Vulnerabilites related to juniper - junos_os_evolved
CVE-2023-36839 (GCVE-0-2023-36839)
Vulnerability from cvelistv5
Published
2023-10-12 22:56
Modified
2024-09-18 18:03
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An Improper Validation of Specified Quantity in Input vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker who sends specific LLDP packets to cause a Denial of Service(DoS).
This issue occurs when specific LLDP packets are received and telemetry polling is being done on the device. The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP. Also, if any services depend on LLDP state (like PoE or VoIP device recognition), then these will also be affected.
This issue affects:
Juniper Networks Junos OS
* All versions prior to 20.4R3-S8;
* 21.1 version 21.1R1 and later versions;
* 21.2 versions prior to 21.2R3-S5;
* 21.3 versions prior to 21.3R3-S4;
* 21.4 versions prior to 21.4R3-S3;
* 22.1 versions prior to 22.1R3-S2;
* 22.2 versions prior to 22.2R3;
* 22.3 versions prior to 22.3R2-S2;
* 22.4 versions prior to 22.4R2;
Juniper Networks Junos OS Evolved
* All versions prior to 20.4R3-S8-EVO;
* 21.1 version 21.1R1-EVO and later versions;
* 21.2 versions prior to 21.2R3-S5-EVO;
* 21.3 versions prior to 21.3R3-S4-EVO;
* 21.4 versions prior to 21.4R3-S3-EVO;
* 22.1 versions prior to 22.1R3-S2-EVO;
* 22.2 versions prior to 22.2R3-EVO;
* 22.3 versions prior to 22.3R2-S2-EVO;
* 22.4 versions prior to 22.4R1-S1-EVO;
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportportal.juniper.net/JSA73171 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: 0 ≤ Version: 21.1R1 ≤ Version: 21.2 ≤ Version: 21.3 ≤ Version: 21.4 ≤ Version: 22.1 ≤ Version: 22.2 ≤ Version: 22.3 ≤ Version: 22.4 ≤ |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:01:09.708Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA73171"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36839",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T18:02:58.554491Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T18:03:21.702Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.1*",
"status": "affected",
"version": "21.1R1",
"versionType": "semver"
},
{
"lessThan": "21.2R3-S5",
"status": "affected",
"version": "21.2",
"versionType": "semver"
},
{
"lessThan": "21.3R3-S4",
"status": "affected",
"version": "21.3",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S3",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S2",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R2-S2, 22.3R3",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R2",
"status": "affected",
"version": "22.4",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S8-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.1*-EVO",
"status": "affected",
"version": "21.1R1-EVO",
"versionType": "semver"
},
{
"lessThan": "21.2R3-S5-EVO",
"status": "affected",
"version": "21.2-EVO",
"versionType": "semver"
},
{
"lessThan": "21.3R3-S4-EVO",
"status": "affected",
"version": "21.3-EVO",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S3-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S2-EVO",
"status": "affected",
"version": "22.1-EVO",
"versionType": "semver"
},
{
"lessThan": "22.2R3-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R2-S2-EVO, 22.3R3-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R1-S1-EVO, 22.4R2-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThis vulnerability is only exploitable on interfaces with LLDP enabled.\u003c/p\u003e\u003ctt\u003e[ protocols lldp interface ]\u003c/tt\u003e"
}
],
"value": "This vulnerability is only exploitable on interfaces with LLDP enabled.\n\n[ protocols lldp interface ]"
}
],
"datePublic": "2023-10-11T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eAn Improper Validation of Specified Quantity in Input vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker who sends specific LLDP packets to cause a Denial of Service(DoS).\u003c/p\u003e\u003cp\u003eThis issue occurs when specific LLDP packets are received and telemetry polling is being done on the device. The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP. Also, if any services depend on LLDP state (like PoE or VoIP device recognition), then these will also be affected.