All the vulnerabilites related to Juniper Networks, Inc. - Junos OS
jvndb-2020-000002
Vulnerability from jvndb
Published
2020-01-10 14:48
Modified
2020-01-10 14:48
Severity ?
Summary
Junos OS vulnerable to directory traversal
Details
Junos OS contains a directory traversal vulnerability (CWE-22). Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000002.html",
  "dc:date": "2020-01-10T14:48+09:00",
  "dcterms:issued": "2020-01-10T14:48+09:00",
  "dcterms:modified": "2020-01-10T14:48+09:00",
  "description": "Junos OS contains a directory traversal vulnerability (CWE-22).\r\n\r\nToshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000002.html",
  "sec:cpe": [
    {
      "#text": "cpe:/o:juniper:junos",
      "@product": "Junos OS",
      "@vendor": "Juniper Networks, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:juniper:junos",
      "@product": "Junos OS",
      "@vendor": "Juniper Networks, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:juniper:junos",
      "@product": "Junos OS",
      "@vendor": "Juniper Networks, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:juniper:junos",
      "@product": "Junos OS",
      "@vendor": "Juniper Networks, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:juniper:junos",
      "@product": "Junos OS",
      "@vendor": "Juniper Networks, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:juniper:junos",
      "@product": "Junos OS",
      "@vendor": "Juniper Networks, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:juniper:junos",
      "@product": "Junos OS",
      "@vendor": "Juniper Networks, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:juniper:junos",
      "@product": "Junos OS",
      "@vendor": "Juniper Networks, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:juniper:junos",
      "@product": "Junos OS",
      "@vendor": "Juniper Networks, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:juniper:junos",
      "@product": "Junos OS",
      "@vendor": "Juniper Networks, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:juniper:junos",
      "@product": "Junos OS",
      "@vendor": "Juniper Networks, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:juniper:junos",
      "@product": "Junos OS",
      "@vendor": "Juniper Networks, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:juniper:junos",
      "@product": "Junos OS",
      "@vendor": "Juniper Networks, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:juniper:junos",
      "@product": "Junos OS",
      "@vendor": "Juniper Networks, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:juniper:junos",
      "@product": "Junos OS",
      "@vendor": "Juniper Networks, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:juniper:junos",
      "@product": "Junos OS",
      "@vendor": "Juniper Networks, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:juniper:junos",
      "@product": "Junos OS",
      "@vendor": "Juniper Networks, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:juniper:junos",
      "@product": "Junos OS",
      "@vendor": "Juniper Networks, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "5.5",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "5.4",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2020-000002",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN07375820/index.html",
      "@id": "JVN#07375820",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1606",
      "@id": "CVE-2020-1606",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-1606",
      "@id": "CVE-2020-1606",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-22",
      "@title": "Path Traversal(CWE-22)"
    }
  ],
  "title": "Junos OS vulnerable to directory traversal"
}

jvndb-2020-000003
Vulnerability from jvndb
Published
2020-01-10 14:48
Modified
2020-01-10 14:48
Severity ?
