From 18d340f776ed11e1f2026fec7e7906289be43212 Mon Sep 17 00:00:00 2001 From: mpaujnpr01 <37092983+mpaujnpr01@users.noreply.github.com> Date: Mon, 17 Oct 2022 20:38:51 -0600 Subject: [PATCH] Juniper JSA publication 2022-10 Juniper JSA publication 2022-10. See https://advisory.juniper.net for more information. --- 2022/22xxx/CVE-2022-22192.json | 138 +++++++++++++++++++-- 2022/22xxx/CVE-2022-22201.json | 162 +++++++++++++++++++++++-- 2022/22xxx/CVE-2022-22208.json | 195 +++++++++++++++++++++++++++-- 2022/22xxx/CVE-2022-22211.json | 150 +++++++++++++++++++++-- 2022/22xxx/CVE-2022-22218.json | 180 +++++++++++++++++++++++++-- 2022/22xxx/CVE-2022-22219.json | 169 ++++++++++++++++++++++++-- 2022/22xxx/CVE-2022-22220.json | 175 ++++++++++++++++++++++++-- 2022/22xxx/CVE-2022-22223.json | 192 +++++++++++++++++++++++++++-- 2022/22xxx/CVE-2022-22224.json | 175 ++++++++++++++++++++++++-- 2022/22xxx/CVE-2022-22225.json | 200 ++++++++++++++++++++++++++++-- 2022/22xxx/CVE-2022-22226.json | 206 +++++++++++++++++++++++++++++-- 2022/22xxx/CVE-2022-22227.json | 144 ++++++++++++++++++++-- 2022/22xxx/CVE-2022-22228.json | 152 +++++++++++++++++++++-- 2022/22xxx/CVE-2022-22229.json | 110 +++++++++++++++-- 2022/22xxx/CVE-2022-22230.json | 216 +++++++++++++++++++++++++++++++-- 2022/22xxx/CVE-2022-22231.json | 126 +++++++++++++++++-- 2022/22xxx/CVE-2022-22232.json | 132 ++++++++++++++++++-- 2022/22xxx/CVE-2022-22233.json | 150 +++++++++++++++++++++-- 2022/22xxx/CVE-2022-22234.json | 186 ++++++++++++++++++++++++++-- 2022/22xxx/CVE-2022-22235.json | 168 +++++++++++++++++++++++-- 2022/22xxx/CVE-2022-22236.json | 156 ++++++++++++++++++++++-- 2022/22xxx/CVE-2022-22237.json | 131 ++++++++++++++++++-- 2022/22xxx/CVE-2022-22238.json | 200 ++++++++++++++++++++++++++++-- 2022/22xxx/CVE-2022-22239.json | 120 ++++++++++++++++-- 2022/22xxx/CVE-2022-22240.json | 188 ++++++++++++++++++++++++++-- 2022/22xxx/CVE-2022-22241.json | 171 ++++++++++++++++++++++++-- 2022/22xxx/CVE-2022-22242.json | 171 ++++++++++++++++++++++++-- 2022/22xxx/CVE-2022-22243.json | 171 ++++++++++++++++++++++++-- 2022/22xxx/CVE-2022-22244.json | 171 ++++++++++++++++++++++++-- 2022/22xxx/CVE-2022-22245.json | 171 ++++++++++++++++++++++++-- 2022/22xxx/CVE-2022-22246.json | 171 ++++++++++++++++++++++++-- 2022/22xxx/CVE-2022-22247.json | 129 ++++++++++++++++++-- 2022/22xxx/CVE-2022-22248.json | 125 +++++++++++++++++-- 2022/22xxx/CVE-2022-22249.json | 186 ++++++++++++++++++++++++++-- 2022/22xxx/CVE-2022-22250.json | 209 +++++++++++++++++++++++++++++-- 2022/22xxx/CVE-2022-22251.json | 146 ++++++++++++++++++++-- 36 files changed, 5690 insertions(+), 252 deletions(-) diff --git a/2022/22xxx/CVE-2022-22192.json b/2022/22xxx/CVE-2022-22192.json index 0240553f18d..3bc43cb99eb 100644 --- a/2022/22xxx/CVE-2022-22192.json +++ b/2022/22xxx/CVE-2022-22192.json @@ -1,18 +1,142 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2022-10-12T16:00:00.000Z", "ID": "CVE-2022-22192", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Junos OS Evolved: PTX Series: An attacker can cause a kernel panic by sending a malformed TCP packet to the device" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS Evolved", + "version": { + "version_data": [ + { + "platform": "PTX10004, PTX10008, PTX10016", + "version_affected": "<", + "version_name": "20.4-EVO", + "version_value": "20.4R3-S4-EVO" + }, + { + "platform": "PTX10004, PTX10008, PTX10016", + "version_affected": "<", + "version_name": "21.3-EVO", + "version_value": "21.3R3-EVO" + }, + { + "platform": "PTX10004, PTX10008, PTX10016", + "version_affected": "<", + "version_name": "21.4-EVO", + "version_value": "21.4R3-EVO" + }, + { + "platform": "PTX10004, PTX10008, PTX10016", + "version_affected": "<", + "version_name": "22.1-EVO", + "version_value": "22.1R2-EVO" + }, + { + "platform": "PTX10004, PTX10008, PTX10016", + "version_affected": "!<", + "version_value": "20.4R1-EVO" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Improper Validation of Syntactic Correctness of Input vulnerability in the kernel of Juniper Networks Junos OS Evolved on PTX series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).\n\nWhen an incoming TCP packet destined to the device is malformed there is a possibility of a kernel panic. Only TCP packets destined to the ports for BGP, LDP and MSDP can trigger this.\nThis issue only affects PTX10004, PTX10008, PTX10016. No other PTX Series devices or other platforms are affected.\nThis issue affects Juniper Networks Junos OS Evolved:\n20.4-EVO versions prior to 20.4R3-S4-EVO;\n21.3-EVO versions prior to 21.3R3-EVO;\n21.4-EVO versions prior to 21.4R3-EVO;\n22.1-EVO versions prior to 22.1R2-EVO.\n\nThis issue does not affect Juniper Networks Junos OS Evolved versions prior to 20.4R1-EVO." } ] - } + }, + "exploit": [ + { + "lang": "eng", + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." + } + ], + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service (DoS)" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-1286 Improper Validation of Syntactic Correctness of Input" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA69915", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA69915" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following Junos OS Evolved software releases have been updated to resolve this specific issue: 20.4R3-S4-EVO, 21.4R3-EVO, 22.1R2-EVO, 22.2R1-EVO, and all subsequent releases." + } + ], + "source": { + "advisory": "JSA69915", + "defect": [ + "1663201" + ], + "discovery": "USER" + }, + "work_around": [ + { + "lang": "eng", + "value": "There are no known workarounds for this issue." + } + ] } \ No newline at end of file diff --git a/2022/22xxx/CVE-2022-22201.json b/2022/22xxx/CVE-2022-22201.json index 0dde2f3f20c..cab1e290e68 100644 --- a/2022/22xxx/CVE-2022-22201.json +++ b/2022/22xxx/CVE-2022-22201.json @@ -1,18 +1,166 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2022-10-12T16:00:00.000Z", "ID": "CVE-2022-22201", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "SRX5000 Series with SPC3, SRX4000 Series, and vSRX: When PowerMode IPsec is configured, the PFE will crash upon receipt of a malformed ESP packet" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "platform": "SRX5000 Series with SPC3, SRX4000 Series, and vSRX", + "version_affected": "<", + "version_value": "19.4R2-S6, 19.4R3-S7" + }, + { + "platform": "SRX5000 Series with SPC3, SRX4000 Series, and vSRX", + "version_affected": "<", + "version_name": "20.1", + "version_value": "20.1R3-S3" + }, + { + "platform": "SRX5000 Series with SPC3, SRX4000 Series, and vSRX", + "version_affected": "<", + "version_name": "20.2", + "version_value": "20.2R3-S4" + }, + { + "platform": "SRX5000 Series with SPC3, SRX4000 Series, and vSRX", + "version_affected": "<", + "version_name": "20.3", + "version_value": "20.3R3-S3" + }, + { + "platform": "SRX5000 Series with SPC3, SRX4000 Series, and vSRX", + "version_affected": "<", + "version_name": "20.4", + "version_value": "20.4R3-S2" + }, + { + "platform": "SRX5000 Series with SPC3, SRX4000 Series, and vSRX", + "version_affected": "<", + "version_name": "21.1", + "version_value": "21.1R3" + }, + { + "platform": "SRX5000 Series with SPC3, SRX4000 Series, and vSRX", + "version_affected": "<", + "version_name": "21.2", + "version_value": "21.2R3" + }, + { + "platform": "SRX5000 Series with SPC3, SRX4000 Series, and vSRX", + "version_affected": "<", + "version_name": "21.3", + "version_value": "21.3R1-S2, 21.3R2" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } + ] + } + }, + "configuration": [ + { + "lang": "eng", + "value": "A device will only be affected by this vulnerability if the following statement is configured:\n\n [security flow power-mode-ipsec]" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Improper Validation of Specified Index, Position, or Offset in Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated network-based attacker to cause a Denial of Service (DoS).