diff --git a/2023/22xxx/CVE-2023-22391.json b/2023/22xxx/CVE-2023-22391.json index cb92d83b813..f880959525d 100644 --- a/2023/22xxx/CVE-2023-22391.json +++ b/2023/22xxx/CVE-2023-22391.json @@ -1,18 +1,148 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2023-01-11T17:00:00.000Z", "ID": "CVE-2023-22391", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Junos OS: ACX2K Series: Receipt of a high rate of specific traffic will lead to a Denial of Service (DoS)" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "platform": "ACX2K Series", + "version_affected": "<", + "version_value": "19.4R3-S9" + }, + { + "platform": "ACX2K Series", + "version_affected": ">=", + "version_name": "20.2", + "version_value": "20.2R1" + }, + { + "platform": "ACX2K Series", + "version_affected": "<", + "version_name": "20.3", + "version_value": "20.3R3-S6" + }, + { + "platform": "ACX2K Series", + "version_affected": "<", + "version_name": "20.4", + "version_value": "20.4R3-S4" + }, + { + "platform": "ACX2K Series", + "version_affected": ">=", + "version_name": "21.1", + "version_value": "21.1R1" + }, + { + "platform": "ACX2K Series", + "version_affected": "<", + "version_name": "21.2", + "version_value": "21.2R3-S3" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in class-of-service (CoS) queue management in Juniper Networks Junos OS on the ACX2K Series devices allows an unauthenticated network-based attacker to cause a Denial of Service (DoS).\n\nSpecific packets are being incorrectly routed to a queue used for other high-priority traffic such as BGP, PIM, ICMP, ICMPV6 ND and ISAKMP. Due to this misclassification of traffic, receipt of a high rate of these specific packets will cause delays in the processing of other traffic, leading to a Denial of Service (DoS). Continued receipt of this amount of traffic will create a sustained Denial of Service (DoS) condition.\n\nThis issue affects Juniper Networks Junos OS on ACX2K Series:\nAll versions prior to 19.4R3-S9;\nAll 20.2 versions;\n20.3 versions prior to 20.3R3-S6 on ACX2K Series;\n20.4 versions prior to 20.4R3-S4 on ACX2K Series;\nAll 21.1 versions;\n21.2 versions prior to 21.2R3-S3 on ACX2K Series.\n\nNote: This issues affects legacy ACX2K Series PPC-based devices. This platform reached Last Supported Version (LSV) as of the Junos OS 21.2 Release.\n" } ] - } + }, + "exploit": [ + { + "lang": "eng", + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." + } + ], + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-755 Improper Handling of Exceptional Conditions" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service (DoS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA70187", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA70187" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following software releases have been updated to resolve this specific issue: Junos OS 19.4R3-S9, 20.3R3-S6, 20.4R3-S4, and 21.2R3-S3.\n\nNote: Legacy ACX2000 Series PPC-based devices have reached Last Supported Version (LSV) as of Junos OS 21.2.\n" + } + ], + "source": { + "advisory": "JSA70187", + "defect": [ + "1637615" + ], + "discovery": "USER" + }, + "work_around": [ + { + "lang": "eng", + "value": "There are no known workarounds for this issue." + } + ] } \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22393.json b/2023/22xxx/CVE-2023-22393.json index 3012fe1a30a..99a03acf951 100644 --- a/2023/22xxx/CVE-2023-22393.json +++ b/2023/22xxx/CVE-2023-22393.json @@ -1,18 +1,181 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2023-01-11T17:00:00.000Z", "ID": "CVE-2023-22393", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Junos OS and Junos OS Evolved: RPD crash upon receipt of BGP route with invalid next-hop " }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "version_affected": "!<", + "version_value": "21.1R1" + }, + { + "version_affected": "<", + "version_name": "21.1", + "version_value": "21.1R3-S4" + }, + { + "version_affected": "<", + "version_name": "21.2", + "version_value": "21.2R3-S3" + }, + { + "version_affected": "<", + "version_name": "21.3", + "version_value": "21.3R3-S2" + }, + { + "version_affected": "<", + "version_name": "21.4", + "version_value": "21.4R2-S2, 21.4R3" + }, + { + "version_affected": "<", + "version_name": "22.1", + "version_value": "22.1R1-S2, 22.1R2" + }, + { + "version_affected": "<", + "version_name": "22.2", + "version_value": "22.2R1-S1, 22.2R2" + } + ] + } + }, + { + "product_name": "Junos OS Evolved", + "version": { + "version_data": [ + { + "version_affected": "!<", + "version_value": "21.3R1-EVO" + }, + { + "version_affected": "<", + "version_name": "21.4-EVO", + "version_value": "21.4R2-S2-EVO, 21.4R3-EVO" + }, + { + "version_affected": "<", + "version_name": "22.1-EVO", + "version_value": "22.1R1-S2-EVO, 22.1R2-EVO" + }, + { + "version_affected": "<", + "version_name": "22.2-EVO", + "version_value": "22.2R1-S1-EVO, 22.2R2-EVO" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in BGP route processing of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to cause Routing Protocol Daemon (RPD) crash by sending a BGP route with invalid next-hop resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.\n\nThis issue only affects systems without import policy configured. \nThis issue affects:\n\nJuniper Networks Junos OS\n21.1 versions prior to 21.1R3-S4;\n21.2 versions prior to 21.2R3-S3;\n21.3 versions prior to 21.3R3-S2;\n21.4 versions prior to 21.4R2-S2, 21.4R3;\n22.1 versions prior to 22.1R1-S2, 22.1R2;\n22.2 versions prior to 22.2R1-S1, 22.2R2.