Summary
Junos OS vulnerable to cross-site scripting
Details
Junos OS contains a cross-site scripting vulnerability (CWE-79). Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000003.html",
  "dc:date": "2020-01-10T14:48+09:00",
  "dcterms:issued": "2020-01-10T14:48+09:00",
  "dcterms:modified": "2020-01-10T14:48+09:00",
  "description": "Junos OS contains a cross-site scripting vulnerability (CWE-79).\r\n\r\nToshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\n JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000003.html",
  "sec:cpe": [
    {
      "#text": "cpe:/o:juniper:junos",
      "@product": "Junos OS",
      "@vendor": "Juniper Networks, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:juniper:junos",
      "@product": "Junos OS",
      "@vendor": "Juniper Networks, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:juniper:junos",
      "@product": "Junos OS",
      "@vendor": "Juniper Networks, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:juniper:junos",
      "@product": "Junos OS",
      "@vendor": "Juniper Networks, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:juniper:junos",
      "@product": "Junos OS",
      "@vendor": "Juniper Networks, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:juniper:junos",
      "@product": "Junos OS",
      "@vendor": "Juniper Networks, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:juniper:junos",
      "@product": "Junos OS",
      "@vendor": "Juniper Networks, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:juniper:junos",
      "@product": "Junos OS",
      "@vendor": "Juniper Networks, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:juniper:junos",
      "@product": "Junos OS",
      "@vendor": "Juniper Networks, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:juniper:junos",
      "@product": "Junos OS",
      "@vendor": "Juniper Networks, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:juniper:junos",
      "@product": "Junos OS",
      "@vendor": "Juniper Networks, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:juniper:junos",
      "@product": "Junos OS",
      "@vendor": "Juniper Networks, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:juniper:junos",
      "@product": "Junos OS",
      "@vendor": "Juniper Networks, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:juniper:junos",
      "@product": "Junos OS",
      "@vendor": "Juniper Networks, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:juniper:junos",
      "@product": "Junos OS",
      "@vendor": "Juniper Networks, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:juniper:junos",
      "@product": "Junos OS",
      "@vendor": "Juniper Networks, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:juniper:junos",
      "@product": "Junos OS",
      "@vendor": "Juniper Networks, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:juniper:junos",
      "@product": "Junos OS",
      "@vendor": "Juniper Networks, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:juniper:junos",
      "@product": "Junos OS",
      "@vendor": "Juniper Networks, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "2.6",
      "@severity": "Low",
      "@type": "Base",
      "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "6.1",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2020-000003",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN21753370/index.html",
      "@id": "JVN#21753370",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1607",
      "@id": "CVE-2020-1607",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-1607",
      "@id": "CVE-2020-1607",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Junos OS vulnerable to cross-site scripting"
}

cve-2023-4481
Vulnerability from cvelistv5
Published
2023-08-31 23:46
Modified
2024-10-02 15:09
Summary
Junos OS and Junos OS Evolved: A crafted BGP UPDATE message allows a remote attacker to de-peer (reset) BGP sessions (CVE-2023-4481)
Impacted products
Vendor Product Version
Juniper Networks, Inc. Junos OS Evolved Version: 0   
Version: 21.2-EVO   
Version: 21.3-EVO   
Version: 21.4-EVO   
Version: 22.1-EVO   
Version: 22.2-EVO   
Version: 22.3-EVO   
Version: 22.4-EVO   
Version: 23.2-EVO   
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:31:06.348Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA72510"
          },
          {
            "tags": [
              "technical-description",
              "x_transferred"
            ],
            "url": "https://www.rfc-editor.org/rfc/rfc7606"
          },
          {
            "tags": [
              "technical-description",
              "x_transferred"
            ],
            "url": "https://www.rfc-editor.org/rfc/rfc4271"
          },
          {
            "tags": [
              "technical-description",
              "x_transferred"
            ],
            "url": "https://www.juniper.net/documentation/us/en/software/junos/bgp/topics/topic-map/bgp-error-messages.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:juniper_networks:junos_os:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "junos_os",
            "vendor": "juniper_networks",
            "versions": [
              {
                "lessThan": "20.4R3-S10",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              },
              {
                "lessThan": "21.2R3-S5",
                "status": "affected",
                "version": "21.2",
                "versionType": "semver"
              },
              {
                "lessThan": "21.3R3-S5",
                "status": "affected",
                "version": "21.3",
                "versionType": "semver"
