admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-08 05:58:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Juniper JSA publication 2023-01. See https://advisory.juniper.net for more information.

Browse Source
This commit is contained in:
Dave Dugal 2023-01-12 18:38:37 -05:00
parent 4698abcfb4
commit 50732a00cd
No known key found for this signature in database
GPG Key ID: 5E7DB5AB7634153C
26 changed files with 4159 additions and 182 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

142
2023/22xxx/CVE-2023-22391.json
View File

@ -1,18 +1,148 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2023-01-11T17:00:00.000Z",
"ID": "CVE-2023-22391",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Junos OS: ACX2K Series: Receipt of a high rate of specific traffic will lead to a Denial of Service (DoS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "ACX2K Series",
"version_affected": "<",
"version_value": "19.4R3-S9"
},
{
"platform": "ACX2K Series",
"version_affected": ">=",
"version_name": "20.2",
"version_value": "20.2R1"
},
{
"platform": "ACX2K Series",
"version_affected": "<",
"version_name": "20.3",
"version_value": "20.3R3-S6"
},
{
"platform": "ACX2K Series",
"version_affected": "<",
"version_name": "20.4",
"version_value": "20.4R3-S4"
},
{
"platform": "ACX2K Series",
"version_affected": ">=",
"version_name": "21.1",
"version_value": "21.1R1"
},
{
"platform": "ACX2K Series",
"version_affected": "<",
"version_name": "21.2",
"version_value": "21.2R3-S3"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in class-of-service (CoS) queue management in Juniper Networks Junos OS on the ACX2K Series devices allows an unauthenticated network-based attacker to cause a Denial of Service (DoS).\n\nSpecific packets are being incorrectly routed to a queue used for other high-priority traffic such as BGP, PIM, ICMP, ICMPV6 ND and ISAKMP. Due to this misclassification of traffic, receipt of a high rate of these specific packets will cause delays in the processing of other traffic, leading to a Denial of Service (DoS). Continued receipt of this amount of traffic will create a sustained Denial of Service (DoS) condition.\n\nThis issue affects Juniper Networks Junos OS on ACX2K Series:\nAll versions prior to 19.4R3-S9;\nAll 20.2 versions;\n20.3 versions prior to 20.3R3-S6 on ACX2K Series;\n20.4 versions prior to 20.4R3-S4 on ACX2K Series;\nAll 21.1 versions;\n21.2 versions prior to 21.2R3-S3 on ACX2K Series.\n\nNote: This issues affects legacy ACX2K Series PPC-based devices. This platform reached Last Supported Version (LSV) as of the Junos OS 21.2 Release.\n"
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-755 Improper Handling of Exceptional Conditions"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA70187",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA70187"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 19.4R3-S9, 20.3R3-S6, 20.4R3-S4, and 21.2R3-S3.\n\nNote: Legacy ACX2000 Series PPC-based devices have reached Last Supported Version (LSV) as of Junos OS 21.2.\n"
}
],
"source": {
"advisory": "JSA70187",
"defect": [
"1637615"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no known workarounds for this issue."
}
]
}

175
2023/22xxx/CVE-2023-22393.json
View File

@ -1,18 +1,181 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2023-01-11T17:00:00.000Z",
"ID": "CVE-2023-22393",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Junos OS and Junos OS Evolved: RPD crash upon receipt of BGP route with invalid next-hop "
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "!<",
"version_value": "21.1R1"
},
{
"version_affected": "<",
"version_name": "21.1",
"version_value": "21.1R3-S4"
},
{
"version_affected": "<",
"version_name": "21.2",
"version_value": "21.2R3-S3"
},
{
"version_affected": "<",
"version_name": "21.3",
"version_value": "21.3R3-S2"
},
{
"version_affected": "<",
"version_name": "21.4",
"version_value": "21.4R2-S2, 21.4R3"
},
{
"version_affected": "<",
"version_name": "22.1",
"version_value": "22.1R1-S2, 22.1R2"
},
{
"version_affected": "<",
"version_name": "22.2",
"version_value": "22.2R1-S1, 22.2R2"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "!<",
"version_value": "21.3R1-EVO"
},
{
"version_affected": "<",
"version_name": "21.4-EVO",
"version_value": "21.4R2-S2-EVO, 21.4R3-EVO"
},
{
"version_affected": "<",
"version_name": "22.1-EVO",
"version_value": "22.1R1-S2-EVO, 22.1R2-EVO"
},
{
"version_affected": "<",
"version_name": "22.2-EVO",
"version_value": "22.2R1-S1-EVO, 22.2R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in BGP route processing of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to cause Routing Protocol Daemon (RPD) crash by sending a BGP route with invalid next-hop resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.\n\nThis issue only affects systems without import policy configured. \nThis issue affects:\n\nJuniper Networks Junos OS\n21.1 versions prior to 21.1R3-S4;\n21.2 versions prior to 21.2R3-S3;\n21.3 versions prior to 21.3R3-S2;\n21.4 versions prior to 21.4R2-S2, 21.4R3;\n22.1 versions prior to 22.1R1-S2, 22.1R2;\n22.2 versions prior to 22.2R1-S1, 22.2R2.\n\nJuniper Networks Junos OS Evolved\n21.4-EVO versions prior to 21.4R2-S2-EVO, 21.4R3-EVO;\n22.1-EVO versions prior to 22.1R1-S2-EVO, 22.1R2-EVO;\n22.2-EVO versions prior to 22.2R1-S1-EVO, 22.2R2-EVO.\n\nThis issue does not affect:\n\nJuniper Networks Junos OS versions prior to 21.1R1.\n\nJuniper Networks Junos OS Evolved versions prior to 21.3R1-EVO."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-358 Improperly Implemented Security Check for Standard"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-754 Improper Check for Unusual or Exceptional Conditions"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS) "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA70189",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA70189"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS : 21.1R3-S4, 21.2R3-S3, 21.3R3-S2, 21.4R2-S2, 21.4R3, 22.1R1-S2, 22.1R2, 22.2R1-S1, 22.2R2, 22.3R1, and all subsequent releases.\n\nJunos OS Evolved : 21.4R2-S2-EVO, 21.4R3-EVO, 22.1R1-S2-EVO, 22.1R2-EVO, 22.2R1-S1-EVO, 22.2R2-EVO, 22.3R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA70189",
"defect": [
"1679539"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "\nEnsure every BGP session has an import policy configured. \n"
}
]
}

177
2023/22xxx/CVE-2023-22394.json
View File

@ -1,18 +1,183 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2023-01-11T17:00:00.000Z",
"ID": "CVE-2023-22394",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Junos OS: SRX Series and MX Series: Memory leak due to receipt of specially crafted SIP calls "
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "MX Series, SRX Series",
"version_affected": "!<",
"version_value": "18.2R1"
},
{
"platform": "MX Series, SRX Series",
"version_affected": "<",
"version_value": "19.3R3-S7"
},
{
"platform": "MX Series, SRX Series",
"version_affected": "<",
"version_name": "19.4",
"version_value": "19.4R2-S8, 19.4R3-S10"
},
{
"platform": "MX Series, SRX Series",
"version_affected": ">=",
"version_name": "20.1",
"version_value": "20.1R1"
},
{
"platform": "MX Series, SRX Series",
"version_affected": "<",
"version_name": "20.2",
"version_value": "20.2R3-S6"
},
{
"platform": "MX Series, SRX Series",
"version_affected": "<",
"version_name": "20.3",
"version_value": "20.3R3-S6"
},
{
"platform": "MX Series, SRX Series",
"version_affected": "<",
"version_name": "20.4",
"version_value": "20.4R3-S5"
},
{
"platform": "MX Series, SRX Series",
"version_affected": "<",
"version_name": "21.1",
"version_value": "21.1R3-S5"
},
{
"platform": "MX Series, SRX Series",
"version_affected": "<",
"version_name": "21.2",
"version_value": "21.2R3-S1"
},
{
"platform": "MX Series, SRX Series",
"version_affected": "<",
"version_name": "21.3",
"version_value": "21.3R3"
},
{
"platform": "MX Series, SRX Series",
"version_affected": "<",
"version_name": "21.4",
"version_value": "21.4R2-S2, 21.4R3"
},
{
"platform": "MX Series, SRX Series",
"version_affected": "<",
"version_name": "22.1",
"version_value": "22.1R1-S2, 22.1R2, 22.1R3-S1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Improper Handling of Unexpected Data Type vulnerability in the handling of SIP calls in Juniper Networks Junos OS on SRX Series and MX Series platforms allows an attacker to cause a memory leak leading to Denial of Services (DoS).\n\nThis issue occurs on all MX Series platforms with MS-MPC or MS-MIC card and all SRX Series platforms where SIP ALG is enabled. Successful exploitation of this vulnerability prevents additional SIP calls and applications from succeeding.\n\nThe SIP ALG needs to be enabled, either implicitly / by default or by way of configuration. To confirm whether SIP ALG is enabled on SRX use the following command:\n\n user@host> show security alg status | match sip\n SIP : Enabled\nThis issue affects Juniper Networks Junos OS on SRX Series and on MX Series: \n\nAll versions prior to 19.3R3-S7;\n19.4 versions prior to 19.4R2-S8, 19.4R3-S10;\n20.1 versions 20.1R1 and later versions;\n20.2 versions prior to 20.2R3-S6;\n20.3 versions prior to 20.3R3-S6;\n20.4 versions prior to 20.4R3-S5;\n21.1 versions prior to 21.1R3-S5;\n21.2 versions prior to 21.2R3-S1;\n21.3 versions prior to 21.3R3;\n21.4 versions prior to 21.4R2-S2, 21.4R3;\n22.1 versions prior to 22.1R1-S2, 22.1R2, 22.1R3-S1.\n\nThis issue does not affect Juniper Networks Junos OS on SRX Series and on MX Series:\n\nAll versions prior to 18.2R1."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-911 Improper Update of Reference Count"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA70190",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA70190"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 19.3R3-S7, 19.4R2-S8, 19.4R3-S10, 20.2R3-S6, 20.3R3-S6, 20.4R3-S5, 21.1R3-S5, 21.2R3-S1, 21.3R3, 21.4R2-S2, 21.4R3, 22.1R1-S2, 22.1R2, 22.1R3-S1, 22.2R1, 22.3R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA70190",
"defect": [
"1653902"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no known workarounds for this issue"
}
]
}