\n\nJuniper Networks Junos OS Evolved\n21.4-EVO versions prior to 21.4R2-S2-EVO, 21.4R3-EVO;\n22.1-EVO versions prior to 22.1R1-S2-EVO, 22.1R2-EVO;\n22.2-EVO versions prior to 22.2R1-S1-EVO, 22.2R2-EVO.\n\nThis issue does not affect:\n\nJuniper Networks Junos OS versions prior to 21.1R1.\n\nJuniper Networks Junos OS Evolved versions prior to 21.3R1-EVO." } ] - } + }, + "exploit": [ + { + "lang": "eng", + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." + } + ], + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-358 Improperly Implemented Security Check for Standard" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-754 Improper Check for Unusual or Exceptional Conditions" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service (DoS) " + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA70189", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA70189" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS : 21.1R3-S4, 21.2R3-S3, 21.3R3-S2, 21.4R2-S2, 21.4R3, 22.1R1-S2, 22.1R2, 22.2R1-S1, 22.2R2, 22.3R1, and all subsequent releases.\n\nJunos OS Evolved : 21.4R2-S2-EVO, 21.4R3-EVO, 22.1R1-S2-EVO, 22.1R2-EVO, 22.2R1-S1-EVO, 22.2R2-EVO, 22.3R1-EVO, and all subsequent releases." + } + ], + "source": { + "advisory": "JSA70189", + "defect": [ + "1679539" + ], + "discovery": "USER" + }, + "work_around": [ + { + "lang": "eng", + "value": "\nEnsure every BGP session has an import policy configured. \n" + } + ] } \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22394.json b/2023/22xxx/CVE-2023-22394.json index 3713ae715f0..fae63094904 100644 --- a/2023/22xxx/CVE-2023-22394.json +++ b/2023/22xxx/CVE-2023-22394.json @@ -1,18 +1,183 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2023-01-11T17:00:00.000Z", "ID": "CVE-2023-22394", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Junos OS: SRX Series and MX Series: Memory leak due to receipt of specially crafted SIP calls " }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "platform": "MX Series, SRX Series", + "version_affected": "!<", + "version_value": "18.2R1" + }, + { + "platform": "MX Series, SRX Series", + "version_affected": "<", + "version_value": "19.3R3-S7" + }, + { + "platform": "MX Series, SRX Series", + "version_affected": "<", + "version_name": "19.4", + "version_value": "19.4R2-S8, 19.4R3-S10" + }, + { + "platform": "MX Series, SRX Series", + "version_affected": ">=", + "version_name": "20.1", + "version_value": "20.1R1" + }, + { + "platform": "MX Series, SRX Series", + "version_affected": "<", + "version_name": "20.2", + "version_value": "20.2R3-S6" + }, + { + "platform": "MX Series, SRX Series", + "version_affected": "<", + "version_name": "20.3", + "version_value": "20.3R3-S6" + }, + { + "platform": "MX Series, SRX Series", + "version_affected": "<", + "version_name": "20.4", + "version_value": "20.4R3-S5" + }, + { + "platform": "MX Series, SRX Series", + "version_affected": "<", + "version_name": "21.1", + "version_value": "21.1R3-S5" + }, + { + "platform": "MX Series, SRX Series", + "version_affected": "<", + "version_name": "21.2", + "version_value": "21.2R3-S1" + }, + { + "platform": "MX Series, SRX Series", + "version_affected": "<", + "version_name": "21.3", + "version_value": "21.3R3" + }, + { + "platform": "MX Series, SRX Series", + "version_affected": "<", + "version_name": "21.4", + "version_value": "21.4R2-S2, 21.4R3" + }, + { + "platform": "MX Series, SRX Series", + "version_affected": "<", + "version_name": "22.1", + "version_value": "22.1R1-S2, 22.1R2, 22.1R3-S1" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Improper Handling of Unexpected Data Type vulnerability in the handling of SIP calls in Juniper Networks Junos OS on SRX Series and MX Series platforms allows an attacker to cause a memory leak leading to Denial of Services (DoS).\n\nThis issue occurs on all MX Series platforms with MS-MPC or MS-MIC card and all SRX Series platforms where SIP ALG is enabled. Successful exploitation of this vulnerability prevents additional SIP calls and applications from succeeding.\n\nThe SIP ALG needs to be enabled, either implicitly / by default or by way of configuration. To confirm whether SIP ALG is enabled on SRX use the following command:\n\n user@host> show security alg status | match sip\n SIP : Enabled\nThis issue affects Juniper Networks Junos OS on SRX Series and on MX Series: \n\nAll versions prior to 19.3R3-S7;\n19.4 versions prior to 19.4R2-S8, 19.4R3-S10;\n20.1 versions 20.1R1 and later versions;\n20.2 versions prior to 20.2R3-S6;\n20.3 versions prior to 20.3R3-S6;\n20.4 versions prior to 20.4R3-S5;\n21.1 versions prior to 21.1R3-S5;\n21.2 versions prior to 21.2R3-S1;\n21.3 versions prior to 21.3R3;\n21.4 versions prior to 21.4R2-S2, 21.4R3;\n22.1 versions prior to 22.1R1-S2, 22.1R2, 22.1R3-S1.