              },
              {
                "lessThan": "21.4R3-S7",
                "status": "affected",
                "version": "21.4",
                "versionType": "semver"
              },
              {
                "lessThan": "22.1R3-S4",
                "status": "affected",
                "version": "22.1",
                "versionType": "semver"
              },
              {
                "lessThan": "22.2R3-S3",
                "status": "affected",
                "version": "22.2",
                "versionType": "semver"
              },
              {
                "lessThan": "22.3R3-S1",
                "status": "affected",
                "version": "22.3",
                "versionType": "semver"
              },
              {
                "lessThan": "22.4R3",
                "status": "affected",
                "version": "22.4",
                "versionType": "semver"
              },
              {
                "lessThan": "23.2R2",
                "status": "affected",
                "version": "23.2",
                "versionType": "semver"
              },
              {
                "lessThan": "21.*",
                "status": "affected",
                "version": "21.1R1",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:juniper_networks:junos_os_evolved:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "junos_os_evolved",
            "vendor": "juniper_networks",
            "versions": [
              {
                "lessThan": "20.4R3-S10-EVO",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              },
              {
                "lessThan": "21.2R3-S7-EVO",
                "status": "affected",
                "version": "21.2-EVO",
                "versionType": "semver"
              },
              {
                "lessThan": "21.3R3-S5-EVO",
                "status": "affected",
                "version": "21.3-EVO",
                "versionType": "semver"
              },
              {
                "lessThan": "21.4R3-S5-EVO",
                "status": "affected",
                "version": "21.4-EVO",
                "versionType": "semver"
              },
              {
                "lessThan": "22.1R3-S4-EVO",
                "status": "affected",
                "version": "22.1-EVO",
                "versionType": "custom"
              },
              {
                "lessThan": "22.2R3-S3-EVO",
                "status": "affected",
                "version": "22.2-EVO",
                "versionType": "semver"
              },
              {
                "lessThan": "22.3R3-S1-EVO",
                "status": "affected",
                "version": "22.3-EVO",
                "versionType": "semver"
              },
              {
                "lessThan": "22.4R3-EVO",
                "status": "affected",
                "version": "22.4-EVO",
                "versionType": "semver"
              },
              {
                "lessThan": "23.2R2-EVO",
                "status": "affected",
                "version": "23.2-EVO",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-4481",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-02T14:52:11.830739Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-02T15:09:38.010Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "modules": [
            "BGP",
            "rpd"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks, Inc.",
          "versions": [
            {
              "lessThan": "20.4R3-S10",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "21.2R3-S5",
              "status": "affected",
              "version": "21.2",
              "versionType": "semver"
            },
            {
              "lessThan": "21.3R3-S5",
              "status": "affected",
              "version": "21.3",
              "versionType": "semver"
            },
            {
              "changes": [
                {
                  "at": "21.4R3-S5",
                  "status": "unaffected"
                },
                {
                  "at": "21.4R3-S6",
                  "status": "affected"
                }
              ],
              "lessThan": "21.4R3-S7",
              "status": "affected",
              "version": "21.4",
              "versionType": "semver"
            },
            {
              "lessThan": "22.1R3-S4",
              "status": "affected",
              "version": "22.1",
              "versionType": "semver"
            },
            {
              "lessThan": "22.2R3-S3",
              "status": "affected",
              "version": "22.2",
              "versionType": "se"
            },
            {
              "lessThan": "22.3R3-S1",
              "status": "affected",
              "version": "22.3",
              "versionType": "semver"
            },
            {
              "lessThan": "22.4R3",
              "status": "affected",
              "version": "22.4",
              "versionType": "semver"
            },
            {
              "lessThan": "23.2R2",
              "status": "affected",
              "version": "23.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "21.*",
              "status": "affected",
              "version": "21.1R1",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "modules": [
            "BGP",
            "rpd"
          ],
          "product": "Junos OS Evolved",
          "vendor": "Juniper Networks, Inc.",
          "versions": [
            {
              "lessThan": "20.4R3-S10-EVO",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "21.2R3-S7-EVO",