\n\nOn SRX5000 Series with SPC3, SRX4000 Series, and vSRX, when PowerMode IPsec is configured and a malformed ESP packet matching an established IPsec tunnel is received the PFE crashes.\nThis issue affects Juniper Networks Junos OS on SRX5000 Series with SPC3, SRX4000 Series, and vSRX:\nAll versions prior to 19.4R2-S6, 19.4R3-S7;\n20.1 versions prior to 20.1R3-S3;\n20.2 versions prior to 20.2R3-S4;\n20.3 versions prior to 20.3R3-S3;\n20.4 versions prior to 20.4R3-S2;\n21.1 versions prior to 21.1R3;\n21.2 versions prior to 21.2R3;\n21.3 versions prior to 21.3R1-S2, 21.3R2." } ] - } + }, + "exploit": [ + { + "lang": "eng", + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." + } + ], + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1285 Improper Validation of Specified Index, Position, or Offset in Input" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service (DoS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA69900", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA69900" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following software releases have been updated to resolve this specific issue: 19.4R2-S6, 19.4R3-S7, 20.1R3-S3, 20.2R3-S4, 20.3R3-S3, 20.4R3-S2, 21.1R3, 21.2R3, 21.3R1-S2, 21.3R2, 21.4R1, and all subsequent releases.\n" + } + ], + "source": { + "advisory": "JSA69900", + "defect": [ + "1629407" + ], + "discovery": "USER" + }, + "work_around": [ + { + "lang": "eng", + "value": "There are no known workarounds for this issue." + } + ] } \ No newline at end of file diff --git a/2022/22xxx/CVE-2022-22208.json b/2022/22xxx/CVE-2022-22208.json index 355147b067b..ed720cef554 100644 --- a/2022/22xxx/CVE-2022-22208.json +++ b/2022/22xxx/CVE-2022-22208.json @@ -1,18 +1,199 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2022-10-12T16:00:00.000Z", "ID": "CVE-2022-22208", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Junos OS and Junos OS Evolved: An rpd crash can occur due to memory corruption caused by flapping BGP sessions" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "18.4R2-S9, 18.4R3-S11" + }, + { + "version_affected": "<", + "version_name": "19.1", + "version_value": "19.1R3-S8" + }, + { + "version_affected": ">=", + "version_name": "19.2", + "version_value": "19.2R1" + }, + { + "version_affected": "<", + "version_name": "19.3", + "version_value": "19.3R3-S5" + }, + { + "version_affected": "<", + "version_name": "19.4", + "version_value": "19.4R2-S6, 19.4R3-S6" + }, + { + "version_affected": ">=", + "version_name": "20.1", + "version_value": "20.1R1" + }, + { + "version_affected": "<", + "version_name": "20.2", + "version_value": "20.2R3-S3" + }, + { + "version_affected": "<", + "version_name": "20.3", + "version_value": "20.3R3-S2" + }, + { + "version_affected": "<", + "version_name": "20.4", + "version_value": "20.4R3-S1" + }, + { + "version_affected": "<", + "version_name": "21.1", + "version_value": "21.1R3-S3" + }, + { + "version_affected": "<", + "version_name": "21.2", + "version_value": "21.2R2-S1, 21.2R3" + } + ] + } + }, + { + "product_name": "Junos OS Evolved", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "20.4R3-S4-EVO" + }, + { + "version_affected": "<", + "version_name": "21.1-EVO", + "version_value": "21.1R3-S2-EVO" + }, + { + "version_affected": "<", + "version_name": "21.2-EVO", + "version_value": "21.2R3-EVO" + }, + { + "version_affected": "<", + "version_name": "21.3-EVO", + "version_value": "21.3R2-EVO" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } + ] + } + }, + "configuration": [ + { + "lang": "eng", + "value": "To be vulnerable to this issue a device needs to be configured with a minimal BGP configuration for a session to be established as shown in the following example:\n\n [protocols bgp group neighbor ] " + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Use After Free vulnerability in the Routing Protocol Daemon (rdp) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to cause Denial of Service (DoS).\n\nWhen a BGP session flap happens, a Use After Free of a memory location that was assigned to another object can occur, which will lead to an rpd crash. This is a race condition that is outside of the attacker's control and cannot be deterministically exploited. Continued flapping of BGP sessions can create a sustained Denial of Service (DoS) condition.\nThis issue affects Juniper Networks Junos OS:\nAll versions prior to 18.4R2-S9, 18.4R3-S11;\n19.1 versions prior to 19.1R3-S8;\n19.2 version 19.2R1 and later versions;\n19.3 versions prior to 19.3R3-S5;\n19.4 versions prior to 19.4R2-S6, 19.4R3-S6;\n20.1 version 20.1R1 and later versions;\n20.2 versions prior to 20.2R3-S3;\n20.3 versions prior to 20.3R3-S2;\n20.4 versions prior to 20.4R3-S1;\n21.1 versions prior to 21.1R3-S3;\n21.2 versions prior to 21.2R2-S1, 21.2R3.\n\nJuniper Networks Junos OS Evolved\nAll versions prior to 20.4R3-S4-EVO;\n21.1-EVO versions prior to 21.1R3-S2-EVO;\n21.2-EVO versions prior to 21.2R3-EVO;\n21.3-EVO versions prior to 21.3R2-EVO." } ] - } + }, + "exploit": [ + { + "lang": "eng", + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." + } + ], + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416 Use After Free" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service (DoS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA69879", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA69879" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following software releases have been updated to resolve this specific issue: \nJunos OS: 18.4R2-S9, 18.4R3-S11, 19.1R3-S8, 19.3R3-S5, 19.4R2-S6, 19.4R3-S6, 20.2R3-S3, 20.3R3-S2, 20.4R3-S1, 21.1R3-S3, 21.2R2-S1, 21.2R3, 21.3R1, and all subsequent releases.