admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Juniper JSA publication 2022-01

Browse Source 
Juniper JSA publication 2022-01. See https://advisory.juniper.net for more information.
This commit is contained in:
mpaujnpr01 2022-01-18 17:16:27 -07:00
parent 1d6db5702b
commit e6d1a5b8f5
27 changed files with 4347 additions and 189 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

99
2022/22xxx/CVE-2022-22152.json
View File

@ -1,18 +1,103 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2022-01-12T17:00:00.000Z",
"ID": "CVE-2022-22152",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Contrail Service Orchestration: Tenants able to see other tenants policies via REST API interface"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Contrail Service Orchestration",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "6.1.0 Patch 3"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Protection Mechanism Failure vulnerability in the REST API of Juniper Networks Contrail Service Orchestration allows one tenant on the system to view confidential configuration details of another tenant on the same system. By utilizing the REST API, one tenant is able to obtain information on another tenant's firewall configuration and access control policies, as well as other sensitive information, exposing the tenant to reduced defense against malicious attacks or exploitation via additional undetermined vulnerabilities.\n\nThis issue affects Juniper Networks Contrail Service Orchestration versions prior to 6.1.0 Patch 3."
}
]
}
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-693 Protection Mechanism Failure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11260",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11260"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve these specific issues: Juniper Networks Contrail Service Orchestration (CSO) 6.1.0 Patch 3, 6.2.0, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11260",
"defect": [
"CXU-58865"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no known workarounds for this issue."
}
]
}

146
2022/22xxx/CVE-2022-22153.json
View File

@ -1,18 +1,150 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2022-01-12T17:00:00.000Z",
"ID": "CVE-2022-22153",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "SRX Series and MX Series with SPC3: A high percentage of fragments might lead to high latency or packet drops"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "SRX Series, MX Series with SPC3",
"version_affected": "<",
"version_value": "18.2R3"
},
{
"platform": "SRX Series, MX Series with SPC3",
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R3"
},
{
"platform": "SRX Series, MX Series with SPC3",
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R2-S9, 18.4R3"
},
{
"platform": "SRX Series, MX Series with SPC3",
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R2"
},
{
"platform": "SRX Series, MX Series with SPC3",
"version_affected": "<",
"version_name": "19.2",
"version_value": "19.2R1-S1, 19.2R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Insufficient Algorithmic Complexity combined with an Allocation of Resources Without Limits or Throttling vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX Series and MX Series with SPC3 allows an unauthenticated network attacker to cause latency in transit packet processing and even packet loss.\n\nIf transit traffic includes a significant percentage (> 5%) of fragmented packets which need to be reassembled, high latency or packet drops might be observed.\nThis issue affects Juniper Networks Junos OS on SRX Series, MX Series with SPC3:\nAll versions prior to 18.2R3;\n18.3 versions prior to 18.3R3;\n18.4 versions prior to 18.4R2-S9, 18.4R3;\n19.1 versions prior to 19.1R2;\n19.2 versions prior to 19.2R1-S1, 19.2R2."
}
]
}
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-407 Algorithmic Complexity"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-770 Allocation of Resources Without Limits or Throttling"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11261",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11261"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 18.2R3, 18.3R3, 18.4R2-S9, 18.4R3, 19.1R2, 19.2R1-S1, 19.2R2, 19.3R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA11261",
"defect": [
"1406465"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no viable workarounds for this issue."
}
]
}

133
2022/22xxx/CVE-2022-22154.json
View File

@ -1,18 +1,137 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2022-01-12T17:00:00.000Z",
"ID": "CVE-2022-22154",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Junos Fusion: A Satellite Device can be controlled by rewiring it to a foreign AD causing a DoS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_name": "16.1",
"version_value": "16.1R1"
},
{
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R3-S10"
},
{
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R3-S7"
},
{
"version_affected": "<",
"version_name": "19.2",
"version_value": "19.2R3-S4"
},
{
"version_affected": "!<",
"version_value": "16.1R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In a Junos Fusion scenario an External Control of Critical State Data vulnerability in the Satellite Device (SD) control state machine of Juniper Networks Junos OS allows an attacker who is able to make physical changes to the cabling of the device to cause a denial of service (DoS).\n\nAn SD can get rebooted and subsequently controlled by an Aggregation Device (AD) which does not belong to the original Fusion setup and is just connected to an extended port of the SD. To carry out this attack the attacker needs to have physical access to the cabling between the SD and the original AD.\nThis issue affects:\nJuniper Networks Junos OS\n16.1R1 and later versions prior to 18.4R3-S10;\n19.1 versions prior to 19.1R3-S7;\n19.2 versions prior to 19.2R3-S4.\n\nThis issue does not affect Juniper Networks Junos OS versions prior to 16.1R1."
}
]
}
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-642 External Control of Critical State Data"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11262",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11262"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 18.4R3-S10, 19.1R3-S7, 19.2R3-S4, 19.3R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA11262",
"defect": [
"1425509"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no viable workarounds for this issue other than ensuring that the wiring between the AD and the SD can't be tampered with."
}
]
}

151
2022/22xxx/CVE-2022-22155.json
View File

@ -1,18 +1,155 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2022-01-12T17:00:00.000Z",
"ID": "CVE-2022-22155",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Junos OS: ACX5448: FPC memory leak due to IPv6 neighbor flaps"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "ACX5448",
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R3-S10"
},
{
"platform": "ACX5448",
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R3-S5"
},
{
"platform": "ACX5448",
"version_affected": "<",
"version_name": "19.2",
"version_value": "19.2R1-S8, 19.2R3-S2"
},
{
"platform": "ACX5448",
"version_affected": "<",
"version_name": "19.3",
"version_value": "19.3R2-S6, 19.3R3-S2"
},
{
"platform": "ACX5448",
"version_affected": "<",
"version_name": "19.4",
"version_value": "19.4R1-S3, 19.4R2-S2, 19.4R3"
},
{
"platform": "ACX5448",
"version_affected": "<",
"version_name": "20.1",
"version_value": "20.1R2"
},
{
"platform": "ACX5448",
"version_affected": "<",
"version_name": "20.2",
"version_value": "20.2R1-S1, 20.2R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Uncontrolled Resource Consumption vulnerability in the handling of IPv6 neighbor state change events in Juniper Networks Junos OS allows an adjacent attacker to cause a memory leak in the Flexible PIC Concentrator (FPC) of an ACX5448 router. The continuous flapping of an IPv6 neighbor with specific timing will cause the FPC to run out of resources, leading to a Denial of Service (DoS) condition. Once the condition occurs, further packet processing will be impacted, creating a sustained Denial of Service (DoS) condition, requiring a manual PFE restart to restore service.\n\nThe following error messages will be seen after the FPC resources have been exhausted:\n\n fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40\n fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40\n fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40\n fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40\n\nThis issue only affects the ACX5448 router. No other products or platforms are affected by this vulnerability.\n\nThis issue affects Juniper Networks Junos OS on ACX5448:\n18.4 versions prior to 18.4R3-S10;\n19.1 versions prior to 19.1R3-S5;\n19.2 versions prior to 19.2R1-S8, 19.2R3-S2;\n19.3 versions prior to 19.3R2-S6, 19.3R3-S2;\n19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3;\n20.1 versions prior to 20.1R2;\n20.2 versions prior to 20.2R1-S1, 20.2R2."
}
]
}
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-772 Missing Release of Resource after Effective Lifetime"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11263",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11263"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 18.4R3-S10, 19.1R3-S5, 19.2R1-S8, 19.2R3-S2, 19.3R2-S6, 19.3R3-S2, 19.4R1-S3, 19.4R2-S2, 19.4R3, 20.1R2, 20.2R1-S1, 20.2R2, 20.3R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA11263",
"defect": [
"1519372"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no known workarounds for this issue."
}
]
}

172
2022/22xxx/CVE-2022-22156.json
View File

@ -1,18 +1,176 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2022-01-12T17:00:00.000Z",
"ID": "CVE-2022-22156",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Junos OS: Certificate validation is skipped when fetching system scripts from a HTTPS URL"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "18.4R2-S9, 18.4R3-S9"
},
{
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R2-S3, 19.1R3-S7"
},
{
"version_affected": "<",
"version_name": "19.2",
"version_value": "19.2R1-S7, 19.2R3-S3"
},
{
"version_affected": "<",
"version_name": "19.3",
"version_value": "19.3R3-S4"
},
{
"version_affected": "<",
"version_name": "19.4",
"version_value": "19.4R3-S7"
},
{
"version_affected": "<",
"version_name": "20.1",
"version_value": "20.1R2-S2, 20.1R3"
},
{
"version_affected": "<",
"version_name": "20.2",
"version_value": "20.2R3"
},
{
"version_affected": "<",
"version_name": "20.3",
"version_value": "20.3R2-S1, 20.3R3"
},
{
"version_affected": "<",
"version_name": "20.4",
"version_value": "20.4R2"
},
{
"version_affected": "<",
"version_name": "21.1",
"version_value": "21.1R1-S1, 21.1R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "The examples of the config stanza affected by this issue:\n\n [event-options event-script file <file-name> source <https-url> refresh]\n [system scripts (commit | event | extension-service | op | snmp) file filename refresh-from <https-url>]\n\nPlease note that issuing set refresh-from command does not add the refresh-from statement to the configuration but the command behaves like an operational mode command by executing an operation."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Improper Certificate Validation weakness in the Juniper Networks Junos OS allows an attacker to perform Person-in-the-Middle (PitM) attacks when a system script is fetched from a remote source at a specified HTTPS URL, which may compromise the integrity and confidentiality of the device.\n\nThe following command can be executed by an administrator via the CLI to refresh a script from a remote location, which is affected from this vulnerability:\n >request system scripts refresh-from (commit | event | extension-service | op | snmp) file filename url <https-url>\n\n\n\n\n\n\n\n\n\n\n\nThis issue affects:\nJuniper Networks Junos OS\nAll versions prior to 18.4R2-S9, 18.4R3-S9;\n19.1 versions prior to 19.1R2-S3, 19.1R3-S7;\n19.2 versions prior to 19.2R1-S7, 19.2R3-S3;\n19.3 versions prior to 19.3R3-S4;\n19.4 versions prior to 19.4R3-S7;\n20.1 versions prior to 20.1R2-S2, 20.1R3;\n20.2 versions prior to 20.2R3;\n20.3 versions prior to 20.3R2-S1, 20.3R3;\n20.4 versions prior to 20.4R2;\n21.1 versions prior to 21.1R1-S1, 21.1R2.\n"
}
]
}
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-358 Improperly Implemented Security Check for Standard"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-295 Improper Certificate Validation"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-300 Channel Accessible by Non-Endpoint ('Man-in-the-Middle')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11264",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11264"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 18.4R2-S9, 18.4R3-S9, 19.1R2-S3, 19.1R3-S7, 19.2R1-S7, 19.2R3-S3, 19.3R3-S4, 19.4R3-S7, 20.1R2-S2, 20.1R3, 20.2R3, 20.3R2-S1, 20.3R3, 20.4R2, 21.1R1-S1, 21.1R2, 21.2R1 and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA11264",
"defect": [
"1542229"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no viable workarounds for this issue.\n\n "
}
]
}