167
2023/22xxx/CVE-2023-22395.json
View File

@ -1,18 +1,173 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2023-01-11T17:00:00.000Z",
"ID": "CVE-2023-22395",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Junos OS: In an MPLS scenario the processing of specific packets to the device causes a buffer leak and ultimately a loss of connectivity"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "19.3R3-S7"
},
{
"version_affected": "<",
"version_name": "19.4",
"version_value": "19.4R3-S9"
},
{
"version_affected": ">=",
"version_name": "20.1",
"version_value": "20.1R1"
},
{
"version_affected": "<",
"version_name": "20.2",
"version_value": "20.2R3-S5"
},
{
"version_affected": "<",
"version_name": "20.3",
"version_value": "20.3R3-S5"
},
{
"version_affected": "<",
"version_name": "20.4",
"version_value": "20.4R3-S4"
},
{
"version_affected": "<",
"version_name": "21.1",
"version_value": "21.1R3-S3"
},
{
"version_affected": "<",
"version_name": "21.2",
"version_value": "21.2R3-S2"
},
{
"version_affected": "<",
"version_name": "21.3",
"version_value": "21.3R3-S1"
},
{
"version_affected": "<",
"version_name": "21.4",
"version_value": "21.4R3"
},
{
"version_affected": "<",
"version_name": "22.1",
"version_value": "22.1R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "To be exposed to this vulnerability a minimal IRB configuration like in the following example needs to be present:\n\n [interfaces irb unit <unit> family inet address <IP-adress>]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).\n\nIn an MPLS scenario specific packets destined to an Integrated Routing and Bridging (irb) interface of the device will cause a buffer (mbuf) to leak. Continued receipt of these specific packets will eventually cause a loss of connectivity to and from the device, and requires a reboot to recover.\n\nThese mbufs can be monitored by using the CLI command 'show system buffers':\n\n user@host> show system buffers\n 783/1497/2280 mbufs in use (current/cache/total)\n \n user@host> show system buffers\n 793/1487/2280 mbufs in use (current/cache/total) <<<<<< mbuf usage increased\nThis issue affects Juniper Networks Junos OS:\nAll versions prior to 19.3R3-S7;\n19.4 versions prior to 19.4R3-S9;\n20.1 version 20.1R1 and later versions;\n20.2 versions prior to 20.2R3-S5;\n20.3 versions prior to 20.3R3-S5;\n20.4 versions prior to 20.4R3-S4;\n21.1 versions prior to 21.1R3-S3;\n21.2 versions prior to 21.2R3-S2;\n21.3 versions prior to 21.3R3-S1;\n21.4 versions prior to 21.4R3;\n22.1 versions prior to 22.1R2."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-401 Missing Release of Memory after Effective Lifetime"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA70191",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA70191"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 19.3R3-S7, 19.4R3-S9, 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R3-S3, 21.2R3-S2, 21.3R3-S1, 21.4R3, 22.1R2, 22.2R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA70191",
"defect": [
"1666181"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no known workarounds for this issue."
}
]
}

237
2023/22xxx/CVE-2023-22396.json
View File

@ -1,18 +1,243 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2023-01-11T17:00:00.000Z",
"ID": "CVE-2023-22396",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Junos OS: Receipt of crafted TCP packets destined to the device results in MBUF leak leading to a Denial of Service (DoS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_name": "12.3",
"version_value": "12.3R12-S19"
},
{
"version_affected": ">=",
"version_name": "15.1",
"version_value": "15.1R7-S10"
},
{
"version_affected": ">=",
"version_name": "17.3",
"version_value": "17.3R3-S12"
},
{
"version_affected": ">=",
"version_name": "18.4",
"version_value": "18.4R3-S9"
},
{
"version_affected": ">=",
"version_name": "19.1",
"version_value": "19.1R3-S7"
},
{
"version_affected": ">=",
"version_name": "19.2",
"version_value": "19.2R3-S3"
},
{
"version_affected": ">=",
"version_name": "19.3",
"version_value": "19.3R2-S7, 19.3R3-S3"
},
{
"version_affected": "<",
"version_name": "19.3",
"version_value": "19.3R3-S7"
},
{
"version_affected": ">=",
"version_name": "19.4",
"version_value": "19.4R2-S7, 19.4R3-S5"
},
{
"version_affected": "<",
"version_name": "19.4",
"version_value": "19.4R3-S10"
},
{
"version_affected": ">=",
"version_name": "20.1",
"version_value": "20.1R3-S1"
},
{
"version_affected": ">=",
"version_name": "20.2",
"version_value": "20.2R3-S2"
},
{
"version_affected": "<",
"version_name": "20.2",
"version_value": "20.2R3-S6"
},
{
"version_affected": ">=",
"version_name": "20.3",
"version_value": "20.3R3-S1"
},
{
"version_affected": "<",
"version_name": "20.3",
"version_value": "20.3R3-S6"
},
{
"version_affected": ">=",
"version_name": "20.4",
"version_value": "20.4R2-S2, 20.4R3"
},
{
"version_affected": "<",
"version_name": "20.4",
"version_value": "20.4R3-S5"
},
{
"version_affected": ">=",
"version_name": "21.1",
"version_value": "21.1R2"
},
{
"version_affected": "<",
"version_name": "21.1",
"version_value": "21.1R3-S4"
},
{
"version_affected": ">=",
"version_name": "21.2",
"version_value": "21.2R1-S1, 21.2R2"
},
{
"version_affected": "<",
"version_name": "21.2",
"version_value": "21.2R3-S3"
},
{
"version_affected": "<",
"version_name": "21.3",
"version_value": "21.3R3-S2"
},
{
"version_affected": "<",
"version_name": "21.4",
"version_value": "21.4R3"
},
{
"version_affected": "<",
"version_name": "22.1",
"version_value": "22.1R2-S1, 22.1R3"
},
{
"version_affected": "<",
"version_name": "22.2",
"version_value": "22.2R1-S2, 22.2R2"
},
{
"version_affected": "<",
"version_name": "22.3",
"version_value": "22.3R1-S1, 22.3R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Uncontrolled Resource Consumption vulnerability in TCP processing on the Routing Engine (RE) of Juniper Networks Junos OS allows an unauthenticated network-based attacker to send crafted TCP packets destined to the device, resulting in an MBUF leak that ultimately leads to a Denial of Service (DoS). The system does not recover automatically and must be manually restarted to restore service.\n\nThis issue occurs when crafted TCP packets are sent directly to a configured IPv4 or IPv6 interface on the device. Transit traffic will not trigger this issue.\n\nMBUF usage can be monitored through the use of the 'show system buffers' command. For example:\n\n user@junos> show system buffers | refresh 5\n 4054/566/4620 mbufs in use (current/cache/total)\n ...\n 4089/531/4620 mbufs in use (current/cache/total)\n ...\n 4151/589/4740 mbufs in use (current/cache/total)\n ...\n 4213/527/4740 mbufs in use (current/cache/total)\n\nThis issue affects Juniper Networks Junos OS:\n12.3 version 12.3R12-S19 and later versions;\n15.1 version 15.1R7-S10 and later versions;\n17.3 version 17.3R3-S12 and later versions;\n18.4 version 18.4R3-S9 and later versions;\n19.1 version 19.1R3-S7 and later versions;\n19.2 version 19.2R3-S3 and later versions;\n19.3 version 19.3R2-S7, 19.3R3-S3 and later versions prior to 19.3R3-S7;\n19.4 version 19.4R2-S7, 19.4R3-S5 and later versions prior to 19.4R3-S10;\n20.1 version 20.1R3-S1 and later versions;\n20.2 version 20.2R3-S2 and later versions prior to 20.2R3-S6;\n20.3 version 20.3R3-S1 and later versions prior to 20.3R3-S6;\n20.4 version 20.4R2-S2, 20.4R3 and later versions prior to 20.4R3-S5;\n21.1 version 21.1R2 and later versions prior to 21.1R3-S4;\n21.2 version 21.2R1-S1, 21.2R2 and later versions prior to 21.2R3-S3;\n21.3 versions prior to 21.3R3-S2;\n21.4 versions prior to 21.4R3;\n22.1 versions prior to 22.1R2-S1, 22.1R3;\n22.2 versions prior to 22.2R1-S2, 22.2R2;\n22.3 versions prior to 22.3R1-S1, 22.3R2."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA70192",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA70192"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 19.3R3-S7, 19.4R3-S10, 20.2R3-S6, 20.3R3-S6, 20.4R3-S5, 21.1R3-S4, 21.2R3-S3, 21.3R3-S2, 21.4R3, 22.1R2-S1, 22.1R3, 22.2R1-S2, 22.2R2, 22.2R3, 22.3R1-S1, 22.3R2, 22.4R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA70192",
"defect": [
"1670303"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "Limit the exploitable attack surface of critical infrastructure networking equipment. Use access lists or firewall filters to limit access to the device only from trusted, administrative networks or hosts.\n"
}
]
}

166
2023/22xxx/CVE-2023-22397.json
View File

@ -1,18 +1,172 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2023-01-11T17:00:00.000Z",
"ID": "CVE-2023-22397",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Junos OS Evolved: PTX10003: An attacker sending specific genuine packets will cause a memory leak in the PFE leading to a Denial of Service"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"platform": "PTX10003",
"version_affected": "<",
"version_value": "20.4R3-S4-EVO"
},
{
"platform": "PTX10003",
"version_affected": "<",
"version_name": "21.3",
"version_value": "21.3R3-S1-EVO"
},
{
"platform": "PTX10003",
"version_affected": "<",
"version_name": "21.4",
"version_value": "21.4R2-S2-EVO, 21.4R3-EVO"
},
{
"platform": "PTX10003",
"version_affected": "<",
"version_name": "22.1",
"version_value": "22.1R1-S2-EVO, 22.1R2-EVO"
},
{
"platform": "PTX10003",
"version_affected": "<",
"version_name": "22.2",
"version_value": "22.2R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "The following is the minimal configuration necessary to be affected by this issue: \n\n [protocols pim interface <interface-name>]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Allocation of Resources Without Limits or Throttling weakness in the memory management of the Packet Forwarding Engine (PFE) on Juniper Networks Junos OS Evolved PTX10003 Series devices allows an adjacently located attacker who has established certain preconditions and knowledge of the environment to send certain specific genuine packets to begin a Time-of-check Time-of-use (TOCTOU) Race Condition attack which will cause a memory leak to begin. Once this condition begins, and as long as the attacker is able to sustain the offending traffic, a Distributed Denial of Service (DDoS) event occurs.\n\nAs a DDoS event, the offending packets sent by the attacker will continue to flow from one device to another as long as they are received and processed by any devices, ultimately causing a cascading outage to any vulnerable devices. Devices not vulnerable to the memory leak will process and forward the offending packet(s) to neighboring devices. \n \nDue to internal anti-flood security controls and mechanisms reaching their maximum limit of response in the worst-case scenario, all affected Junos OS Evolved devices will reboot in as little as 1.5 days.\n\nReboots to restore services cannot be avoided once the memory leak begins. The device will self-recover after crashing and rebooting. Operator intervention isn't required to restart the device.\n\nThis issue affects:\nJuniper Networks Junos OS Evolved on PTX10003: \nAll versions prior to 20.4R3-S4-EVO;\n21.3 versions prior to 21.3R3-S1-EVO;\n21.4 versions prior to 21.4R2-S2-EVO, 21.4R3-EVO;\n22.1 versions prior to 22.1R1-S2-EVO, 22.1R2-EVO;\n22.2 versions prior to 22.2R2-EVO.\n\nTo check memory, customers may VTY to the PFE first then execute the following show statement: \n \n show jexpr jtm ingress-main-memory chip 255 | no-more\n\nAlternatively one may execute from the RE CLI: \n\n request pfe execute target fpc0 command \"show jexpr jtm ingress-main-memory chip 255 | no-more\"\n \nIteration 1:\n\nExample output: \n\n Mem type: NH, alloc type: JTM\n 136776 bytes used (max 138216 bytes used)\n 911568 bytes available (909312 bytes from free pages)\n \nIteration 2:\n\nExample output: \n\n Mem type: NH, alloc type: JTM\n 137288 bytes used (max 138216 bytes used)\n 911056 bytes available (909312 bytes from free pages)\n \nThe same can be seen in the CLI below, assuming the scale does not change: \n show npu memory info\n\nExample output: \n FPC0:NPU16 mem-util-jnh-nh-size 2097152\n FPC0:NPU16 mem-util-jnh-nh-allocated 135272\n FPC0:NPU16 mem-util-jnh-nh-utilization 6\n \n\n\n\n"
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-770 Allocation of Resources Without Limits or Throttling"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Distributed Denial of Service (DoS)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Memory Leak"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA70193",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA70193"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve these specific issues: Junos OS Evolved: 20.4R3-S4-EVO, 21.3R3-S1-EVO, 21.4R2-S2-EVO, 21.4R3-EVO, 22.1R1-S2-EVO, 22.1R2-EVO, 22.1R3-EVO, 22.2R1-S1-EVO, 22.2R2-EVO, 22.3R1-EVO, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA70193",
"defect": [
"1670829"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no known workarounds for this issue. \n\nTo reduce impact due to unplanned reboots customers may review memory thresholds as above and decide to reboot devices proactively to clear memory during planned maintenance windows.\n "
}
]
}