\u003c/p\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJuniper Networks Junos OS\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions prior to 20.4R3-S8;\u003c/li\u003e\u003cli\u003e21.1 version 21.1R1 and later versions;\u003c/li\u003e\u003cli\u003e21.2 versions prior to 21.2R3-S5;\u003c/li\u003e\u003cli\u003e21.3 versions prior to 21.3R3-S4;\u003c/li\u003e\u003cli\u003e21.4 versions prior to 21.4R3-S3;\u003c/li\u003e\u003cli\u003e22.1 versions prior to 22.1R3-S2;\u003c/li\u003e\u003cli\u003e22.2 versions prior to 22.2R3;\u003c/li\u003e\u003cli\u003e22.3 versions prior to 22.3R2-S2;\u003c/li\u003e\u003cli\u003e22.4 versions prior to 22.4R2;\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eJuniper Networks Junos OS Evolved\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions prior to 20.4R3-S8-EVO;\u003c/li\u003e\u003cli\u003e21.1 version 21.1R1-EVO and later versions;\u003c/li\u003e\u003cli\u003e21.2 versions prior to 21.2R3-S5-EVO;\u003c/li\u003e\u003cli\u003e21.3 versions prior to 21.3R3-S4-EVO;\u003c/li\u003e\u003cli\u003e21.4 versions prior to 21.4R3-S3-EVO;\u003c/li\u003e\u003cli\u003e22.1 versions prior to 22.1R3-S2-EVO;\u003c/li\u003e\u003cli\u003e22.2 versions prior to 22.2R3-EVO;\u003c/li\u003e\u003cli\u003e22.3 versions prior to 22.3R2-S2-EVO;\u003c/li\u003e\u003cli\u003e22.4 versions prior to 22.4R1-S1-EVO;\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\n\n"
}
],
"value": "\nAn Improper Validation of Specified Quantity in Input vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker who sends specific LLDP packets to cause a Denial of Service(DoS).\n\nThis issue occurs when specific LLDP packets are received and telemetry polling is being done on the device. The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP. Also, if any services depend on LLDP state (like PoE or VoIP device recognition), then these will also be affected.\n\nThis issue affects:\n\nJuniper Networks Junos OS\n\n\n\n * All versions prior to 20.4R3-S8;\n * 21.1 version 21.1R1 and later versions;\n * 21.2 versions prior to 21.2R3-S5;\n * 21.3 versions prior to 21.3R3-S4;\n * 21.4 versions prior to 21.4R3-S3;\n * 22.1 versions prior to 22.1R3-S2;\n * 22.2 versions prior to 22.2R3;\n * 22.3 versions prior to 22.3R2-S2;\n * 22.4 versions prior to 22.4R2;\n\n\n\n\nJuniper Networks Junos OS Evolved\n\n\n\n * All versions prior to 20.4R3-S8-EVO;\n * 21.1 version 21.1R1-EVO and later versions;\n * 21.2 versions prior to 21.2R3-S5-EVO;\n * 21.3 versions prior to 21.3R3-S4-EVO;\n * 21.4 versions prior to 21.4R3-S3-EVO;\n * 22.1 versions prior to 22.1R3-S2-EVO;\n * 22.2 versions prior to 22.2R3-EVO;\n * 22.3 versions prior to 22.3R2-S2-EVO;\n * 22.4 versions prior to 22.4R1-S1-EVO;\n\n\n\n\n\n\n"
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e"
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1284",
"description": " CWE-1284: Improper Validation of Specified Quantity in Input",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-12T22:56:24.897Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA73171"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue: \u003c/p\u003e\u003cp\u003eJunos OS: 20.4R3-S8, 21.2R3-S5, 21.3R3-S4, 21.4R3-S3, 22.1R3-S2, 22.2R3, 22.3R2-S2, 22.3R3, 22.4R2, 23.2R1, and all subsequent releases.\u003c/p\u003e\u003cp\u003eJunos OS Evolved: 20.4R3-S8-EVO, 21.2R3-S5-EVO, 21.3R3-S4-EVO, 21.4R3-S3-EVO, 22.1R3-S2-EVO, 22.2R3-EVO, 22.3R2-S2-EVO, 22.3R3-EVO, 22.4R1-S1-EVO, 22.4R2-EVO, 23.1R1-EVO, 23.1R2-EVO, 23.2R1-EVO\u003c/p\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS: 20.4R3-S8, 21.2R3-S5, 21.3R3-S4, 21.4R3-S3, 22.1R3-S2, 22.2R3, 22.3R2-S2, 22.3R3, 22.4R2, 23.2R1, and all subsequent releases.\n\nJunos OS Evolved: 20.4R3-S8-EVO, 21.2R3-S5-EVO, 21.3R3-S4-EVO, 21.4R3-S3-EVO, 22.1R3-S2-EVO, 22.2R3-EVO, 22.3R2-S2-EVO, 22.3R3-EVO, 22.4R1-S1-EVO, 22.4R2-EVO, 23.1R1-EVO, 23.1R2-EVO, 23.2R1-EVO\n\n"
}
],
"source": {
"advisory": "JSA73171",
"defect": [
"1712287"
],
"discovery": "USER"
},
"timeline": [
{
"lang": "en",
"time": "2023-10-11T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Junos OS and Junos OS Evolved: An l2cpd crash will occur when specific LLDP packets are received",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIf LLDP and its services are not required, customers can disable LLDP. Disabling telemetry polling also mitigates the issue.\u003c/p\u003e\u003cp\u003eThere are no other known workarounds for this issue.\u003c/p\u003e"
}
],
"value": "If LLDP and its services are not required, customers can disable LLDP. Disabling telemetry polling also mitigates the issue.\n\nThere are no other known workarounds for this issue.\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-av217"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2023-36839",
"datePublished": "2023-10-12T22:56:24.897Z",
"dateReserved": "2023-06-27T16:17:25.276Z",
"dateUpdated": "2024-09-18T18:03:21.702Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21585 (GCVE-0-2024-21585)
Vulnerability from cvelistv5
Published
2024-01-12 00:50
Modified
2024-11-14 14:40
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An Improper Handling of Exceptional Conditions vulnerability in BGP session processing of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker, using specific timing outside the attacker's control, to flap BGP sessions and cause the routing protocol daemon (rpd) process to crash and restart, leading to a Denial of Service (DoS) condition. Continued BGP session flapping will create a sustained Denial of Service (DoS) condition.