171
2022/22xxx/CVE-2022-22157.json
View File

@ -1,18 +1,175 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2022-01-12T17:00:00.000Z",
"ID": "CVE-2022-22157",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Junos OS: SRX Series: Traffic classification vulnerability when 'no-syn-check' is enabled"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R2-S9, 18.4R3-S9"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R2-S3, 19.1R3-S6"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "19.2",
"version_value": "19.2R1-S7, 19.2R3-S3"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "19.3",
"version_value": "19.3R2-S6, 19.3R3-S2"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "19.4",
"version_value": "19.4R2-S5, 19.4R3-S3"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "20.1",
"version_value": "20.1R2-S2, 20.1R3"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "20.2",
"version_value": "20.2R3-S1"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "20.3",
"version_value": "20.3R3"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "20.4",
"version_value": "20.4R2-S1, 20.4R3"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "21.1",
"version_value": "21.1R1-S1, 21.1R2"
},
{
"version_affected": "!<",
"version_value": "18.4R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "This issue is only seen when the following configuration is present: \n [security flow tcp-session no-syn-check]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A traffic classification vulnerability in Juniper Networks Junos OS on the SRX Series Services Gateways may allow an attacker to bypass Juniper Deep Packet Inspection (JDPI) rules and access unauthorized networks or resources, when 'no-syn-check' is enabled on the device. JDPI incorrectly classifies out-of-state asymmetric TCP flows as the dynamic-application INCONCLUSIVE instead of UNKNOWN, which is more permissive, causing the firewall to allow traffic to be forwarded that should have been denied.\n\nThis issue only occurs when 'set security flow tcp-session no-syn-check' is configured on the device.\n\n\nThis issue affects Juniper Networks Junos OS on SRX Series:\n18.4 versions prior to 18.4R2-S9, 18.4R3-S9;\n19.1 versions prior to 19.1R2-S3, 19.1R3-S6;\n19.2 versions prior to 19.2R1-S7, 19.2R3-S3;\n19.3 versions prior to 19.3R2-S6, 19.3R3-S2;\n19.4 versions prior to 19.4R2-S5, 19.4R3-S3;\n20.1 versions prior to 20.1R2-S2, 20.1R3;\n20.2 versions prior to 20.2R3-S1;\n20.3 versions prior to 20.3R3;\n20.4 versions prior to 20.4R2-S1, 20.4R3;\n21.1 versions prior to 21.1R1-S1, 21.1R2.\n\nThis issue does not affect Juniper Networks Junos OS versions prior to 18.4R1."
}
]
}
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11265",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11265"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 18.4R2-S9, 18.4R3-S9, 19.1R2-S3, 19.1R3-S6, 19.2R1-S7, 19.2R3-S3, 19.3R2-S6, 19.3R3-S2, 19.4R2-S5, 19.4R3-S3, 20.1R2-S2, 20.1R3, 20.2R3-S1, 20.3R3, 20.4R2-S1, 20.4R3, 21.1R1-S1, 21.1R2, 21.2R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA11265",
"defect": [
"1561533"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "Any of the following workarounds will mitigate this issue:\n\n1. Remove 'security flow tcp-session no-syn-check' from the configuration.\n\n2: Enable AppID cache configuration:\n set services application-identification application-system-cache security-services\n"
}
]
}

181
2022/22xxx/CVE-2022-22159.json
View File

@ -1,18 +1,185 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2022-01-12T17:00:00.000Z",
"ID": "CVE-2022-22159",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Junos OS: An attacker sending crafted packets can cause a traffic and CPU Denial of Service (DoS)."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_name": "17.3",
"version_value": "17.3R3-S9"
},
{
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R3-S12"
},
{
"version_affected": ">=",
"version_name": "17.4",
"version_value": "17.4R3-S3"
},
{
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R3-S5"
},
{
"version_affected": ">=",
"version_name": "18.1",
"version_value": "18.1R3-S11"
},
{
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R3-S13"
},
{
"version_affected": ">=",
"version_name": "18.2",
"version_value": "18.2R3-S6"
},
{
"version_affected": ">=",
"version_name": "18.3",
"version_value": "18.3R3-S4"
},
{
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R3-S5"
},
{
"version_affected": ">=",
"version_name": "18.4",
"version_value": "18.4R3-S5"
},
{
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R3-S9"
},
{
"version_affected": ">=",
"version_name": "19.1",
"version_value": "19.1R3-S3"
},
{
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R3-S7"
},
{
"version_affected": "!<",
"version_value": "17.3R3-S9"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "!",
"version_value": "Any"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the NETISR network queue functionality of Juniper Networks Junos OS kernel allows an attacker to cause a Denial of Service (DoS) by sending crafted genuine packets to a device. During an attack, the routing protocol daemon (rpd) CPU may reach 100% utilization, yet FPC CPUs forwarding traffic will operate normally. This attack occurs when the attackers' packets are sent over an IPv4 unicast routing equal-cost multi-path (ECMP) unilist selection.\n\nContinued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition.\n\nAn indicator of compromise may be to monitor NETISR drops in the network with the assistance of JTAC. Please contact JTAC for technical support for further guidance.\nThis issue affects:\nJuniper Networks Junos OS\n17.3 version 17.3R3-S9 and later versions prior to 17.3R3-S12;\n17.4 version 17.4R3-S3 and later versions prior to 17.4R3-S5;\n18.1 version 18.1R3-S11 and later versions prior to 18.1R3-S13;\n18.2 version 18.2R3-S6 and later versions;\n18.3 version 18.3R3-S4 and later versions prior to 18.3R3-S5;\n18.4 version 18.4R3-S5 and later versions prior to 18.4R3-S9;\n19.1 version 19.1R3-S3 and later versions prior to 19.1R3-S7.\n\nThis issue does not affect Juniper Networks Junos OS versions prior to 17.3R3-S9.\n\nThis issue does not affect Juniper Networks Junos OS Evolved."
}
]
}
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11267",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11267"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 17.3R3-S12, 17.4R3-S5, 18.1R3-S13, 18.3R3-S5, 18.4R3-S9, 19.1R3-S7, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA11267",
"defect": [
"1580066"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no available workarounds for this issue."
}
]
}

191
2022/22xxx/CVE-2022-22160.json
View File

@ -1,18 +1,195 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2022-01-12T17:00:00.000Z",
"ID": "CVE-2022-22160",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Junos OS: MX Series: The bbe-smgd process crashes if an unsupported configuration exists and a PPPoE client sends a specific message"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "MX Series",
"version_affected": ">=",
"version_name": "16.1",
"version_value": "16.1R1"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_value": "18.4R3-S10"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R2-S3, 19.1R3-S7"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "19.2",
"version_value": "19.2R1-S8, 19.2R3-S4"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "19.3",
"version_value": "19.3R3-S4"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "19.4",
"version_value": "19.4R3-S5"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "20.1",
"version_value": "20.1R3-S3"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "20.2",
"version_value": "20.2R3-S3"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "20.3",
"version_value": "20.3R3-S2"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "20.4",
"version_value": "20.4R3"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "21.1",
"version_value": "21.1R3"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "21.2",
"version_value": "21.2R2"
},
{
"platform": "MX Series",
"version_affected": "!<",
"version_value": "16.1R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "The following is an example of an affected configuration:\n\n user@device# show system services dhcp-local-server dhcpv6 \n ...\n group <group-name1> {\n overrides {\n ...\n dual-stack <dual-stack-group-name>;\n }\n ...\n interface pp0.0;\n ...\n }"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Unchecked Error Condition vulnerability in the subscriber management daemon (smgd) of Juniper Networks Junos OS allows an unauthenticated adjacent attacker to cause a crash of and thereby a Denial of Service (DoS).\n\nIn a subscriber management / broadband edge environment if a single session group configuration contains dual-stack and a pp0 interface, smgd will crash and restart every time a PPPoE client sends a specific message.\nThis issue affects Juniper Networks Junos OS on MX Series:\n16.1 version 16.1R1 and later versions prior to 18.4R3-S10;\n19.1 versions prior to 19.1R2-S3, 19.1R3-S7;\n19.2 versions prior to 19.2R1-S8, 19.2R3-S4;\n19.3 versions prior to 19.3R3-S4;\n19.4 versions prior to 19.4R3-S5;\n20.1 versions prior to 20.1R3-S3;\n20.2 versions prior to 20.2R3-S3;\n20.3 versions prior to 20.3R3-S2;\n20.4 versions prior to 20.4R3;\n21.1 versions prior to 21.1R3;\n21.2 versions prior to 21.2R2.\n\nThis issue does not affect Juniper Networks Junos OS versions prior to 16.1R1."
}
]
}
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-391 Unchecked Error Condition"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11268",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11268"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 18.4R3-S10, 19.1R2-S3, 19.1R3-S7, 19.2R1-S8, 19.2R3-S4, 19.3R3-S4, 19.4R3-S5, 20.1R3-S3, 20.2R3-S3, 20.3R3-S2, 20.4R3, 21.1R3, 21.2R2, 21.3R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA11268",
"defect": [
"1580528"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "Remove the pp0 interface from a DHCPv6 dual-stack group and move to its own group with no dual-stack enabled.\n\n user@device# show system services dhcp-local-server dhcpv6 \n ...\n group <group-name1> {\n overrides {\n ...\n dual-stack <dual-stack-group-name>;\n }\n ...\n interface pp0.0; <<<<< delete and add to new group\n ...\n }\n\n group <group-name2> { <<<<< new group for PP0 interfaces to be handled separately.\n ...\n interface pp0.0; <<<<<\n ...\n }"
}
]
}