\n\nThis issue does not affect Juniper Networks Junos OS on SRX Series and on MX Series:\n\nAll versions prior to 18.2R1." } ] - } + }, + "exploit": [ + { + "lang": "eng", + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." + } + ], + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-911 Improper Update of Reference Count" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service (DoS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA70190", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA70190" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following software releases have been updated to resolve this specific issue: 19.3R3-S7, 19.4R2-S8, 19.4R3-S10, 20.2R3-S6, 20.3R3-S6, 20.4R3-S5, 21.1R3-S5, 21.2R3-S1, 21.3R3, 21.4R2-S2, 21.4R3, 22.1R1-S2, 22.1R2, 22.1R3-S1, 22.2R1, 22.3R1, and all subsequent releases.\n" + } + ], + "source": { + "advisory": "JSA70190", + "defect": [ + "1653902" + ], + "discovery": "USER" + }, + "work_around": [ + { + "lang": "eng", + "value": "There are no known workarounds for this issue" + } + ] } \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22395.json b/2023/22xxx/CVE-2023-22395.json index 2e5f902f57f..c56fee9b156 100644 --- a/2023/22xxx/CVE-2023-22395.json +++ b/2023/22xxx/CVE-2023-22395.json @@ -1,18 +1,173 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2023-01-11T17:00:00.000Z", "ID": "CVE-2023-22395", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Junos OS: In an MPLS scenario the processing of specific packets to the device causes a buffer leak and ultimately a loss of connectivity" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "19.3R3-S7" + }, + { + "version_affected": "<", + "version_name": "19.4", + "version_value": "19.4R3-S9" + }, + { + "version_affected": ">=", + "version_name": "20.1", + "version_value": "20.1R1" + }, + { + "version_affected": "<", + "version_name": "20.2", + "version_value": "20.2R3-S5" + }, + { + "version_affected": "<", + "version_name": "20.3", + "version_value": "20.3R3-S5" + }, + { + "version_affected": "<", + "version_name": "20.4", + "version_value": "20.4R3-S4" + }, + { + "version_affected": "<", + "version_name": "21.1", + "version_value": "21.1R3-S3" + }, + { + "version_affected": "<", + "version_name": "21.2", + "version_value": "21.2R3-S2" + }, + { + "version_affected": "<", + "version_name": "21.3", + "version_value": "21.3R3-S1" + }, + { + "version_affected": "<", + "version_name": "21.4", + "version_value": "21.4R3" + }, + { + "version_affected": "<", + "version_name": "22.1", + "version_value": "22.1R2" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } + ] + } + }, + "configuration": [ + { + "lang": "eng", + "value": "To be exposed to this vulnerability a minimal IRB configuration like in the following example needs to be present:\n\n [interfaces irb unit family inet address ]" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).\n\nIn an MPLS scenario specific packets destined to an Integrated Routing and Bridging (irb) interface of the device will cause a buffer (mbuf) to leak. Continued receipt of these specific packets will eventually cause a loss of connectivity to and from the device, and requires a reboot to recover.\n\nThese mbufs can be monitored by using the CLI command 'show system buffers':\n\n user@host> show system buffers\n 783/1497/2280 mbufs in use (current/cache/total)\n \n user@host> show system buffers\n 793/1487/2280 mbufs in use (current/cache/total) <<<<<< mbuf usage increased\nThis issue affects Juniper Networks Junos OS:\nAll versions prior to 19.3R3-S7;\n19.4 versions prior to 19.4R3-S9;\n20.1 version 20.1R1 and later versions;\n20.2 versions prior to 20.2R3-S5;\n20.3 versions prior to 20.3R3-S5;\n20.4 versions prior to 20.4R3-S4;\n21.1 versions prior to 21.1R3-S3;\n21.2 versions prior to 21.2R3-S2;\n21.3 versions prior to 21.3R3-S1;\n21.4 versions prior to 21.4R3;\n22.1 versions prior to 22.1R2." } ] - } + }, + "exploit": [ + { + "lang": "eng", + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." + } + ], + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-401 Missing Release of Memory after Effective Lifetime" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service (DoS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA70191", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA70191" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following software releases have been updated to resolve this specific issue: 19.3R3-S7, 19.4R3-S9, 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R3-S3, 21.2R3-S2, 21.3R3-S1, 21.4R3, 22.1R2, 22.2R1, and all subsequent releases." + } + ], + "source": { + "advisory": "JSA70191", + "defect": [ + "1666181" + ], + "discovery": "USER" + }, + "work_around": [ + { + "lang": "eng", + "value": "There are no known workarounds for this issue." + } + ] } \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22396.json b/2023/22xxx/CVE-2023-22396.json index 2415d1413ca..89bc6a6cd87 100644 --- a/2023/22xxx/CVE-2023-22396.json +++ b/2023/22xxx/CVE-2023-22396.json @@ -1,18 +1,243 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2023-01-11T17:00:00.000Z", "ID": "CVE-2023-22396", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Junos OS: Receipt of crafted TCP packets destined to the device results in MBUF leak leading to a Denial of Service (DoS)" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_name": "12.3", + "version_value": "12.3R12-S19" + }, + { + "version_affected": ">=", + "version_name": "15.1", + "version_value": "15.1R7-S10" + }, + { + "version_affected": ">=", + "version_name": "17.3", + "version_value": "17.3R3-S12" + }, + { + "version_affected": ">=", + "version_name": "18.4", + "version_value": "18.4R3-S9" + }, + { + "version_affected": ">=", + "version_name": "19.1", + "version_value": "19.1R3-S7" + }, + { + "version_affected": ">=", + "version_name": "19.2", + "version_value": "19.2R3-S3" + }, + { + "version_affected": ">=", + "version_name": "19.3", + "version_value": "19.3R2-S7, 