173
2023/22xxx/CVE-2023-22398.json
View File

@ -1,18 +1,179 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2023-01-11T17:00:00.000Z",
"ID": "CVE-2023-22398",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Junos OS and Junos OS Evolved: RPD might crash when MPLS ping is performed on BGP LSPs"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "15.1",
"version_value": "15.1R7-S12"
},
{
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R3-S9"
},
{
"version_affected": "<",
"version_name": "19.2",
"version_value": "19.2R1-S9, 19.2R3-S5"
},
{
"version_affected": "<",
"version_name": "19.3",
"version_value": "19.3R3-S6"
},
{
"version_affected": "<",
"version_name": "19.4",
"version_value": "19.4R2-S7, 19.4R3-S8"
},
{
"version_affected": "<",
"version_name": "20.1",
"version_value": "20.1R3-S4"
},
{
"version_affected": "<",
"version_name": "20.2",
"version_value": "20.2R3-S5"
},
{
"version_affected": "<",
"version_name": "20.3",
"version_value": "20.3R3-S5"
},
{
"version_affected": "<",
"version_name": "20.4",
"version_value": "20.4R3-S4"
},
{
"version_affected": "<",
"version_name": "21.1",
"version_value": "21.1R1-S1, 21.1R2"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "20.4R3-S4-EVO"
},
{
"version_affected": "<",
"version_name": "21.1",
"version_value": "21.1R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Access of Uninitialized Pointer vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS).\n\nWhen an MPLS ping is performed on BGP LSPs, the RPD might crash. Repeated execution of this operation will lead to a sustained DoS.\nThis issue affects:\nJuniper Networks Junos OS:\n15.1 versions prior to 15.1R7-S12;\n19.1 versions prior to 19.1R3-S9;\n19.2 versions prior to 19.2R1-S9, 19.2R3-S5;\n19.3 versions prior to 19.3R3-S6;\n19.4 versions prior to 19.4R2-S7, 19.4R3-S8;\n20.1 versions prior to 20.1R3-S4;\n20.2 versions prior to 20.2R3-S5;\n20.3 versions prior to 20.3R3-S5;\n20.4 versions prior to 20.4R3-S4;\n21.1 versions prior to 21.1R1-S1, 21.1R2;\n\nJuniper Networks Junos OS Evolved:\nAll versions prior to 20.4R3-S4;\n21.1 versions prior to 21.1R2-EVO."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-824 Access of Uninitialized Pointer"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA70181",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA70181"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue:\nJunos OS: 15.1R7-S12, 19.1R3-S9, 19.2R1-S9, 19.2R3-S5, 19.3R3-S6, 19.4R2-S7, 19.4R3-S8, 20.1R3-S4, 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R1-S1, 21.1R2, 21.2R1, and all subsequent releases.\nJunos OS Evolved: 20.4R3-S4-EVO, 21.1R2-EVO, 21.2R1-EVO and all subsequent releases."
}
],
"source": {
"advisory": "JSA70181",
"defect": [
"1593770"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no known workarounds for this issue.\n\nTo reduce the risk of exploitation of this issue, use access lists or firewall filters to limit access to only trusted networks, hosts and users."
}
]
}

177
2023/22xxx/CVE-2023-22399.json
View File

@ -1,18 +1,183 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2023-01-11T17:00:00.000Z",
"ID": "CVE-2023-22399",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Junos OS: QFX10K Series: PFE crash upon receipt of specific genuine packets when sFlow is enabled"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "QFX10K Series",
"version_affected": "<",
"version_value": "19.4R3-S9"
},
{
"platform": "QFX10K Series",
"version_affected": "<",
"version_name": "20.2",
"version_value": "20.2R3-S6"
},
{
"platform": "QFX10K Series",
"version_affected": "<",
"version_name": "20.3",
"version_value": "20.3R3-S6"
},
{
"platform": "QFX10K Series",
"version_affected": "<",
"version_name": "20.4",
"version_value": "20.4R3-S5"
},
{
"platform": "QFX10K Series",
"version_affected": "<",
"version_name": "21.1",
"version_value": "21.1R3-S4"
},
{
"platform": "QFX10K Series",
"version_affected": "<",
"version_name": "21.2",
"version_value": "21.2R3-S3"
},
{
"platform": "QFX10K Series",
"version_affected": "<",
"version_name": "21.3",
"version_value": "21.3R3-S2"
},
{
"platform": "QFX10K Series",
"version_affected": "<",
"version_name": "21.4",
"version_value": "21.4R2-S2, 21.4R3"
},
{
"platform": "QFX10K Series",
"version_affected": "<",
"version_name": "22.1",
"version_value": "22.1R2"
},
{
"platform": "QFX10K Series",
"version_affected": "<",
"version_name": "22.2",
"version_value": "22.2R1-S2, 22.2R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "This issue only affects systems with sFlow enabled. An example sFlow configuration is shown below:\n\n [protocols sflow collector <ip-address> udp-port <port-number>]\n [protocols sflow interfaces <interface-name> polling-interval <seconds> sample-rate <number>]\n"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "When sFlow is enabled and it monitors a packet forwarded via ECMP, a buffer management vulnerability in the dcpfe process of Juniper Networks Junos OS on QFX10K Series systems allows an attacker to cause the Packet Forwarding Engine (PFE) to crash and restart by sending specific genuine packets to the device, resulting in a Denial of Service (DoS) condition. \n\nThe dcpfe process tries to copy more data into a smaller buffer, which overflows and corrupts the buffer, causing a crash of the dcpfe process. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition.\n\nThis issue affects Juniper Networks Junos OS on QFX10K Series:\nAll versions prior to 19.4R3-S9;\n20.2 versions prior to 20.2R3-S6;\n20.3 versions prior to 20.3R3-S6;\n20.4 versions prior to 20.4R3-S5;\n21.1 versions prior to 21.1R3-S4;\n21.2 versions prior to 21.2R3-S3;\n21.3 versions prior to 21.3R3-S2;\n21.4 versions prior to 21.4R2-S2, 21.4R3;\n22.1 versions prior to 22.1R2;\n22.2 versions prior to 22.2R1-S2, 22.2R2."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA70195",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA70195"
},
{
"name": "https://www.juniper.net/documentation/us/en/software/junos/network-mgmt/topics/topic-map/sflow-monitoring-technology.html",
"refsource": "MISC",
"url": "https://www.juniper.net/documentation/us/en/software/junos/network-mgmt/topics/topic-map/sflow-monitoring-technology.html"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 19.4R3-S9, 20.2R3-S6, 20.3R3-S6, 20.4R3-S5, 21.1R3-S4, 21.2R3-S3, 21.3R3-S2, 21.4R2-S2, 21.4R3, 22.1R2, 22.2R1-S2, 22.2R2, 22.3R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA70195",
"defect": [
"1668330"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "1. Prevent sflow from monitoring ECMP forwarded packets.\n\n2. Temporarily disable sFlow to mitigate this issue.\n"
}
]
}

131
2023/22xxx/CVE-2023-22400.json
View File

@ -1,18 +1,137 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2023-01-11T17:00:00.000Z",
"ID": "CVE-2023-22400",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Junos OS Evolved: A specific SNMP GET operation and a specific CLI commands cause resources to leak and eventually the evo-pfemand process will crash"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "20.4R3-S3-EVO"
},
{
"version_affected": ">=",
"version_name": "21.1-EVO",
"version_value": "21.1R1-EVO"
},
{
"version_affected": "<",
"version_name": "21.2-EVO",
"version_value": "21.2R3-S4-EVO"
},
{
"version_affected": ">=",
"version_name": "21.3-EVO",
"version_value": "21.3R1-EVO"
},
{
"version_affected": "<",
"version_name": "21.4-EVO",
"version_value": "21.4R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Uncontrolled Resource Consumption vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause an FPC crash leading to a Denial of Service (DoS).\n\nWhen a specific SNMP GET operation or a specific CLI command is executed this will cause a GUID resource leak, eventually leading to exhaustion and result in an FPC crash and reboot.\n\nGUID exhaustion will trigger a syslog message like one of the following for example:\n\n evo-pfemand[<pid>]: get_next_guid: Ran out of Guid Space ...\n evo-aftmand-zx[<pid>]: get_next_guid: Ran out of Guid Space ...\n\nThis leak can be monitored by running the following command and taking note of the value in the rightmost column labeled Guids:\n\n user@host> show platform application-info allocations app evo-pfemand | match \"IFDId|IFLId|Context\"\n Node Application Context Name Live Allocs Fails Guids\n re0 evo-pfemand net::juniper::interfaces::IFDId 0 3448 0 3448\n re0 evo-pfemand net::juniper::interfaces::IFLId 0 561 0 561\n\n user@host> show platform application-info allocations app evo-pfemand | match \"IFDId|IFLId|Context\"\n Node Application Context Name Live Allocs Fails Guids\n re0 evo-pfemand net::juniper::interfaces::IFDId 0 3784 0 3784\n re0 evo-pfemand net::juniper::interfaces::IFLId 0 647 0 647\nThis issue affects Juniper Networks Junos OS Evolved:\nAll versions prior to 20.4R3-S3-EVO;\n21.1-EVO version 21.1R1-EVO and later versions;\n21.2-EVO versions prior to 21.2R3-S4-EVO;\n21.3-EVO version 21.3R1-EVO and later versions;\n21.4-EVO versions prior to 21.4R2-EVO."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA70196",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA70196"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 20.4R3-S3-EVO, 21.2R3-S4-EVO, 21.4R2-EVO, 22.1R1-EVO, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA70196",
"defect": [
"1641313"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no known workarounds for this issue.\n\nTo reduce the risk of exploitation of this issue, use access lists or firewall filters to limit access to only trusted networks, hosts and users."
}
]
}