180
2022/22xxx/CVE-2022-22161.json
View File

@ -1,18 +1,184 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2022-01-12T17:00:00.000Z",
"ID": "CVE-2022-22161",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Junos OS: MX104 might become unresponsive if the out-of-band management port receives a flood of traffic"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "MX104",
"version_affected": "<",
"version_value": "18.3R3-S6"
},
{
"platform": "MX104",
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R2-S9, 18.4R3-S9"
},
{
"platform": "MX104",
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R2-S3, 19.1R3-S7"
},
{
"platform": "MX104",
"version_affected": "<",
"version_name": "19.2",
"version_value": "19.2R1-S7, 19.2R3-S3"
},
{
"platform": "MX104",
"version_affected": "<",
"version_name": "19.3",
"version_value": "19.3R2-S7, 19.3R3-S4"
},
{
"platform": "MX104",
"version_affected": "<",
"version_name": "19.4",
"version_value": "19.4R2-S5, 19.4R3-S5"
},
{
"platform": "MX104",
"version_affected": "<",
"version_name": "20.1",
"version_value": "20.1R3-S1"
},
{
"platform": "MX104",
"version_affected": "<",
"version_name": "20.2",
"version_value": "20.2R3-S2"
},
{
"platform": "MX104",
"version_affected": "<",
"version_name": "20.3",
"version_value": "20.3R3-S1"
},
{
"platform": "MX104",
"version_affected": "<",
"version_name": "20.4",
"version_value": "20.4R2-S2, 20.4R3"
},
{
"platform": "MX104",
"version_affected": "<",
"version_name": "21.1",
"version_value": "21.1R2"
},
{
"platform": "MX104",
"version_affected": "<",
"version_name": "21.2",
"version_value": "21.2R1-S1, 21.2R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Uncontrolled Resource Consumption vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated network based attacker to cause 100% CPU load and the device to become unresponsive by sending a flood of traffic to the out-of-band management ethernet port.\n\nContinued receipted of a flood will create a sustained Denial of Service (DoS) condition. Once the flood subsides the system will recover by itself.\n\nAn indication that the system is affected by this issue would be that an irq handled by the fman process is shown to be using a high percentage of CPU cycles like in the following example output:\n\n user@host> show system processes extensive\n ...\n PID USERNAME PRI NICE SIZE RES STATE TIME WCPU COMMAND\n 31 root -84 -187 0K 16K WAIT 22.2H 56939.26% irq96: fman0\nThis issue affects Juniper Networks Junos OS:\nAll versions prior to 18.3R3-S6;\n18.4 versions prior to 18.4R2-S9, 18.4R3-S9;\n19.1 versions prior to 19.1R2-S3, 19.1R3-S7;\n19.2 versions prior to 19.2R1-S7, 19.2R3-S3;\n19.3 versions prior to 19.3R2-S7, 19.3R3-S4;\n19.4 versions prior to 19.4R2-S5, 19.4R3-S5;\n20.1 versions prior to 20.1R3-S1;\n20.2 versions prior to 20.2R3-S2;\n20.3 versions prior to 20.3R3-S1;\n20.4 versions prior to 20.4R2-S2, 20.4R3;\n21.1 versions prior to 21.1R2;\n21.2 versions prior to 21.2R1-S1, 21.2R2."
}
]
}
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11269",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11269"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 18.3R3-S6, 18.4R2-S9, 18.4R3-S9, 19.1R2-S3, 19.1R3-S7, 19.2R1-S7, 19.2R3-S3, 19.3R2-S7, 19.3R3-S4, 19.4R2-S5, 19.4R3-S5, 20.1R3-S1, 20.2R3-S2, 20.3R3-S1, 20.4R2-S2, 20.4R3, 21.1R2, 21.2R1-S1, 21.2R2, 21.3R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA11269",
"defect": [
"1585829"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no viable workarounds for this issue."
}
]
}

185
2022/22xxx/CVE-2022-22162.json
View File

@ -1,18 +1,189 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2022-01-12T17:00:00.000Z",
"ID": "CVE-2022-22162",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Junos OS: A low privileged user can elevate their privileges to the ones of the highest privileged j-web user logged in"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "15.1R7-S11"
},
{
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R3-S6"
},
{
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R2-S9, 18.4R3-S10"
},
{
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R2-S3, 19.1R3-S7"
},
{
"version_affected": "<",
"version_name": "19.2",
"version_value": "19.2R1-S8, 19.2R3-S4"
},
{
"version_affected": "<",
"version_name": "19.3",
"version_value": "19.3R3-S4"
},
{
"version_affected": "<",
"version_name": "19.4",
"version_value": "19.4R3-S6"
},
{
"version_affected": "<",
"version_name": "20.1",
"version_value": "20.1R3-S2"
},
{
"version_affected": "<",
"version_name": "20.2",
"version_value": "20.2R3-S3"
},
{
"version_affected": "<",
"version_name": "20.3",
"version_value": "20.3R3-S1"
},
{
"version_affected": "<",
"version_name": "20.4",
"version_value": "20.4R3-S1"
},
{
"version_affected": "<",
"version_name": "21.1",
"version_value": "21.1R2-S1, 21.1R3"
},
{
"version_affected": "<",
"version_name": "21.2",
"version_value": "21.2R1-S1, 21.2R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "This issue can only be exploited if J-Web is configured for example with:\n\n [system services web-management http]\n\nor\n\n [system services web-management https]"
}
],
"credit": [
{
"lang": "eng",
"value": "The Juniper SIRT would like to acknowledge and thank Andy Coles of Microsoft MSRC Vulnerabilities and Mitigations Team for responsibly reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Generation of Error Message Containing Sensitive Information vulnerability in the CLI of Juniper Networks Junos OS allows a locally authenticated attacker with low privileges to elevate these to the level of any other user logged in via J-Web at this time, potential leading to a full compromise of the device.\nThis issue affects Juniper Networks Junos OS:\nAll versions prior to 15.1R7-S11;\n18.3 versions prior to 18.3R3-S6;\n18.4 versions prior to 18.4R2-S9, 18.4R3-S10;\n19.1 versions prior to 19.1R2-S3, 19.1R3-S7;\n19.2 versions prior to 19.2R1-S8, 19.2R3-S4;\n19.3 versions prior to 19.3R3-S4;\n19.4 versions prior to 19.4R3-S6;\n20.1 versions prior to 20.1R3-S2;\n20.2 versions prior to 20.2R3-S3;\n20.3 versions prior to 20.3R3-S1;\n20.4 versions prior to 20.4R3-S1;\n21.1 versions prior to 21.1R2-S1, 21.1R3;\n21.2 versions prior to 21.2R1-S1, 21.2R2."
}
]
}
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-209 Information Exposure Through an Error Message"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11270",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11270"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 15.1R7-S11, 18.3R3-S6, 18.4R2-S9, 18.4R3-S10, 19.1R2-S3, 19.1R3-S7, 19.2R1-S8, 19.2R3-S4, 19.3R3-S4, 19.4R3-S6, 20.1R3-S2, 20.2R3-S3, 20.3R3-S1, 20.4R3-S1, 21.1R2-S1, 21.1R3, 21.2R1-S1, 21.2R2, 21.3R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11270",
"defect": [
"1593200"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "There are no viable workarounds for this issue other than disabling J-Web.\n\nTo reduce the risk of exploitation of this issue, use access lists or firewall filters to limit access to only trusted administrative networks, hosts and users."
}
]
}

169
2022/22xxx/CVE-2022-22163.json
View File

@ -1,18 +1,173 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2022-01-12T17:00:00.000Z",
"ID": "CVE-2022-22163",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Junos OS: jdhcpd crashes upon receipt of a specific DHCPv6 packet"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "15.1R7-S11"
},
{
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R3-S9"
},
{
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R2-S3, 19.1R3-S7"
},
{
"version_affected": "<",
"version_name": "19.2",
"version_value": "19.2R1-S8, 19.2R3-S3"
},
{
"version_affected": "<",
"version_name": "19.4",
"version_value": "19.4R3-S5"
},
{
"version_affected": "<",
"version_name": "20.1",
"version_value": "20.1R3-S1"
},
{
"version_affected": "<",
"version_name": "20.2",
"version_value": "20.2R3-S2"
},
{
"version_affected": "<",
"version_name": "20.3",
"version_value": "20.3R3-S1"
},
{
"version_affected": "<",
"version_name": "20.4",
"version_value": "20.4R3"
},
{
"version_affected": "<",
"version_name": "21.1",
"version_value": "21.1R2"
},
{
"version_affected": "<",
"version_name": "21.2",
"version_value": "21.2R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "For a device to be affected at least one of the following two lines of configuration need to be present:\n\n [ system services dhcp-local-server dhcpv6 persistent-storage automatic ]\n\nor\n\n [ forwarding-options dhcp-relay dhcpv6 persistent-storage automatic ]\n"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Improper Input Validation vulnerability in the Juniper DHCP daemon (jdhcpd) of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to cause a crash of jdhcpd and thereby a Denial of Service (DoS).\n\nIf a device is configured as DHCPv6 local server and persistent storage is enabled, jdhcpd will crash when receiving a specific DHCPv6 message.\nThis issue affects:\nJuniper Networks Junos OS\nAll versions prior to 15.1R7-S11;\n18.4 versions prior to 18.4R3-S9;\n19.1 versions prior to 19.1R2-S3, 19.1R3-S7;\n19.2 versions prior to 19.2R1-S8, 19.2R3-S3;\n19.4 versions prior to 19.4R3-S5;\n20.1 versions prior to 20.1R3-S1;\n20.2 versions prior to 20.2R3-S2;\n20.3 versions prior to 20.3R3-S1;\n20.4 versions prior to 20.4R3;\n21.1 versions prior to 21.1R2;\n21.2 versions prior to 21.2R2."
}
]
}
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11271",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11271"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 15.1R7-S11, 18.4R3-S9, 19.1R2-S3, 19.1R3-S7, 19.2R1-S8, 19.2R3-S3, 19.4R3-S5, 20.1R3-S1, 20.2R3-S2, 20.3R3-S1, 20.4R3, 21.1R2, 21.1R3, 21.2R2, 21.3R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA11271",
"defect": [
"1594371"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no viable workarounds for this issue."
}
]
}

115
2022/22xxx/CVE-2022-22164.json
View File

@ -1,18 +1,119 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2022-01-12T17:00:00.000Z",
"ID": "CVE-2022-22164",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Junos OS Evolved: Telnet service may be enabled when it is expected to be disabled."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "20.4R2-S2-EVO"
},
{
"version_affected": ">=",
"version_name": "21.1",
"version_value": "21.1R1-EVO"
},
{
"version_affected": "<",
"version_name": "21.2",
"version_value": "21.2R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Improper Initialization vulnerability in Juniper Networks Junos OS Evolved may cause a commit operation for disabling the telnet service to not take effect as expected, resulting in the telnet service staying enabled.\n\nWhen it is not intended to be operating on the device, an administrator can issue the following command to verify whether telnet is operating in the background:\n user@device > show system connections | grep :23\n tcp 0 0 0.0.0.0:23 0.0.0.0:* LISTEN 20879/xinetd\nThis issue affects:\nJuniper Networks Junos OS Evolved\nAll versions prior to 20.4R2-S2-EVO;\n21.1 version 21.1R1-EVO and later versions;\n21.2 versions prior to 21.2R2-EVO."
}
]
}
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-665 Improper Initialization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11272",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11272"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved: 20.4R2-S2-EVO, 21.2R2-EVO, 21.3R1-EVO and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA11272",
"defect": [
"1596411"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "To work around the issue, the xinetd service can be restarted manually using one of the commands below: \n\n user@device% systemctl restart xinetd\nor\n user@device% systemctl restart services-xinetd\n\nAdditionally, loopback/firewall filters can be applied to disable remote access to the telnet service.\n"
}
]
}