\nJunos OS Evolved: 20.4R3-S4-EVO, 21.1R3-S2-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, and all subsequent releases." + } + ], + "source": { + "advisory": "JSA69879", + "defect": [ + "1600812" + ], + "discovery": "USER" + }, + "work_around": [ + { + "lang": "eng", + "value": "There are no viable workarounds for this issue." + } + ] } \ No newline at end of file diff --git a/2022/22xxx/CVE-2022-22211.json b/2022/22xxx/CVE-2022-22211.json index bcf685a0df4..75724ac0fa3 100644 --- a/2022/22xxx/CVE-2022-22211.json +++ b/2022/22xxx/CVE-2022-22211.json @@ -1,18 +1,154 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2022-10-12T16:00:00.000Z", "ID": "CVE-2022-22211", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Junos OS Evolved: PTX Series: Multiple FPCs become unreachable due to continuous polling of specific SNMP OID" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS Evolved", + "version": { + "version_data": [ + { + "platform": "PTX Series", + "version_affected": "<", + "version_value": "20.4R3-S4-EVO" + }, + { + "platform": "PTX Series", + "version_affected": ">=", + "version_name": "21.1-EVO", + "version_value": "21.1R1-EVO" + }, + { + "platform": "PTX Series", + "version_affected": ">=", + "version_name": "21.2-EVO", + "version_value": "21.2R1-EVO" + }, + { + "platform": "PTX Series", + "version_affected": "<", + "version_name": "21.3-EVO", + "version_value": "21.3R3-EVO" + }, + { + "platform": "PTX Series", + "version_affected": "<", + "version_name": "21.4-EVO", + "version_value": "21.4R2-EVO" + }, + { + "platform": "PTX Series", + "version_affected": "<", + "version_name": "22.1-EVO", + "version_value": "22.1R2-EVO" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } + ] + } + }, + "configuration": [ + { + "lang": "eng", + "value": "The following minimal configuration must be present to be potentially vulnerable to this issue:\n [snmp]" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A limitless resource allocation vulnerability in FPC resources of Juniper Networks Junos OS Evolved on PTX Series allows an unprivileged attacker to cause Denial of Service (DoS).\n\nContinuously polling the SNMP jnxCosQstatTable causes the FPC to run out of GUID space, causing a Denial of Service to the FPC resources.\n\nWhen the FPC runs out of the GUID space, you will see the following syslog messages. The evo-aftmand-bt process is asserting. \n\n fpc1 evo-aftmand-bt[17556]: %USER-3: get_next_guid: Ran out of Guid Space start 1748051689472 end 1752346656767\n fpc1 audit[17556]: %AUTH-5: ANOM_ABEND auid=4294967295 uid=0 gid=0 ses=4294967295 pid=17556 comm=\"EvoAftManBt-mai\" exe=\"/usr/sbin/evo-aftmand-bt\" sig=6\n fpc1 kernel: %KERN-5: audit: type=1701 audit(1648567505.119:57): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=17556 comm=\"EvoAftManBt-mai\" exe=\"/usr/sbin/evo-aftmand-bt\" sig=6\n fpc1 emfd-fpa[14438]: %USER-5: Alarm set: APP color=red, class=CHASSIS, reason=Application evo-aftmand-bt fail on node Fpc1\n fpc1 emfd-fpa[14438]: %USER-3-EMF_FPA_ALARM_REP: RaiseAlarm: Alarm(Location: /Chassis[0]/Fpc[1] Module: sysman Object: evo-aftmand-bt:0 Error: 2) reported\n fpc1 sysepochman[12738]: %USER-5-SYSTEM_REBOOT_EVENT: Reboot [node] [ungraceful reboot] [evo-aftmand-bt exited]\n\nThe FPC resources can be monitored using the following commands:\n\n user@router> start shell\n [vrf:none] user@router-re0:~$ cli -c \"show platform application-info allocations app evo-aftmand-bt\" | grep ^fpc | grep -v Route | grep -i -v Nexthop | awk '{total[$1] += $5} END { for (key in total) { \n print key \" \" total[key]/4294967296 }}'\n\nOnce the FPCs become unreachable they must be manually restarted as they do not self-recover.\nThis issue affects Juniper Networks Junos OS Evolved on PTX Series:\nAll versions prior to 20.4R3-S4-EVO;\n21.1-EVO version 21.1R1-EVO and later versions;\n21.2-EVO version 21.2R1-EVO and later versions;\n21.3-EVO versions prior to 21.3R3-EVO;\n21.4-EVO versions prior to 21.4R2-EVO;\n22.1-EVO versions prior to 22.1R2-EVO." } ] - } + }, + "exploit": [ + { + "lang": "eng", + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." + } + ], + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service (DoS)" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-770 Allocation of Resources Without Limits or Throttling" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA69916", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA69916" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following software releases have been updated to resolve this specific issue:\nJunos OS Evolved: 20.4R3-S4-EVO, 21.3R3-EVO, 21.4R2-EVO, 22.1R2-EVO, 22.2R1-EVO, and all subsequent releases." + } + ], + "source": { + "advisory": "JSA69916", + "defect": [ + "1657659" + ], + "discovery": "USER" + }, + "work_around": [ + { + "lang": "eng", + "value": "To apply a workaround exclude the MIB from being polled with the following configuration snippet:\n\n [snmp view cos oid 1.3.6.1.4.1.2636.3.15.4 exclude]\n [snmp community public view cos]\n\nAdditionally, disable SNMP (disabled by default), utilize edge filtering with source-address validation (uRPF, etc.), access control lists (ACLs), and/or SNMPv3 authentication to limit access to the device only from trusted hosts.\n\nIn addition to the workaround recommendations listed above, it is good security practice to limit the exploitable attack surface of critical infrastructure networking equipment. Use access lists or firewall filters to limit access to the device to only trusted networks, administrators and hosts.\n\n\n" + } + ] } \ No newline at end of file diff --git a/2022/22xxx/CVE-2022-22218.json b/2022/22xxx/CVE-2022-22218.json index a0b170cdc48..cb33ed9f8c6 100644 --- a/2022/22xxx/CVE-2022-22218.json +++ b/2022/22xxx/CVE-2022-22218.json @@ -1,18 +1,184 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2022-10-12T16:00:00.000Z", "ID": "CVE-2022-22218", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Junos OS: SRX Series: Upon processing of a genuine packet the pkid process will crash during CMPv2 auto-re-enrollment" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "platform": "SRX Series", + "version_affected": "<", + "version_value": "19.1R3-S9" + }, + { + "platform": "SRX Series", + "version_affected": "<", + "version_name": "19.2", + "version_value": "19.2R3-S6" + }, + { + "platform": "SRX Series", + "version_affected": "<", + "version_name": "19.3", + "version_value": "19.3R3-S7" + }, + { + "platform": "SRX Series", + "version_affected": "<", + "version_name": "19.4", + "version_value": "19.4R3-S9" + }, + { + "platform": "SRX Series", + "version_affected": "<", + "version_name": "20.2", + "version_value": "20.2R3-S5" + }, + { + "platform": "SRX Series", + "version_affected": "<", + "version_name": "20.3", + "version_value": "20.3R3-S4" + }, + { + "platform": "SRX Series", + "version_affected": "<", + "version_name": "20.4", + "version_value": "20.4R3-S4" + }, + { + "platform": "SRX Series", + "version_affected": "<", + "version_name": "21.1", + "version_value": "21.1R3-S1" + }, + { + "platform": "SRX Series", + "version_affected": "<", + "version_name": "21.2", + "version_value": "21.2R3" + }, + { + "platform": "SRX Series", + "version_affected": "<", + "version_name": "21.3", + "version_value": "21.3R2" + }, + { + "platform": "SRX Series", + "version_affected": "<", + "version_name": "21.4", + "version_value": "21.4R2" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } + ] + } + }, + "configuration": [ + { + "lang": "eng", + "value": "The following minimal configuration must be present to be potentially vulnerable to this issue:\n [security pki auto-re-enrollment cmpv2]" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On SRX Series devices, an Improper Check for Unusual or Exceptional Conditions when using Certificate Management Protocol Version 2 (CMPv2) auto re-enrollment, allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS) by crashing the pkid process.