CVE-2023-22413

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS on MX Series versions prior to 19.4R3-S9 Juniper Networks Junos OS on MX Series version 20.1R3-S5 and later versions Juniper Networks Junos OS on MX Series versions prior to 20.2R3-S5 Juniper Networks Junos OS on MX Series versions prior to 20.3R3-S5 Juniper Networks Junos OS on MX Series versions prior to 20.4R3-S4 Juniper Networks Junos OS on MX Series versions prior to 21.1R3-S3 Juniper Networks Junos OS on MX Series versions prior to 21.2R3-S1 Juniper Networks Junos OS on MX Series versions prior to 21.3R3 Juniper Networks Junos OS on MX Series versions prior to 21.4R2-S1, 21.4R3 Juniper Networks Junos OS on MX Series versions prior to 22.1R2

Description An Improper Check or Handling of Exceptional Conditions vulnerability in the IPsec library of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause Denial of Service (DoS). On all MX platforms with MS-MPC or MS-MIC card, when specific IPv4 packets are processed by an IPsec6 tunnel, the Multiservices PIC Management Daemon (mspmand) process will core and restart. This will lead to FPC crash. Traffic flow is impacted while mspmand restarts. Continued receipt of these specific packets will cause a sustained Denial of Service (DoS) condition. This issue only occurs if an IPv4 address is not configured on the multiservice interface.

Recommendations For Juniper Networks Junos OS on MX Series versions prior to 19.4R3-S9, update to version 19.4R3-S9 or later. For Juniper Networks Junos OS on MX Series version 20.1R3-S5 and later versions, no action is required as these versions are not affected. For Juniper Networks Junos OS on MX Series versions prior to 20.2R3-S5, update to version 20.2R3-S5 or later. For Juniper Networks Junos OS on MX Series versions prior to 20.3R3-S5, update to version 20.3R3-S5 or later. For Juniper Networks Junos OS on MX Series versions prior to 20.4R3-S4, update to version 20.4R3-S4 or later. For Juniper Networks Junos OS on MX Series versions prior to 21.1R3-S3, update to version 21.1R3-S3 or later. For Juniper Networks Junos OS on MX Series versions prior to 21.2R3-S1, update to version 21.2R3-S1 or later. For Juniper Networks Junos OS on MX Series versions prior to 21.3R3, update to version 21.3R3 or later. For Juniper Networks Junos OS on MX Series versions prior to 21.4R2-S1, 21.4R3, update to version 21.4R2-S1, 21.4R3 or later. For Juniper Networks Junos OS on MX Series versions prior to 22.1R2, update to version 22.1R2 or later.