19.3R3-S3" + }, + { + "version_affected": "<", + "version_name": "19.3", + "version_value": "19.3R3-S7" + }, + { + "version_affected": ">=", + "version_name": "19.4", + "version_value": "19.4R2-S7, 19.4R3-S5" + }, + { + "version_affected": "<", + "version_name": "19.4", + "version_value": "19.4R3-S10" + }, + { + "version_affected": ">=", + "version_name": "20.1", + "version_value": "20.1R3-S1" + }, + { + "version_affected": ">=", + "version_name": "20.2", + "version_value": "20.2R3-S2" + }, + { + "version_affected": "<", + "version_name": "20.2", + "version_value": "20.2R3-S6" + }, + { + "version_affected": ">=", + "version_name": "20.3", + "version_value": "20.3R3-S1" + }, + { + "version_affected": "<", + "version_name": "20.3", + "version_value": "20.3R3-S6" + }, + { + "version_affected": ">=", + "version_name": "20.4", + "version_value": "20.4R2-S2, 20.4R3" + }, + { + "version_affected": "<", + "version_name": "20.4", + "version_value": "20.4R3-S5" + }, + { + "version_affected": ">=", + "version_name": "21.1", + "version_value": "21.1R2" + }, + { + "version_affected": "<", + "version_name": "21.1", + "version_value": "21.1R3-S4" + }, + { + "version_affected": ">=", + "version_name": "21.2", + "version_value": "21.2R1-S1, 21.2R2" + }, + { + "version_affected": "<", + "version_name": "21.2", + "version_value": "21.2R3-S3" + }, + { + "version_affected": "<", + "version_name": "21.3", + "version_value": "21.3R3-S2" + }, + { + "version_affected": "<", + "version_name": "21.4", + "version_value": "21.4R3" + }, + { + "version_affected": "<", + "version_name": "22.1", + "version_value": "22.1R2-S1, 22.1R3" + }, + { + "version_affected": "<", + "version_name": "22.2", + "version_value": "22.2R1-S2, 22.2R2" + }, + { + "version_affected": "<", + "version_name": "22.3", + "version_value": "22.3R1-S1, 22.3R2" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Uncontrolled Resource Consumption vulnerability in TCP processing on the Routing Engine (RE) of Juniper Networks Junos OS allows an unauthenticated network-based attacker to send crafted TCP packets destined to the device, resulting in an MBUF leak that ultimately leads to a Denial of Service (DoS). The system does not recover automatically and must be manually restarted to restore service.\n\nThis issue occurs when crafted TCP packets are sent directly to a configured IPv4 or IPv6 interface on the device. Transit traffic will not trigger this issue.\n\nMBUF usage can be monitored through the use of the 'show system buffers' command. For example:\n\n user@junos> show system buffers | refresh 5\n 4054/566/4620 mbufs in use (current/cache/total)\n ...\n 4089/531/4620 mbufs in use (current/cache/total)\n ...\n 4151/589/4740 mbufs in use (current/cache/total)\n ...\n 4213/527/4740 mbufs in use (current/cache/total)\n\nThis issue affects Juniper Networks Junos OS:\n12.3 version 12.3R12-S19 and later versions;\n15.1 version 15.1R7-S10 and later versions;\n17.3 version 17.3R3-S12 and later versions;\n18.4 version 18.4R3-S9 and later versions;\n19.1 version 19.1R3-S7 and later versions;\n19.2 version 19.2R3-S3 and later versions;\n19.3 version 19.3R2-S7, 19.3R3-S3 and later versions prior to 19.3R3-S7;\n19.4 version 19.4R2-S7, 19.4R3-S5 and later versions prior to 19.4R3-S10;\n20.1 version 20.1R3-S1 and later versions;\n20.2 version 20.2R3-S2 and later versions prior to 20.2R3-S6;\n20.3 version 20.3R3-S1 and later versions prior to 20.3R3-S6;\n20.4 version 20.4R2-S2, 20.4R3 and later versions prior to 20.4R3-S5;\n21.1 version 21.1R2 and later versions prior to 21.1R3-S4;\n21.2 version 21.2R1-S1, 21.2R2 and later versions prior to 21.2R3-S3;\n21.3 versions prior to 21.3R3-S2;\n21.4 versions prior to 21.4R3;\n22.1 versions prior to 22.1R2-S1, 22.1R3;\n22.2 versions prior to 22.2R1-S2, 22.2R2;\n22.3 versions prior to 22.3R1-S1, 22.3R2." } ] - } + }, + "exploit": [ + { + "lang": "eng", + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." + } + ], + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400 Uncontrolled Resource Consumption" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA70192", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA70192" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following software releases have been updated to resolve this specific issue: 19.3R3-S7, 19.4R3-S10, 20.2R3-S6, 20.3R3-S6, 20.4R3-S5, 21.1R3-S4, 21.2R3-S3, 21.3R3-S2, 21.4R3, 22.1R2-S1, 22.1R3, 22.2R1-S2, 22.2R2, 22.2R3, 22.3R1-S1, 22.3R2, 22.4R1, and all subsequent releases.\n" + } + ], + "source": { + "advisory": "JSA70192", + "defect": [ + "1670303" + ], + "discovery": "USER" + }, + "work_around": [ + { + "lang": "eng", + "value": "Limit the exploitable attack surface of critical infrastructure networking equipment. Use access lists or firewall filters to limit access to the device only from trusted, administrative networks or hosts.