This issue only affects routers configured with non-stop routing (NSR) enabled. Graceful Restart (GR) helper mode, enabled by default, is also required for this issue to be exploitable.
Note: NSR is not supported on the SRX Series and is therefore not affected by this vulnerability.
When the BGP session flaps on the NSR-enabled router, the device enters GR-helper/LLGR-helper mode due to the peer having negotiated GR/LLGR-restarter capability and the backup BGP requests for replication of the GR/LLGR-helper session, master BGP schedules, and initiates replication of GR/LLGR stale routes to the backup BGP. In this state, if the BGP session with the BGP peer comes up again, unsolicited replication is initiated for the peer without cleaning up the ongoing GR/LLGR-helper mode replication. This parallel two instances of replication for the same peer leads to the assert if the BGP session flaps again.
This issue affects:
Juniper Networks Junos OS
* All versions earlier than 20.4R3-S9;
* 21.2 versions earlier than 21.2R3-S7;
* 21.3 versions earlier than 21.3R3-S5;
* 21.4 versions earlier than 21.4R3-S5;
* 22.1 versions earlier than 22.1R3-S4;
* 22.2 versions earlier than 22.2R3-S3;
* 22.3 versions earlier than 22.3R3-S1;
* 22.4 versions earlier than 22.4R2-S2, 22.4R3;
* 23.2 versions earlier than 23.2R1-S1, 23.2R2.
Juniper Networks Junos OS Evolved
* All versions earlier than 21.3R3-S5-EVO;
* 21.4 versions earlier than 21.4R3-S5-EVO;
* 22.1 versions earlier than 22.1R3-S4-EVO;
* 22.2 versions earlier than 22.2R3-S3-EVO;
* 22.3 versions earlier than 22.3R3-S1-EVO;
* 22.4 versions earlier than 22.4R2-S2-EVO, 22.4R3-EVO;
* 23.2 versions earlier than 23.2R1-S1-EVO, 23.2R2-EVO.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: 0 ≤ Version: 21.2 ≤ Version: 21.3 ≤ Version: 21.4 ≤ Version: 22.1 ≤ Version: 22.2 ≤ Version: 22.3 ≤ Version: 22.4 ≤ Version: 23.2 ≤ |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:34.817Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA75723"
},
{
"tags": [
"technical-description",
"x_transferred"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"
},
{
"tags": [
"product",
"x_transferred"
],
"url": "https://supportportal.juniper.net/s/article/MX-GR-and-LLGR-capability-and-compatibility-changes-after-15-1-release"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21585",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-14T14:40:34.207129Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T14:40:50.210Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"MX Series",
"PTX Series",
"ACX Series",
"EX Series",
"QFX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S9",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.2R3-S7",
"status": "affected",
"version": "21.2",
"versionType": "semver"
},
{
"lessThan": "21.3R3-S5",
"status": "affected",
"version": "21.3",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S5",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S4",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S3",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S1",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R2-S2, 22.4R3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R1-S1, 23.2R2",
"status": "affected",
"version": "23.2",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"PTX Series",
"ACX Series",
"QFX Series"
],
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.3R3-S5-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S5-EVO",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S4-EVO",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S3-EVO",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S1-EVO",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R2-S2-EVO, 22.4R3-EVO",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R1-S1-EVO, 23.2R2-EVO",
"status": "affected",
"version": "23.2",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Non-stop routing (NSR) is enabled using the following configuration:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e\u0026nbsp; [edit chassis redundancy]\u003cbr\u003e\u0026nbsp; graceful-switchover;\u003cbr\u003e\u0026nbsp; \u003cbr\u003e\u0026nbsp; [edit routing-options]\u003cbr\u003e\u0026nbsp; nonstop-routing;\u003c/tt\u003e\u003cbr\u003e"
}
],
"value": "Non-stop routing (NSR) is enabled using the following configuration:\n\n\u00a0 [edit chassis redundancy]\n\u00a0 graceful-switchover;\n\u00a0 \n\u00a0 [edit routing-options]\n\u00a0 nonstop-routing;\n"
}
],