159
2023/22xxx/CVE-2023-22401.json
View File

@ -1,18 +1,165 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2023-01-11T17:00:00.000Z",
"ID": "CVE-2023-22401",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Junos OS and Junos OS Evolved: PTX10008, PTX10016: When a specific SNMP MIB is queried the FPC will crash"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_name": "22.1",
"version_value": "22.1R2"
},
{
"version_affected": "<",
"version_name": "22.1",
"version_value": "22.1R3"
},
{
"version_affected": "<",
"version_name": "22.2",
"version_value": "22.2R2"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_name": "21.3-EVO",
"version_value": "21.3R3-EVO"
},
{
"version_affected": ">=",
"version_name": "21.4-EVO",
"version_value": "21.4R1-S2-EVO, 21.4R2-EVO"
},
{
"version_affected": "<",
"version_name": "21.4-EVO",
"version_value": "21.4R2-S1-EVO"
},
{
"version_affected": ">=",
"version_name": "22.1-EVO",
"version_value": "22.1R2-EVO"
},
{
"version_affected": "<",
"version_name": "22.1-EVO",
"version_value": "22.1R3-EVO"
},
{
"version_affected": "<",
"version_name": "22.2-EVO",
"version_value": "22.2R1-S1-EVO, 22.2R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Improper Validation of Array Index vulnerability in the Advanced Forwarding Toolkit Manager daemon (aftmand) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).\n\nOn the PTX10008 and PTX10016 platforms running Junos OS or Junos OS Evolved, when a specific SNMP MIB is queried this will cause a PFE crash and the FPC will go offline and not automatically recover. A system restart is required to get the affected FPC in an operational state again.\nThis issue affects:\nJuniper Networks Junos OS\n22.1 version 22.1R2 and later versions;\n22.1 versions prior to 22.1R3;\n22.2 versions prior to 22.2R2.\nJuniper Networks Junos OS Evolved\n21.3-EVO version 21.3R3-EVO and later versions;\n21.4-EVO version 21.4R1-S2-EVO, 21.4R2-EVO and later versions prior to 21.4R2-S1-EVO;\n22.1-EVO version 22.1R2-EVO and later versions prior to 22.1R3-EVO;\n22.2-EVO versions prior to 22.2R1-S1-EVO, 22.2R2-EVO."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-129 Improper Validation of Array Index"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA70197",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA70197"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: \nJunos OS: 22.1R3, 22.2R2, and all subsequent releases.\nJunos OS Evolved: 21.4R2-S1-EVO, 22.1R3-EVO, 22.2R1-S1-EVO, 22.2R2-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA70197",
"defect": [
"1668861"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no known workarounds for this issue. To reduce the risk of exploitation use access lists or firewall filters to limit access to the device only from trusted, administrative networks or hosts."
}
]
}

133
2023/22xxx/CVE-2023-22402.json
View File

@ -1,18 +1,139 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2023-01-11T17:00:00.000Z",
"ID": "CVE-2023-22402",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Junos OS Evolved: The kernel might restart in a BGP scenario where \"bgp auto-discovery\" is enabled and such a neighbor flaps"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "21.3",
"version_value": "21.3R3-EVO"
},
{
"version_affected": "<",
"version_name": "21.4",
"version_value": "21.4R2-EVO"
},
{
"version_affected": "<",
"version_name": "22.1",
"version_value": "22.1R2-EVO"
},
{
"version_affected": "<",
"version_name": "22.2",
"version_value": "22.2R1-S1-EVO, 22.2R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "To be exposed to this is issue non-stop routing (NSR) and BGP auto-discovery need to be configured:\n\n [routing-options nonstop-routing]\n [protocols bgp group <name> dynamic-neighbor <template> peer-auto-discovery]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Use After Free vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).\n\nIn a Non Stop Routing (NSR) scenario, an unexpected kernel restart might be observed if \"bgp auto-discovery\" is enabled and if there is a BGP neighbor flap of auto-discovery sessions for any reason. This is a race condition which is outside of an attackers direct control and it depends on system internal timing whether this issue occurs.\nThis issue affects Juniper Networks Junos OS Evolved:\n21.3 versions prior to 21.3R3-EVO;\n21.4 versions prior to 21.4R2-EVO;\n22.1 versions prior to 22.1R2-EVO;\n22.2 versions prior to 22.2R1-S1-EVO, 22.2R2-EVO."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416 Use After Free"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA70198",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA70198"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 21.3R3-EVO, 21.4R2-EVO, 22.1R2-EVO, 22.2R1-S1-EVO, 22.2R2-EVO, 22.3R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA70198",
"defect": [
"1636063"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no known workarounds for this issue."
}
]
}

147
2023/22xxx/CVE-2023-22403.json
View File

@ -1,18 +1,153 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2023-01-11T17:00:00.000Z",
"ID": "CVE-2023-22403",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Junos OS: QFX10k Series: An ICCP flap will be observed due to excessive specific traffic"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "20.2R3-S7"
},
{
"version_affected": "<",
"version_name": "20.4",
"version_value": "20.4R3-S4"
},
{
"version_affected": "<",
"version_name": "21.1",
"version_value": "21.1R3-S3"
},
{
"version_affected": "<",
"version_name": "21.2",
"version_value": "21.2R3-S1"
},
{
"version_affected": "<",
"version_name": "21.3",
"version_value": "21.3R3"
},
{
"version_affected": "<",
"version_name": "21.4",
"version_value": "21.4R3"
},
{
"version_affected": "<",
"version_name": "22.1",
"version_value": "22.1R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "To be exposed to this issue a minimal ICCP configuration like the following needs to be present:\n\n [protocols iccp peer <peer-IP> ...] "
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Allocation of Resources Without Limits or Throttling vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).\n\nOn QFX10k Series Inter-Chassis Control Protocol (ICCP) is used in MC-LAG topologies to exchange control information between the devices in the topology. ICCP connection flaps and sync issues will be observed due to excessive specific traffic to the local device.\nThis issue affects Juniper Networks Junos OS:\nAll versions prior to 20.2R3-S7;\n20.4 versions prior to 20.4R3-S4;\n21.1 versions prior to 21.1R3-S3;\n21.2 versions prior to 21.2R3-S1;\n21.3 versions prior to 21.3R3;\n21.4 versions prior to 21.4R3;\n22.1 versions prior to 22.1R2."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-770 Allocation of Resources Without Limits or Throttling"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA70199",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA70199"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 20.2R3-S7, 20.4R3-S4, 21.1R3-S3, 21.2R3-S1, 21.3R3, 21.4R3, 22.1R2, 22.2R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA70199",
"defect": [
"1640483"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no known workarounds for this issue."
}
]
}

172
2023/22xxx/CVE-2023-22404.json
View File

@ -1,18 +1,178 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2023-01-11T17:00:00.000Z",
"ID": "CVE-2023-22404",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Junos OS: SRX Series and MX Series with SPC3: When IPsec VPN is configured iked will core when a specifically formatted payload is received"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "SRX Series MX Series with SPC3",
"version_affected": "<",
"version_value": "19.3R3-S7"
},
{
"platform": "SRX Series MX Series with SPC3",
"version_affected": "<",
"version_name": "19.4",
"version_value": "19.4R3-S9"
},
{
"platform": "SRX Series MX Series with SPC3",
"version_affected": "<",
"version_name": "20.2",
"version_value": "20.2R3-S5"
},
{
"platform": "SRX Series MX Series with SPC3",
"version_affected": "<",
"version_name": "20.3",
"version_value": "20.3R3-S5"
},
{
"platform": "SRX Series MX Series with SPC3",
"version_affected": "<",
"version_name": "20.4",
"version_value": "20.4R3-S4"
},
{
"platform": "SRX Series MX Series with SPC3",
"version_affected": "<",
"version_name": "21.1",
"version_value": "21.1R3-S3"
},
{
"platform": "SRX Series MX Series with SPC3",
"version_affected": "<",
"version_name": "21.2",
"version_value": "21.2R3-S2"
},
{
"platform": "SRX Series MX Series with SPC3",
"version_affected": "<",
"version_name": "21.3",
"version_value": "21.3R3-S1"
},
{
"platform": "SRX Series MX Series with SPC3",
"version_affected": "<",
"version_name": "21.4",
"version_value": "21.4R2-S1, 21.4R3"
},
{
"platform": "SRX Series MX Series with SPC3",
"version_affected": "<",
"version_name": "22.1",
"version_value": "22.1R1-S2, 22.1R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "To be affected by this issue IPsec VPN configuration needs to present similar to the following example:\n\n [ security ike proposal <ike-proposal> ... ]\n [ security ike policy <ike-policy> ... ] \n [ security ike gateway <gateway-name> ... ]\n [ security ipsec proposal <ipsec-proposal> ... ]\n [ security ipsec policy <ipsec-policy> ... ]\n [ security ipsec vpn <vpn-name> ike gateway <gateway-name> ]\n [ security ipsec vpn <vpn-name> ike ipsec-policy <ipsec-policy> ]\n [ security ipsec vpn <vpn-name> bind-interface <interface> ]\n\nand the system needs to run iked (vs. kmd which is not affected), which can be verified with:\n\n show system processes extensive | match \"KMD|IKED\""
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Out-of-bounds Write vulnerability in the Internet Key Exchange Protocol daemon (iked) of Juniper Networks Junos OS on SRX series and MX with SPC3 allows an authenticated, network-based attacker to cause a Denial of Service (DoS).\n\niked will crash and restart, and the tunnel will not come up when a peer sends a specifically formatted payload during the negotiation. This will impact other IKE negotiations happening at the same time. Continued receipt of this specifically formatted payload will lead to continuous crashing of iked and thereby the inability for any IKE negotiations to take place.\nNote that this payload is only processed after the authentication has successfully completed. So the issue can only be exploited by an attacker who can successfully authenticate.\nThis issue affects Juniper Networks Junos OS on SRX Series, and MX Series with SPC3:\nAll versions prior to 19.3R3-S7;\n19.4 versions prior to 19.4R3-S9;\n20.2 versions prior to 20.2R3-S5;\n20.3 versions prior to 20.3R3-S5;\n20.4 versions prior to 20.4R3-S4;\n21.1 versions prior to 21.1R3-S3;\n21.2 versions prior to 21.2R3-S2;\n21.3 versions prior to 21.3R3-S1;\n21.4 versions prior to 21.4R2-S1, 21.4R3;\n22.1 versions prior to 22.1R1-S2, 22.1R2."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA70200",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA70200"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 19.3R3-S7, 19.4R3-S9, 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R3-S3, 21.2R3-S2, 21.3R3-S1, 21.4R2-S1, 21.4R3, 22.1R1-S2, 22.1R2, 22.2R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA70200",
"defect": [
"1665150"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no known workarounds for this issue."
}
]
}

