CVE-2023-36831
📋 TL;DR
A memory leak vulnerability in Juniper SRX Series firewalls with SSL Proxy and UTM Web-Filtering enabled causes gradual memory exhaustion when accessing certain websites. This leads to a denial of service requiring system reboot to restore functionality. Only SRX Series devices running affected Junos OS versions with specific configurations are vulnerable.
💻 Affected Systems
- Juniper Networks SRX Series
📦 What is this software?
Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →⚠️ Risk & Real-World Impact
Worst Case
Complete denial of service requiring physical or console access to reboot the firewall, disrupting all network traffic through the device.
Likely Case
Gradual performance degradation leading to eventual service disruption, requiring maintenance window for reboot.
If Mitigated
No impact if vulnerable configurations are disabled or devices are patched.
🎯 Exploit Status
Exploitation requires access to trigger web-filtering on affected websites. No authentication needed to trigger the memory leak.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 22.2R3, 22.3R2-S1, 22.3R3, 22.4R1-S2, 22.4R2 or later
Vendor Advisory: https://supportportal.juniper.net/JSA71636
Restart Required: Yes
Instructions:
1. Download appropriate patched version from Juniper support portal. 2. Backup configuration. 3. Install update via CLI or J-Web interface. 4. Reboot device to complete installation.
🔧 Temporary Workarounds
Disable vulnerable features
juniperTemporarily disable SSL Proxy and UTM Web-Filtering to prevent exploitation
configure
delete security utm feature-profile web-filtering
delete security ssl proxy
commit
🧯 If You Can't Patch
- Disable SSL Proxy and UTM Web-Filtering features immediately
- Implement network segmentation to limit traffic through vulnerable firewalls
🔍 How to Verify
Check if Vulnerable:
Check Junos OS version with 'show version' and verify SSL Proxy/UTM Web-Filtering configuration with 'show configuration security'Check Version:
show version | match JunosVerify Fix Applied:
Verify installed version is patched with 'show version' and check memory usage stability with 'show system memory' over time📡 Detection & Monitoring
Log Indicators:
- Increasing jbuf memory usage in system logs
- Memory exhaustion warnings
- Web-filtering session failures
Network Indicators:
- Gradual performance degradation of firewall services
- Increased latency for SSL/TLS traffic
SIEM Query:
source="juniper-firewall" ("jbuf" OR "memory leak" OR "memory exhaustion")