129
2022/22xxx/CVE-2022-22166.json
View File

@ -1,18 +1,133 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2022-01-12T17:00:00.000Z",
"ID": "CVE-2022-22166",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Junos OS: An rpd core will occur if BGP update tracing is configured and an update containing a malformed BGP SR-TE policy tunnel attribute is received"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "20.4",
"version_value": "20.4R3-S1"
},
{
"version_affected": "<",
"version_name": "21.1",
"version_value": "21.1R2-S2, 21.1R3"
},
{
"version_affected": "!<",
"version_value": "20.4R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "The following two configuration line are both required for the issue to be seen: \n [ protocols bgp ... family <family> segment-routing-te ] \n [ protocols bgp ... traceoptions flag update ]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Improper Validation of Specified Quantity in Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause an rdp crash and thereby a Denial of Service (DoS).\n\nIf a BGP update message is received over an established BGP session where a BGP SR-TE policy tunnel attribute is malformed and BGP update tracing flag is enabled, the rpd will core. This issue can happen with any BGP session as long as the previous conditions are met. This issue can not propagate as the crash occurs as soon as the malformed update is received.\nThis issue affects Juniper Networks Junos OS:\n20.4 versions prior to 20.4R3-S1;\n21.1 versions prior to 21.1R2-S2, 21.1R3.\n\nThis issue does not affect Juniper Networks Junos OS versions prior to 20.4R1."
}
]
}
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1284 Improper Validation of Specified Quantity in Input"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11274",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11274"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 20.4R3-S1, 21.1R2-S2, 21.1R3, 21.2R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA11274",
"defect": [
"1598850"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "Please remove the BGP update trace configuration that's applicable.\n\n [ protocols bgp ... traceoptions flag update ]\n"
}
]
}

177
2022/22xxx/CVE-2022-22167.json
View File

@ -1,18 +1,181 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2022-01-12T17:00:00.000Z",
"ID": "CVE-2022-22167",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Junos OS: SRX Series: If no-syn-check is enabled, traffic classified as UNKNOWN gets permitted by pre-id-default-policy"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R2-S10, 18.4R3-S10"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R3-S8"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "19.2",
"version_value": "19.2R1-S8, 19.2R3-S4"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "19.3",
"version_value": "19.3R3-S3"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "19.4",
"version_value": "19.4R3-S5"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "20.1",
"version_value": "20.1R3-S1"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "20.2",
"version_value": "20.2R3-S2"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "20.3",
"version_value": "20.3R3-S1"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "20.4",
"version_value": "20.4R2-S2, 20.4R3"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "21.1",
"version_value": "21.1R2-S2, 21.1R3"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "21.2",
"version_value": "21.2R2"
},
{
"version_affected": "!<",
"version_value": "18.4R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "This issue is only seen when the following configuration is present: \n [security flow tcp-session no-syn-check]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A traffic classification vulnerability in Juniper Networks Junos OS on the SRX Series Services Gateways may allow an attacker to bypass Juniper Deep Packet Inspection (JDPI) rules and access unauthorized networks or resources, when 'no-syn-check' is enabled on the device. While JDPI correctly classifies out-of-state asymmetric TCP flows as the dynamic-application UNKNOWN, this classification is not provided to the policy module properly and hence traffic continues to use the pre-id-default-policy, which is more permissive, causing the firewall to allow traffic to be forwarded that should have been denied.\n\nThis issue only occurs when 'set security flow tcp-session no-syn-check' is configured on the device.\n\nThis issue affects Juniper Networks Junos OS on SRX Series:\n18.4 versions prior to 18.4R2-S10, 18.4R3-S10;\n19.1 versions prior to 19.1R3-S8;\n19.2 versions prior to 19.2R1-S8, 19.2R3-S4;\n19.3 versions prior to 19.3R3-S3;\n19.4 versions prior to 19.4R3-S5;\n20.1 versions prior to 20.1R3-S1;\n20.2 versions prior to 20.2R3-S2;\n20.3 versions prior to 20.3R3-S1;\n20.4 versions prior to 20.4R2-S2, 20.4R3;\n21.1 versions prior to 21.1R2-S2, 21.1R3;\n21.2 versions prior to 21.2R2.\n\nThis issue does not affect Juniper Networks Junos OS versions prior to 18.4R1.\n"
}
]
}
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11265",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11265"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 18.4R2-S10, 18.4R3-S10, 19.1R3-S8, 19.2R1-S8, 19.2R3-S4, 19.3R3-S3, 19.4R3-S5, 20.1R3-S1, 20.2R3-S2, 20.3R3-S1, 20.4R2-S2, 20.4R3, 21.1R2-S2, 21.1R3, 21.2R2, 21.3R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA11265",
"defect": [
"1599053"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "Any of the following workarounds will mitigate this issue:\n\n1. Remove 'security flow tcp-session no-syn-check' from the configuration.\n\n2: Enable AppID cache configuration:\n set services application-identification application-system-cache security-services\n"
}
]
}

176
2022/22xxx/CVE-2022-22168.json
View File

@ -1,18 +1,180 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2022-01-12T17:00:00.000Z",
"ID": "CVE-2022-22168",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Junos OS: vMX and MX150: Specific packets might cause a memory leak and eventually an FPC reboot"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "vMX and MX150",
"version_affected": "<",
"version_value": "19.2R1-S8, 19.2R3-S4"
},
{
"platform": "vMX and MX150",
"version_affected": "<",
"version_name": "19.3",
"version_value": "19.3R3-S5"
},
{
"platform": "vMX and MX150",
"version_affected": "<",
"version_name": "19.4",
"version_value": "19.4R2-S5, 19.4R3-S6"
},
{
"platform": "vMX and MX150",
"version_affected": "<",
"version_name": "20.1",
"version_value": "20.1R3-S2"
},
{
"platform": "vMX and MX150",
"version_affected": "<",
"version_name": "20.2",
"version_value": "20.2R3-S3"
},
{
"platform": "vMX and MX150",
"version_affected": "<",
"version_name": "20.3",
"version_value": "20.3R3-S1"
},
{
"platform": "vMX and MX150",
"version_affected": "<",
"version_name": "20.4",
"version_value": "20.4R3"
},
{
"platform": "vMX and MX150",
"version_affected": "<",
"version_name": "21.1",
"version_value": "21.1R2-S1, 21.1R3"
},
{
"platform": "vMX and MX150",
"version_affected": "<",
"version_name": "21.2",
"version_value": "21.2R1-S1, 21.2R2"
},
{
"platform": "vMX and MX150",
"version_affected": "<",
"version_name": "21.3",
"version_value": "21.3R1-S1, 21.3R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Improper Validation of Specified Type of Input vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated adjacent attacker to trigger a Missing Release of Memory after Effective Lifetime vulnerability. Continued exploitation of this vulnerability will eventually lead to an FPC reboot and thereby a Denial of Service (DoS).\nThis issue affects:\nJuniper Networks Junos OS on vMX and MX150:\nAll versions prior to 19.2R1-S8, 19.2R3-S4;\n19.3 versions prior to 19.3R3-S5;\n19.4 versions prior to 19.4R2-S5, 19.4R3-S6;\n20.1 versions prior to 20.1R3-S2;\n20.2 versions prior to 20.2R3-S3;\n20.3 versions prior to 20.3R3-S1;\n20.4 versions prior to 20.4R3;\n21.1 versions prior to 21.1R2-S1, 21.1R3;\n21.2 versions prior to 21.2R1-S1, 21.2R2;\n21.3 versions prior to 21.3R1-S1, 21.3R2."
}
]
}
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1287 Improper Validation of Specified Type of Input"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-401 Missing Release of Memory after Effective Lifetime"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11275",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11275"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 19.2R1-S8, 19.2R3-S4, 19.4R2-S5, 19.4R3-S6, 20.1R3-S2, 20.2R3-S3, 20.3R3-S1, 20.4R3, 21.1R2-S1, 21.1R3, 21.2R1-S1, 21.2R2, 21.2R3, 21.3R1-S1, 21.3R2, 21.4R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA11275",
"defect": [
"1599158"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There is no viable workaround for this issue."
}
]
}

196
2022/22xxx/CVE-2022-22169.json
View File

@ -1,18 +1,200 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2022-01-12T17:00:00.000Z",
"ID": "CVE-2022-22169",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Junos OS and Junos OS Evolved: OSPFv3 session might go into INIT state upon receipt of multiple crafted packets from a trusted neighbor device."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "!",
"version_name": "12.3",
"version_value": "Any"
},
{
"version_affected": "<",
"version_name": "15.1",
"version_value": "15.1R7-S11"
},
{
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R3-S6"
},
{
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R2-S9, 18.4R3-S10"
},
{
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R2-S3, 19.1R3-S7"
},
{
"version_affected": "<",
"version_name": "19.2",
"version_value": "19.2R1-S7, 19.2R3-S4"
},
{
"version_affected": "<",
"version_name": "19.3",
"version_value": "19.3R2-S7, 19.3R3-S4"
},
{
"version_affected": "<",
"version_name": "19.4",
"version_value": "19.4R3-S6"
},
{
"version_affected": "<",
"version_name": "20.1",
"version_value": "20.1R3-S1"
},
{
"version_affected": "<",
"version_name": "20.2",
"version_value": "20.2R3-S3"
},
{
"version_affected": "<",
"version_name": "20.3",
"version_value": "20.3R3-S1"
},
{
"version_affected": "<",
"version_name": "20.4",
"version_value": "20.4R2-S2, 20.4R3"
},
{
"version_affected": "<",
"version_name": "21.1",
"version_value": "21.1R3"
},
{
"version_affected": "<",
"version_name": "21.2",
"version_value": "21.2R1-S1, 21.2R2"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "21.2R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "The following minimal configuration is required: \n\nYou must activate both OSPF and OSPF3 on one or more of the same interfaces concurrently on a device with an established peer with both OSPF and OSPF3 also activated, and sessions established. \n\nAn example of minimal details are: \n [protocols ospf]\n [protocols ospf3]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Improper Initialization vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker who sends specific packets in certain orders and at specific timings to force OSPFv3 to unexpectedly enter graceful-restart (GR helper mode) even though there is not any Grace-LSA received in OSPFv3 causing a Denial of Service (DoS). Unexpectedly entering GR helper mode might cause the OSPFv3 neighbor adjacency formed on this interface to be stuck in the \"INIT\" state which can be observed by issuing the following command: \n\n user@device> show ospf3 neighbor\n ID Interface State\n xx.xx.xx.xx ae100.0 Init <<<<<<<<<<\n\nAn indicator of compromise can be seen in log files when traceoptions for OSPFv3 are enabled before the issue occurs. These logfile messages are as follows: \n OSPF restart signaling: Received hello with LR bit set from nbr ip=xx::xx id=xx.xx.xx.xx. Set oob-resync capabilty 1.\n OSPF Restart Signaling: Start helper mode for nbr ip xx::xx id xx.xx.xx.xx\n OSPF restart signaling: abort helper mode for nbr ip=xx::xx id=xx.xx.xx.xx\n OSPF neighbor xx::xx (realm ipv6-unicast <interface.unit> area xx.xx.xx.xx) state changed from Full to Init due to 1WayRcvd (event reason: neighbor is in one-way mode) (nbr helped: 0)\n\nThis issue affects:\nJuniper Networks Junos OS.\n\n15.1 versions prior to 15.1R7-S11;\n18.3 versions prior to 18.3R3-S6;\n18.4 versions prior to 18.4R2-S9, 18.4R3-S10;\n19.1 versions prior to 19.1R2-S3, 19.1R3-S7;\n19.2 versions prior to 19.2R1-S7, 19.2R3-S4;\n19.3 versions prior to 19.3R2-S7, 19.3R3-S4;\n19.4 versions prior to 19.4R3-S6;\n20.1 versions prior to 20.1R3-S1;\n20.2 versions prior to 20.2R3-S3;\n20.3 versions prior to 20.3R3-S1;\n20.4 versions prior to 20.4R2-S2, 20.4R3;\n21.1 versions prior to 21.1R3;\n21.2 versions prior to 21.2R1-S1, 21.2R2.\n\nThis issue does not affect any version of Juniper Networks Junos OS 12.3.\n\nThis issue affects Juniper Networks Junos OS Evolved all versions prior to 21.2R2-EVO.\n"
}
]
}
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-665 Improper Initialization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11276",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11276"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue:\nJunos OS: 15.1R7-S11, 18.3R3-S6, 18.4R2-S9, 18.4R3-S10, 19.1R2-S3, 19.1R3-S7, 19.2R1-S7, 19.2R3-S4, 19.3R2-S7, 19.3R3-S4, 19.4R3-S6, 20.1R3-S1, 20.2R3-S3, 20.3R3-S1, 20.4R2-S2, 20.4R3, 21.1R3, 21.2R1-S1, 21.2R2, 21.3R1, and all subsequent releases.\n\nJunos OS Evolved: 21.2R2-EVO, 21.3R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11276",
"defect": [
"1599491"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "To work around this issue, disable the OSPF GR helper mode for OSPFv3:\n\n [protocols ospf3 graceful-restart helper-disable]\n\nThere are no other workarounds for this issue."
}
]
}