              "status": "affected",
              "version": "21.2-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "21.3R3-S5-EVO",
              "status": "affected",
              "version": "21.3-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "21.4R3-S5-EVO",
              "status": "affected",
              "version": "21.4-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "22.1R3-S4-EVO",
              "status": "affected",
              "version": "22.1-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "22.2R3-S3-EVO",
              "status": "affected",
              "version": "22.2-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "22.3R3-S1-EVO",
              "status": "affected",
              "version": "22.3-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "22.4R3-EVO",
              "status": "affected",
              "version": "22.4-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "23.2R2-EVO",
              "status": "affected",
              "version": "23.2-EVO",
              "versionType": "semver"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The following minimal configuration is required:\u003cbr\u003e\u003cbr\u003e\u0026nbsp; [protocols bgp]"
            }
          ],
          "value": "The following minimal configuration is required:\n\n\u00a0 [protocols bgp]"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Ben Cartwright-Cox / bgp.tools"
        }
      ],
      "datePublic": "2023-08-29T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWhen certain specific crafted BGP UPDATE messages are received over an established BGP session, one BGP session may be torn down with an UPDATE message error, or the issue may propagate beyond the local system which will remain non-impacted, but may affect one or more remote systems. This issue is exploitable remotely as the crafted UPDATE message can propagate through unaffected systems and intermediate BGP speakers.\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eContinuous receipt of the crafted BGP UPDATE messages will create a sustained Denial of Service (DoS) condition for impacted devices.\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations.  This issue requires a remote attacker to have at least one established BGP session.\u003c/span\u003e\u003cbr\u003e Improper Input Validation, Denial of Service vulnerability in Juniper Networks, Inc. Junos OS (BGP, rpd modules), Juniper Networks, Inc. Junos OS Evolved (BGP, rpd modules) allows Fuzzing.\u003cp\u003eThis issue affects\u0026nbsp;\u003c/p\u003e\u003cp\u003eJunos OS:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 20.4R3-S10,\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003efrom 21.1R1 through 21.*,\u003c/span\u003e\u003c/li\u003e\u003cli\u003efrom 21.2 before 21.2R3-S5,\u003c/li\u003e\u003cli\u003efrom 21.3 before 21.3R3-S5,\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003efrom 21.4 before 21.4R3-S7 (unaffected from 21.4R3-S5, affected from 21.4R3-S6)\u003c/span\u003e\u003c/li\u003e\u003cli\u003efrom 22.1 before 22.1R3-S4,\u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S3,\u003c/li\u003e\u003cli\u003efrom 22.3 before 22.3R3-S1,\u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3,\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2.\u003c/li\u003e\u003c/ul\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eJunos OS Evolved:\u003c/span\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eAll versions before 20.4R3-S10-EVO,\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 21.2-EVO before 21.2R3-S7-EVO,\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 21.3-EVO before 21.3R3-S5-EVO,\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 21.4-EVO before 21.4R3-S5-EVO,\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 22.1-EVO before 22.1R3-S4-EVO,\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 22.2-EVO before 22.2R3-S3-EVO,\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 22.3-EVO before 22.3R3-S1-EVO,\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 22.4-EVO before 22.4R3-EVO,\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 23.2-EVO before 23.2R2-EVO.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
            }
          ],
          "value": "An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).\n\nWhen certain specific crafted BGP UPDATE messages are received over an established BGP session, one BGP session may be torn down with an UPDATE message error, or the issue may propagate beyond the local system which will remain non-impacted, but may affect one or more remote systems. This issue is exploitable remotely as the crafted UPDATE message can propagate through unaffected systems and intermediate BGP speakers.\nContinuous receipt of the crafted BGP UPDATE messages will create a sustained Denial of Service (DoS) condition for impacted devices.\n\nThis issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations.  This issue requires a remote attacker to have at least one established BGP session.\n Improper Input Validation, Denial of Service vulnerability in Juniper Networks, Inc. Junos OS (BGP, rpd modules), Juniper Networks, Inc. Junos OS Evolved (BGP, rpd modules) allows Fuzzing.This issue affects\u00a0\n\nJunos OS:\u00a0\n\n\n\n  *  All versions before 20.4R3-S10,\n  *  from 21.1R1 through 21.*,\n  *  from 21.2 before 21.2R3-S5,\n  *  from 21.3 before 21.3R3-S5,\n  *  from 21.4 before 21.4R3-S7 (unaffected from 21.4R3-S5, affected from 21.4R3-S6)\n  *  from 22.1 before 22.1R3-S4,\n  *  from 22.2 before 22.2R3-S3,\n  *  from 22.3 before 22.3R3-S1,\n  *  from 22.4 before 22.4R3,\n  *  from 23.2 before 23.2R2.\n\n\nJunos OS Evolved:\n\n\n\n  *  All versions before 20.4R3-S10-EVO,\n  *  from 21.2-EVO before 21.2R3-S7-EVO,\n  *  from 21.3-EVO before 21.3R3-S5-EVO,\n  *  from 21.4-EVO before 21.4R3-S5-EVO,\n  *  from 22.1-EVO before 22.1R3-S4-EVO,\n  *  from 22.2-EVO before 22.2R3-S3-EVO,\n  *  from 22.3-EVO before 22.3R3-S1-EVO,\n  *  from 22.4-EVO before 22.4R3-EVO,\n  *  from 23.2-EVO before 23.2R2-EVO."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-28",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-28 Fuzzing"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-27T17:47:11.855Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://kb.juniper.net/JSA72510"