\n\nThe pkid process cannot handle an unexpected response from the Certificate Authority (CA) server, leading to crash.\n\nA restart is required to restore services.\nThis issue affects:\nJuniper Networks Junos OS on SRX Series:\nAll versions prior to 19.1R3-S9;\n19.2 versions prior to 19.2R3-S6;\n19.3 versions prior to 19.3R3-S7;\n19.4 versions prior to 19.4R3-S9;\n20.2 versions prior to 20.2R3-S5;\n20.3 versions prior to 20.3R3-S4;\n20.4 versions prior to 20.4R3-S4;\n21.1 versions prior to 21.1R3-S1;\n21.2 versions prior to 21.2R3;\n21.3 versions prior to 21.3R2;\n21.4 versions prior to 21.4R2." } ] - } + }, + "exploit": [ + { + "lang": "eng", + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." + } + ], + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service (DoS)" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-754 Improper Check for Unusual or Exceptional Conditions" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA69901", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA69901" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 19.1R3-S9, 19.2R3-S6, 19.3R3-S7, 19.4R2-S7, 19.4R3-S9, 20.2R3-S5, 20.3R3-S4, 20.4R3-S4, 21.1R3-S1, 21.2R3, 21.3R2, 21.4R1-S2, 21.4R2, 22.1R1, and all subsequent releases." + } + ], + "source": { + "advisory": "JSA69901", + "defect": [ + "1642410" + ], + "discovery": "USER" + }, + "work_around": [ + { + "lang": "eng", + "value": "There are no known workarounds for this issue." + } + ] } \ No newline at end of file diff --git a/2022/22xxx/CVE-2022-22219.json b/2022/22xxx/CVE-2022-22219.json index e95c2b11857..fa3993a0b16 100644 --- a/2022/22xxx/CVE-2022-22219.json +++ b/2022/22xxx/CVE-2022-22219.json @@ -1,18 +1,173 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2022-10-12T16:00:00.000Z", "ID": "CVE-2022-22219", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Junos OS and Junos OS Evolved: RPD core upon receipt of a specific EVPN route by a BGP route reflector in an EVPN environment" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "21.3", + "version_value": "21.3R3-S2" + }, + { + "version_affected": "<", + "version_name": "21.4", + "version_value": "21.4R2-S2, 21.4R3" + }, + { + "version_affected": "<", + "version_name": "22.1", + "version_value": "22.1R1-S2, 22.1R3" + }, + { + "version_affected": "<", + "version_name": "22.2", + "version_value": "22.2R2" + }, + { + "version_affected": "!<=", + "version_value": "21.3R1" + } + ] + } + }, + { + "product_name": "Junos OS Evolved", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_name": "21.3", + "version_value": "21.3R1-EVO" + }, + { + "version_affected": "<", + "version_name": "21.4", + "version_value": "21.4R3-EVO" + }, + { + "version_affected": "<", + "version_name": "22.1", + "version_value": "22.1R1-S2-EVO, 22.1R3-EVO" + }, + { + "version_affected": "<", + "version_name": "22.2", + "version_value": "22.2R2-EVO" + }, + { + "version_affected": "!<", + "version_value": "21.3R1-EVO" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } + ] + } + }, + "configuration": [ + { + "lang": "eng", + "value": "This issue can occur when the following configuration is enabled on the route reflector clients:\n\n [protocols evpn leave-sync-route-oldstyle]\n\nand when EVPN is configured on the route reflector: \n\n [protocols evpn]" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to the Improper Handling of an Unexpected Data Type in the processing of EVPN routes on Juniper Networks Junos OS and Junos OS Evolved, an attacker in direct control of a BGP client connected to a route reflector, or via a machine in the middle (MITM) attack, can send a specific EVPN route contained within a BGP Update, triggering a routing protocol daemon (RPD) crash, leading to a Denial of Service (DoS) condition. Continued receipt and processing of these specific EVPN routes could create a sustained Denial of Service (DoS) condition.\n\nThis issue only occurs on BGP route reflectors, only within a BGP EVPN multicast environment, and only when one or more BGP clients have 'leave-sync-route-oldstyle' enabled.\n\nThis issue affects:\nJuniper Networks Junos OS\n21.3 versions prior to 21.3R3-S2;\n21.4 versions prior to 21.4R2-S2, 21.4R3;\n22.1 versions prior to 22.1R1-S2, 22.1R3;\n22.2 versions prior to 22.2R2.\n\nJuniper Networks Junos OS Evolved\n21.3 version 21.3R1-EVO and later versions prior to 21.4R3-EVO;\n22.1 versions prior to 22.1R1-S2-EVO, 22.1R3-EVO;\n22.2 versions prior to 22.2R2-EVO.\n\nThis issue does not affect:\nJuniper Networks Junos OS versions prior to 21.3R1.\nJuniper Networks Junos OS Evolved versions prior to 21.3R1-EVO.\n" } ] - } + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-241 Improper Handling of Unexpected Data Type" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service (DoS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA69898", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA69898" + }, + { + "name": "https://www.juniper.net/documentation/us/en/software/junos/evpn-vxlan/topics/ref/statement/evpn-edit-routing-instances-protocols.html", + "refsource": "MISC", + "url": "https://www.juniper.net/documentation/us/en/software/junos/evpn-vxlan/topics/ref/statement/evpn-edit-routing-instances-protocols.html" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following software releases have been updated to resolve this specific issue:\nJunos OS 21.3R3-S2, 21.4R2-S2, 21.4R3, 22.1R1-S2, 22.1R3, 22.2R2, 22.3R1, and all subsequent releases.\nJunos OS Evolved 21.4R3-EVO, 22.1R1-S2-EVO, 22.1R3-EVO, 22.2R2-EVO, 22.3R1-EVO, and all subsequent releases.\n" + } + ], + "source": { + "advisory": "JSA69898", + "defect": [ + "1675054" + ], + "discovery": "USER" + }, + "work_around": [ + { + "lang": "eng", + "value": "Enabling 'leave-sync-route-oldstyle' on the BGP route reflector will mitigate the RPD crash, but BGP sessions may still be torn down if one or more clients have 'leave-sync-route-oldstyle' enabled.\n\n\n" + } + ] } \ No newline at end of file diff --git a/2022/22xxx/CVE-2022-22220.json b/2022/22xxx/CVE-2022-22220.json index 77a4e83383c..66473573a57 100644 --- a/2022/22xxx/CVE-2022-22220.json +++ b/2022/22xxx/CVE-2022-22220.json @@ -1,18 +1,179 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2022-10-12T16:00:00.000Z", "ID": "CVE-2022-22220", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Junos OS and Junos OS Evolved: Due to a race condition the rpd process can crash upon receipt of a BGP update message containing flow spec route" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "18.4", + "version_value": "18.4R2-S10, 18.4R3-S10" + }, + { + "version_affected": "<", + "version_name": "19.1", + "version_value": "19.1R3-S7" + }, + { + "version_affected": "<", + "version_name": "19.2", + "version_value": "19.2R1-S8, 19.2R3-S4" + }, + { + "version_affected": "<", + "version_name": "19.4", + "version_value": "19.4R3-S8" + }, + { + "version_affected": "<", + "version_name": "20.2", + "version_value": "20.2R3-S3" + }, + { + "version_affected": "<", + "version_name": "20.3", + "version_value": "20.3R3-S2" + }, + { + "version_affected": "<", + "version_name": "20.4", + "version_value": "20.4R3" + }, + { + "version_affected": "<", + "version_name": "21.1", + "version_value": "21.1R2" + }, + { + "version_affected": "!