160
2023/22xxx/CVE-2023-22405.json
View File

@ -1,18 +1,166 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2023-01-11T17:00:00.000Z",
"ID": "CVE-2023-22405",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Junos OS: QFX5k Series, EX46xx Series: MAC limiting feature stops working after PFE restart or device reboot"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "QFX5k Series, EX46xx Series",
"version_affected": "<",
"version_value": "20.2R3-S5"
},
{
"platform": "QFX5k Series, EX46xx Series",
"version_affected": "<",
"version_name": "20.3",
"version_value": "20.3R3-S5"
},
{
"platform": "QFX5k Series, EX46xx Series",
"version_affected": "<",
"version_name": "20.4",
"version_value": "20.4R3-S4"
},
{
"platform": "QFX5k Series, EX46xx Series",
"version_affected": "<",
"version_name": "21.1",
"version_value": "21.1R3-S3"
},
{
"platform": "QFX5k Series, EX46xx Series",
"version_affected": "<",
"version_name": "21.2",
"version_value": "21.2R3-S1"
},
{
"platform": "QFX5k Series, EX46xx Series",
"version_affected": "<",
"version_name": "21.3",
"version_value": "21.3R3"
},
{
"platform": "QFX5k Series, EX46xx Series",
"version_affected": "<",
"version_name": "21.4",
"version_value": "21.4R3"
},
{
"platform": "QFX5k Series, EX46xx Series",
"version_affected": "<",
"version_name": "22.1",
"version_value": "22.1R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "To be vulnerable to this issue a \"service provider/SP\"-style configuration like the following needs to be present:\n\n [interfaces <interface> ether-options 802.3ad ae<#>]\n [interfaces ae<#> unit <unit> vlan-id <id>]\n [switch-options interface ae<#>.<id> interface-mac-limit <limit>]\n [switch-options interface ae<#>.<id> interface-mac-limit packet-action <action>]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Improper Preservation of Consistency Between Independent Representations of Shared State vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS) to device due to out of resources.\n\nWhen a device is configured with \"service-provider/SP style\" switching, and mac-limiting is configured on an Aggregated Ethernet (ae) interface, and then a PFE is restarted or the device is rebooted, mac-limiting doesn't work anymore. Please note that the issue might not be apparent as traffic will continue to flow through the device although the mac table and respective logs will indicate that mac limit is reached.\n\nFunctionality can be restored by removing and re-adding the MAC limit configuration.\nThis issue affects Juniper Networks Junos OS on QFX5k Series, EX46xx Series:\nAll versions prior to 20.2R3-S5;\n20.3 versions prior to 20.3R3-S5;\n20.4 versions prior to 20.4R3-S4;\n21.1 versions prior to 21.1R3-S3;\n21.2 versions prior to 21.2R3-S1;\n21.3 versions prior to 21.3R3 on;\n21.4 versions prior to 21.4R3 on;\n22.1 versions prior to 22.1R2 on."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1250 Improper Preservation of Consistency Between Independent Representations of Shared State"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA70201",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA70201"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R3-S3, 21.2R3-S1, 21.3R3, 21.4R3, 22.1R2, 22.2R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA70201",
"defect": [
"1659873"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no known workarounds for this issue."
}
]
}

183
2023/22xxx/CVE-2023-22406.json
View File

@ -1,18 +1,189 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2023-01-11T17:00:00.000Z",
"ID": "CVE-2023-22406",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Junos OS and Junos OS Evolved: A memory leak which will ultimately lead to an rpd crash will be observed when a peer interface flaps continuously in a Segment Routing scenario using OSPF"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "19.3R3-S7"
},
{
"version_affected": "<",
"version_name": "19.4",
"version_value": "19.4R2-S8, 19.4R3-S9"
},
{
"version_affected": "<",
"version_name": "20.2",
"version_value": "20.2R3-S5"
},
{
"version_affected": "<",
"version_name": "20.3",
"version_value": "20.3R3-S5"
},
{
"version_affected": "<",
"version_name": "20.4",
"version_value": "20.4R3-S4"
},
{
"version_affected": "<",
"version_name": "21.1",
"version_value": "21.1R3-S3"
},
{
"version_affected": "<",
"version_name": "21.2",
"version_value": "21.2R3-S2"
},
{
"version_affected": "<",
"version_name": "21.3",
"version_value": "21.3R3-S1"
},
{
"version_affected": "<",
"version_name": "21.4",
"version_value": "21.4R2-S1, 21.4R3"
},
{
"version_affected": "<",
"version_name": "22.1",
"version_value": "22.1R2"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "20.4R3-S4-EVO"
},
{
"version_affected": "<",
"version_name": "21.4",
"version_value": "21.4R2-S1-EVO, 21.4R3-EVO"
},
{
"version_affected": "<",
"version_name": "22.1",
"version_value": "22.1R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "To be exposed to this issue a minimal SR configuration for OSPF like in the following example is required:\n\n [protocols ospf source-packet-routing}"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS).\n\nIn a segment-routing scenario with OSPF as IGP, when a peer interface continuously flaps, next-hop churn will happen and a continuous increase in Routing Protocol Daemon (rpd) memory consumption will be observed. This will eventually lead to an rpd crash and restart when the memory is full.\n\nThe memory consumption can be monitored using the CLI command \"show task memory detail\" as shown in the following example:\n\n user@host> show task memory detail | match \"RT_NEXTHOPS_TEMPLATE|RT_TEMPLATE_BOOK_KEE\"\n \n RT_NEXTHOPS_TEMPLATE 1008 1024 T 50 51200 50 51200\n RT_NEXTHOPS_TEMPLATE 688 768 T 50 38400 50 38400\n RT_NEXTHOPS_TEMPLATE 368 384 T 412330 158334720 412330 158334720\n RT_TEMPLATE_BOOK_KEE 2064 2560 T 33315 85286400 33315 85286400\n \n \n user@host> show task memory detail | match \"RT_NEXTHOPS_TEMPLATE|RT_TEMPLATE_BOOK_KEE\"\n \n RT_NEXTHOPS_TEMPLATE 1008 1024 T 50 51200 50 51200\n RT_NEXTHOPS_TEMPLATE 688 768 T 50 38400 50 38400\n RT_NEXTHOPS_TEMPLATE 368 384 T 419005 160897920 419005 160897920 <===\n RT_TEMPLATE_BOOK_KEE 2064 2560 T 39975 102336000 39975 10233600 <===\nThis issue affects:\nJuniper Networks Junos OS\nAll versions prior to 19.3R3-S7;\n19.4 versions prior to 19.4R2-S8, 19.4R3-S9;\n20.2 versions prior to 20.2R3-S5;\n20.3 versions prior to 20.3R3-S5;\n20.4 versions prior to 20.4R3-S4;\n21.1 versions prior to 21.1R3-S3;\n21.2 versions prior to 21.2R3-S2;\n21.3 versions prior to 21.3R3-S1;\n21.4 versions prior to 21.4R2-S1, 21.4R3;\n22.1 versions prior to 22.1R2.\n\nJuniper Networks Junos OS Evolved\nAll versions prior to 20.4R3-S4-EVO;\n21.4 versions prior to 21.4R2-S1-EVO, 21.4R3-EVO;\n22.1 versions prior to 22.1R2-EVO."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-401 Missing Release of Memory after Effective Lifetime"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA70202",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA70202"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: \nJunos OS: 19.3R3-S7, 19.4R2-S8, 19.4R3-S9, 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R3-S3, 21.2R3-S2, 21.3R3-S1, 21.4R2-S1, 21.4R3, 22.1R2, 22.2R1, and all subsequent releases.\nJunos OS Evolved: 20.4R3-S4-EVO, 21.4R2-S1-EVO, 21.4R3-EVO, 22.1R2-EVO, 22.2R1-EVO, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA70202",
"defect": [
"1659366"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no known workarounds for this issue."
}
]
}

178
2023/22xxx/CVE-2023-22407.json
View File

@ -1,18 +1,184 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2023-01-11T17:00:00.000Z",
"ID": "CVE-2023-22407",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Junos OS and Junos OS Evolved: An RPD crash can happen due to an MPLS TE tunnel configuration change on a directly connected router"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "18.4R2-S7"
},
{
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R3-S2"
},
{
"version_affected": "<",
"version_name": "19.2",
"version_value": "19.2R3"
},
{
"version_affected": "<",
"version_name": "19.3",
"version_value": "19.3R3"
},
{
"version_affected": "<",
"version_name": "19.4",
"version_value": "19.4R3"
},
{
"version_affected": "<",
"version_name": "20.1",
"version_value": "20.1R2"
},
{
"version_affected": "<",
"version_name": "20.2",
"version_value": "20.2R2"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "19.2R3-EVO"
},
{
"version_affected": "<",
"version_name": "19.3",
"version_value": "19.3R3-EVO"
},
{
"version_affected": "<",
"version_name": "19.4",
"version_value": "19.4R3-EVO"
},
{
"version_affected": "<",
"version_name": "20.1",
"version_value": "20.1R3-EVO"
},
{
"version_affected": "<",
"version_name": "20.2",
"version_value": "20.2R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "To be exposed to this issue both the following statements needs to be configured on the device running a vulnerable OS Version:\n\n [protocols rsvp interface <interface> link-protection max-bypasses]\n [protocols rsvp interface <interface> link-protection bandwidth]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Incomplete Cleanup vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS).\n\nAn rpd crash can occur when an MPLS TE tunnel configuration change occurs on a directly connected router.\nThis issue affects:\nJuniper Networks Junos OS\nAll versions prior to 18.4R2-S7;\n19.1 versions prior to 19.1R3-S2;\n19.2 versions prior to 19.2R3;\n19.3 versions prior to 19.3R3;\n19.4 versions prior to 19.4R3;\n20.1 versions prior to 20.1R2;\n20.2 versions prior to 20.2R2.\n\nJuniper Networks Junos OS Evolved\nAll versions prior to 19.2R3-EVO;\n19.3 versions prior to 19.3R3-EVO;\n19.4 versions prior to 19.4R3-EVO;\n20.1 versions prior to 20.1R3-EVO;\n20.2 versions prior to 20.2R2-EVO."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-459 Incomplete Cleanup"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA70203",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA70203"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: \nJunos OS: 18.4R2-S7, 19.1R3-S2, 19.2R3, 19.3R3, 19.4R3, 20.1R2, 20.2R2, 20.3R1, and all subsequent releases.\nJunos OS Evolved: 19.2R3-EVO, 19.3R3-EVO, 19.4R3-EVO, 20.1R3-EVO, 20.2R2-EVO, 20.3R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA70203",
"defect": [
"1487333"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "Remove 'protocols rsvp interface <interface> link-protection max-bypasses'."
}
]
}

