved | =19.4-r2-s4 | |
| Junos OS Evolved | =19.4-r2-s5 | |
| Junos OS Evolved | =19.4-r2-s6 | |
| Junos OS Evolved | =19.4-r2-s7 | |
| Junos OS Evolved | =19.4-r3 | |
| Junos OS Evolved | =19.4-r3-s1 | |
| Junos OS Evolved | =19.4-r3-s2 | |
| Junos OS Evolved | =19.4-r3-s3 | |
| Junos OS Evolved | =19.4-r3-s4 | |
| Junos OS Evolved | =19.4-r3-s5 | |
| Junos OS Evolved | =19.4-r3-s6 | |
| Junos OS Evolved | =19.4-r3-s7 | |
| Junos OS Evolved | =19.4-r3-s8 | |
| Junos OS Evolved | =20.2 | |
| Junos OS Evolved | =20.2-r1 | |
| Junos OS Evolved | =20.2-r1-s1 | |
| Junos OS Evolved | =20.2-r1-s2 | |
| Junos OS Evolved | =20.2-r1-s3 | |
| Junos OS Evolved | =20.2-r2 | |
| Junos OS Evolved | =20.2-r2-s1 | |
| Junos OS Evolved | =20.2-r2-s2 | |
| Junos OS Evolved | =20.2-r2-s3 | |
| Junos OS Evolved | =20.2-r3 | |
| Junos OS Evolved | =20.2-r3-s1 | |
| Junos OS Evolved | =20.2-r3-s2 | |
| Junos OS Evolved | =20.2-r3-s3 | |
| Junos OS Evolved | =20.2-r3-s4 | |
| Junos OS Evolved | =20.3 | |
| Junos OS Evolved | =20.3-r1 | |
| Junos OS Evolved | =20.3-r1-s1 | |
| Junos OS Evolved | =20.3-r1-s2 | |
| Junos OS Evolved | =20.3-r2 | |
| Junos OS Evolved | =20.3-r2-s1 | |
| Junos OS Evolved | =20.3-r3 | |
| Junos OS Evolved | =20.3-r3-s1 | |
| Junos OS Evolved | =20.3-r3-s2 | |
| Junos OS Evolved | =20.3-r3-s3 | |
| Junos OS Evolved | =20.3-r3-s4 | |
| Junos OS Evolved | =20.4 | |
| Junos OS Evolved | =20.4-r1 | |
| Junos OS Evolved | =20.4-r1-s1 | |
| Junos OS Evolved | =20.4-r2 | |
| Junos OS Evolved | =20.4-r2-s1 | |
| Junos OS Evolved | =20.4-r2-s2 | |
| Junos OS Evolved | =20.4-r3 | |
| Junos OS Evolved | =20.4-r3-s1 | |
| Junos OS Evolved | =20.4-r3-s2 | |
| Junos OS Evolved | =20.4-r3-s3 | |
| Junos OS Evolved | =21.1 | |
| Junos OS Evolved | =21.1-r1 | |
| Junos OS Evolved | =21.1-r1-s1 | |
| Junos OS Evolved | =21.1-r2 | |
| Junos OS Evolved | =21.1-r2-s1 | |
| Junos OS Evolved | =21.1-r2-s2 | |
| Junos OS Evolved | =21.1-r3 | |
| Junos OS Evolved | =21.1-r3-s1 | |
| Junos OS Evolved | =21.1-r3-s2 | |
| Junos OS Evolved | =21.2 | |
| Junos OS Evolved | =21.2-r1 | |
| Junos OS Evolved | =21.2-r1-s1 | |
| Junos OS Evolved | =21.2-r1-s2 | |
| Junos OS Evolved | =21.2-r2 | |
| Junos OS Evolved | =21.2-r2-s1 | |
| Junos OS Evolved | =21.2-r2-s2 | |
| Junos OS Evolved | =21.2-r3 | |
| Junos OS Evolved | =21.2-r3-s1 | |
| Junos OS Evolved | =21.3 | |
| Junos OS Evolved | =21.3-r1 | |
| Junos OS Evolved | =21.3-r1-s1 | |
| Junos OS Evolved | =21.3-r1-s2 | |
| Junos OS Evolved | =21.3-r2 | |
| Junos OS Evolved | =21.3-r2-s1 | |
| Junos OS Evolved | =21.3-r2-s2 | |
| Junos OS Evolved | =21.3-r3 | |
| Junos OS Evolved | =21.4 | |
| Junos OS Evolved | =21.4-r1 | |
| Junos OS Evolved | =21.4-r1-s1 | |
| Junos OS Evolved | =21.4-r1-s2 | |
| Junos OS Evolved | =21.4-r2 | |
| Junos OS Evolved | =22.1-r1 | |
| Junos OS Evolved | =22.1-r1-s1 | |
| Juniper MX10 | ||
| Juniper MX10000 | ||
| Juniper MX10003 | ||
| Juniper MX10008 | ||
| Juniper MX10016 | ||
| Juniper MX104 | ||
| Juniper MX150 | ||
| Juniper MX2008 | ||
| Juniper MX2010 | ||
| Juniper MX2020 | ||
| Juniper MX204 | ||
| Juniper MX240 | ||
| Juniper MX40 | ||
| Juniper MX480 | ||
| Juniper MX5 | ||
| Juniper MX80 | ||
| Juniper MX960 | ||
| Juniper SRX100 | ||
| Juniper SRX110 | ||
| Juniper SRX1400 | ||
| Juniper SRX1500 | ||
| Juniper SRX210 | ||
| Juniper SRX220 | ||
| Juniper SRX240 | ||
| Juniper SRX240H2 | ||