<", + "version_value": "18.4R1" + } + ] + } + }, + { + "product_name": "Junos OS Evolved", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "20.4R2-EVO" + }, + { + "version_affected": "<", + "version_name": "21.1-EVO", + "version_value": "21.1R2-EVO" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } + ] + } + }, + "configuration": [ + { + "lang": "eng", + "value": "To be vulnerable to this issue a device needs to be configured with a minimal BGP flow spec configuration like in the following example:\n\n [protocols bgp group family flow]" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS, Junos OS Evolved allows a network-based unauthenticated attacker to cause a Denial of Service (DoS).\n\nWhen a BGP flow route with redirect IP extended community is received, and the reachability to the next-hop of the corresponding redirect IP is flapping, the rpd process might crash. Whether the crash occurs depends on the timing of the internally processing of these two events and is outside the attackers control. Please note that this issue also affects Route-Reflectors unless 'routing-options flow firewall-install-disable' is configured.\nThis issue affects:\nJuniper Networks Junos OS:\n18.4 versions prior to 18.4R2-S10, 18.4R3-S10;\n19.1 versions prior to 19.1R3-S7;\n19.2 versions prior to 19.2R1-S8, 19.2R3-S4;\n19.4 versions prior to 19.4R3-S8;\n20.2 versions prior to 20.2R3-S3;\n20.3 versions prior to 20.3R3-S2;\n20.4 versions prior to 20.4R3;\n21.1 versions prior to 21.1R2.\n\nJuniper Networks Junos OS Evolved:\nAll versions prior to 20.4R2-EVO;\n21.1-EVO versions prior to 21.1R2-EVO.\n\nThis issue does not affect Juniper Networks Junos OS versions prior to 18.4R1." } ] - } + }, + "exploit": [ + { + "lang": "eng", + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." + } + ], + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service (DoS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA69902", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA69902" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following software releases have been updated to resolve this specific issue: \nJunos OS: 18.4R2-S10, 18.4R3-S10, 19.1R3-S7, 19.2R1-S8, 19.2R3-S4, 19.4R3-S8, 20.2R3-S3, 20.3R3-S2, 20.4R3, 21.1R2, 21.2R1, and all subsequent releases.\nJunos OS Evolved: 20.4R2-EVO, 21.1R2-EVO, 21.2R1-EVO, and all subsequent releases." + } + ], + "source": { + "advisory": "JSA69902", + "defect": [ + "1583490" + ], + "discovery": "USER" + }, + "work_around": [ + { + "lang": "eng", + "value": "There are no viable workarounds for this issue." + } + ] } \ No newline at end of file diff --git a/2022/22xxx/CVE-2022-22223.json b/2022/22xxx/CVE-2022-22223.json index 6eb48808f06..8ad1874f925 100644 --- a/2022/22xxx/CVE-2022-22223.json +++ b/2022/22xxx/CVE-2022-22223.json @@ -1,18 +1,196 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2022-10-12T16:00:00.000Z", "ID": "CVE-2022-22223", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Junos OS: QFX10000 Series: In IP/MPLS PHP node scenarios upon receipt of certain crafted packets multiple interfaces in LAG configurations may detach." }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "platform": "QFX10000 Series", + "version_affected": "<", + "version_value": "15.1R7-S11" + }, + { + "platform": "QFX10000 Series", + "version_affected": "<", + "version_name": "18.4", + "version_value": "18.4R2-S10, 18.4R3-S10" + }, + { + "platform": "QFX10000 Series", + "version_affected": "<", + "version_name": "19.1", + "version_value": "19.1R3-S8" + }, + { + "platform": "QFX10000 Series", + "version_affected": "<", + "version_name": "19.2", + "version_value": "19.2R3-S4" + }, + { + "platform": "QFX10000 Series", + "version_affected": "<", + "version_name": "19.3", + "version_value": "19.3R3-S5" + }, + { + "platform": "QFX10000 Series", + "version_affected": "<", + "version_name": "19.4", + "version_value": "19.4R2-S6, 19.4R3-S7" + }, + { + "platform": "QFX10000 Series", + "version_affected": "<", + "version_name": "20.1", + "version_value": "20.1R3-S3" + }, + { + "platform": "QFX10000 Series", + "version_affected": "<", + "version_name": "20.2", + "version_value": "20.2R3-S3" + }, + { + "platform": "QFX10000 Series", + "version_affected": "<", + "version_name": "20.3", + "version_value": "20.3R3-S2" + }, + { + "platform": "QFX10000 Series", + "version_affected": "<", + "version_name": "20.4", + "version_value": "20.4R3-S4" + }, + { + "platform": "QFX10000 Series", + "version_affected": "<", + "version_name": "21.1", + "version_value": "21.1R3" + }, + { + "platform": "QFX10000 Series", + "version_affected": "<", + "version_name": "21.2", + "version_value": "21.2R3-S3" + }, + { + "platform": "QFX10000 Series", + "version_affected": "<", + "version_name": "21.3", + "version_value": "21.3R3-S1" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } + ] + } + }, + "configuration": [ + { + "lang": "eng", + "value": "The following minimal configuration is required to be potentially impacted by this issue: \n [interfaces unit family inet address
]\n [interfaces unit family mpls]\n [protocols rsvp interface ]\n [protocols mpls interface ]\n [protocols ospf area interface ]" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On QFX10000 Series devices using Juniper Networks Junos OS when configured as transit IP/MPLS penultimate hop popping (PHP) nodes with link aggregation group (LAG) interfaces, an Improper Validation of Specified Index, Position, or Offset in Input weakness allows an attacker sending certain IP packets to cause multiple interfaces in the LAG to detach causing a Denial of Service (DoS) condition. \n\nContinued receipt and processing of these packets will sustain the Denial of Service.\n\nThis issue affects IPv4 and IPv6 packets. Packets of either type can cause and sustain the DoS event.\n\nThese packets can be destined to the device or be transit packets.\n\nOn devices such as the QFX10008 with line cards, line cards can be restarted to restore service. On devices such as the QFX10002 you can restart the PFE service, or reboot device to restore service.\nThis issue affects:\nJuniper Networks Junos OS on QFX10000 Series:\nAll versions prior to 15.1R7-S11;\n18.4 versions prior to 18.4R2-S10, 18.4R3-S10;\n19.1 versions prior to 19.1R3-S8;\n19.2 versions prior to 19.2R3-S4;\n19.3 versions prior to 19.3R3-S5;\n19.4 versions prior to 19.4R2-S6, 19.4R3-S7;\n20.1 versions prior to 20.1R3-S3;\n20.2 versions prior to 20.2R3-S3;\n20.3 versions prior to 20.3R3-S2;\n20.4 versions prior to 20.4R3-S4;\n21.1 versions prior to 21.1R3;\n21.2 versions prior to 21.2R3-S3;\n21.3 versions prior to 21.3R3-S1.