154
2022/22xxx/CVE-2022-22170.json
View File

@ -1,18 +1,158 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2022-01-12T17:00:00.000Z",
"ID": "CVE-2022-22170",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Junos OS: Specific packets over VXLAN cause FPC memory leak and ultimately reset"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "19.4",
"version_value": "19.4R2-S6, 19.4R3-S6"
},
{
"version_affected": "<",
"version_name": "20.1",
"version_value": "20.1R3-S2"
},
{
"version_affected": "<",
"version_name": "20.2",
"version_value": "20.2R3-S3"
},
{
"version_affected": "<",
"version_name": "20.3",
"version_value": "20.3R3-S1"
},
{
"version_affected": "<",
"version_name": "20.4",
"version_value": "20.4R3"
},
{
"version_affected": "<",
"version_name": "21.1",
"version_value": "21.1R3"
},
{
"version_affected": "<",
"version_name": "21.2",
"version_value": "21.2R2"
},
{
"version_affected": "!<",
"version_value": "19.4R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "For this issue to be exploitable a configuration like the following will have to exist:\n\n [ routing-instances <RI-name> instance-type virtual-switch ]\n [ routing-instances <RI-name> bridge-domains <BD-name> vlan-id <vlan#n> ]\n [ routing-instances <RI-name> bridge-domains <BD-name> vxlan ... ]\n [ interfaces ae0 unit <unit#> vlan-id <vlan#n> ]\n [ interfaces ae0 unit <unit#> family inet(6) address ... ]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Missing Release of Resource after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause a Denial of Service (DoS) by sending specific packets over VXLAN which cause heap memory to leak and on exhaustion the PFE to reset.\n\nThe heap memory utilization can be monitored with the command:\n\n user@host> show chassis fpc\nThis issue affects:\nJuniper Networks Junos OS\n19.4 versions prior to 19.4R2-S6, 19.4R3-S6;\n20.1 versions prior to 20.1R3-S2;\n20.2 versions prior to 20.2R3-S3;\n20.3 versions prior to 20.3R3-S1;\n20.4 versions prior to 20.4R3;\n21.1 versions prior to 21.1R3;\n21.2 versions prior to 21.2R2.\n\nThis issue does not affect versions of Junos OS prior to 19.4R1. "
}
]
}
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-772 Missing Release of Resource after Effective Lifetime"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11277",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11277"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following Junos OS software releases have been updated to resolve this specific issue: 19.4R2-S6, 19.4R3-S6, 20.1R3-S2, 20.2R3-S3, 20.3R3-S1, 20.4R3, 21.1R3, 21.2R2, 21.3R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11277",
"defect": [
"1602407"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no viable workarounds for this issue."
}
]
}

159
2022/22xxx/CVE-2022-22171.json
View File

@ -1,18 +1,163 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2022-01-12T17:00:00.000Z",
"ID": "CVE-2022-22171",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Junos OS: Specific packets over VXLAN cause FPC reset"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "19.4",
"version_value": "19.4R3-S7"
},
{
"version_affected": "<",
"version_name": "20.1",
"version_value": "20.1R3-S3"
},
{
"version_affected": "<",
"version_name": "20.2",
"version_value": "20.2R3-S3"
},
{
"version_affected": "<",
"version_name": "20.3",
"version_value": "20.3R3-S2"
},
{
"version_affected": "<",
"version_name": "20.4",
"version_value": "20.4R3-S1"
},
{
"version_affected": "<",
"version_name": "21.1",
"version_value": "21.1R3"
},
{
"version_affected": "<",
"version_name": "21.2",
"version_value": "21.2R2"
},
{
"version_affected": "<",
"version_name": "21.3",
"version_value": "21.3R1-S1, 21.3R2"
},
{
"version_affected": "!<",
"version_value": "19.4R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "For this issue to be exploitable a configuration like the following will have to exist:\n\n [ routing-instances <RI-name> instance-type virtual-switch ]\n [ routing-instances <RI-name> bridge-domains <BD-name> vlan-id <vlan#n> ]\n [ routing-instances <RI-name> bridge-domains <BD-name> vxlan ... ]\n [ interfaces ae0 unit <unit#> vlan-id <vlan#n> ]\n [ interfaces ae0 unit <unit#> family inet(6) address ... ]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause a Denial of Service (DoS) by sending specific packets over VXLAN which cause the PFE to reset.\nThis issue affects:\nJuniper Networks Junos OS\n19.4 versions prior to 19.4R3-S7;\n20.1 versions prior to 20.1R3-S3;\n20.2 versions prior to 20.2R3-S3;\n20.3 versions prior to 20.3R3-S2;\n20.4 versions prior to 20.4R3-S1;\n21.1 versions prior to 21.1R3;\n21.2 versions prior to 21.2R2;\n21.3 versions prior to 21.3R1-S1, 21.3R2.\n\nThis issue does not affect versions of Junos OS prior to 19.4R1. "
}
]
}
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-754 Improper Check for Unusual or Exceptional Conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11277",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11277"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following Junos OS software releases have been updated to resolve this specific issue: 19.4R3-S7, 20.1R3-S3, 20.2R3-S3, 20.3R3-S2, 20.4R3-S1, 21.1R3, 21.2R2, 21.3R1-S1, 21.3R2, 21.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11277",
"defect": [
"1625292"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "There are no viable workarounds for this issue."
}
]
}

200
2022/22xxx/CVE-2022-22172.json
View File

@ -1,18 +1,204 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2022-01-12T17:00:00.000Z",
"ID": "CVE-2022-22172",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Junos OS and Junos OS Evolved: An l2cpd memory leak can occur when specific LLDP packets are received leading to a DoS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_name": "18.4",
"version_value": "18.4R2-S4"
},
{
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R2-S10"
},
{
"version_affected": "!>=",
"version_name": "19.1",
"version_value": "19.1R1"
},
{
"version_affected": "<",
"version_name": "19.2",
"version_value": "19.2R1-S8, 19.2R3-S4"
},
{
"version_affected": "<",
"version_name": "19.3",
"version_value": "19.3R3-S5"
},
{
"version_affected": "<",
"version_name": "19.4",
"version_value": "19.4R3-S7"
},
{
"version_affected": "<",
"version_name": "20.1",
"version_value": "20.1R3-S3"
},
{
"version_affected": "<",
"version_name": "20.2",
"version_value": "20.2R3-S2"
},
{
"version_affected": "<",
"version_name": "20.3",
"version_value": "20.3R3-S1"
},
{
"version_affected": "<",
"version_name": "20.4",
"version_value": "20.4R3"
},
{
"version_affected": "<",
"version_name": "21.1",
"version_value": "21.1R2-S2, 21.1R3"
},
{
"version_affected": "<",
"version_name": "21.2",
"version_value": "21.2R2"
},
{
"version_affected": "!<",
"version_value": "18.4R2-S4"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "20.4R3-S2-EVO"
},
{
"version_affected": ">=",
"version_name": "21.1",
"version_value": "21.1R1-EVO"
},
{
"version_affected": "<",
"version_name": "21.2",
"version_value": "21.2R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "This vulnerability is only exploitable on interfaces with LLDP enabled. \n [ protocols lldp ]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Missing Release of Memory after Effective Lifetime vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a memory leak. Continued exploitation can lead to memory exhaustion and thereby a Denial of Service (DoS).\n\nThis issue occurs when specific LLDP packets are received. The impact of the l2cpd cores is that if any of the stp protocols (rstp, mstp or vstp) is used then stp re-converges and traffic loss will occur during that time. Also if any services depend on LLDP state (like PoE or VoIP device recognition) then these will also be affected.\n\nThe memory utilization of the L2CPd process can be monitored with the following command:\n\nuser@host> show system processes extensive | match l2cpd\n 1234 root 52 0 521M 43412K RUN 1 4:02 34.47% l2cpd\nThis issue affects:\nJuniper Networks Junos OS\n18.4 version 18.4R2-S4 and later versions prior to 18.4R2-S10.\n19.2 versions prior to 19.2R1-S8, 19.2R3-S4;\n19.3 versions prior to 19.3R3-S5;\n19.4 versions prior to 19.4R3-S7;\n20.1 versions prior to 20.1R3-S3;\n20.2 versions prior to 20.2R3-S2;\n20.3 versions prior to 20.3R3-S1;\n20.4 versions prior to 20.4R3;\n21.1 versions prior to 21.1R2-S2, 21.1R3;\n21.2 versions prior to 21.2R2;\n\nJuniper Networks Junos OS Evolved\nAll versions prior to 20.4R3-S2-EVO;\n21.1 version 21.1R1-EVO and later versions;\n21.2 versions prior to 21.2R2-EVO.\n\nThis issue does not affect:\nJuniper Networks Junos OS 19.1 version 19.1R1 and later versions."
}
]
}
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-401 Missing Release of Memory after Effective Lifetime"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11278",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11278"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: \nfor Junos OS: 19.2R1-S8, 19.2R3-S4, 19.3R3-S5, 19.4R3-S7, 20.1R3-S3, 20.2R3-S2, 20.3R3-S1, 20.4R3, 21.1R2-S2, 21.1R3, 21.2R2, 21.3R1, and all subsequent releases.\nfor Junos OS Evolved: 20.4R3-S2-EVO, 21.2R2-EVO, 21.3R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11278",
"defect": [
"1602588"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no viable workarounds for this issue."
}
]
}

