mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
177 lines
7.4 KiB
JSON
177 lines
7.4 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2024-47507",
|
|
"ASSIGNER": "sirt@juniper.net",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an integrity impact to the downstream devices.\n\nWhen a peer sends a BGP update message which contains the aggregator attribute with an ASN value of zero (0), rpd accepts and propagates this attribute, which can cause issues for downstream BGP peers receiving this.\n\n\n\nThis issue affects:\n\nJunos OS:\n\n\n\n * All versions before 21.4R3-S6,\n * 22.2 versions before 22.2R3-S3,\n * 22.4 versions before 22.4R3;\u00a0\n\n\n\n\n\n\n\nJunos OS Evolved:\u00a0\n\n\n\n * All versions before 21.4R3-S7-EVO,\n * 22.2 versions before 22.2R3-S4-EVO,\n * 22.4 versions before 22.4R3-EVO."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
|
|
"cweId": "CWE-754"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "Juniper Networks",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Junos OS",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "<",
|
|
"version_name": "0",
|
|
"version_value": "21.4R3-S6"
|
|
},
|
|
{
|
|
"version_affected": "<",
|
|
"version_name": "22.2",
|
|
"version_value": "22.2R3-S3"
|
|
},
|
|
{
|
|
"version_affected": "<",
|
|
"version_name": "22.4",
|
|
"version_value": "22.4R3"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "Junos OS Evolved",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "<",
|
|
"version_name": "0",
|
|
"version_value": "21.4R3-S7-EVO"
|
|
},
|
|
{
|
|
"version_affected": "<",
|
|
"version_name": "22.2",
|
|
"version_value": "22.2R3-S4-EVO"
|
|
},
|
|
{
|
|
"version_affected": "<",
|
|
"version_name": "22.4",
|
|
"version_value": "22.4R3-EVO"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://supportportal.juniper.net/JSA88138",
|
|
"refsource": "MISC",
|
|
"name": "https://supportportal.juniper.net/JSA88138"
|
|
}
|
|
]
|
|
},
|
|
"generator": {
|
|
"engine": "Vulnogram 0.1.0-dev"
|
|
},
|
|
"source": {
|
|
"advisory": "JSA88138",
|
|
"defect": [
|
|
"1708088"
|
|
],
|
|
"discovery": "USER"
|
|
},
|
|
"configuration": [
|
|
{
|
|
"lang": "en",
|
|
"supportingMedia": [
|
|
{
|
|
"base64": false,
|
|
"type": "text/html",
|
|
"value": "To be exposed to this issue a minimal BGP configuration like the following is required:<br><br><tt>[ protocols bgp group <name> neighbor ... ]</tt>"
|
|
}
|
|
],
|
|
"value": "To be exposed to this issue a minimal BGP configuration like the following is required:\n\n[ protocols bgp group <name> neighbor ... ]"
|
|
}
|
|
],
|
|
"work_around": [
|
|
{
|
|
"lang": "en",
|
|
"supportingMedia": [
|
|
{
|
|
"base64": false,
|
|
"type": "text/html",
|
|
"value": "There are no known workarounds for this issue."
|
|
}
|
|
],
|
|
"value": "There are no known workarounds for this issue."
|
|
}
|
|
],
|
|
"exploit": [
|
|
{
|
|
"lang": "en",
|
|
"supportingMedia": [
|
|
{
|
|
"base64": false,
|
|
"type": "text/html",
|
|
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
|
|
}
|
|
],
|
|
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
|
|
}
|
|
],
|
|
"solution": [
|
|
{
|
|
"lang": "en",
|
|
"supportingMedia": [
|
|
{
|
|
"base64": false,
|
|
"type": "text/html",
|
|
"value": "The following software releases have been updated to resolve this specific issue:<br>Junos OS Evolved: 21.4R3-S7-EVO, 22.2R3-S4-EVO, 22.4R3-EVO, 23.2R1-EVO, and all subsequent releases;<br>Junos OS: 21.4R3-S6, 22.1R3-S6, 22.2R3-S3, 22.4R3, 23.2R1, and all subsequent releases."
|
|
}
|
|
],
|
|
"value": "The following software releases have been updated to resolve this specific issue:\nJunos OS Evolved: 21.4R3-S7-EVO, 22.2R3-S4-EVO, 22.4R3-EVO, 23.2R1-EVO, and all subsequent releases;\nJunos OS: 21.4R3-S6, 22.1R3-S6, 22.2R3-S3, 22.4R3, 23.2R1, and all subsequent releases."
|
|
}
|
|
],
|
|
"impact": {
|
|
"cvss": [
|
|
{
|
|
"attackComplexity": "LOW",
|
|
"attackVector": "NETWORK",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 5.8,
|
|
"baseSeverity": "MEDIUM",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"scope": "CHANGED",
|
|
"userInteraction": "NONE",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
|
|
"version": "3.1"
|
|
}
|
|
]
|
|
}
|
|
} |