\nAn indicator of compromise may be seen by issuing the command: \n request pfe execute target fpc0 command \"show jspec pechip[3] registers ps l2_node 10\" timeout 0 | refresh 1 | no-more\n\nand reviewing for backpressured output; for example: \n\n GOT: 0x220702a8 pe.ps.l2_node[10].pkt_cnt 00000076 \n GOT: 0x220702b4 pe.ps.l2_node[10].backpressured 00000002 <<<< STICKS HERE\n\nand requesting detail on the pepic wanio: \n\nrequest pfe execute target fpc0 command \"show pepic 0 wanio-info\" timeout 0 | no-more | match xe-0/0/0:2\nGOT: 3 xe-0/0/0:2 10 6 3 0 1 10 189 10 0x6321b088 <<< LOOK HERE\n\nas well as looking for tail drops looking at the interface queue, for example:\n\n show interfaces queue xe-0/0/0:2\n\nresulting in: \n Transmitted:\n Total-dropped packets: 1094137 0 pps << LOOK HERE\n" } ] - } + }, + "exploit": [ + { + "lang": "eng", + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." + } + ], + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1285: Improper Validation of Specified Index, Position, or Offset in Input" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service (DoS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA69873", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA69873" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following software releases have been updated to resolve this specific issue: 15.1R7-S11, 18.4R2-S10, 18.4R3-S10, 19.1R3-S8, 19.2R3-S4, 19.3R3-S5, 19.4R2-S6, 19.4R3-S7, 20.1R3-S3, 20.2R3-S3, 20.3R3-S2, 20.4R3-S4, 21.1R3, 21.2R3-S3, 21.3R3-S1 21.4R1, and all subsequent releases.\n\n\n" + } + ], + "source": { + "advisory": "JSA69873", + "defect": [ + "1618019" + ], + "discovery": "USER" + }, + "work_around": [ + { + "lang": "eng", + "value": "Customers can apply the following PFE VTY commands as a workaround until a fixed release can be taken:\n\n bringup jspec write pechip[0] register egp main init_params 36 00000068\n bringup jspec write pechip[1] register egp main init_params 36 00000068\n bringup jspec write pechip[2] register egp main init_params 36 00000068\n bringup jspec write pechip[3] register egp main init_params 36 00000068\n bringup jspec write pechip[4] register egp main init_params 36 00000068\n bringup jspec write pechip[5] register egp main init_params 36 00000068\n\nThis workaround must be reapplied upon any reboot." + } + ] } \ No newline at end of file diff --git a/2022/22xxx/CVE-2022-22224.json b/2022/22xxx/CVE-2022-22224.json index 49d2cfc5d0d..c7ddaef7ab8 100644 --- a/2022/22xxx/CVE-2022-22224.json +++ b/2022/22xxx/CVE-2022-22224.json @@ -1,18 +1,179 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2022-10-12T16:00:00.000Z", "ID": "CVE-2022-22224", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Junos OS and Junos OS Evolved: PPMD goes into infinite loop upon receipt of malformed OSPF TLV" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "19.1R3-S9" + }, + { + "version_affected": "<", + "version_name": "19.2", + "version_value": "19.2R3-S5" + }, + { + "version_affected": "<", + "version_name": "19.3", + "version_value": "19.3R3-S3" + }, + { + "version_affected": "<", + "version_name": "19.4", + "version_value": "19.4R3-S9" + }, + { + "version_affected": "<", + "version_name": "20.1", + "version_value": "20.1R3" + }, + { + "version_affected": "<", + "version_name": "20.2", + "version_value": "20.2R3-S1" + }, + { + "version_affected": "<", + "version_name": "20.3", + "version_value": "20.3R3" + }, + { + "version_affected": "<", + "version_name": "20.4", + "version_value": "20.4R3" + }, + { + "version_affected": "<", + "version_name": "21.1", + "version_value": "21.1R2" + } + ] + } + }, + { + "product_name": "Junos OS Evolved", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "20.4R3-S3-EVO" + }, + { + "version_affected": "<", + "version_name": "21.1", + "version_value": "21.1R2-EVO" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } + ] + } + }, + "configuration": [ + { + "lang": "eng", + "value": "Exploitation of this issue requires OSPF to be enabled. A sample OSPF configuration is shown below.\n\n [protocols ospf area interface ]\n" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Improper Check or Handling of Exceptional Conditions vulnerability in the processing of a malformed OSPF TLV in Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause the periodic packet management daemon (PPMD) process to go into an infinite loop, which in turn can cause protocols and functions reliant on PPMD such as OSPF neighbor reachability to be impacted, resulting in a sustained Denial of Service (DoS) condition. The DoS condition persists until the PPMD process is manually restarted.\nThis issue affects:\nJuniper Networks Junos OS:\nAll versions prior to 19.1R3-S9;\n19.2 versions prior to 19.2R3-S5;\n19.3 versions prior to 19.3R3-S3;\n19.4 versions prior to 19.4R3-S9;\n20.1 versions prior to 20.1R3;\n20.2 versions prior to 20.2R3-S1;\n20.3 versions prior to 20.3R3;\n20.4 versions prior to 20.4R3;\n21.1 versions prior to 21.1R2.\n\nJuniper Networks Junos OS Evolved:\nAll versions prior to 20.4R3-S3-EVO;\n21.1 versions prior to 21.1R2-EVO." } ] - } + }, + "exploit": [ + { + "lang": "eng", + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." + } + ], + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-703 Improper Check or Handling of Exceptional Conditions" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service (DoS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA69874", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA69874" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following software releases have been updated to resolve this specific issue: \nJunos OS: 19.1R3-S9, 19.2R3-S5, 19.3R3-S3, 19.4R3-S9, 20.1R3, 20.2R3-S1, 20.3R3, 20.4R3, 21.1R2, 21.2R1, and all subsequent releases.\nJunos OS Evolved: 20.4R3-S3-EVO, 21.1R2-EVO, 21.2R1-EVO, and all subsequent releases." + } + ], + "source": { + "advisory": "JSA69874", + "defect": [ + "1582147" + ], + "discovery": "USER" + }, + "work_around": [ + { + "lang": "eng", + "value": "There are no viable workarounds for this issue. However, service can be restored by restarting the PPMD process from the Junos shell:\n\nFirst, identify the PID for the daemon.\n\n root@Junos:~ # ps -aux | grep \"[p]pm\"\n root 73848 0.0 0.0 740624 14072 - S 29Apr22 20:53.61 /usr/sbin/ppmd -N\n\nSecond, kill the process.\n\n root@Junos:~ # kill -9 73848\n" + } + ] } \ No newline at end of file diff --git a/2022/22xxx/CVE-2022-22225.json b/2022/22xxx/CVE-2022-22225.json index 07d835e7c9a..42170936a79 100644 --- a/2022/22xxx/CVE-2022-22225.json +++ b/2022/22xxx/CVE-2022-22225.json @@ -1,18 +1,204 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2022-10-12T16:00:00.000Z", "ID": "CVE-2022-22225", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Junos OS and Junos OS Evolved: In a BGP multipath scenario, when one of the contributing routes is flapping often and rapidly, rpd may crash" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "version_affected": "!<", + "version_name": "19.2", + "version_value": "19.2R2" + }, + { + "version_affected": "<", + "version_name": "19.2", + "version_value": "19.2R3-S6" + }, + { + "version_affected": "!