        },
        {
          "tags": [
            "technical-description"
          ],
          "url": "https://www.rfc-editor.org/rfc/rfc7606"
        },
        {
          "tags": [
            "technical-description"
          ],
          "url": "https://www.rfc-editor.org/rfc/rfc4271"
        },
        {
          "tags": [
            "technical-description"
          ],
          "url": "https://www.juniper.net/documentation/us/en/software/junos/bgp/topics/topic-map/bgp-error-messages.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue:\u003cbr\u003e\u003c/p\u003e\u003cp\u003eJunos OS: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e20.4R3-S10,\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e21.2R3-S7,\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e21.3R3-S5,\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e21.4R3-S5 or \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e21.4R3-S7\u003c/span\u003e,\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e22.1R3-S4,\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e22.2R3-S3,\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e22.3R3-S1,\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e22.4R3,\u003c/span\u003e\u0026nbsp;23.2R2, 23.3R2, 23.4R1, and all subsequent releases\u003cbr\u003e\u003c/p\u003e\u003cp\u003eNote: except for Junos OS 21.4R3-S6 which is affected and unfixed.\u003cbr\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eJunos OS Evolved: 20.4R3-S10-EVO,\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e21.2R3-S7-EVO,\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e21.3R3-S5-EVO,\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e21.4R3-S5-EVO,\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e22.1R3-S4-EVO,\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;22.2R3-S3-EVO,\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e22.3R3-S1-EVO,\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e22.4R3-EVO,\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e23.2R2-EVO,\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e23.4R1-EVO,\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;and all subsequent releases.\u003c/span\u003e\u003c/p\u003e\u003cbr\u003eIt is important that customers implement the workaround in addition to taking any updated software as these crafted UPDATE messages may be propagated to other devices even if non-impacted locally, thereby protecting the network by stopping the propagation of these crafted UPDATE messages.\u003cbr\u003eThe workaround is to configure BGP error tolerance by way of:\u003cbr\u003e\u003cbr\u003e\u0026nbsp; [ protocols bgp bgp-error-tolerance ... ]\u003cbr\u003e\u003cbr\u003eAdditional details can be found at \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.juniper.net/documentation/us/en/software/junos/bgp/topics/topic-map/bgp-error-messages.html\"\u003ehttps://www.juniper.net/documentation/us/en/software/junos/bgp/topics/topic-map/bgp-error-messages.h...\u003c/a\u003e\u003cbr\u003e\u003cbr\u003eJuniper considers configuring this option to be a Best Common Practice (BCP) as it not only prevents this issue from happening, but protects against similar issues as well.\u003cp\u003e\u003c/p\u003e\u003cp\u003eThis issue is being tracked as PR \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://prsearch.juniper.net/problemreport/PR1709837\"\u003e1709837\u003c/a\u003e\u0026nbsp;which is visible on the Customer Support website.\u003c/p\u003e\u003cp\u003eNote: Juniper SIRT\u0027s \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://kb.juniper.net/KB16765\"\u003epolicy\u003c/a\u003e\u0026nbsp;is not to evaluate releases which are beyond End of Engineering (EOE) or End of Life (EOL).\u003c/p\u003e\u003cbr\u003e"
            }
          ],
          "value": "The following software releases have been updated to resolve this specific issue:\n\n\nJunos OS: 20.4R3-S10,\u00a021.2R3-S7,\u00a021.3R3-S5,\u00a021.4R3-S5 or 21.4R3-S7,\u00a022.1R3-S4,\u00a022.2R3-S3,\u00a022.3R3-S1,\u00a022.4R3,\u00a023.2R2, 23.3R2, 23.4R1, and all subsequent releases\n\n\nNote: except for Junos OS 21.4R3-S6 which is affected and unfixed.\n\n\n\n\nJunos OS Evolved: 20.4R3-S10-EVO,\u00a021.2R3-S7-EVO,\u00a021.3R3-S5-EVO,\u00a021.4R3-S5-EVO,\u00a022.1R3-S4-EVO,\u00a022.2R3-S3-EVO,\u00a022.3R3-S1-EVO,\u00a022.4R3-EVO,\u00a023.2R2-EVO,\u00a023.4R1-EVO,\u00a0and all subsequent releases.\n\n\nIt is important that customers implement the workaround in addition to taking any updated software as these crafted UPDATE messages may be propagated to other devices even if non-impacted locally, thereby protecting the network by stopping the propagation of these crafted UPDATE messages.\nThe workaround is to configure BGP error tolerance by way of:\n\n\u00a0 [ protocols bgp bgp-error-tolerance ... ]\n\nAdditional details can be found at  https://www.juniper.net/documentation/us/en/software/junos/bgp/topics/topic-map/bgp-error-messages.h... https://www.juniper.net/documentation/us/en/software/junos/bgp/topics/topic-map/bgp-error-messages.html \n\nJuniper considers configuring this option to be a Best Common Practice (BCP) as it not only prevents this issue from happening, but protects against similar issues as well.\n\nThis issue is being tracked as PR  1709837 https://prsearch.juniper.net/problemreport/PR1709837 \u00a0which is visible on the Customer Support website.\n\nNote: Juniper SIRT\u0027s  policy https://kb.juniper.net/KB16765 \u00a0is not to evaluate releases which are beyond End of Engineering (EOE) or End of Life (EOL)."