159
2023/22xxx/CVE-2023-22408.json
View File

@ -1,18 +1,165 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2023-01-11T17:00:00.000Z",
"ID": "CVE-2023-22408",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Junos OS: SRX 5000 Series: Upon processing of a specific SIP packet an FPC can crash"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "SRX 5000 Series",
"version_affected": "<",
"version_name": "20.4",
"version_value": "20.4R3-S5"
},
{
"platform": "SRX 5000 Series",
"version_affected": "<",
"version_name": "21.1",
"version_value": "21.1R3-S4"
},
{
"platform": "SRX 5000 Series",
"version_affected": "<",
"version_name": "21.2",
"version_value": "21.2R3-S3"
},
{
"platform": "SRX 5000 Series",
"version_affected": "<",
"version_name": "21.3",
"version_value": "21.3R3-S3"
},
{
"platform": "SRX 5000 Series",
"version_affected": "<",
"version_name": "21.4",
"version_value": "21.4R3-S2"
},
{
"platform": "SRX 5000 Series",
"version_affected": "<",
"version_name": "22.1",
"version_value": "22.1R2-S2, 22.1R3"
},
{
"platform": "SRX 5000 Series",
"version_affected": "<",
"version_name": "22.2",
"version_value": "22.2R3"
},
{
"platform": "SRX 5000 Series",
"version_affected": "<",
"version_name": "22.3",
"version_value": "22.3R1-S1, 22.3R2"
},
{
"version_affected": "!<",
"version_value": "20.4R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Improper Validation of Array Index vulnerability in the SIP ALG of Juniper Networks Junos OS on SRX 5000 Series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).\n\nWhen an attacker sends an SIP packets with a malformed SDP field then the SIP ALG can not process it which will lead to an FPC crash and restart. Continued receipt of these specific packets will lead to a sustained Denial of Service.\n\nThis issue can only occur when both below mentioned conditions are fulfilled:\n\n1. Call distribution needs to be enabled:\n\n [security alg sip enable-call-distribution]\n\n2. The SIP ALG needs to be enabled, either implicitly / by default or by way of configuration. To confirm whether SIP ALG is enabled on SRX, and MX with SPC3 use the following command:\n\n user@host> show security alg status | match sip\n SIP : Enabled\nThis issue affects Juniper Networks Junos OS on SRX 5000 Series:\n20.4 versions prior to 20.4R3-S5;\n21.1 versions prior to 21.1R3-S4;\n21.2 versions prior to 21.2R3-S3;\n21.3 versions prior to 21.3R3-S3;\n21.4 versions prior to 21.4R3-S2;\n22.1 versions prior to 22.1R2-S2, 22.1R3;\n22.2 versions prior to 22.2R3;\n22.3 versions prior to 22.3R1-S1, 22.3R2.\n\nThis issue does not affect Juniper Networks Junos OS versions prior to 20.4R1."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-129 Improper Validation of Array Index"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA70204",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA70204"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 20.4R3-S5, 21.1R3-S4, 21.2R3-S3, 21.3R3-S3, 21.4R3-S2, 22.1R2-S2, 22.1R3, 22.2R3, 22.3R1-S1, 22.3R2, 22.4R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA70204",
"defect": [
"1658604"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no known workarounds for this issue, but it should be considered to disable the SIP call distribution if it's not strictly needed."
}
]
}

172
2023/22xxx/CVE-2023-22409.json
View File

@ -1,18 +1,178 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2023-01-11T17:00:00.000Z",
"ID": "CVE-2023-22409",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Junos OS: SRX Series, MX Series with SPC3: When an inconsistent NAT configuration exists and a specific CLI command is issued the SPC will reboot"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "SRX Series, MX Series with SPC3",
"version_affected": "<",
"version_value": "19.4R3-S10"
},
{
"platform": "SRX Series, MX Series with SPC3",
"version_affected": ">=",
"version_name": "20.1",
"version_value": "20.1R1"
},
{
"platform": "SRX Series, MX Series with SPC3",
"version_affected": "<",
"version_name": "20.2",
"version_value": "20.2R3-S6"
},
{
"platform": "SRX Series, MX Series with SPC3",
"version_affected": "<",
"version_name": "20.3",
"version_value": "20.3R3-S6"
},
{
"platform": "SRX Series, MX Series with SPC3",
"version_affected": "<",
"version_name": "20.4",
"version_value": "20.4R3-S5"
},
{
"platform": "SRX Series, MX Series with SPC3",
"version_affected": "<",
"version_name": "21.1",
"version_value": "21.1R3-S4"
},
{
"platform": "SRX Series, MX Series with SPC3",
"version_affected": "<",
"version_name": "21.2",
"version_value": "21.2R3-S3"
},
{
"platform": "SRX Series, MX Series with SPC3",
"version_affected": "<",
"version_name": "21.3",
"version_value": "21.3R3-S3"
},
{
"platform": "SRX Series, MX Series with SPC3",
"version_affected": "<",
"version_name": "21.4",
"version_value": "21.4R3-S1"
},
{
"platform": "SRX Series, MX Series with SPC3",
"version_affected": "<",
"version_name": "22.1",
"version_value": "22.1R2-S2, 22.1R3"
},
{
"platform": "SRX Series, MX Series with SPC3",
"version_affected": "<",
"version_name": "22.2",
"version_value": "22.2R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Unchecked Input for Loop Condition vulnerability in a NAT library of Juniper Networks Junos OS allows a local authenticated attacker with low privileges to cause a Denial of Service (DoS).\n\nWhen an inconsistent \"deterministic NAT\" configuration is present on an SRX, or MX with SPC3 and then a specific CLI command is issued the SPC will crash and restart. Repeated execution of this command will lead to a sustained DoS.\nSuch a configuration is characterized by the total number of port blocks being greater than the total number of hosts. An example for such configuration is:\n\n [ services nat source pool TEST-POOL address x.x.x.0/32 to x.x.x.15/32 ]\n [ services nat source pool TEST-POOL port deterministic block-size 1008 ]\n [ services nat source pool TEST-POOL port deterministic host address y.y.y.0/24]\n [ services nat source pool TEST-POOL port deterministic include-boundary-addresses]\n\nwhere according to the following calculation:\n65536-1024=64512 (number of usable ports per IP address, implicit)\n64512/1008=64 (number of port blocks per Nat IP)\nx.x.x.0/32 to x.x.x.15/32 = 16 (NAT IP addresses available in NAT pool)\ntotal port blocks in NAT Pool = 64 blocks per IP * 16 IPs = 1024 Port blocks\nhost address y.y.y.0/24 = 256 hosts (with include-boundary-addresses)\n\nIf the port block size is configured to be 4032, then the total port blocks are (64512/4032) * 16 = 256 which is equivalent to the total host addresses of 256, and the issue will not be seen. \n\nThis issue affects Juniper Networks Junos OS on SRX Series, and MX Series with SPC3:\nAll versions prior to 19.4R3-S10;\n20.1 version 20.1R1 and later versions;\n20.2 versions prior to 20.2R3-S6;\n20.3 versions prior to 20.3R3-S6;\n20.4 versions prior to 20.4R3-S5;\n21.1 versions prior to 21.1R3-S4;\n21.2 versions prior to 21.2R3-S3;\n21.3 versions prior to 21.3R3-S3;\n21.4 versions prior to 21.4R3-S1;\n22.1 versions prior to 22.1R2-S2, 22.1R3;\n22.2 versions prior to 22.2R2."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "606 Unchecked Input for Loop Condition"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA70205",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA70205"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 19.4R3-S10, 20.2R3-S6, 20.3R3-S6, 20.4R3-S5, 21.1R3-S4, 21.2R3-S3, 21.3R3-S3, 21.4R3-S1, 22.1R2-S2, 22.1R3, 22.2R2, 22.3R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA70205",
"defect": [
"1656798"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "Please ensure the deterministic NAT configuration is consistent as shown in the description of the problem section."
}
]
}

124
2023/22xxx/CVE-2023-22410.json
View File

@ -1,18 +1,130 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2023-01-11T17:00:00.000Z",
"ID": "CVE-2023-22410",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Junos OS: MX Series with MPC10/MPC11: When Suspicious Control Flow Detection (scfd) is enabled and an attacker is sending specific traffic, this causes a memory leak."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "MX Series",
"version_affected": "<",
"version_value": "20.2R3-S5"
},
{
"platform": "MX Series",
"version_affected": ">=",
"version_name": "20.3",
"version_value": "20.3R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "This issue only affects systems with scfd enabled. An minimal scfd configuration is shown below:\n\n [system ddos-protection global flow-detection]\n"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Missing Release of Memory after Effective Lifetime vulnerability in the Juniper Networks Junos OS on MX Series platforms with MPC10/MPC11 line cards, allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS).\n\nDevices are only vulnerable when the Suspicious Control Flow Detection (scfd) feature is enabled.\n\nUpon enabling this specific feature, an attacker sending specific traffic is causing memory to be allocated dynamically and it is not freed. Memory is not freed even after deactivating this feature. Sustained processing of such traffic will eventually lead to an out of memory condition that prevents all services from continuing to function, and requires a manual restart to recover.\n\nThe FPC memory usage can be monitored using the CLI command \"show chassis fpc\".\n\nOn running the above command, the memory of AftDdosScfdFlow can be observed to detect the memory leak.\n\n\n\nThis issue affects Juniper Networks Junos OS on MX Series:\nAll versions prior to 20.2R3-S5;\n20.3 version 20.3R1 and later versions."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-401 Missing Release of Memory after Effective Lifetime"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA70206",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA70206"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 20.2R3-S5, 20.4R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA70206",
"defect": [
"1654175"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no known workarounds for this issue."
}
]
}