>", + "version_name": "19.3", + "version_value": "19.3R1" + }, + { + "version_affected": "!>", + "version_name": "19.4", + "version_value": "19.4R1" + }, + { + "version_affected": "!>", + "version_name": "20.1", + "version_value": "20.1R1" + }, + { + "version_affected": "<", + "version_name": "20.2", + "version_value": "20.2R3-S4" + }, + { + "version_affected": "<", + "version_name": "20.3", + "version_value": "20.3R3-S3" + }, + { + "version_affected": "<", + "version_name": "20.4", + "version_value": "20.4R3-S4" + }, + { + "version_affected": "<", + "version_name": "21.1", + "version_value": "21.1R3" + }, + { + "version_affected": "<", + "version_name": "21.2", + "version_value": "21.2R2" + }, + { + "version_affected": "<", + "version_name": "21.3", + "version_value": "21.3R2" + } + ] + } + }, + { + "product_name": "Junos OS Evolved", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "20.4R3-S4-EVO" + }, + { + "version_affected": ">=", + "version_name": "21.1-EVO", + "version_value": "21.1R1-EVO" + }, + { + "version_affected": "<", + "version_name": "21.2-EVO", + "version_value": "21.2R2-EVO" + }, + { + "version_affected": "<", + "version_name": "21.3-EVO", + "version_value": "21.3R2-EVO" + }, + { + "version_affected": "!<", + "version_value": "20.2R1-EVO" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } + ] + } + }, + "configuration": [ + { + "lang": "eng", + "value": "A device can only be affected if the following BGP multipath configuration is in place:\n\n [protocols bgp ... multipath]" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated attacker with an established BGP session to cause a Denial of Service (DoS).\n\nIn a BGP multipath scenario, when one of the contributing routes is flapping often and rapidly, rpd may crash. As this crash depends on whether a route is a contributing route, and on the internal timing of the events triggered by the flap this vulnerability is outside the direct control of a potential attacker.\nThis issue affects:\nJuniper Networks Junos OS\n19.2 versions prior to 19.2R3-S6;\n20.2 versions prior to 20.2R3-S4;\n20.3 versions prior to 20.3R3-S3;\n20.4 versions prior to 20.4R3-S4;\n21.1 versions prior to 21.1R3;\n21.2 versions prior to 21.2R2;\n21.3 versions prior to 21.3R2.\n\nJuniper Networks Junos OS Evolved\nAll versions prior to 20.4R3-S4-EVO;\n21.1-EVO version 21.1R1-EVO and later versions;\n21.2-EVO versions prior to 21.2R2-EVO;\n21.3-EVO versions prior to 21.3R2-EVO.\n\nThis issue does not affect:\nJuniper Networks Junos OS versions 19.2 versions prior to 19.2R2, 19.3R1 and above prior to 20.2R1.\nJuniper Networks Junos OS Evolved versions prior to 20.2R1-EVO." } ] - } + }, + "exploit": [ + { + "lang": "eng", + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." + } + ], + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service (DoS)" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA69875", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA69875" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following software releases have been updated to resolve this specific issue: \nJunos OS: 19.2R3-S6, 20.2R3-S4, 20.3R3-S3, 20.4R3-S4, 21.1R2, 21.2R2, 21.3R2, 21.4R1, and all subsequent releases.\nJunos OS Evolved: 20.4R3-S4-EVO, 21.2R2-EVO, 21.3R2-EVO, 21.4R1-EVO, and all subsequent releases.\n" + } + ], + "source": { + "advisory": "JSA69875", + "defect": [ + "1611128" + ], + "discovery": "INTERNAL" + }, + "work_around": [ + { + "lang": "eng", + "value": "There are no viable workarounds for this issue.\n" + } + ] } \ No newline at end of file diff --git a/2022/22xxx/CVE-2022-22226.json b/2022/22xxx/CVE-2022-22226.json index 0f85b1fbdd3..daa3c8950cb 100644 --- a/2022/22xxx/CVE-2022-22226.json +++ b/2022/22xxx/CVE-2022-22226.json @@ -1,18 +1,210 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2022-10-12T16:00:00.000Z", "ID": "CVE-2022-22226", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Junos OS: EX4300-MP, EX4600, QFX5000 Series: In VxLAN scenarios specific packets processed cause a memory leak leading to a PFE crash" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "platform": "EX4300-MP, EX4600, QFX5000 Series", + "version_affected": ">=", + "version_name": "17.1", + "version_value": "17.1R1" + }, + { + "platform": "EX4300-MP, EX4600, QFX5000 Series", + "version_affected": ">", + "version_name": "17.2", + "version_value": "17.2R1" + }, + { + "platform": "EX4300-MP, EX4600, QFX5000 Series", + "version_affected": "<", + "version_name": "17.3", + "version_value": "17.3R3-S12" + }, + { + "platform": "EX4300-MP, EX4600, QFX5000 Series", + "version_affected": "<", + "version_name": "17.4", + "version_value": "17.4R2-S13, 17.4R3-S5" + }, + { + "platform": "EX4300-MP, EX4600, QFX5000 Series", + "version_affected": "<", + "version_name": "18.1", + "version_value": "18.1R3-S13" + }, + { + "platform": "EX4300-MP, EX4600, QFX5000 Series", + "version_affected": "<", + "version_name": "18.2", + "version_value": "18.2R3-S8" + }, + { + "platform": "EX4300-MP, EX4600, QFX5000 Series", + "version_affected": "<", + "version_name": "18.3", + "version_value": "18.3R3-S5" + }, + { + "platform": "EX4300-MP, EX4600, QFX5000 Series", + "version_affected": "<", + "version_name": "18.4", + "version_value": "18.4R1-S8, 18.4R2-S6, 18.4R3-S6" + }, + { + "platform": "EX4300-MP, EX4600, QFX5000 Series", + "version_affected": "<", + "version_name": "19.1", + "version_value": "19.1R3-S4" + }, + { + "platform": "EX4300-MP, EX4600, QFX5000 Series", + "version_affected": "<", + "version_name": "19.2", + "version_value": "19.2R1-S7, 19.2R3-S1" + }, + { + "platform": "EX4300-MP, EX4600, QFX5000 Series", + "version_affected": "<", + "version_name": "19.3", + "version_value": "19.3R2-S6, 19.3R3-S1" + }, + { + "platform": "EX4300-MP, EX4600, QFX5000 Series", + "version_affected": "<", + "version_name": "19.4", + "version_value": "19.4R1-S4, 19.4R2-S4, 19.4R3-S1" + }, + { + "platform": "EX4300-MP, EX4600, QFX5000 Series", + "version_affected": "<", + "version_name": "20.1", + "version_value": "20.1R2" + }, + { + "platform": "EX4300-MP, EX4600, QFX5000 Series", + "version_affected": "<", + "version_name": "20.2", + "version_value": "20.2R2-S3, 20.2R3" + }, + { + "platform": "EX4300-MP, EX4600, QFX5000 Series", + "version_affected": "<", + "version_name": "20.3", + "version_value": "20.3R2" + }, + { + "platform": "EX4300-MP, EX4600, QFX5000 Series", + "version_affected": "!<", + "version_value": "17.1R1" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } + ] + } + }, + "configuration": [ + { + "lang": "eng", + "value": "VxLANs must be in use. Refer to VXLAN documentation about VXLAN configurations.\n\n [vlans vlan-name vxlan …]\n\nor\n\n [bridge-domains bridge-domain-name vxlan…]\n " + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In VxLAN scenarios on EX4300-MP, EX4600, QFX5000 Series devices an Uncontrolled Memory Allocation vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated adjacently located attacker sending specific packets to cause a Denial of Service (DoS) condition by crashing one or more PFE's when they are received and processed by the device. \n\nUpon automatic restart of the PFE, continued processing of these packets will cause the memory leak to reappear. Depending on the volume of packets received the attacker may be able to create a sustained Denial of Service (DoS) condition.