        }
      ],
      "source": {
        "advisory": "JSA72510",
        "defect": [
          "1709837"
        ],
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2023-08-29T16:00:00.000Z",
          "value": "Initial Publication"
        }
      ],
      "title": "Junos OS and Junos OS Evolved: A crafted BGP UPDATE message allows a remote attacker to de-peer (reset) BGP sessions (CVE-2023-4481)",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe workaround is to configure BGP error tolerance by way of:\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp; [ protocols bgp bgp-error-tolerance ... ]\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAdditional details can be found at \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.juniper.net/documentation/us/en/software/junos/bgp/topics/topic-map/bgp-error-messages.html\"\u003ehttps://www.juniper.net/documentation/us/en/software/junos/bgp/topics/topic-map/bgp-error-messages.h...\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eJuniper considers configuring this option to be a Best Common Practice (BCP) as it not only prevents this issue from happening, but protects against similar issues as well.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "The workaround is to configure BGP error tolerance by way of:\n\n\u00a0 [ protocols bgp bgp-error-tolerance ... ]\n\nAdditional details can be found at  https://www.juniper.net/documentation/us/en/software/junos/bgp/topics/topic-map/bgp-error-messages.h... https://www.juniper.net/documentation/us/en/software/junos/bgp/topics/topic-map/bgp-error-messages.html \n\nJuniper considers configuring this option to be a Best Common Practice (BCP) as it not only prevents this issue from happening, but protects against similar issues as well."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2023-4481",
    "datePublished": "2023-08-31T23:46:18.796Z",
    "dateReserved": "2023-08-22T15:37:01.371Z",
    "dateUpdated": "2024-10-02T15:09:38.010Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-39565
Vulnerability from cvelistv5
Published
2024-07-10 22:55
Modified
2024-08-02 04:26
Summary
Junos OS: J-Web: An unauthenticated, network-based attacker can perform XPATH injection attack against a device.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:juniper:junos_os:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "junos_os",
            "vendor": "juniper",
            "versions": [
              {
                "lessThan": "21.2r3-s8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:juniper:junos_os:23.4:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "junos_os",
            "vendor": "juniper",
            "versions": [
              {
                "lessThan": "23.4r1-s1",
                "status": "affected",
                "version": "23.4",
                "versionType": "custom"
              },
              {
                "lessThan": "23.4r2",
                "status": "affected",
                "version": "23.4",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:juniper:junos_os:21.4:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "junos_os",
            "vendor": "juniper",
            "versions": [
              {
                "lessThan": "21.4r3-s7",
                "status": "affected",
                "version": "21.4",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:juniper:junos_os:22.2:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "junos_os",
            "vendor": "juniper",
            "versions": [
              {
                "lessThan": "22.2r3-s4",
                "status": "affected",
                "version": "22.2",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:juniper:junos_os:22.3:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "junos_os",
            "vendor": "juniper",
            "versions": [
              {
                "lessThan": "22.3r3-s3",
                "status": "affected",
                "version": "22.3",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:juniper:junos_os:22.4:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "junos_os",
            "vendor": "juniper",
            "versions": [
              {
                "lessThan": "22.4r3-s2",
                "status": "affected",
                "version": "22.4",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:juniper:junos_os:23.2:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "junos_os",
            "vendor": "juniper",
            "versions": [
              {
                "lessThan": "23.2r2",
                "status": "affected",
                "version": "23.2",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39565",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-12T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-13T03:55:19.056Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:26:15.990Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://supportportal.juniper.net/JSA83023"
          },
          {
            "tags": [
              "related",
              "x_transferred"