173
2023/22xxx/CVE-2023-22411.json
View File

@ -1,18 +1,179 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2023-01-11T17:00:00.000Z",
"ID": "CVE-2023-22411",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Junos OS: SRX Series: The flow processing daemon (flowd) will crash when Unified Policies are used with IPv6 and certain dynamic applications are rejected by the device"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "19.2",
"version_value": "19.2R3-S6"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "19.3",
"version_value": "19.3R3-S6"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "19.4",
"version_value": "19.4R3-S9"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "20.2",
"version_value": "20.2R3-S5"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "20.3",
"version_value": "20.3R3-S4"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "20.4",
"version_value": "20.4R3-S3"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "21.1",
"version_value": "21.1R3"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "21.2",
"version_value": "21.2R3"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "21.3",
"version_value": "21.3R2"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "21.4",
"version_value": "21.4R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "Security policy with dynamic-application Junos:QUIC (or similar applications) need to be configured for this issue to be present.\n\n [set security zones security-zone trust]\n [set security zones security-zone untrust]\n [set security policies from-zone trust to-zone untrust policy p3 match source-address any]\n [set security policies from-zone trust to-zone untrust policy p3 match destination-address any]\n [set security policies from-zone trust to-zone untrust policy p3 match dynamic-application junos:QUIC]\n [set security policies from-zone trust to-zone untrust policy p3 then permit]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Out-of-Bounds Write vulnerability in Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS).\n\nOn SRX Series devices using Unified Policies with IPv6, when a specific IPv6 packet goes through a dynamic-application filter which will generate an ICMP deny message, the flowd core is observed and the PFE is restarted.\nThis issue affects:\nJuniper Networks Junos OS on SRX Series:\n19.2 versions prior to 19.2R3-S6;\n19.3 versions prior to 19.3R3-S6;\n19.4 versions prior to 19.4R3-S9;\n20.2 versions prior to 20.2R3-S5;\n20.3 versions prior to 20.3R3-S4;\n20.4 versions prior to 20.4R3-S3;\n21.1 versions prior to 21.1R3;\n21.2 versions prior to 21.2R3;\n21.3 versions prior to 21.3R2;\n21.4 versions prior to 21.4R2."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA70207",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA70207"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 19.2R3-S6, 19.3R3-S6, 19.4R3-S9, 20.2R3-S5, 20.3R3-S4, 20.4R3-S3, 21.1R3, 21.2R3, 21.3R2, 21.4R2, 22.1R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA70207",
"defect": [
"1601806"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no known workarounds for this issue."
}
]
}

154
2023/22xxx/CVE-2023-22412.json
View File

@ -1,18 +1,160 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2023-01-11T17:00:00.000Z",
"ID": "CVE-2023-22412",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Junos OS: MX Series and SRX Series: The flow processing daemon (flowd) will crash if the SIP ALG is enabled and specific SIP messages are processed"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "MX Series, SRX Series",
"version_affected": "<",
"version_name": "20.4",
"version_value": "20.4R3-S4"
},
{
"platform": "MX Series, SRX Series",
"version_affected": "<",
"version_name": "21.1",
"version_value": "21.1R3-S3"
},
{
"platform": "MX Series, SRX Series",
"version_affected": "<",
"version_name": "21.2",
"version_value": "21.2R3-S2"
},
{
"platform": "MX Series, SRX Series",
"version_affected": "<",
"version_name": "21.3",
"version_value": "21.3R3"
},
{
"platform": "MX Series, SRX Series",
"version_affected": "<",
"version_name": "21.4",
"version_value": "21.4R3"
},
{
"platform": "MX Series, SRX Series",
"version_affected": "<",
"version_name": "22.1",
"version_value": "22.1R2"
},
{
"platform": "MX Series, SRX Series",
"version_affected": "!<",
"version_value": "20.4R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "To be affected the SIP ALG needs to be enabled, either implicitly / by default or by way of configuration.\n\nPlease verify on SRX with:\n\n user@host> show security alg status | match sip\n SIP : Enabled\n\nPlease verify on MX with MS-MPC or MS-MIC whether the following is configured:\n\n [services ... rule <rule-name> (term <term-name> ) from/match application/application-set <name>]\nwhere either\n a. name = junos-sip\nor an application or application-set refers to SIP:\n b. [applications application <name> application-protocol sip]\nor\n c. [applications application-set <name> application junos-sip]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Improper Locking vulnerability in the SIP ALG of Juniper Networks Junos OS on MX Series with MS-MPC or MS-MIC card and SRX Series allows an unauthenticated, network-based attacker to cause a flow processing daemon (flowd) crash and thereby a Denial of Service (DoS). Continued receipt of these specific packets will cause a sustained Denial of Service condition.\n\nThis issue occurs when SIP ALG is enabled and specific SIP messages are processed simultaneously.\nThis issue affects:\nJuniper Networks Junos OS on MX Series and SRX Series\n20.4 versions prior to 20.4R3-S4;\n21.1 versions prior to 21.1R3-S3;\n21.2 versions prior to 21.2R3-S2;\n21.3 versions prior to 21.3R3;\n21.4 versions prior to 21.4R3;\n22.1 versions prior to 22.1R2.\n\nThis issue does not affect Juniper Networks Junos OS versions prior to 20.4R1 on MX Series, or SRX Series."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-667 Improper Locking"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA70208",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA70208"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 20.4R3-S4, 21.1R3-S3, 21.2R3-S2, 21.3R3, 21.4R3, 22.1R2, 22.2R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA70208",
"defect": [
"1645022"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no known workarounds for this issue, but it should be considered to disable the SIP ALG if it's not strictly needed."
}
]
}

172
2023/22xxx/CVE-2023-22413.json
View File

@ -1,18 +1,178 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2023-01-11T17:00:00.000Z",
"ID": "CVE-2023-22413",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Junos OS: MX Series: The Multiservices PIC Management Daemon (mspmand) will crash when an IPsec6 tunnel processes specific IPv4 packets"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "MX Series",
"version_affected": "<",
"version_value": "19.4R3-S9"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "20.2",
"version_value": "20.2R3-S5"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "20.3",
"version_value": "20.3R3-S5"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "20.4",
"version_value": "20.4R3-S4"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "21.1",
"version_value": "21.1R3-S3"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "21.2",
"version_value": "21.2R3-S1"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "21.3",
"version_value": "21.3R3"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "21.4",
"version_value": "21.4R2-S1, 21.4R3"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "22.1",
"version_value": "22.1R2"
},
{
"platform": "MX Series",
"version_affected": ">=",
"version_name": "20.1",
"version_value": "20.1R3-S5 "
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "The following minimal IPsec VPN configuration is required for this issue to be present.\n\n [set services ipsec-vpn rule vpn_rule_ms_4_0_01 term term11 then dynamic ike-policy ike_policy_ms_4_0_0]\n [set services ipsec-vpn rule vpn_rule_ms_4_0_01 term term11 then dynamic ipsec-policy ipsec_policy_ms_4_0_0]\n [set services service-set ipsec_ss_ms_4_0_01 ipsec-vpn-options local-gateway 10.0.1.1]\n [set services service-set ipsec_ss_ms_4_0_01 ipsec-vpn-rules vpn_rule_ms_4_0_01]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Improper Check or Handling of Exceptional Conditions vulnerability in the IPsec library of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause Denial of Service (DoS).\n\nOn all MX platforms with MS-MPC or MS-MIC card, when specific IPv4 packets are processed by an IPsec6 tunnel, the Multiservices PIC Management Daemon (mspmand) process will core and restart. This will lead to FPC crash. Traffic flow is impacted while mspmand restarts. Continued receipt of these specific packets will cause a sustained Denial of Service (DoS) condition.\n\nThis issue only occurs if an IPv4 address is not configured on the multiservice interface.\n\nThis issue affects:\nJuniper Networks Junos OS on MX Series\nAll versions prior to 19.4R3-S9;\n20.1 version 20.1R3-S5 and later versions;\n20.2 versions prior to 20.2R3-S5;\n20.3 versions prior to 20.3R3-S5;\n20.4 versions prior to 20.4R3-S4;\n21.1 versions prior to 21.1R3-S3;\n21.2 versions prior to 21.2R3-S1;\n21.3 versions prior to 21.3R3;\n21.4 versions prior to 21.4R2-S1, 21.4R3;\n22.1 versions prior to 22.1R2."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-703 Improper Check or Handling of Exceptional Conditions"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA70209",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA70209"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 19.4R3-S9, 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R3-S3, 21.2R3-S1, 21.3R3, 21.4R3, 22.1R2, 22.2R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA70209",
"defect": [
"1658671"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "In order to avoid this issue, configure a valid IPv4 address on the multiservice interface."
}
]
}

166
2023/22xxx/CVE-2023-22414.json
View File

@ -1,18 +1,172 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2023-01-11T17:00:00.000Z",
"ID": "CVE-2023-22414",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Junos OS: PTX Series and QFX10000 Series: An FPC memory leak is observed when specific EVPN VXLAN Multicast packets are processed"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "PTX Series and QFX10000 Series",
"version_affected": "<",
"version_name": "20.2",
"version_value": "20.2R3-S6"
},
{
"platform": "PTX Series and QFX10000 Series",
"version_affected": "<",
"version_name": "20.3",
"version_value": "20.3R3-S6"
},
{
"platform": "PTX Series and QFX10000 Series",
"version_affected": "<",
"version_name": "20.4",
"version_value": "20.4R3-S4"
},
{
"platform": "PTX Series and QFX10000 Series",
"version_affected": "<",
"version_name": "21.2",
"version_value": "21.2R3-S1"
},
{
"platform": "PTX Series and QFX10000 Series",
"version_affected": "<",
"version_name": "21.3",
"version_value": "21.3R3"
},
{
"platform": "PTX Series and QFX10000 Series",
"version_affected": "<",
"version_name": "21.4",
"version_value": "21.4R3"
},
{
"platform": "PTX Series and QFX10000 Series",
"version_affected": "<",
"version_name": "22.1",
"version_value": "22.1R2"
},
{
"platform": "PTX Series and QFX10000 Series",
"version_affected": "<",
"version_name": "22.2",
"version_value": "22.2R2"
},
{
"platform": "PTX Series and QFX10000 Series",
"version_affected": "!<",
"version_value": "20.1R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "This issue can occur when multicast and EVPN are configured: \n\n [protocols evpn]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Missing Release of Memory after Effective Lifetime vulnerability in Flexible PIC Concentrator (FPC) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker from the same shared physical or logical network, to cause a heap memory leak and leading to FPC crash.\n\nOn all Junos PTX Series and QFX10000 Series, when specific EVPN VXLAN Multicast packets are processed, an FPC heap memory leak is observed.\n\nThe FPC memory usage can be monitored using the CLI command \"show heap extensive\". Following is an example output.\n\nID Base Total(b) Free(b) Used(b) % Name Peak used %\n-- -------- --------- --------- --------- --- ----------- -----------\n0 37dcf000 3221225472 1694526368 1526699104 47 Kernel 47\n1 17dcf000 1048576 1048576 0 0 TOE DMA 0\n2 17ecf000 1048576 1048576 0 0 DMA 0\n3 17fcf000 534773760 280968336 253805424 47 Packet DMA 47\n\nThis issue affects:\nJuniper Networks Junos OS PTX Series and QFX10000 Series\n20.2 versions prior to 20.2R3-S6;\n20.3 versions prior to 20.3R3-S6;\n20.4 versions prior to 20.4R3-S4;\n21.1 versions prior to 21.1R3-S3;\n21.2 versions prior to 21.2R3-S1;\n21.3 versions prior to 21.3R3;\n21.4 versions prior to 21.4R3;\n22.1 versions prior to 22.1R2;\n22.2 versions prior to 22.2R2.\n\nThis issue does not affect Juniper Networks Junos OS versions prior to 20.1R1 on PTX Series and QFX10000 Series."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-401 Missing Release of Memory after Effective Lifetime"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA70210",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA70210"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 20.2R3-S6, 20.3R3-S6, 20.4R3-S4, 21.1R3-S3, 21.2R3-S1, 21.3R3, 21.4R3, 22.1R2, 22.2R2, 22.3R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA70210",
"defect": [
"1661286"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no known workarounds for this issue."
}
]
}

