mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
249 lines
14 KiB
JSON
249 lines
14 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "sirt@juniper.net",
|
|
"DATE_PUBLIC": "2022-07-13T07:00:00.000Z",
|
|
"ID": "CVE-2022-22216",
|
|
"STATE": "PUBLIC",
|
|
"TITLE": "Junos OS: PTX Series and QFX10000 Series: 'Etherleak' memory disclosure in Ethernet padding data "
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Junos OS",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"platform": "PTX1000, PTX10000 Series",
|
|
"version_affected": "<",
|
|
"version_value": "18.4R3-S11"
|
|
},
|
|
{
|
|
"platform": "PTX1000, PTX10000 Series",
|
|
"version_affected": "<",
|
|
"version_name": "19.1",
|
|
"version_value": "19.1R2-S3, 19.1R3-S7"
|
|
},
|
|
{
|
|
"platform": "PTX1000, PTX10000 Series",
|
|
"version_affected": "<",
|
|
"version_name": "19.2",
|
|
"version_value": "19.2R1-S8, 19.2R3-S4"
|
|
},
|
|
{
|
|
"platform": "PTX1000, PTX10000 Series",
|
|
"version_affected": "<",
|
|
"version_name": "19.3",
|
|
"version_value": "19.3R3-S4"
|
|
},
|
|
{
|
|
"platform": "PTX1000, PTX10000 Series",
|
|
"version_affected": "<",
|
|
"version_name": "19.4",
|
|
"version_value": "19.4R2-S5, 19.4R3-S6"
|
|
},
|
|
{
|
|
"platform": "PTX1000, PTX10000 Series",
|
|
"version_affected": "<",
|
|
"version_name": "20.1",
|
|
"version_value": "20.1R3-S2"
|
|
},
|
|
{
|
|
"platform": "PTX1000, PTX10000 Series",
|
|
"version_affected": "<",
|
|
"version_name": "20.2",
|
|
"version_value": "20.2R3-S3"
|
|
},
|
|
{
|
|
"platform": "PTX1000, PTX10000 Series",
|
|
"version_affected": "<",
|
|
"version_name": "20.3",
|
|
"version_value": "20.3R3-S2"
|
|
},
|
|
{
|
|
"platform": "PTX1000, PTX10000 Series",
|
|
"version_affected": "<",
|
|
"version_name": "20.4",
|
|
"version_value": "20.4R3-S4"
|
|
},
|
|
{
|
|
"platform": "PTX1000, PTX10000 Series",
|
|
"version_affected": "<",
|
|
"version_name": "21.1",
|
|
"version_value": "21.1R2-S1, 21.1R3"
|
|
},
|
|
{
|
|
"platform": "PTX1000, PTX10000 Series",
|
|
"version_affected": "<",
|
|
"version_name": "21.2",
|
|
"version_value": "21.2R1-S1, 21.2R2"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "Junos OS",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"platform": "QFX10000 Series, PTX5000 Series",
|
|
"version_affected": "<",
|
|
"version_value": "18.3R3-S6"
|
|
},
|
|
{
|
|
"platform": "QFX10000 Series, PTX5000 Series",
|
|
"version_affected": "<",
|
|
"version_name": "18.4",
|
|
"version_value": "18.4R2-S9, 18.4R3-S10"
|
|
},
|
|
{
|
|
"platform": "QFX10000 Series, PTX5000 Series",
|
|
"version_affected": "<",
|
|
"version_name": "19.1",
|
|
"version_value": "19.1R2-S3, 19.1R3-S7"
|
|
},
|
|
{
|
|
"platform": "QFX10000 Series, PTX5000 Series",
|
|
"version_affected": "<",
|
|
"version_name": "19.2",
|
|
"version_value": "19.2R1-S8, 19.2R3-S4"
|
|
},
|
|
{
|
|
"platform": "QFX10000 Series, PTX5000 Series",
|
|
"version_affected": "<",
|
|
"version_name": "19.3",
|
|
"version_value": "19.3R3-S4"
|
|
},
|
|
{
|
|
"platform": "QFX10000 Series, PTX5000 Series",
|
|
"version_affected": "<",
|
|
"version_name": "19.4",
|
|
"version_value": "19.4R2-S6, 19.4R3-S6"
|
|
},
|
|
{
|
|
"platform": "QFX10000 Series, PTX5000 Series",
|
|
"version_affected": "<",
|
|
"version_name": "20.1",
|
|
"version_value": "20.1R3-S2"
|
|
},
|
|
{
|
|
"platform": "QFX10000 Series, PTX5000 Series",
|
|
"version_affected": "<",
|
|
"version_name": "20.2",
|
|
"version_value": "20.2R3-S3"
|
|
},
|
|
{
|
|
"platform": "QFX10000 Series, PTX5000 Series",
|
|
"version_affected": "<",
|
|