\n" + } + ] } \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22397.json b/2023/22xxx/CVE-2023-22397.json index 3d39cc6129c..fbcc3bca6fd 100644 --- a/2023/22xxx/CVE-2023-22397.json +++ b/2023/22xxx/CVE-2023-22397.json @@ -1,18 +1,172 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2023-01-11T17:00:00.000Z", "ID": "CVE-2023-22397", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Junos OS Evolved: PTX10003: An attacker sending specific genuine packets will cause a memory leak in the PFE leading to a Denial of Service" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS Evolved", + "version": { + "version_data": [ + { + "platform": "PTX10003", + "version_affected": "<", + "version_value": "20.4R3-S4-EVO" + }, + { + "platform": "PTX10003", + "version_affected": "<", + "version_name": "21.3", + "version_value": "21.3R3-S1-EVO" + }, + { + "platform": "PTX10003", + "version_affected": "<", + "version_name": "21.4", + "version_value": "21.4R2-S2-EVO, 21.4R3-EVO" + }, + { + "platform": "PTX10003", + "version_affected": "<", + "version_name": "22.1", + "version_value": "22.1R1-S2-EVO, 22.1R2-EVO" + }, + { + "platform": "PTX10003", + "version_affected": "<", + "version_name": "22.2", + "version_value": "22.2R2-EVO" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } + ] + } + }, + "configuration": [ + { + "lang": "eng", + "value": "The following is the minimal configuration necessary to be affected by this issue: \n\n [protocols pim interface ]" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Allocation of Resources Without Limits or Throttling weakness in the memory management of the Packet Forwarding Engine (PFE) on Juniper Networks Junos OS Evolved PTX10003 Series devices allows an adjacently located attacker who has established certain preconditions and knowledge of the environment to send certain specific genuine packets to begin a Time-of-check Time-of-use (TOCTOU) Race Condition attack which will cause a memory leak to begin. Once this condition begins, and as long as the attacker is able to sustain the offending traffic, a Distributed Denial of Service (DDoS) event occurs.\n\nAs a DDoS event, the offending packets sent by the attacker will continue to flow from one device to another as long as they are received and processed by any devices, ultimately causing a cascading outage to any vulnerable devices. Devices not vulnerable to the memory leak will process and forward the offending packet(s) to neighboring devices. \n \nDue to internal anti-flood security controls and mechanisms reaching their maximum limit of response in the worst-case scenario, all affected Junos OS Evolved devices will reboot in as little as 1.5 days.\n\nReboots to restore services cannot be avoided once the memory leak begins. The device will self-recover after crashing and rebooting. Operator intervention isn't required to restart the device.\n\nThis issue affects:\nJuniper Networks Junos OS Evolved on PTX10003: \nAll versions prior to 20.4R3-S4-EVO;\n21.3 versions prior to 21.3R3-S1-EVO;\n21.4 versions prior to 21.4R2-S2-EVO, 21.4R3-EVO;\n22.1 versions prior to 22.1R1-S2-EVO, 22.1R2-EVO;\n22.2 versions prior to 22.2R2-EVO.\n\nTo check memory, customers may VTY to the PFE first then execute the following show statement: \n \n show jexpr jtm ingress-main-memory chip 255 | no-more\n\nAlternatively one may execute from the RE CLI: \n\n request pfe execute target fpc0 command \"show jexpr jtm ingress-main-memory chip 255 | no-more\"\n \nIteration 1:\n\nExample output: \n\n Mem type: NH, alloc type: JTM\n 136776 bytes used (max 138216 bytes used)\n 911568 bytes available (909312 bytes from free pages)\n \nIteration 2:\n\nExample output: \n\n Mem type: NH, alloc type: JTM\n 137288 bytes used (max 138216 bytes used)\n 911056 bytes available (909312 bytes from free pages)\n \nThe same can be seen in the CLI below, assuming the scale does not change: \n show npu memory info\n\nExample output: \n FPC0:NPU16 mem-util-jnh-nh-size 2097152\n FPC0:NPU16 mem-util-jnh-nh-allocated 135272\n FPC0:NPU16 mem-util-jnh-nh-utilization 6\n \n\n\n\n" } ] - } + }, + "exploit": [ + { + "lang": "eng", + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." + } + ], + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-770 Allocation of Resources Without Limits or Throttling" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service (DoS)" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Distributed Denial of Service (DoS)" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Memory Leak" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA70193", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA70193" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following software releases have been updated to resolve these specific issues: Junos OS Evolved: 20.4R3-S4-EVO, 21.3R3-S1-EVO, 21.4R2-S2-EVO, 21.4R3-EVO, 22.1R1-S2-EVO, 22.1R2-EVO, 22.1R3-EVO, 22.2R1-S1-EVO, 22.2R2-EVO, 22.3R1-EVO, and all subsequent releases.\n" + } + ], + "source": { + "advisory": "JSA70193", + "defect": [ + "1670829" + ], + "discovery": "USER" + }, + "work_around": [ + { + "lang": "eng", + "value": "There are no known workarounds for this issue. \n\nTo reduce impact due to unplanned reboots customers may review memory thresholds as above and decide to reboot devices proactively to clear memory during planned maintenance windows.