172
2023/22xxx/CVE-2023-22415.json
View File

@ -1,18 +1,178 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2023-01-11T17:00:00.000Z",
"ID": "CVE-2023-22415",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Junos OS: MX Series and SRX Series: The flow processing daemon (flowd) will crash when specific H.323 packets are received"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "MX Series, SRX Series",
"version_affected": "<",
"version_value": "19.4R3-S10"
},
{
"platform": "MX Series, SRX Series",
"version_affected": "<",
"version_name": "20.2",
"version_value": "20.2R3-S6"
},
{
"platform": "MX Series, SRX Series",
"version_affected": "<",
"version_name": "20.3",
"version_value": "20.3R3-S6"
},
{
"platform": "MX Series, SRX Series",
"version_affected": "<",
"version_name": "20.4",
"version_value": "20.4R3-S5"
},
{
"platform": "MX Series, SRX Series",
"version_affected": "<",
"version_name": "21.1",
"version_value": "21.1R3-S4"
},
{
"platform": "MX Series, SRX Series",
"version_affected": "<",
"version_name": "21.2",
"version_value": "21.2R3-S3"
},
{
"platform": "MX Series, SRX Series",
"version_affected": "<",
"version_name": "21.3",
"version_value": "21.3R3-S3"
},
{
"platform": "MX Series, SRX Series",
"version_affected": "<",
"version_name": "21.4",
"version_value": "21.4R3"
},
{
"platform": "MX Series, SRX Series",
"version_affected": "<",
"version_name": "22.1",
"version_value": "22.1R2-S1, 22.1R3"
},
{
"platform": "MX Series, SRX Series",
"version_affected": "<",
"version_name": "22.2",
"version_value": "22.2R1-S2, 22.2R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "To be affected the H.323 ALG needs to be enabled, either implicitly / by default or by way of configuration. Please verify with:\n\nCheck if H.323 ALG is enabled by default with:\n user@host> show security alg status | match H323\n H323 : Enabled\n\nConfigure H.323 ALG to receive incoming calls with following commands.\n [set interfaces ge-0/0/0 unit 0 family inet address 10.1.1.1/24]\n [set interfaces ge-0/0/1 unit 0 family inet address 172.16.1.1/24]\n [set security zones security-zone private address-book address IP-Phone1 10.1.1.5/32] \n [set security zones security-zone private address-book address gatekeeper 10.1.1.25/32 ]\n [set security zones security-zone private interfaces ge-0/0/0.0 ]\n [set security zones security-zone public address-book address IP-Phone2 172.16.1.5/32 ]\n [set security zones security-zone public interfaces ge-0/0/1.0]\n [set security policies from-zone private to-zone public policy private-to-public match source-address IP-Phone1 ]\n [set security policies from-zone private to-zone public policy private-to-public match source-address gatekeeper ]\n [set security policies from-zone private to-zone public policy private-to-public match destination-address IP-Phone2 ]\n [set security policies from-zone private to-zone public policy private-to-public match application junos-h323 ]\n [set security policies from-zone private to-zone public policy private-to-public then permit ]\n [set security policies from-zone public to-zone private policy public-to-private match source-address IP-Phone2 ]\n [set security policies from-zone public to-zone private policy public-to-private match destination-address IP-Phone1 ]\n [set security policies from-zone public to-zone private policy public-to-private match destination-address gatekeeper]\n [set security policies from-zone public to-zone private policy public-to-private match application junos-h323 ]\n [set security policies from-zone public to-zone private policy public-to-private then permit ]\n"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Out-of-Bounds Write vulnerability in the H.323 ALG of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS).\n\nOn all MX Series and SRX Series platform, when H.323 ALG is enabled and specific H.323 packets are received simultaneously, a flow processing daemon (flowd) crash will occur. Continued receipt of these specific packets will cause a sustained Denial of Service (DoS) condition.\nThis issue affects:\nJuniper Networks Junos OS on MX Series and SRX Series\nAll versions prior to 19.4R3-S10;\n20.2 versions prior to 20.2R3-S6;\n20.3 versions prior to 20.3R3-S6;\n20.4 versions prior to 20.4R3-S5;\n21.1 versions prior to 21.1R3-S4;\n21.2 versions prior to 21.2R3-S3;\n21.3 versions prior to 21.3R3-S3;\n21.4 versions prior to 21.4R3;\n22.1 versions prior to 22.1R2-S1, 22.1R3;\n22.2 versions prior to 22.2R1-S2, 22.2R2."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA70211",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA70211"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 19.4R3-S10, 20.2R3-S6, 20.3R3-S6, 20.4R3-S5, 21.1R3-S4, 21.2R3-S3, 21.3R3-S3, 21.4R3, 22.1R2-S1, 22.1R3, 22.2R1-S2, 22.2R2, 22.3R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA70211",
"defect": [
"1666996"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no known workarounds for this issue, but it should be considered to disable the H.323 ALG if it's not strictly needed."
}
]
}

160
2023/22xxx/CVE-2023-22416.json
View File

@ -1,18 +1,166 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2023-01-11T17:00:00.000Z",
"ID": "CVE-2023-22416",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Junos OS: MX Series and SRX Series: The flow processing daemon (flowd) will crash if SIP ALG is enabled and a malformed SIP packet is received"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "MX Series, SRX Series",
"version_affected": "<",
"version_name": "20.4",
"version_value": "20.4R3-S5"
},
{
"platform": "MX Series, SRX Series",
"version_affected": "<",
"version_name": "21.1",
"version_value": "21.1R3-S4"
},
{
"platform": "MX Series, SRX Series",
"version_affected": "<",
"version_name": "21.2",
"version_value": "21.2R3-S2"
},
{
"platform": "MX Series, SRX Series",
"version_affected": "<",
"version_name": "21.3",
"version_value": "21.3R3-S1"
},
{
"platform": "MX Series, SRX Series",
"version_affected": "<",
"version_name": "21.4",
"version_value": "21.4R3"
},
{
"platform": "MX Series, SRX Series",
"version_affected": "<",
"version_name": "22.1",
"version_value": "22.1R1-S2, 22.1R2"
},
{
"platform": "MX Series, SRX Series",
"version_affected": "<",
"version_name": "22.2",
"version_value": "22.2R1-S1, 22.2R2"
},
{
"platform": "MX Series, SRX Series",
"version_affected": "!<",
"version_value": "20.4R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "To be affected the SIP ALG needs to be enabled, either implicitly / by default or by way of configuration.\n\nPlease verify on SRX with:\n\n user@host> show security alg status | match sip\n SIP : Enabled\n\nPlease verify on MX whether the following is configured:\n\n [services ... rule <rule-name> (term <term-name> ) from/match application/application-set <name>]\nwhere either\n a. name = junos-sip\nor an application or application-set refers to SIP:\n b. [applications application <name> application-protocol sip]\nor\n c. [applications application-set <name> application junos-sip]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Buffer Overflow vulnerability in SIP ALG of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).\n\nOn all MX Series and SRX Series platform with SIP ALG enabled, when a malformed SIP packet is received, the flow processing daemon (flowd) will crash and restart.\nThis issue affects:\nJuniper Networks Junos OS on MX Series and SRX Series\n20.4 versions prior to 20.4R3-S5;\n21.1 versions prior to 21.1R3-S4;\n21.2 versions prior to 21.2R3-S2;\n21.3 versions prior to 21.3R3-S1;\n21.4 versions prior to 21.4R3;\n22.1 versions prior to 22.1R1-S2, 22.1R2;\n22.2 versions prior to 22.2R1-S1, 22.2R2.\n\nThis issue does not affect Juniper Networks Junos OS versions prior to 20.4R1 on SRX Series."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA70212",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA70212"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 20.4R3-S5, 21.1R3-S4, 21.2R3-S2, 21.3R3-S1, 21.4R3, 22.1R1-S2, 22.1R2, 22.2R1-S1, 22.2R2, 22.3R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA70212",
"defect": [
"1668830"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no known workarounds for this issue, but it should be considered to disable the SIP ALG if it's not strictly needed."
}
]
}

160
2023/22xxx/CVE-2023-22417.json
View File

@ -1,18 +1,166 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2023-01-11T17:00:00.000Z",
"ID": "CVE-2023-22417",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Junos OS: SRX Series: A memory leak might be observed in IPsec VPN scenario leading to an FPC crash"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "SRX Series",
"version_affected": "<",
"version_value": "19.3R3-S7"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "19.4",
"version_value": "19.4R2-S8, 19.4R3-S10"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "20.2",
"version_value": "20.2R3-S6"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "20.3",
"version_value": "20.3R3-S5"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "20.4",
"version_value": "20.4R3-S5"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "21.1",
"version_value": "21.1R3-S4"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "21.2",
"version_value": "21.2R3"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "21.3",
"version_value": "21.3R3"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "21.4",
"version_value": "21.4R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Missing Release of Memory after Effective Lifetime vulnerability in the Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).\n\nIn an IPsec VPN environment, a memory leak will be seen if a DH or ECDH group is configured. Eventually the flowd process will crash and restart.\nThis issue affects Juniper Networks Junos OS on SRX Series:\nAll versions prior to 19.3R3-S7;\n19.4 versions prior to 19.4R2-S8, 19.4R3-S10;\n20.2 versions prior to 20.2R3-S6;\n20.3 versions prior to 20.3R3-S5;\n20.4 versions prior to 20.4R3-S5;\n21.1 versions prior to 21.1R3-S4;\n21.2 versions prior to 21.2R3;\n21.3 versions prior to 21.3R3;\n21.4 versions prior to 21.4R2."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-401 Missing Release of Memory after Effective Lifetime"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA70213",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA70213"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 19.3R3-S7, 19.4R2-S8, 19.4R3-S10, 20.2R3-S6, 20.3R3-S5, 20.4R3-S5, 21.1R3-S4, 21.2R3, 21.3R3, 21.4R2, 22.1R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA70213",
"defect": [
"1639998"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no known workarounds for this issue."
}
]
}