| Juniper SRX240M | ||
| Juniper SRX300 | ||
| Juniper SRX320 | ||
| Juniper SRX340 | ||
| Juniper SRX3400 | ||
| Juniper SRX345 | ||
| Juniper SRX3600 | ||
| Juniper SRX380 | ||
| Juniper SRX4000 | ||
| Juniper SRX4100 | ||
| Juniper SRX4200 | ||
| Juniper SRX4600 | ||
| Junos OS SRX 5000 Series | ||
| Juniper SRX5400 | ||
| Juniper SRX550 | ||
| Juniper SRX550 | ||
| Juniper SRX550 | ||
| Juniper SRX5600 | ||
| Juniper SRX5800 | ||
| Juniper SRX650 |
Remedy
The following software releases have been updated to resolve this specific issue: 19.3R3-S7, 19.4R3-S9, 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R3-S3, 21.2R3-S2, 21.3R3-S1, 21.4R2-S1, 21.4R3, 22.1R1-S2, 22.1R2, 22.2R1, and all subsequent releases.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-22404?
CVE-2023-22404 has a severity rating that indicates it can cause a Denial of Service (DoS) in affected devices.
Which devices are affected by CVE-2023-22404?
CVE-2023-22404 affects Junos OS running on Juniper Networks SRX series and MX devices with SPC3 features.
How do I fix CVE-2023-22404?
To mitigate CVE-2023-22404, upgrade your Junos OS to the patched version released by Juniper Networks.
What kind of attack does CVE-2023-22404 enable?
CVE-2023-22404 allows an authenticated network-based attacker to trigger a crash of the iked process, leading to a Denial of Service.
Is CVE-2023-22404 being actively exploited?
As of the current date, there are no public reports indicating active exploitation of CVE-2023-22404.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/description
- agent/title
- agent/remedy
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/juniper
- canonical/junos os evolved
- version/junos os evolved/19.3
- version/junos os evolved/19.3-r1
- version/junos os evolved/19.3-r1-s1
- version/junos os evolved/19.3-r2
- version/junos os evolved/19.3-r2-s1
- version/junos os evolved/19.3-r2-s2
- version/junos os evolved/19.3-r2-s3
- version/junos os evolved/19.3-r2-s4
- version/junos os evolved/19.3-r2-s5
- version/junos os evolved/19.3-r2-s6
- version/junos os evolved/19.3-r3
- version/junos os evolved/19.3-r3-s1
- version/junos os evolved/19.3-r3-s2
- version/junos os evolved/19.3-r3-s3
- version/junos os evolved/19.3-r3-s4
- version/junos os evolved/19.3-r3-s5
- version/junos os evolved/19.3-r3-s6
- version/junos os evolved/19.4
- version/junos os evolved/19.4-r1
- version/junos os evolved/19.4-r1-s1
- version/junos os evolved/19.4-r1-s2
- version/junos os evolved/19.4-r1-s3
- version/junos os evolved/19.4-r1-s4
- version/junos os evolved/19.4-r2
- version/junos os evolved/19.4-r2-s1
- version/junos os evolved/19.4-r2-s2
- version/junos os evolved/19.4-r2-s3
- version/junos os evolved/19.4-r2-s4
- version/junos os evolved/19.4-r2-s5
- version/junos os evolved/19.4-r2-s6
- version/junos os evolved/19.4-r2-s7
- version/junos os evolved/19.4-r3
- version/junos os evolved/19.4-r3-s1
- version/junos os evolved/19.4-r3-s2
- version/junos os evolved/19.4-r3-s3
- version/junos os evolved/19.4-r3-s4
- version/junos os evolved/19.4-r3-s5
- version/junos os evolved/19.4-r3-s6
- version/junos os evolved/19.4-r3-s7
- version/junos os evolved/19.4-r3-s8
- version/junos os evolved/20.2
- version/junos os evolved/20.2-r1
- version/junos os evolved/20.2-r1-s1
- version/junos os evolved/20.2-r1-s2
- version/junos os evolved/20.2-r1-s3
- version/junos os evolved/20.2-r2