\n " + } + ] } \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22398.json b/2023/22xxx/CVE-2023-22398.json index 51e1c4fc4d8..63635fd5642 100644 --- a/2023/22xxx/CVE-2023-22398.json +++ b/2023/22xxx/CVE-2023-22398.json @@ -1,18 +1,179 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2023-01-11T17:00:00.000Z", "ID": "CVE-2023-22398", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Junos OS and Junos OS Evolved: RPD might crash when MPLS ping is performed on BGP LSPs" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.1", + "version_value": "15.1R7-S12" + }, + { + "version_affected": "<", + "version_name": "19.1", + "version_value": "19.1R3-S9" + }, + { + "version_affected": "<", + "version_name": "19.2", + "version_value": "19.2R1-S9, 19.2R3-S5" + }, + { + "version_affected": "<", + "version_name": "19.3", + "version_value": "19.3R3-S6" + }, + { + "version_affected": "<", + "version_name": "19.4", + "version_value": "19.4R2-S7, 19.4R3-S8" + }, + { + "version_affected": "<", + "version_name": "20.1", + "version_value": "20.1R3-S4" + }, + { + "version_affected": "<", + "version_name": "20.2", + "version_value": "20.2R3-S5" + }, + { + "version_affected": "<", + "version_name": "20.3", + "version_value": "20.3R3-S5" + }, + { + "version_affected": "<", + "version_name": "20.4", + "version_value": "20.4R3-S4" + }, + { + "version_affected": "<", + "version_name": "21.1", + "version_value": "21.1R1-S1, 21.1R2" + } + ] + } + }, + { + "product_name": "Junos OS Evolved", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "20.4R3-S4-EVO" + }, + { + "version_affected": "<", + "version_name": "21.1", + "version_value": "21.1R2-EVO" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Access of Uninitialized Pointer vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS).\n\nWhen an MPLS ping is performed on BGP LSPs, the RPD might crash. Repeated execution of this operation will lead to a sustained DoS.\nThis issue affects:\nJuniper Networks Junos OS:\n15.1 versions prior to 15.1R7-S12;\n19.1 versions prior to 19.1R3-S9;\n19.2 versions prior to 19.2R1-S9, 19.2R3-S5;\n19.3 versions prior to 19.3R3-S6;\n19.4 versions prior to 19.4R2-S7, 19.4R3-S8;\n20.1 versions prior to 20.1R3-S4;\n20.2 versions prior to 20.2R3-S5;\n20.3 versions prior to 20.3R3-S5;\n20.4 versions prior to 20.4R3-S4;\n21.1 versions prior to 21.1R1-S1, 21.1R2;\n\nJuniper Networks Junos OS Evolved:\nAll versions prior to 20.4R3-S4;\n21.1 versions prior to 21.1R2-EVO." } ] - } + }, + "exploit": [ + { + "lang": "eng", + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." + } + ], + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-824 Access of Uninitialized Pointer" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service (DoS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA70181", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA70181" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following software releases have been updated to resolve this specific issue:\nJunos OS: 15.1R7-S12, 19.1R3-S9, 19.2R1-S9, 19.2R3-S5, 19.3R3-S6, 19.4R2-S7, 19.4R3-S8, 20.1R3-S4, 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R1-S1, 21.1R2, 21.2R1, and all subsequent releases.\nJunos OS Evolved: 20.4R3-S4-EVO, 21.1R2-EVO, 21.2R1-EVO and all subsequent releases." + } + ], + "source": { + "advisory": "JSA70181", + "defect": [ + "1593770" + ], + "discovery": "USER" + }, + "work_around": [ + { + "lang": "eng", + "value": "There are no known workarounds for this issue.\n\nTo reduce the risk of exploitation of this issue, use access lists or firewall filters to limit access to only trusted networks, hosts and users." + } + ] } \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22399.json b/2023/22xxx/CVE-2023-22399.json index 181c55c356a..a4c6aac73c8 100644 --- a/2023/22xxx/CVE-2023-22399.json +++ b/2023/22xxx/CVE-2023-22399.json @@ -1,18 +1,183 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2023-01-11T17:00:00.000Z", "ID": "CVE-2023-22399", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Junos OS: QFX10K Series: PFE crash upon receipt of specific genuine packets when sFlow is enabled" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "platform": "QFX10K Series", + "version_affected": "<", + "version_value": "19.4R3-S9" + }, + { + "platform": "QFX10K Series", + "version_affected": "<", + "version_name": "20.2", + "version_value": "20.2R3-S6" + }, + { + "platform": "QFX10K Series", + "version_affected": "<", + "version_name": "20.3", + "version_value": "20.3R3-S6" + }, + { + "platform": "QFX10K Series", + "version_affected": "<", + "version_name": "20.4", + "version_value": "20.4R3-S5" + }, + { + "platform": "QFX10K Series", + "version_affected": "<", + "version_name": "21.1", + "version_value": "21.1R3-S4" + }, + { + "platform": "QFX10K Series", + "version_affected": "<", + "version_name": "21.2", + "version_value": "21.2R3-S3" + }, + { + "platform": "QFX10K Series", + "version_affected": "<", + "version_name": "21.3", + "version_value": "21.3R3-S2" + }, + { + "platform": "QFX10K Series", + "version_affected": "<", + "version_name": "21.4", + "version_value": "21.4R2-S2, 21.4R3" + }, + { + "platform": "QFX10K Series", + "version_affected": "<", + "version_name": "22.1", + "version_value": "22.1R2" + }, + { + "platform": "QFX10K Series", + "version_affected": "<", + "version_name": "22.2", + "version_value": "22.2R1-S2, 22.2R2" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } + ] + } + }, + "configuration": [ + { + "lang": "eng", + "value": "This issue only affects systems with sFlow enabled. An example sFlow configuration is shown below:\n\n [protocols sflow collector udp-port ]\n [protocols sflow interfaces polling-interval sample-rate ]\n" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When sFlow is enabled and it monitors a packet forwarded via ECMP, a buffer management vulnerability in the dcpfe process of Juniper Networks Junos OS on QFX10K Series systems allows an attacker to cause the Packet Forwarding Engine (PFE) to crash and restart by sending specific genuine packets to the device, resulting in a Denial of Service (DoS) condition. \n\nThe dcpfe process tries to copy more data into a smaller buffer, which overflows and corrupts the buffer, causing a crash of the dcpfe process. