mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
190 lines
9.1 KiB
JSON
190 lines
9.1 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "sirt@juniper.net",
|
|
"DATE_PUBLIC": "2022-04-13T16:00:00.000Z",
|
|
"ID": "CVE-2022-22191",
|
|
"STATE": "PUBLIC",
|
|
"TITLE": "Junos OS: EX4300: PFE Denial of Service (DoS) upon receipt of a flood of specific ARP traffic"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Junos OS",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"platform": "EX4300",
|
|
"version_affected": "<",
|
|
"version_value": "15.1R7-S12"
|
|
},
|
|
{
|
|
"platform": "EX4300",
|
|
"version_affected": "<",
|
|
"version_name": "18.4",
|
|
"version_value": "18.4R2-S10, 18.4R3-S11"
|
|
},
|
|
{
|
|
"platform": "EX4300",
|
|
"version_affected": "<",
|
|
"version_name": "19.1",
|
|
"version_value": "19.1R3-S8"
|
|
},
|
|
{
|
|
"platform": "EX4300",
|
|
"version_affected": "<",
|
|
"version_name": "19.2",
|
|
"version_value": "19.2R1-S9, 19.2R3-S4"
|
|
},
|
|
{
|
|
"platform": "EX4300",
|
|
"version_affected": "<",
|
|
"version_name": "19.3",
|
|
"version_value": "19.3R3-S5"
|
|
},
|
|
{
|
|
"platform": "EX4300",
|
|
"version_affected": "<",
|
|
"version_name": "19.4",
|
|
"version_value": "19.4R2-S6, 19.4R3-S7"
|
|
},
|
|
{
|
|
"platform": "EX4300",
|
|
"version_affected": "<",
|
|
"version_name": "20.1",
|
|
"version_value": "20.1R3-S3"
|
|
},
|
|
{
|
|
"platform": "EX4300",
|
|
"version_affected": "<",
|
|
"version_name": "20.2",
|
|
"version_value": "20.2R3-S3"
|
|
},
|
|
{
|
|
"platform": "EX4300",
|
|
"version_affected": "<",
|
|
"version_name": "20.3",
|
|
"version_value": "20.3R3-S2"
|
|
},
|
|
{
|
|
"platform": "EX4300",
|
|
"version_affected": "<",
|
|
"version_name": "20.4",
|
|
"version_value": "20.4R3-S1"
|
|
},
|
|
{
|
|
"platform": "EX4300",
|
|
"version_affected": "<",
|
|
"version_name": "21.1",
|
|
"version_value": "21.1R3"
|
|
},
|
|
{
|
|
"platform": "EX4300",
|
|
"version_affected": "<",
|
|
"version_name": "21.2",
|
|
"version_value": "21.2R2-S1, 21.2R3"
|
|
},
|
|
{
|
|
"platform": "EX4300",
|
|
"version_affected": "<",
|
|
"version_name": "21.3",
|
|
"version_value": "21.3R1-S2, 21.3R2"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "Juniper Networks"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "A Denial of Service (DoS) vulnerability in the processing of a flood of specific ARP traffic in Juniper Networks Junos OS on the EX4300 switch, sent from the local broadcast domain, may allow an unauthenticated network-adjacent attacker to trigger a PFEMAN watchdog timeout, causing the Packet Forwarding Engine (PFE) to crash and restart. After the restart, transit traffic will be temporarily interrupted until the PFE is reprogrammed. In a virtual chassis (VC), the impacted Flexible PIC Concentrator (FPC) may split from the VC temporarily, and join back into the VC once the PFE restarts. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS on the EX4300: All versions prior to 15.1R7-S12; 18.4 versions prior to 18.4R2-S10, 18.4R3-S11; 19.1 versions prior to 19.1R3-S8; 19.2 versions prior to 19.2R1-S9, 19.2R3-S4; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R2-S6, 19.4R3-S7; 20.1 versions prior to 20.1R3-S3; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2-S1, 21.2R3; 21.3 versions prior to 21.3R1-S2, 21.3R2."
|
|
}
|
|
]
|
|
},
|
|
"exploit": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
|
|
}
|
|
],
|
|
"generator": {
|
|
"engine": "Vulnogram 0.0.9"
|
|
},
|
|
"impact": {
|
|
"cvss": {
|
|
"attackComplexity": "LOW",
|
|
"attackVector": "ADJACENT_NETWORK",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 6.5,
|
|
"baseSeverity": "MEDIUM",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "NONE",
|
|
"privilegesRequired": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"userInteraction": "NONE",
|
|
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"version": "3.1"
|
|
}
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-410 Insufficient Resource Pool"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Denial of Service (DoS)"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"name": "https://kb.juniper.net/JSA69502",
|
|
"refsource": "CONFIRM",
|
|
"url": "https://kb.juniper.net/JSA69502"
|
|
}
|
|
]
|
|
},
|
|
"solution": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 15.1R7-S12, 18.4R2-S10, 18.4R3-S11, 19.1R3-S8, 19.2R1-S9, 19.2R3-S4, 19.3R3-S5, 19.4R2-S6, 19.4R3-S7, 20.1R3-S3, 20.2R3-S3, 20.3R3-S2, 20.4R3-S1, 21.1R3, 21.2R2-S1, 21.2R3, 21.3R1-S2, 21.3R2, 21.4R1, and all subsequent releases.\n"
|
|
}
|
|
],
|
|
"source": {
|
|
"advisory": "JSA69502",
|
|
"defect": [
|
|
"1613275"
|
|
],
|
|
"discovery": "INTERNAL"
|
|
},
|
|
"work_around": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "There are no viable workarounds for this issue."
|
|
}
|
|
]
|
|
} |