CVE-2023-44198

Published: Oct 12, 2023

Modified: Sep 18, 2024

PUBLISHED

CVSS v3.1

5.8

MEDIUM

Description

An Improper Check for Unusual or Exceptional Conditions vulnerability in the SIP ALG of Juniper Networks Junos OS on SRX Series and MX Series allows an unauthenticated network-based attacker to cause an integrity impact in connected networks. If the SIP ALG is configured and a device receives a specifically malformed SIP packet, the device prevents this packet from being forwarded, but any subsequently received retransmissions of the same packet are forwarded as if they were valid. This issue affects Juniper Networks Junos OS on SRX Series and MX Series: * 20.4 versions prior to 20.4R3-S5; * 21.1 versions prior to 21.1R3-S4; * 21.2 versions prior to 21.2R3-S4; * 21.3 versions prior to 21.3R3-S3; * 21.4 versions prior to 21.4R3-S2; * 22.1 versions prior to 22.1R2-S2, 22.1R3; * 22.2 versions prior to 22.2R2-S1, 22.2R3; * 22.3 versions prior to 22.3R1-S2, 22.3R2. This issue doesn't not affected releases prior to 20.4R1.

Vendor	Product	Versions
Juniper Networks	Junos OS	affected `20.4 - < 20.4R3-S5` affected `21.1 - < 21.1R3-S4` affected `21.2 - < 21.2R3-S4` affected `21.3 - < 21.3R3-S3` affected `21.4 - < 21.4R3-S2` +4 more versions

Weaknesses (CWE)

CWE-754

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

Low

Availability

None

References

https://supportportal.juniper.net/JSA73164

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-44198

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References