- version/junos os evolved/20.2-r2-s1
- version/junos os evolved/20.2-r2-s2
- version/junos os evolved/20.2-r2-s3
- version/junos os evolved/20.2-r3
- version/junos os evolved/20.2-r3-s1
- version/junos os evolved/20.2-r3-s2
- version/junos os evolved/20.2-r3-s3
- version/junos os evolved/20.2-r3-s4
- version/junos os evolved/20.3
- version/junos os evolved/20.3-r1
- version/junos os evolved/20.3-r1-s1
- version/junos os evolved/20.3-r1-s2
- version/junos os evolved/20.3-r2
- version/junos os evolved/20.3-r2-s1
- version/junos os evolved/20.3-r3
- version/junos os evolved/20.3-r3-s1
- version/junos os evolved/20.3-r3-s2
- version/junos os evolved/20.3-r3-s3
- version/junos os evolved/20.3-r3-s4
- version/junos os evolved/20.4
- version/junos os evolved/20.4-r1
- version/junos os evolved/20.4-r1-s1
- version/junos os evolved/20.4-r2
- version/junos os evolved/20.4-r2-s1
- version/junos os evolved/20.4-r2-s2
- version/junos os evolved/20.4-r3
- version/junos os evolved/20.4-r3-s1
- version/junos os evolved/20.4-r3-s2
- version/junos os evolved/20.4-r3-s3
- version/junos os evolved/21.1
- version/junos os evolved/21.1-r1
- version/junos os evolved/21.1-r1-s1
- version/junos os evolved/21.1-r2
- version/junos os evolved/21.1-r2-s1
- version/junos os evolved/21.1-r2-s2
- version/junos os evolved/21.1-r3
- version/junos os evolved/21.1-r3-s1
- version/junos os evolved/21.1-r3-s2
- version/junos os evolved/21.2
- version/junos os evolved/21.2-r1
- version/junos os evolved/21.2-r1-s1
- version/junos os evolved/21.2-r1-s2
- version/junos os evolved/21.2-r2
- version/junos os evolved/21.2-r2-s1
- version/junos os evolved/21.2-r2-s2
- version/junos os evolved/21.2-r3
- version/junos os evolved/21.2-r3-s1
- version/junos os evolved/21.3
- version/junos os evolved/21.3-r1
- version/junos os evolved/21.3-r1-s1
- version/junos os evolved/21.3-r1-s2
- version/junos os evolved/21.3-r2
- version/junos os evolved/21.3-r2-s1
- version/junos os evolved/21.3-r2-s2
- version/junos os evolved/21.3-r3
- version/junos os evolved/21.4
- version/junos os evolved/21.4-r1
- version/junos os evolved/21.4-r1-s1
- version/junos os evolved/21.4-r1-s2
- version/junos os evolved/21.4-r2
- version/junos os evolved/22.1-r1
- version/junos os evolved/22.1-r1-s1
- canonical/juniper mx10
- canonical/juniper mx10000
- canonical/juniper mx10003
- canonical/juniper mx10008
- canonical/juniper mx10016
- canonical/juniper mx104
- canonical/juniper mx150
- canonical/juniper mx2008
- canonical/juniper mx2010
- canonical/juniper mx2020
- canonical/juniper mx204
- canonical/juniper mx240
- canonical/juniper mx40
- canonical/juniper mx480
- canonical/juniper mx5
- canonical/juniper mx80
- canonical/juniper mx960
- canonical/juniper srx100
- canonical/juniper srx110
- canonical/juniper srx1400
- canonical/juniper srx1500
- canonical/juniper srx210
- canonical/juniper srx220
- canonical/juniper srx240
- canonical/juniper srx240h2
- canonical/juniper srx240m
- canonical/juniper srx300
- canonical/juniper srx320
- canonical/juniper srx340
- canonical/juniper srx3400
- canonical/juniper srx345
- canonical/juniper srx3600
- canonical/juniper srx380
- canonical/juniper srx4000
- canonical/juniper srx4100
- canonical/juniper srx4200
- canonical/juniper srx4600
- canonical/junos os srx 5000 series
- canonical/juniper srx5400
- canonical/juniper srx550
- canonical/juniper srx5600
- canonical/juniper srx5800
- canonical/juniper srx650