CVE-2023-28985

Name of the Vulnerable Software and Affected Versions Juniper Networks SRX Series and MX Series versions prior to SigPack 3598

Description The issue is related to an improper validation of syntactic correctness of input in the Intrusion Detection and Prevention (IDP) system of Junos OS, allowing a remote attacker to cause a Denial of Service (DoS). When a specific malformed SSL packet is received on SRX Series and MX Series platforms with IDP enabled, the SSL detector crashes, leading to an FPC core. Continued receipt of this specific packet will cause a sustained Denial of Service condition.

Recommendations To resolve the issue, update to a version with SigPack 3598 or later. As a temporary workaround, consider disabling the IDP feature on SRX Series and MX Series platforms until a patch is available. To identify the current SigPack version, use the command show security idp security-package-version on the affected device.