174
2022/22xxx/CVE-2022-22173.json
View File

@ -1,18 +1,178 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2022-01-12T17:00:00.000Z",
"ID": "CVE-2022-22173",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Junos OS: CRL failing to download causes a memory leak and ultimately a DoS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "18.3R3-S6"
},
{
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R2-S9, 18.4R3-S10"
},
{
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R2-S3, 19.1R3-S7"
},
{
"version_affected": "<",
"version_name": "19.2",
"version_value": "19.2R1-S8, 19.2R3-S4"
},
{
"version_affected": "<",
"version_name": "19.3",
"version_value": "19.3R3-S4"
},
{
"version_affected": "<",
"version_name": "19.4",
"version_value": "19.4R2-S5, 19.4R3-S5"
},
{
"version_affected": "<",
"version_name": "20.1",
"version_value": "20.1R3-S1"
},
{
"version_affected": "<",
"version_name": "20.2",
"version_value": "20.2R3-S2"
},
{
"version_affected": "<",
"version_name": "20.3",
"version_value": "20.3R3-S1"
},
{
"version_affected": "<",
"version_name": "20.4",
"version_value": "20.4R3"
},
{
"version_affected": "<",
"version_name": "21.1",
"version_value": "21.1R2, 21.1R3"
},
{
"version_affected": "<",
"version_name": "21.2",
"version_value": "21.2R1-S1, 21.2R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "To be affected a system would need to be configured with:\n\n [ security pki ca-profile <ca-profile-name> revocation-check crl url <url-name> ]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Missing Release of Memory after Effective Lifetime vulnerability in the Public Key Infrastructure daemon (pkid) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause Denial of Service (DoS).\n\nIn a scenario where Public Key Infrastructure (PKI) is used in combination with Certificate Revocation List (CRL), if the CRL fails to download the memory allocated to store the CRL is not released. Repeated occurrences will eventually consume all available memory and lead to an inoperable state of the affected system causing a DoS.\nThis issue affects Juniper Networks Junos OS:\nAll versions prior to 18.3R3-S6;\n18.4 versions prior to 18.4R2-S9, 18.4R3-S10;\n19.1 versions prior to 19.1R2-S3, 19.1R3-S7;\n19.2 versions prior to 19.2R1-S8, 19.2R3-S4;\n19.3 versions prior to 19.3R3-S4;\n19.4 versions prior to 19.4R2-S5, 19.4R3-S5;\n20.1 versions prior to 20.1R3-S1;\n20.2 versions prior to 20.2R3-S2;\n20.3 versions prior to 20.3R3-S1;\n20.4 versions prior to 20.4R3;\n21.1 versions prior to 21.1R2, 21.1R3;\n21.2 versions prior to 21.2R1-S1, 21.2R2.\n\nThis issue can be observed by monitoring the memory utilization of the pkid process via:\n\n root@jtac-srx1500-r2003> show system processes extensive | match pki \n 20931 root 20 0 733M 14352K select 0:00 0.00% pkid\n\nwhich increases over time:\n\n root@jtac-srx1500-r2003> show system processes extensive | match pki \n 22587 root 20 0 901M 181M select 0:03 0.00% pkid"
}
]
}
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-401 Improper Release of Memory Before Removing Last Reference"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11279",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11279"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 18.3R3-S6, 18.4R2-S9, 18.4R3-S10, 19.1R2-S3, 19.1R3-S7, 19.2R1-S8, 19.2R3-S4, 19.3R3-S4, 19.4R2-S5, 19.4R3-S5, 20.1R3-S1, 20.2R3-S2, 20.3R3-S1, 20.4R3, 21.1R2, 21.1R3, 21.2R1-S1, 21.2R2, 21.3R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA11279",
"defect": [
"1602815"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no viable workarounds for this issue."
}
]
}

218
2022/22xxx/CVE-2022-22174.json
View File

@ -1,18 +1,222 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2022-01-12T17:00:00.000Z",
"ID": "CVE-2022-22174",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Junos OS: QFX5000 Series, EX4600: Device may run out of memory, causing traffic loss, upon receipt of specific IPv6 packets"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "QFX5000 Series, EX4600",
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R3-S6"
},
{
"platform": "QFX5000 Series, EX4600",
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R2-S9, 18.4R3-S9"
},
{
"platform": "QFX5000 Series, EX4600",
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R2-S3, 19.1R3-S7"
},
{
"platform": "QFX5000 Series, EX4600",
"version_affected": "<",
"version_name": "19.2",
"version_value": "19.2R1-S8, 19.2R3-S3"
},
{
"platform": "QFX5000 Series, EX4600",
"version_affected": "<",
"version_name": "19.3",
"version_value": "19.3R2-S7, 19.3R3-S4"
},
{
"platform": "QFX5000 Series, EX4600",
"version_affected": "<",
"version_name": "19.4",
"version_value": "19.4R2-S5, 19.4R3-S6"
},
{
"platform": "QFX5000 Series, EX4600",
"version_affected": "<",
"version_name": "20.1",
"version_value": "20.1R3-S1"
},
{
"platform": "QFX5000 Series, EX4600",
"version_affected": "<",
"version_name": "20.2",
"version_value": "20.2R3-S2"
},
{
"platform": "QFX5000 Series, EX4600",
"version_affected": "<",
"version_name": "20.3",
"version_value": "20.3R3-S1"
},
{
"platform": "QFX5000 Series, EX4600",
"version_affected": "<",
"version_name": "20.4",
"version_value": "20.4R3"
},
{
"platform": "QFX5000 Series, EX4600",
"version_affected": "<",
"version_name": "21.1",
"version_value": "21.1R2-S1, 21.1R3"
},
{
"platform": "QFX5000 Series, EX4600",
"version_affected": "<",
"version_name": "21.2",
"version_value": "21.2R1-S1, 21.2R2"
},
{
"version_affected": "!<",
"version_value": "17.4R3"
},
{
"version_affected": "!<",
"version_name": "18.1",
"version_value": "18.1R3-S6"
},
{
"version_affected": "!<",
"version_name": "18.2",
"version_value": "18.2R3"
},
{
"version_affected": "!<",
"version_name": "18.3",
"version_value": "18.3R3"
},
{
"version_affected": "!<",
"version_name": "18.4",
"version_value": "18.4R2"
},
{
"version_affected": "!<",
"version_name": "19.1",
"version_value": "19.1R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the processing of inbound IPv6 packets in Juniper Networks Junos OS on QFX5000 Series and EX4600 switches may cause the memory to not be freed, leading to a packet DMA memory leak, and eventual Denial of Service (DoS) condition. Once the condition occurs, further packet processing will be impacted, creating a sustained Denial of Service (DoS) condition.\n\nThe following error logs may be observed using the \"show heap\" command and the device may eventually run out of memory if such packets are received continuously.\n\n\n Jan 12 12:00:00 device-name fpc0 (buf alloc) failed allocating packet buffer\n Jan 12 12:00:01 device-name fpc0 (buf alloc) failed allocating packet buffer\n\n\n user@device-name> request pfe execute target fpc0 timeout 30 command \"show heap\"\n\n\n ID Base Total(b) Free(b) Used(b) % Name\n -- ---------- ----------- ----------- ----------- --- -----------\n 0 246fc1a8 536870488 353653752 183216736 34 Kernel\n 1 91800000 16777216 12069680 4707536 28 DMA\n 2 92800000 75497472 69997640 5499832 7 PKT DMA DESC\n 3 106fc000 335544320 221425960 114118360 34 Bcm_sdk\n 4 97000000 176160768 200 176160568 99 Packet DMA <<<<<<<<<<<<<<\n 5 903fffe0 20971504 20971504 0 0 Blob\nThis issue affects Juniper Networks Junos OS on QFX5000 Series, EX4600:\n18.3R3 versions prior to 18.3R3-S6;\n18.4 versions prior to 18.4R2-S9, 18.4R3-S9;\n19.1 versions prior to 19.1R2-S3, 19.1R3-S7;\n19.2 versions prior to 19.2R1-S8, 19.2R3-S3;\n19.3 versions prior to 19.3R2-S7, 19.3R3-S4;\n19.4 versions prior to 19.4R2-S5, 19.4R3-S6;\n20.1 versions prior to 20.1R3-S1;\n20.2 versions prior to 20.2R3-S2;\n20.3 versions prior to 20.3R3-S1;\n20.4 versions prior to 20.4R3;\n21.1 versions prior to 21.1R2-S1, 21.1R3;\n21.2 versions prior to 21.2R1-S1, 21.2R2.\n\nThis issue does not affect Juniper Networks Junos OS:\nAny versions prior to 17.4R3;\n18.1 versions prior to 18.1R3-S6;\n18.2 versions prior to 18.2R3;\n18.3 versions prior to 18.3R3;\n18.4 versions prior to 18.4R2;\n19.1 versions prior to 19.1R2."
}
]
}
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-755 Improper Handling of Exceptional Conditions"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-401 Improper Release of Memory Before Removing Last Reference"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11280",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11280"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 18.3R3-S6, 18.4R2-S9, 18.4R3-S9, 19.1R2-S3, 19.1R3-S7, 19.2R1-S8, 19.2R3-S3, 19.3R2-S7, 19.3R3-S4, 19.4R2-S5, 19.4R3-S6, 20.1R3-S1, 20.2R3-S2, 20.3R3-S1, 20.4R3, 21.1R2-S1, 21.1R3, 21.2R1-S1, 21.2R2, 21.3R1, 21.4R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA11280",
"defect": [
"1603531"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no viable workarounds for this issue."
}
]
}

144
2022/22xxx/CVE-2022-22175.json
View File

@ -1,18 +1,148 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2022-01-12T17:00:00.000Z",
"ID": "CVE-2022-22175",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Junos OS: MX Series and SRX Series: The flowd daemon will crash if the SIP ALG is enabled and specific SIP messages are processed"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "MX Series, SRX Series",
"version_affected": "<",
"version_name": "20.4",
"version_value": "20.4R3-S1"
},
{
"platform": "MX Series, SRX Series",
"version_affected": "<",
"version_name": "21.1",
"version_value": "21.1R2-S2, 21.1R3"
},
{
"platform": "MX Series, SRX Series",
"version_affected": "<",
"version_name": "21.2",
"version_value": "21.2R1-S2, 21.2R2"
},
{
"platform": "MX Series, SRX Series",
"version_affected": "<",
"version_name": "21.3",
"version_value": "21.3R1-S1, 21.3R2"
},
{
"platform": "MX Series, SRX Series",
"version_affected": "!<",
"version_value": "20.4R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "To be affected the SIP ALG needs to be enabled, either implicitly / by default or by way of configuration. Please verify on SRX with:\n\n user@host> show security alg status | match sip\n SIP : Enabled\n\nPlease verify on MX whether the following is configured:\n\n [ ... services alg sip ]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Improper Locking vulnerability in the SIP ALG of Juniper Networks Junos OS on MX Series and SRX Series allows an unauthenticated networked attacker to cause a flowprocessing daemon (flowd) crash and thereby a Denial of Service (DoS). Continued receipt of these specific packets will cause a sustained Denial of Service condition.\n\nThis issue can occur in a scenario where the SIP ALG is enabled and specific SIP messages are being processed simultaneously.\nThis issue affects:\nJuniper Networks Junos OS on MX Series and SRX Series\n20.4 versions prior to 20.4R3-S1;\n21.1 versions prior to 21.1R2-S2, 21.1R3;\n21.2 versions prior to 21.2R1-S2, 21.2R2;\n21.3 versions prior to 21.3R1-S1, 21.3R2.\n\nThis issue does not affect Juniper Networks Junos OS versions prior to 20.4R1."
}
]
}
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-667 Improper Locking"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11281",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11281"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 20.4R3-S1, 21.1R2-S2, 21.1R3, 21.2R1-S2, 21.2R2, 21.3R1-S1, 21.3R2, 21.4R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA11281",
"defect": [
"1604123"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no viable workarounds for this issue."
}
]
}