\n\nThis issue affects:\nJuniper Networks Junos OS on EX4300-MP, EX4600, QFX5000 Series:\n17.1 version 17.1R1 and later versions prior to 17.3R3-S12;\n17.4 versions prior to 17.4R2-S13, 17.4R3-S5;\n18.1 versions prior to 18.1R3-S13;\n18.2 versions prior to 18.2R3-S8;\n18.3 versions prior to 18.3R3-S5;\n18.4 versions prior to 18.4R1-S8, 18.4R2-S6, 18.4R3-S6;\n19.1 versions prior to 19.1R3-S4;\n19.2 versions prior to 19.2R1-S7, 19.2R3-S1;\n19.3 versions prior to 19.3R2-S6, 19.3R3-S1;\n19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S1;\n20.1 versions prior to 20.1R2;\n20.2 versions prior to 20.2R2-S3, 20.2R3;\n20.3 versions prior to 20.3R2.\n\nThis issue does not affect Junos OS versions prior to 17.1R1." } ] - } + }, + "exploit": [ + { + "lang": "eng", + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." + } + ], + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-789 Uncontrolled Memory Allocation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA69876", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA69876" + }, + { + "refsource": "MISC", + "url": "https://www.juniper.net/documentation/us/en/software/junos/ovsdb-vxlan/evpn-vxlan/topics/ref/statement/vxlan.html#id-vxlan__d281e31" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following software releases have been updated to resolve this specific issue: 17.3R3-S12, 17.4R2-S13, 17.4R3-S5, 18.1R3-S13, 18.2R3-S8, 18.3R3-S5, 18.4R1-S8, 18.4R2-S6, 18.4R3-S6, 19.1R3-S4, 19.2R1-S7, 19.2R3-S1, 19.3R2-S6, 19.3R3-S1, 19.4R1-S4, 19.4R2-S4, 19.4R3-S1, 20.1R2, 20.2R2-S3, 20.2R3, 20.3R2, 20.4R1, and all subsequent releases.\n" + } + ], + "source": { + "advisory": "JSA69876", + "defect": [ + "1535518" + ], + "discovery": "USER" + }, + "work_around": [ + { + "lang": "eng", + "value": "There are no viable workarounds for this issue." + } + ] } \ No newline at end of file diff --git a/2022/22xxx/CVE-2022-22227.json b/2022/22xxx/CVE-2022-22227.json index 27004b67e25..9df40e5fc69 100644 --- a/2022/22xxx/CVE-2022-22227.json +++ b/2022/22xxx/CVE-2022-22227.json @@ -1,18 +1,148 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2022-10-12T16:00:00.000Z", "ID": "CVE-2022-22227", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Junos OS Evolved: ACX7000 Series: Specific IPv6 transit traffic gets exceptioned to the routing-engine which causes increased CPU utilization" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS Evolved", + "version": { + "version_data": [ + { + "platform": "ACX7100-48L, ACX7100-32C, ACX7509", + "version_affected": "<", + "version_name": "21.1-EVO", + "version_value": "21.1R3-S2-EVO" + }, + { + "platform": "ACX7100-48L, ACX7100-32C, ACX7509", + "version_affected": "<", + "version_name": "21.2-EVO", + "version_value": "21.2R3-S2-EVO" + }, + { + "platform": "ACX7100-48L, ACX7100-32C, ACX7509", + "version_affected": "<", + "version_name": "21.3-EVO", + "version_value": "21.3R3-EVO" + }, + { + "platform": "ACX7100-48L, ACX7100-32C, ACX7509", + "version_affected": "<", + "version_name": "21.4-EVO", + "version_value": "21.4R1-S1-EVO, 21.4R2-EVO" + }, + { + "platform": "ACX7100-48L, ACX7100-32C, ACX7509", + "version_affected": "!<", + "version_value": "21.1R1-EVO" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } + ] + } + }, + "configuration": [ + { + "lang": "eng", + "value": "To be exposed to this vulnerability a device needs to be configured with a minimal IPv6 configuration like in the following example:\n\n [ interfaces unit family inet6 ]" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX7000 Series allows an unauthenticated network-based attacker to cause a partial Denial of Service (DoS).\n\nOn receipt of specific IPv6 transit traffic, Junos OS Evolved on ACX7100-48L, ACX7100-32C and ACX7509 sends this traffic to the Routing Engine (RE) instead of forwarding it, leading to increased CPU utilization of the RE and a partial DoS.\n\nThis issue only affects systems configured with IPv6.\n\nThis issue does not affect ACX7024 which is supported from 22.3R1-EVO onwards where the fix has already been incorporated as indicated in the solution section.\nThis issue affects Juniper Networks Junos OS Evolved on ACX7100-48L, ACX7100-32C, ACX7509:\n21.1-EVO versions prior to 21.1R3-S2-EVO;\n21.2-EVO versions prior to 21.2R3-S2-EVO;\n21.3-EVO versions prior to 21.3R3-EVO;\n21.4-EVO versions prior to 21.4R1-S1-EVO, 21.4R2-EVO.\n\nThis issue does not affect Juniper Networks Junos OS Evolved versions prior to 21.1R1-EVO." } ] - } + }, + "exploit": [ + { + "lang": "eng", + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." + } + ], + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-754 Improper Check for Unusual or Exceptional Conditions" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service (DoS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA69878", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA69878" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following software releases have been updated to resolve this specific issue: 21.1R3-S2-EVO, 21.2R3-S2-EVO, 21.3R3-EVO, 21.4R1-S1-EVO, 21.4R2-EVO, 22.1R1-EVO, and all subsequent releases.\n" + } + ], + "source": { + "advisory": "JSA69878", + "defect": [ + "1641006" + ], + "discovery": "USER" + }, + "work_around": [ + { + "lang": "eng", + "value": "There are no viable workarounds for this issue." + } + ] } \ No newline at end of file diff --git a/2022/22xxx/CVE-2022-22228.json b/2022/22xxx/CVE-2022-22228.json index c883d4b8fd5..19910c01101 100644 --- a/2022/22xxx/CVE-2022-22228.json +++ b/2022/22xxx/CVE-2022-22228.json @@ -1,18 +1,156 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2022-10-12T16:00:00.000Z", "ID": "CVE-2022-22228", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Junos OS: IPv6 OAM SRv6 network-enabled devices are vulnerable to Denial of Service (DoS) due to RPD memory leak upon receipt of specific a IPv6 packet" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "version_affected": "!<", + "version_value": "21.1R1" + }, + { + "version_affected": "<", + "version_name": "21.1", + "version_value": "21.1R3-S2" + }, + { + "version_affected": "<", + "version_name": "21.2", + "version_value": "21.2R3-S1" + }, + { + "version_affected": "<", + "version_name": "21.3", + "version_value": "21.3R3" + }, + { + "version_affected": "<", + "version_name": "21.4", + "version_value": "21.4R2" + }, + { + "version_affected": "<", + "version_name": "22.1", + "version_value": "22.1R2" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } + ] + } + }, + "configuration": [ + { + "lang": "eng", + "value": "The configuration required to hit the issue or be potentially exploited is as follows:\n\n [routing-options source-packet-routing srv6 locator ] \n [protocols isis source-packet-routing node-segment ipv6-index ] \n [protocols isis source-packet-routing srv6 locator end-sid flavor