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition.\n\nThis issue affects Juniper Networks Junos OS on QFX10K Series:\nAll versions prior to 19.4R3-S9;\n20.2 versions prior to 20.2R3-S6;\n20.3 versions prior to 20.3R3-S6;\n20.4 versions prior to 20.4R3-S5;\n21.1 versions prior to 21.1R3-S4;\n21.2 versions prior to 21.2R3-S3;\n21.3 versions prior to 21.3R3-S2;\n21.4 versions prior to 21.4R2-S2, 21.4R3;\n22.1 versions prior to 22.1R2;\n22.2 versions prior to 22.2R1-S2, 22.2R2." } ] - } + }, + "exploit": [ + { + "lang": "eng", + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." + } + ], + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120 Buffer Overflow" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service (DoS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA70195", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA70195" + }, + { + "name": "https://www.juniper.net/documentation/us/en/software/junos/network-mgmt/topics/topic-map/sflow-monitoring-technology.html", + "refsource": "MISC", + "url": "https://www.juniper.net/documentation/us/en/software/junos/network-mgmt/topics/topic-map/sflow-monitoring-technology.html" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following software releases have been updated to resolve this specific issue: 19.4R3-S9, 20.2R3-S6, 20.3R3-S6, 20.4R3-S5, 21.1R3-S4, 21.2R3-S3, 21.3R3-S2, 21.4R2-S2, 21.4R3, 22.1R2, 22.2R1-S2, 22.2R2, 22.3R1, and all subsequent releases.\n" + } + ], + "source": { + "advisory": "JSA70195", + "defect": [ + "1668330" + ], + "discovery": "USER" + }, + "work_around": [ + { + "lang": "eng", + "value": "1. Prevent sflow from monitoring ECMP forwarded packets.\n\n2. Temporarily disable sFlow to mitigate this issue.\n" + } + ] } \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22400.json b/2023/22xxx/CVE-2023-22400.json index 33cedf7bbd7..1087717b7bc 100644 --- a/2023/22xxx/CVE-2023-22400.json +++ b/2023/22xxx/CVE-2023-22400.json @@ -1,18 +1,137 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2023-01-11T17:00:00.000Z", "ID": "CVE-2023-22400", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Junos OS Evolved: A specific SNMP GET operation and a specific CLI commands cause resources to leak and eventually the evo-pfemand process will crash" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS Evolved", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "20.4R3-S3-EVO" + }, + { + "version_affected": ">=", + "version_name": "21.1-EVO", + "version_value": "21.1R1-EVO" + }, + { + "version_affected": "<", + "version_name": "21.2-EVO", + "version_value": "21.2R3-S4-EVO" + }, + { + "version_affected": ">=", + "version_name": "21.3-EVO", + "version_value": "21.3R1-EVO" + }, + { + "version_affected": "<", + "version_name": "21.4-EVO", + "version_value": "21.4R2-EVO" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Uncontrolled Resource Consumption vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause an FPC crash leading to a Denial of Service (DoS).\n\nWhen a specific SNMP GET operation or a specific CLI command is executed this will cause a GUID resource leak, eventually leading to exhaustion and result in an FPC crash and reboot.\n\nGUID exhaustion will trigger a syslog message like one of the following for example:\n\n evo-pfemand[]: get_next_guid: Ran out of Guid Space ...\n evo-aftmand-zx[]: get_next_guid: Ran out of Guid Space ...\n\nThis leak can be monitored by running the following command and taking note of the value in the rightmost column labeled Guids:\n\n user@host> show platform application-info allocations app evo-pfemand | match \"IFDId|IFLId|Context\"\n Node Application Context Name Live Allocs Fails Guids\n re0 evo-pfemand net::juniper::interfaces::IFDId 0 3448 0 3448\n re0 evo-pfemand net::juniper::interfaces::IFLId 0 561 0 561\n\n user@host> show platform application-info allocations app evo-pfemand | match \"IFDId|IFLId|Context\"\n Node Application Context Name Live Allocs Fails Guids\n re0 evo-pfemand net::juniper::interfaces::IFDId 0 3784 0 3784\n re0 evo-pfemand net::juniper::interfaces::IFLId 0 647 0 647\nThis issue affects Juniper Networks Junos OS Evolved:\nAll versions prior to 20.4R3-S3-EVO;\n21.1-EVO version 21.1R1-EVO and later versions;\n21.2-EVO versions prior to 21.2R3-S4-EVO;\n21.3-EVO version 21.3R1-EVO and later versions;\n21.4-EVO versions prior to 21.4R2-EVO." } ] - } + }, + "exploit": [ + { + "lang": "eng", + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." + } + ], + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400 Uncontrolled Resource Consumption" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service (DoS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA70196", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA70196" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following software releases have been updated to resolve this specific issue: 20.4R3-S3-EVO, 21.2R3-S4-EVO, 21.4R2-EVO, 22.1R1-EVO, and all subsequent releases.