            ],
            "url": "https://www.first.org/cvss/calculator/v4-0#CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/AU:Y/R:I/V:C/RE:L/U:Amber"
          },
          {
            "tags": [
              "signature",
              "x_transferred"
            ],
            "url": "https://support.juniper.net/support/downloads/?p=283"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Junos OS",
          "vendor": "Juniper Networks, Inc.",
          "versions": [
            {
              "lessThan": "21.2R3-S8",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "21.4R3-S7",
              "status": "affected",
              "version": "21.4",
              "versionType": "semver"
            },
            {
              "lessThan": "22.2R3-S4",
              "status": "affected",
              "version": "22.2",
              "versionType": "semver"
            },
            {
              "lessThan": "22.3R3-S3",
              "status": "affected",
              "version": "22.3",
              "versionType": "semver"
            },
            {
              "lessThan": "22.4R3-S2",
              "status": "affected",
              "version": "22.4",
              "versionType": "semver"
            },
            {
              "lessThan": "23.2R2",
              "status": "affected",
              "version": "23.2",
              "versionType": "semver"
            },
            {
              "lessThan": "23.4R1-S1, 23.4R2",
              "status": "affected",
              "version": "23.4",
              "versionType": "semver"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The following minimal configuration must be present on the device:\u003cbr\u003e\u003cbr\u003e[system services web-management http]\u003cbr\u003eor\u003cbr\u003e[system services web-management https]\u003cbr\u003e\u003cbr\u003e"
            }
          ],
          "value": "The following minimal configuration must be present on the device:\n\n[system services web-management http]\nor\n[system services web-management https]"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Juniper SIRT would like to acknowledge and thank CataLpa of Hatlab, DbappSecurity Co. Ltd. for responsibly reporting this vulnerability."
        }
      ],
      "datePublic": "2024-07-10T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An Improper Neutralization of Data within XPath Expressions (\u0027XPath Injection\u0027) vulnerability in J-Web shipped with Juniper Networks Junos OS allows an unauthenticated, network-based attacker to\u0026nbsp;execute\u0026nbsp;remote commands on the target device.\u0026nbsp;\u003cbr\u003e\u003cbr\u003eWhile an administrator is logged into a J-Web session or has previously logged in and subsequently logged out of their J-Web session, the attacker can arbitrarily execute commands on the target device with the other user\u0027s credentials. In the worst case, the attacker will have full control over the device.\u003cbr\u003e\u003cp\u003eThis issue affects Junos OS:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.2R3-S8,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 21.4 before 21.4R3-S7,\u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S4,\u003c/li\u003e\u003cli\u003efrom 22.3 before 22.3R3-S3,\u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3-S2,\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2,\u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R1-S1, 23.4R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
            }
          ],
          "value": "An Improper Neutralization of Data within XPath Expressions (\u0027XPath Injection\u0027) vulnerability in J-Web shipped with Juniper Networks Junos OS allows an unauthenticated, network-based attacker to\u00a0execute\u00a0remote commands on the target device.\u00a0\n\nWhile an administrator is logged into a J-Web session or has previously logged in and subsequently logged out of their J-Web session, the attacker can arbitrarily execute commands on the target device with the other user\u0027s credentials. In the worst case, the attacker will have full control over the device.\nThis issue affects Junos OS:\u00a0\n\n\n\n  *  All versions before 21.2R3-S8,\u00a0\n  *  from 21.4 before 21.4R3-S7,\n  *  from 22.2 before 22.2R3-S4,\n  *  from 22.3 before 22.3R3-S3,\n  *  from 22.4 before 22.4R3-S2,\n  *  from 23.2 before 23.2R2,\n  *  from 23.4 before 23.4R1-S1, 23.4R2."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "YES",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "AMBER",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "PASSIVE",
            "valueDensity": "CONCENTRATED",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/AU:Y/V:C/RE:M/U:Amber",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-643",
              "description": "CWE-643 Improper Neutralization of Data within XPath Expressions (\u0027XPath Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-10T22:55:27.516Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://supportportal.juniper.net/JSA83023"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://www.first.org/cvss/calculator/v4-0#CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/AU:Y/R:I/V:C/RE:L/U:Amber"
        },
        {
          "tags": [
            "signature"
          ],
          "url": "https://support.juniper.net/support/downloads/?p=283"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The following software releases have been updated to resolve this specific issue: 21.2R3-S8, 21.4R3-S7, 22.2R3-S4, 22.3R3-S3, 22.4R3-S2, 23.2R2, 23.4R1-S1, 23.4R2, 24.2R1, and all subsequent releases."
