"value":"\nAn Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the management daemon (mgd) process of Juniper Networks Junos OS and Junos OS Evolved allows a network-based authenticated low-privileged attacker, by executing a specific command via NETCONF, to cause a CPU Denial of Service to the device's control plane.\n\nThis issue affects:\n\nJuniper Networks Junos OS\n\n\n\n * All versions prior to 20.4R3-S7;\n * 21.2 versions prior to 21.2R3-S5;\n * 21.3 versions prior to 21.3R3-S5;\n * 21.4 versions prior to 21.4R3-S4;\n * 22.1 versions prior to 22.1R3-S2;\n * 22.2 versions prior to 22.2R3;\n * 22.3 versions prior to 22.3R2-S1, 22.3R3;\n * 22.4 versions prior to 22.4R1-S2, 22.4R2.\n\n\n\n\nJuniper Networks Junos OS Evolved\n\n\n\n * All versions prior to 21.4R3-S4-EVO;\n * 22.1 versions prior to 22.1R3-S2-EVO;\n * 22.2 versions prior to 22.2R3-EVO;\n * 22.3 versions prior to 22.3R3-EVO;\n * 22.4 versions prior to 22.4R2-EVO.\n\n\n\n\nAn indicator of compromise can be seen by first determining if the NETCONF client is logged in and fails to log out after a reasonable period of time and secondly reviewing the WCPU percentage for the mgd process by running the following command:\n\nmgd process example:\n\nuser@device-re#> show system processes extensive | match \"mgd|PID\" | except last\nPID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND\n92476 root 100 0 500M 89024K CPU3 3 57.5H 89.60% mgd <<<<<<<<<<< review the high cpu percentage.\nExample to check for NETCONF activity:\n\nWhile there is no specific command that shows a specific session in use for NETCONF, you can review logs for UI_LOG_EVENT with \"client-mode 'netconf'\"\n\nFor example:\n\nmgd[38121]: UI_LOGIN_EVENT: User 'root' login, class 'super-user' [38121], ssh-connection '10.1.1.1 201 55480 10.1.1.2 22', client-mode 'netconf'\n\n"