\n" + } + ], + "source": { + "advisory": "JSA70196", + "defect": [ + "1641313" + ], + "discovery": "USER" + }, + "work_around": [ + { + "lang": "eng", + "value": "There are no known workarounds for this issue.\n\nTo reduce the risk of exploitation of this issue, use access lists or firewall filters to limit access to only trusted networks, hosts and users." + } + ] } \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22401.json b/2023/22xxx/CVE-2023-22401.json index 66c92d98fb3..b68d4a3aeb0 100644 --- a/2023/22xxx/CVE-2023-22401.json +++ b/2023/22xxx/CVE-2023-22401.json @@ -1,18 +1,165 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2023-01-11T17:00:00.000Z", "ID": "CVE-2023-22401", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Junos OS and Junos OS Evolved: PTX10008, PTX10016: When a specific SNMP MIB is queried the FPC will crash" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_name": "22.1", + "version_value": "22.1R2" + }, + { + "version_affected": "<", + "version_name": "22.1", + "version_value": "22.1R3" + }, + { + "version_affected": "<", + "version_name": "22.2", + "version_value": "22.2R2" + } + ] + } + }, + { + "product_name": "Junos OS Evolved", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_name": "21.3-EVO", + "version_value": "21.3R3-EVO" + }, + { + "version_affected": ">=", + "version_name": "21.4-EVO", + "version_value": "21.4R1-S2-EVO, 21.4R2-EVO" + }, + { + "version_affected": "<", + "version_name": "21.4-EVO", + "version_value": "21.4R2-S1-EVO" + }, + { + "version_affected": ">=", + "version_name": "22.1-EVO", + "version_value": "22.1R2-EVO" + }, + { + "version_affected": "<", + "version_name": "22.1-EVO", + "version_value": "22.1R3-EVO" + }, + { + "version_affected": "<", + "version_name": "22.2-EVO", + "version_value": "22.2R1-S1-EVO, 22.2R2-EVO" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Improper Validation of Array Index vulnerability in the Advanced Forwarding Toolkit Manager daemon (aftmand) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).\n\nOn the PTX10008 and PTX10016 platforms running Junos OS or Junos OS Evolved, when a specific SNMP MIB is queried this will cause a PFE crash and the FPC will go offline and not automatically recover. A system restart is required to get the affected FPC in an operational state again.\nThis issue affects:\nJuniper Networks Junos OS\n22.1 version 22.1R2 and later versions;\n22.1 versions prior to 22.1R3;\n22.2 versions prior to 22.2R2.\nJuniper Networks Junos OS Evolved\n21.3-EVO version 21.3R3-EVO and later versions;\n21.4-EVO version 21.4R1-S2-EVO, 21.4R2-EVO and later versions prior to 21.4R2-S1-EVO;\n22.1-EVO version 22.1R2-EVO and later versions prior to 22.1R3-EVO;\n22.2-EVO versions prior to 22.2R1-S1-EVO, 22.2R2-EVO." } ] - } + }, + "exploit": [ + { + "lang": "eng", + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." + } + ], + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-129 Improper Validation of Array Index" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service (DoS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA70197", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA70197" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following software releases have been updated to resolve this specific issue: \nJunos OS: 22.1R3, 22.2R2, and all subsequent releases.\nJunos OS Evolved: 21.4R2-S1-EVO, 22.1R3-EVO, 22.2R1-S1-EVO, 22.2R2-EVO, and all subsequent releases." + } + ], + "source": { + "advisory": "JSA70197", + "defect": [ + "1668861" + ], + "discovery": "USER" + }, + "work_around": [ + { + "lang": "eng", + "value": "There are no known workarounds for this issue. To reduce the risk of exploitation use access lists or firewall filters to limit access to the device only from trusted, administrative networks or hosts." + } + ] } \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22402.json b/2023/22xxx/CVE-2023-22402.json index a37787927b5..afb7383bc5d 100644 --- a/2023/22xxx/CVE-2023-22402.json +++ b/2023/22xxx/CVE-2023-22402.json @@ -1,18 +1,139 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2023-01-11T17:00:00.000Z", "ID": "CVE-2023-22402", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Junos OS Evolved: The kernel might restart in a BGP scenario where \"bgp auto-discovery\" is enabled and such a neighbor flaps" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS Evolved", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "21.3", + "version_value": "21.3R3-EVO" + }, + { + "version_affected": "<", + "version_name": "21.4", + "version_value": "21.4R2-EVO" + }, + { + "version_affected": "<", + "version_name": "22.1", + "version_value": "22.1R2-EVO" + }, + { + "version_affected": "<", + "version_name": "22.2", + "version_value": "22.2R1-S1-EVO, 22.2R2-EVO" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } + ] + } + }, + "configuration": [ + { + "lang": "eng", + "value": "To be exposed to this is issue non-stop routing (NSR) and BGP auto-discovery need to be configured:\n\n [routing-options nonstop-routing]\n [protocols bgp group dynamic-neighbor