            }
          ],
          "value": "The following software releases have been updated to resolve this specific issue: 21.2R3-S8, 21.4R3-S7, 22.2R3-S4, 22.3R3-S3, 22.4R3-S2, 23.2R2, 23.4R1-S1, 23.4R2, 24.2R1, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA83023",
        "defect": [
          "1786296"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Junos OS: J-Web: An unauthenticated, network-based attacker can\u00a0perform XPATH injection attack against a device.",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThere are no known workarounds for this issue other than disabling J-Web when not in use. \u003c/p\u003e\u003cp\u003eJuniper Networks has written an effective countermeasure for this attack at IDP Signature SigPack #3675 onward, released on 07 February 2024. The signature \u201cHTTP:PHP:LAUNCHPAD-CMD-INJ\u201d will identify and block the attack. For best effect, customers may deploy this signature on devices where J-Web is not used.\u003c/p\u003e"
            }
          ],
          "value": "There are no known workarounds for this issue other than disabling J-Web when not in use. \n\nJuniper Networks has written an effective countermeasure for this attack at IDP Signature SigPack #3675 onward, released on 07 February 2024. The signature \u201cHTTP:PHP:LAUNCHPAD-CMD-INJ\u201d will identify and block the attack. For best effect, customers may deploy this signature on devices where J-Web is not used."
        },
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eMethods which may reduce, but not eliminate, the risk for exploitation of these problems, and which does not mitigate or resolve the underlying problem include:\u003c/p\u003e\u003cp\u003e\u2022 Deploying the appropriate IDP Signature on devices which do not have J-Web enabled which protect the device downstream which requires J-Web to be enabled.\u003c/p\u003e\u003cp\u003e\u2022 Disabling J-Web and using only alternate options such as Netconf over SSH for device management\u003c/p\u003e\u003cp\u003e\u2022 Restricting the use of J-Web to low-privileged accounts only\u003c/p\u003e\u003cp\u003eIn addition to the recommendations listed above, it is good security practice to limit the exploitable attack surface of critical infrastructure networking equipment. Use access lists or firewall filters to limit access to the device only from trusted, administrative networks or hosts.\u003c/p\u003e"
            }
          ],
          "value": "Methods which may reduce, but not eliminate, the risk for exploitation of these problems, and which does not mitigate or resolve the underlying problem include:\n\n\u2022 Deploying the appropriate IDP Signature on devices which do not have J-Web enabled which protect the device downstream which requires J-Web to be enabled.\n\n\u2022 Disabling J-Web and using only alternate options such as Netconf over SSH for device management\n\n\u2022 Restricting the use of J-Web to low-privileged accounts only\n\nIn addition to the recommendations listed above, it is good security practice to limit the exploitable attack surface of critical infrastructure networking equipment. Use access lists or firewall filters to limit access to the device only from trusted, administrative networks or hosts."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2024-39565",
    "datePublished": "2024-07-10T22:55:27.516Z",
    "dateReserved": "2024-06-25T15:12:53.249Z",
    "dateUpdated": "2024-08-02T04:26:15.990Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}