188
2022/22xxx/CVE-2022-22176.json
View File

@ -1,18 +1,192 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2022-01-12T17:00:00.000Z",
"ID": "CVE-2022-22176",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Junos OS: In a scenario with dhcp-security and option-82 configured jdhcpd crashes upon receipt of a malformed DHCP packet"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_name": "13.2",
"version_value": "13.2R1"
},
{
"version_affected": "<",
"version_value": "15.1R7-S11"
},
{
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R3-S6"
},
{
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R2-S9, 18.4R3-S10"
},
{
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R2-S3, 19.1R3-S7"
},
{
"version_affected": "<",
"version_name": "19.2",
"version_value": "19.2R1-S8, 19.2R3-S4"
},
{
"version_affected": "<",
"version_name": "19.3",
"version_value": "19.3R2-S7, 19.3R3-S4"
},
{
"version_affected": "<",
"version_name": "19.4",
"version_value": "19.4R3-S6"
},
{
"version_affected": "<",
"version_name": "20.1",
"version_value": "20.1R3-S3"
},
{
"version_affected": "<",
"version_name": "20.2",
"version_value": "20.2R3-S3"
},
{
"version_affected": "<",
"version_name": "20.3",
"version_value": "20.3R3-S1"
},
{
"version_affected": "<",
"version_name": "20.4",
"version_value": "20.4R3"
},
{
"version_affected": "<",
"version_name": "21.1",
"version_value": "21.1R2-S1, 21.1R3"
},
{
"version_affected": "<",
"version_name": "21.2",
"version_value": "21.2R1-S1, 21.2R2"
},
{
"version_affected": "!<=",
"version_value": "12.3R12"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "For a device to be affected at least one of the following configuration statements needs to be present:\n\n [ bridge-domains <bridge-domain-name> forwarding-options dhcp-security option-82 ... ]\nor\n [ vlans <vlan-name> forwarding-options dhcp-security option-82 ... ]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Improper Validation of Syntactic Correctness of Input vulnerability in the Juniper DHCP daemon (jdhcpd) of Juniper Networks Junos OS allows an adjacent unauthenticated attacker sending a malformed DHCP packet to cause a crash of jdhcpd and thereby a Denial of Service (DoS).\n\nIf option-82 is configured in a DHCP snooping / -security scenario, jdhcpd crashes if a specific malformed DHCP request packet is received. The DHCP functionality is impacted while jdhcpd restarts, and continued exploitation of the vulnerability will lead to the unavailability of the DHCP service and thereby a sustained DoS.\n\n\nThis issue affects Juniper Networks Junos OS\n13.2 version 13.2R1 and later versions prior to 15.1R7-S11;\n18.3 versions prior to 18.3R3-S6;\n18.4 versions prior to 18.4R2-S9, 18.4R3-S10;\n19.1 versions prior to 19.1R2-S3, 19.1R3-S7;\n19.2 versions prior to 19.2R1-S8, 19.2R3-S4;\n19.3 versions prior to 19.3R2-S7, 19.3R3-S4;\n19.4 versions prior to 19.4R3-S6;\n20.1 versions prior to 20.1R3-S3;\n20.2 versions prior to 20.2R3-S3;\n20.3 versions prior to 20.3R3-S1;\n20.4 versions prior to 20.4R3;\n21.1 versions prior to 21.1R2-S1, 21.1R3;\n21.2 versions prior to 21.2R1-S1, 21.2R2.\n\nThis issue does not affect Juniper Networks Junos OS version 12.3R12 and prior versions."
}
]
}
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1286 Improper Validation of Syntactic Correctness of Input"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11282",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11282"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 15.1R7-S11, 18.3R3-S6, 18.4R2-S9, 18.4R3-S10, 19.1R2-S3, 19.1R3-S7, 19.2R1-S8, 19.2R3-S4, 19.3R2-S7, 19.3R3-S4, 19.4R3-S6, 20.1R3-S3, 20.2R3-S3, 20.3R3-S1, 20.4R3, 21.1R2-S1, 21.1R3, 21.2R1-S1, 21.2R2, 21.3R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA11282",
"defect": [
"1606794"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no known workarounds for this issue."
}
]
}

219
2022/22xxx/CVE-2022-22177.json
View File

@ -1,18 +1,223 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2022-01-12T17:00:00.000Z",
"ID": "CVE-2022-22177",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Junos OS and Junos OS Evolved: After receiving a specific number of crafted packets snmpd will segmentation fault (SIGSEGV) requiring a manual restart."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "12.3",
"version_value": "12.3R12-S20"
},
{
"version_affected": "<",
"version_name": "15.1",
"version_value": "15.1R7-S11"
},
{
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R3-S6"
},
{
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R2-S9, 18.4R3-S10"
},
{
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R2-S3, 19.1R3-S7"
},
{
"version_affected": "<",
"version_name": "19.2",
"version_value": "19.2R1-S8, 19.2R3-S4"
},
{
"version_affected": "<",
"version_name": "19.3",
"version_value": "19.3R3-S4"
},
{
"version_affected": "<",
"version_name": "19.4",
"version_value": "19.4R2-S5, 19.4R3-S6"
},
{
"version_affected": "<",
"version_name": "20.1",
"version_value": "20.1R3-S2"
},
{
"version_affected": "<",
"version_name": "20.2",
"version_value": "20.2R3-S3"
},
{
"version_affected": "<",
"version_name": "20.3",
"version_value": "20.3R3-S1"
},
{
"version_affected": "<",
"version_name": "20.4",
"version_value": "20.4R3"
},
{
"version_affected": "<",
"version_name": "21.1",
"version_value": "21.1R2-S2, 21.1R3"
},
{
"version_affected": "<",
"version_name": "21.2",
"version_value": "21.2R1-S2, 21.2R2"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "21.2R3-EVO"
},
{
"version_affected": "<",
"version_name": "21.3",
"version_value": "21.3R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "The following minimal configuration is needed: \n [snmp community 'community-name\"] using a Read Write (RW) Community \n\nRead Only (RO) communities are not impacted by this issue."
}
],
"credit": [
{
"lang": "eng",
"value": "Nanyu Zhong and Yu Zhang of VARAS at the Institute of Information Engineering"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A release of illegal memory vulnerability in the snmpd daemon of Juniper Networks Junos OS, Junos OS Evolved allows an attacker to halt the snmpd daemon causing a sustained Denial of Service (DoS) to the service until it is manually restarted.\n\nThis issue impacts any version of SNMP v1,v2, v3\n\n \nThis issue affects:\nJuniper Networks Junos OS\n12.3 versions prior to 12.3R12-S20;\n15.1 versions prior to 15.1R7-S11;\n18.3 versions prior to 18.3R3-S6;\n18.4 versions prior to 18.4R2-S9, 18.4R3-S10;\n19.1 versions prior to 19.1R2-S3, 19.1R3-S7;\n19.2 versions prior to 19.2R1-S8, 19.2R3-S4;\n19.3 versions prior to 19.3R3-S4;\n19.4 versions prior to 19.4R2-S5, 19.4R3-S6;\n20.1 versions prior to 20.1R3-S2;\n20.2 versions prior to 20.2R3-S3;\n20.3 versions prior to 20.3R3-S1;\n20.4 versions prior to 20.4R3;\n21.1 versions prior to 21.1R2-S2, 21.1R3;\n21.2 versions prior to 21.2R1-S2, 21.2R2.\n\nJuniper Networks Junos OS Evolved\n21.2 versions prior to 21.2R3-EVO;\n21.3 versions prior to 21.3R2-EVO."
}
]
}
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Release of illegal memory"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-755 Improper Handling of Exceptional Conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11283",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11283"
},
{
"refsource": "MISC",
"url": "https://www.juniper.net/documentation/us/en/software/junos/network-mgmt/topics/ref/statement/client-list-edit-snmp.html"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue:\nJunos OS: 12.3R12-S20, 15.1R7-S11, 18.3R3-S6, 18.4R2-S9, 18.4R3-S10, 19.1R2-S3, 19.1R3-S7, 19.2R1-S8, 19.2R3-S4, 19.3R3-S4, 19.4R2-S5, 19.4R3-S6, 20.1R3-S2, 20.2R3-S3, 20.3R3-S1, 20.4R3, 21.1R2-S2, 21.1R3, 21.2R1-S2, 21.2R2, 21.3R1, and all subsequ ent releases.\n\nJunos OS Evolved: 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11283",
"defect": [
"1613874"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "There are no workarounds for this issue. \n\nFor V1, V2 you can reduce the risk of exploitation by configuring the client-list to limit access to network management system (NMS) machines. \n\nSee the Network Management and Monitoring Guide for further instructions.\n\nexample:\n\n [snmp client-list client-list-name \"ip-addresses\";]\n\nFor V3 you can reduce the risk of exploitation by configuring SNMP security to trusted devices only. \n\nFor any release of SNMP you can reduce the risk of exploitation by implementing source and destination IP filter rules as well as using Read Only communities where possible.\n\nRegardless of these risk reduction methods, an attacker able to spoof trusted IP addresses can send the attack to an exposed and reachable SNMP RW community.\n "
}
]
}

144
2022/22xxx/CVE-2022-22178.json
View File

@ -1,18 +1,148 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2022-01-12T17:00:00.000Z",
"ID": "CVE-2022-22178",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Junos OS: MX and SRX series: Flowd core observed if the SIP ALG is enabled and a specific Session Initiation Protocol (SIP) packet is received"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "MX Series, SRX series",
"version_affected": "<",
"version_name": "20.4",
"version_value": "20.4R3-S2"
},
{
"platform": "MX Series, SRX series",
"version_affected": "<",
"version_name": "21.1",
"version_value": "21.1R2-S1, 21.1R3"
},
{
"platform": "MX Series, SRX series",
"version_affected": "<",
"version_name": "21.2",
"version_value": "21.2R2"
},
{
"platform": "MX Series, SRX series",
"version_affected": "<",
"version_name": "21.3",
"version_value": "21.3R2"
},
{
"platform": "MX Series, SRX series",
"version_affected": "!<",
"version_value": "20.4R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "To be affected the SIP ALG needs to be enabled, either implicitly / by default or by way of configuration. Please verify on SRX with:\n\n user@host> show security alg status | match sip\n SIP : Enabled\n\nPlease verify on MX whether the following is configured:\n\n [ ... services alg sip ]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Stack-based Buffer Overflow vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on MX Series and SRX series allows an unauthenticated networked attacker to cause a flowd crash and thereby a Denial of Service (DoS). Continued receipt of these specific packets will cause a sustained Denial of Service condition.\n\nThis issue can be triggered by a specific Session Initiation Protocol (SIP) invite packet if the SIP ALG is enabled. Due to this, the PIC will be rebooted and all traffic that traverses the PIC will be dropped.\nThis issue affects:\nJuniper Networks Junos OS\n20.4 versions prior to 20.4R3-S2;\n21.1 versions prior to 21.1R2-S1, 21.1R3;\n21.2 versions prior to 21.2R2;\n21.3 versions prior to 21.3R2.\n\nThis issue does not affect Juniper Networks Junos OS versions prior to 20.4R1."
}
]
}
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11284",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11284"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 20.4R3-S2, 21.1R2-S1, 21.1R3, 21.2R2, 21.2R3, 21.3R2, 21.4R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA11284",
"defect": [
"1615438"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no viable workarounds for this issue."
}
]
}