"version_name": "20.3",
|
|
"version_value": "20.3R3-S1"
|
|
},
|
|
{
|
|
"platform": "QFX10000 Series, PTX5000 Series",
|
|
"version_affected": "<",
|
|
"version_name": "20.4",
|
|
"version_value": "20.4R3-S1"
|
|
},
|
|
{
|
|
"platform": "QFX10000 Series, PTX5000 Series",
|
|
"version_affected": "<",
|
|
"version_name": "21.1",
|
|
"version_value": "21.1R2-S1, 21.1R3"
|
|
},
|
|
{
|
|
"platform": "QFX10000 Series, PTX5000 Series",
|
|
"version_affected": "<",
|
|
"version_name": "21.2",
|
|
"version_value": "21.2R2"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "Juniper Networks"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the PFE of Juniper Networks Junos OS on PTX Series and QFX10k Series allows an adjacent unauthenticated attacker to gain access to sensitive information. PTX1000 and PTX10000 Series, and QFX10000 Series and PTX5000 Series devices sometimes do not reliably pad Ethernet packets, and thus some packets can contain fragments of system memory or data from previous packets. This issue is also known as 'Etherleak' and often detected as CVE-2003-0001. This issue affects: Juniper Networks Junos OS on PTX1000 and PTX10000 Series: All versions prior to 18.4R3-S11; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S8, 19.2R3-S4; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R2-S5, 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R1-S1, 21.2R2. Juniper Networks Junos OS on QFX10000 Series and PTX5000 Series: All versions prior to 18.3R3-S6; 18.4 versions prior to 18.4R2-S9, 18.4R3-S10; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S8, 19.2R3-S4; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R2-S6, 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R2."
|
|
}
|
|
]
|
|
},
|
|
"exploit": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
|
|
}
|
|
],
|
|
"generator": {
|
|
"engine": "Vulnogram 0.0.9"
|
|
},
|
|
"impact": {
|
|
"cvss": {
|
|
"attackComplexity": "LOW",
|
|
"attackVector": "ADJACENT_NETWORK",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 4.3,
|
|
"baseSeverity": "MEDIUM",
|
|
"confidentialityImpact": "LOW",
|
|
"integrityImpact": "NONE",
|
|
"privilegesRequired": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"userInteraction": "NONE",
|
|
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
|
|
"version": "3.1"
|
|
}
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"name": "https://kb.juniper.net/JSA69720",
|
|
"refsource": "CONFIRM",
|
|
"url": "https://kb.juniper.net/JSA69720"
|
|
}
|
|
]
|
|
},
|
|
"solution": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "The following software releases have been updated to resolve this specific issue for Junos OS on PTX1000 and PTX10000 Series: 18.4R3-S11, 19.1R2-S3, 19.1R3-S7, 19.2R1-S8, 19.2R3-S4, 19.3R3-S4, 19.4R2-S5, 19.4R3-S6, 20.1R3-S2, 20.2R3-S3, 20.3R3-S2, 20.4R3-S4, 21.1R2-S1, 21.1R3, 21.2R1-S1, 21.2R2, 21.2R3, 21.3R1, and all subsequent releases.\n\nThe following software releases have been updated to resolve this specific issue for Junos OS on QFX10000 Series and PTX5000 Series: 18.3R3-S6 ,18.4R2-S9, 18.4R3-S10, 19.1R2-S3, 19.1R3-S7, 19.2R1-S8, 19.2R3-S4, 19.3R3-S4, 19.4R2-S6, 19.4R3-S6, 20.1R3-S2, 20.2R3-S3, 20.3R3-S1, 20.4R3-S1, 21.1R2-S1, 21.1R3, 21.2R2, 21.2R3, 21.3R1, and all subsequent releases."
|
|
}
|
|
],
|
|
"source": {
|
|
"advisory": "JSA69720",
|
|
"defect": [
|
|
"1603656",
|
|
"1609376"
|
|
],
|
|
"discovery": "USER"
|
|
},
|
|
"work_around": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "There are no known workarounds for this issue."
|
|
}
|
|
]
|
|
} |