180
2022/22xxx/CVE-2022-22179.json
View File

@ -1,18 +1,184 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2022-01-12T17:00:00.000Z",
"ID": "CVE-2022-22179",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Junos OS: jdhcpd crashes upon receiving a specific DHCP packet"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_name": "17.4",
"version_value": "17.4R1"
},
{
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R3-S10"
},
{
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R3-S7"
},
{
"version_affected": "<",
"version_name": "19.2",
"version_value": "19.2R1-S8, 19.2R3-S4"
},
{
"version_affected": "<",
"version_name": "19.3",
"version_value": "19.3R3-S4"
},
{
"version_affected": "<",
"version_name": "19.4",
"version_value": "19.4R3-S6"
},
{
"version_affected": "<",
"version_name": "20.1",
"version_value": "20.1R3-S2"
},
{
"version_affected": "<",
"version_name": "20.2",
"version_value": "20.2R3-S3"
},
{
"version_affected": "<",
"version_name": "20.3",
"version_value": "20.3R3-S2"
},
{
"version_affected": "<",
"version_name": "20.4",
"version_value": "20.4R3-S1"
},
{
"version_affected": "<",
"version_name": "21.1",
"version_value": "21.1R2-S2, 21.1R3"
},
{
"version_affected": "<",
"version_name": "21.2",
"version_value": "21.2R1-S2, 21.2R2, 21.2R3"
},
{
"version_affected": "<",
"version_name": "21.3",
"version_value": "21.3R1-S1, 21.3R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "To be affected a device must be configured with:\n\n[ forwarding-options dhcp-relay group <group-name> interface ... ]\nor\n[ system services dhcp-local-server group <group-name> interface ... ]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Improper Validation of Specified Index, Position, or Offset in Input vulnerability in the Juniper DHCP daemon (jdhcpd) of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to cause a crash of jdhcpd and thereby a Denial of Service (DoS).\n\nIn a scenario where DHCP relay or local server is configured the problem can be triggered if a DHCPv4 packet with specific options is received leading to a corruption of the options read from the packet. This corruption can then lead to jdhcpd crash and restart.\nThis issue affects:\nJuniper Networks Junos OS\n17.4R1 and later versions prior to 18.4R3-S10;\n19.1 versions prior to 19.1R3-S7;\n19.2 versions prior to 19.2R1-S8, 19.2R3-S4;\n19.3 versions prior to 19.3R3-S4;\n19.4 versions prior to 19.4R3-S6;\n20.1 versions prior to 20.1R3-S2;\n20.2 versions prior to 20.2R3-S3;\n20.3 versions prior to 20.3R3-S2;\n20.4 versions prior to 20.4R3-S1;\n21.1 versions prior to 21.1R2-S2, 21.1R3;\n21.2 versions prior to 21.2R1-S2, 21.2R2, 21.2R3;\n21.3 versions prior to 21.3R1-S1, 21.3R2."
}
]
}
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "1285"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11285",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11285"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 18.4R3-S10, 19.1R3-S7, 19.2R1-S8, 19.2R3-S4, 19.3R3-S4, 19.4R3-S6, 20.1R3-S2, 20.2R3-S3, 20.3R3-S2, 20.4R3-S1, 21.1R2-S2, 21.1R3, 21.2R1-S2, 21.2R2, 21.2R3, 21.3R1-S1, 21.3R2, 21.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11285",
"defect": [
"1618977"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no viable workarounds for this issue."
}
]
}

185
2022/22xxx/CVE-2022-22180.json
View File

@ -1,18 +1,189 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2022-01-12T17:00:00.000Z",
"ID": "CVE-2022-22180",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Junos OS: EX2300 Series, EX2300-MP Series, EX3400 Series: A slow memory leak due to processing of specific IPv6 packets"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "EX2300 Series, EX2300-MP Series, EX3400 Series",
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R2-S10, 18.4R3-S10"
},
{
"platform": "EX2300 Series, EX2300-MP Series, EX3400 Series",
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R3-S7"
},
{
"platform": "EX2300 Series, EX2300-MP Series, EX3400 Series",
"version_affected": "<",
"version_name": "19.2",
"version_value": "19.2R1-S8, 19.2R3-S4"
},
{
"platform": "EX2300 Series, EX2300-MP Series, EX3400 Series",
"version_affected": "<",
"version_name": "19.3",
"version_value": "19.3R3-S5"
},
{
"platform": "EX2300 Series, EX2300-MP Series, EX3400 Series",
"version_affected": "<",
"version_name": "19.4",
"version_value": "19.4R3-S7"
},
{
"platform": "EX2300 Series, EX2300-MP Series, EX3400 Series",
"version_affected": "<",
"version_name": "20.1",
"version_value": "20.1R3-S3"
},
{
"platform": "EX2300 Series, EX2300-MP Series, EX3400 Series",
"version_affected": "<",
"version_name": "20.2",
"version_value": "20.2R3-S3"
},
{
"platform": "EX2300 Series, EX2300-MP Series, EX3400 Series",
"version_affected": "<",
"version_name": "20.3",
"version_value": "20.3R3-S2"
},
{
"platform": "EX2300 Series, EX2300-MP Series, EX3400 Series",
"version_affected": "<",
"version_name": "20.4",
"version_value": "20.4R3-S1"
},
{
"platform": "EX2300 Series, EX2300-MP Series, EX3400 Series",
"version_affected": "<",
"version_name": "21.1",
"version_value": "21.1R2-S2, 21.1R3"
},
{
"platform": "EX2300 Series, EX2300-MP Series, EX3400 Series",
"version_affected": "<",
"version_name": "21.2",
"version_value": "21.2R1-S2, 21.2R2"
},
{
"platform": "EX2300 Series, EX2300-MP Series, EX3400 Series",
"version_affected": "<",
"version_name": "21.3",
"version_value": "21.3R1-S1, 21.3R2"
},
{
"version_affected": "!<",
"version_value": "18.4R2-S10, 18.4R3-S10"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the processing of specific IPv6 packets on certain EX Series devices may lead to exhaustion of DMA memory causing a Denial of Service (DoS). Over time, exploitation of this vulnerability may cause traffic to stop being forwarded, or a crash of the fxpc process.\n\nAn indication of the issue occurring may be observed through the following log messages:\n Sep 13 17:14:59 hostname : %PFE-3: fpc0 (buf alloc) failed allocating packet buffer\n Sep 13 17:14:59 hostname : %PFE-7: fpc0 brcm_pkt_buf_alloc:393 (buf alloc) failed allocating packet buffer\n\nWhen Packet DMA heap utilization reaches 99%, the system will become unstable. Packet DMA heap utilization can be monitored using the command:\n user@junos# request pfe execute target fpc0 timeout 30 command \"show heap\" \n ID Base Total(b) Free(b) Used(b) % Name\n -- ---------- ----------- ----------- ----------- --- -----------\n 0 213301a8 536870488 387228840 149641648 27 Kernel\n 1 91800000 8388608 3735120 4653488 55 DMA\n 2 92000000 75497472 74452192 1045280 1 PKT DMA DESC\n 3 d330000 335544320 257091400 78452920 23 Bcm_sdk\n 4 96800000 184549376 2408 184546968 99 Packet DMA <<<<\n 5 903fffe0 20971504 20971504 0 0 Blob\n\n\nThis issue affects:\nJuniper Networks Junos OS\n18.4 versions prior to 18.4R2-S10, 18.4R3-S10 on EX2300 Series, EX2300-MP Series, EX3400 Series;\n19.1 versions prior to 19.1R3-S7 on EX2300 Series, EX2300-MP Series, EX3400 Series;\n19.2 versions prior to 19.2R1-S8, 19.2R3-S4 on EX2300 Series, EX2300-MP Series, EX3400 Series;\n19.3 versions prior to 19.3R3-S5 on EX2300 Series, EX2300-MP Series, EX3400 Series;\n19.4 versions prior to 19.4R3-S7 on EX2300 Series, EX2300-MP Series, EX3400 Series;\n20.1 versions prior to 20.1R3-S3 on EX2300 Series, EX2300-MP Series, EX3400 Series;\n20.2 versions prior to 20.2R3-S3 on EX2300 Series, EX2300-MP Series, EX3400 Series;\n20.3 versions prior to 20.3R3-S2 on EX2300 Series, EX2300-MP Series, EX3400 Series;\n20.4 versions prior to 20.4R3-S1 on EX2300 Series, EX2300-MP Series, EX3400 Series;\n21.1 versions prior to 21.1R2-S2, 21.1R3 on EX2300 Series, EX2300-MP Series, EX3400 Series;\n21.2 versions prior to 21.2R1-S2, 21.2R2 on EX2300 Series, EX2300-MP Series, EX3400 Series;\n21.3 versions prior to 21.3R1-S1, 21.3R2 on EX2300 Series, EX2300-MP Series, EX3400 Series."
}
]
}
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-754 Improper Check for Unusual or Exceptional Conditions"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11286",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11286"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 18.4R2-S10, 18.4R3-S10, 19.1R3-S7, 19.2R1-S8, 19.2R3-S4, 19.4R3-S7, 20.1R3-S3, 20.2R3-S3, 20.3R3-S2, 20.4R3-S1, 21.1R2-S2, 21.1R3, 21.2R1-S2, 21.2R2, 21.2R3, 21.3R1-S1, 21.3R2, 21.4R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA11286",
"defect": [
"1619970"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "If IPv6 is not used in the environment, to prevent the issue an administrator can apply a firewall filter for blocking IPv6 packets on the ingress port where the traffic might be received:\n [firewall family ethernet-switching filter BLOCK-IPv6 interface-specific]\n [firewall family ethernet-switching filter BLOCK-IPv6 term 1 from ether-type ipv6]\n [firewall family ethernet-switching filter BLOCK-IPv6 term 1 then discard]\n [firewall family ethernet-switching filter BLOCK-IPv6 term 1 then count BLOCK-IPv6_COUNT]\n [firewall family ethernet-switching filter BLOCK-IPv6 term default then accept]\n [interfaces <interface ID> family ethernet-switching filter input BLOCK-IPv6]\n"
}
]
}