"datePublic": "2024-01-10T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eAn Improper Handling of Exceptional Conditions vulnerability in BGP session processing of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker, using specific timing outside the attacker\u0027s control, to flap BGP sessions and cause the routing protocol daemon (rpd) process to crash and restart, leading to a Denial of Service (DoS) condition. Continued BGP session flapping will create a sustained Denial of Service (DoS) condition.\u003c/p\u003e\u003cp\u003eThis issue only affects routers configured with non-stop routing (NSR) enabled. Graceful Restart (GR) helper mode, enabled by default, is also required for this issue to be exploitable.\u003cbr\u003e\u003c/p\u003eNote: NSR is not supported on the SRX Series and is therefore not affected by this vulnerability.\u003cbr\u003e\u003cp\u003eWhen the BGP session flaps on the NSR-enabled router, the device enters GR-helper/LLGR-helper mode due to the peer having negotiated GR/LLGR-restarter capability and the backup BGP requests for replication of the GR/LLGR-helper session, master BGP schedules, and initiates replication of GR/LLGR stale routes to the backup BGP. In this state, if the BGP session with the BGP peer comes up again, unsolicited replication is initiated for the peer without cleaning up the ongoing GR/LLGR-helper mode replication. This parallel two instances of replication for the same peer leads to the assert if the BGP session flaps again.\u003c/p\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJuniper Networks Junos OS\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions earlier than 20.4R3-S9;\u003c/li\u003e\u003cli\u003e21.2 versions earlier than 21.2R3-S7;\u003c/li\u003e\u003cli\u003e21.3 versions earlier than 21.3R3-S5;\u003c/li\u003e\u003cli\u003e21.4 versions earlier than 21.4R3-S5;\u003c/li\u003e\u003cli\u003e22.1 versions earlier than 22.1R3-S4;\u003c/li\u003e\u003cli\u003e22.2 versions earlier than 22.2R3-S3;\u003c/li\u003e\u003cli\u003e22.3 versions earlier than 22.3R3-S1;\u003c/li\u003e\u003cli\u003e22.4 versions earlier than 22.4R2-S2, 22.4R3;\u003c/li\u003e\u003cli\u003e23.2 versions earlier than 23.2R1-S1, 23.2R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eJuniper Networks Junos OS Evolved\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions earlier than 21.3R3-S5-EVO;\u003c/li\u003e\u003cli\u003e21.4 versions earlier than 21.4R3-S5-EVO;\u003c/li\u003e\u003cli\u003e22.1 versions earlier than 22.1R3-S4-EVO;\u003c/li\u003e\u003cli\u003e22.2 versions earlier than 22.2R3-S3-EVO;\u003c/li\u003e\u003cli\u003e22.3 versions earlier than 22.3R3-S1-EVO;\u003c/li\u003e\u003cli\u003e22.4 versions earlier than 22.4R2-S2-EVO, 22.4R3-EVO;\u003c/li\u003e\u003cli\u003e23.2 versions earlier than 23.2R1-S1-EVO, 23.2R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\n\n"
}
],
"value": "\nAn Improper Handling of Exceptional Conditions vulnerability in BGP session processing of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker, using specific timing outside the attacker\u0027s control, to flap BGP sessions and cause the routing protocol daemon (rpd) process to crash and restart, leading to a Denial of Service (DoS) condition. Continued BGP session flapping will create a sustained Denial of Service (DoS) condition.\n\nThis issue only affects routers configured with non-stop routing (NSR) enabled. Graceful Restart (GR) helper mode, enabled by default, is also required for this issue to be exploitable.\n\n\nNote: NSR is not supported on the SRX Series and is therefore not affected by this vulnerability.\nWhen the BGP session flaps on the NSR-enabled router, the device enters GR-helper/LLGR-helper mode due to the peer having negotiated GR/LLGR-restarter capability and the backup BGP requests for replication of the GR/LLGR-helper session, master BGP schedules, and initiates replication of GR/LLGR stale routes to the backup BGP. In this state, if the BGP session with the BGP peer comes up again, unsolicited replication is initiated for the peer without cleaning up the ongoing GR/LLGR-helper mode replication. This parallel two instances of replication for the same peer leads to the assert if the BGP session flaps again.\n\nThis issue affects:\n\nJuniper Networks Junos OS\n\n\n\n * All versions earlier than 20.4R3-S9;\n * 21.2 versions earlier than 21.2R3-S7;\n * 21.3 versions earlier than 21.3R3-S5;\n * 21.4 versions earlier than 21.4R3-S5;\n * 22.1 versions earlier than 22.1R3-S4;\n * 22.2 versions earlier than 22.2R3-S3;\n * 22.3 versions earlier than 22.3R3-S1;\n * 22.4 versions earlier than 22.4R2-S2, 22.4R3;\n * 23.2 versions earlier than 23.2R1-S1, 23.2R2.\n\n\n\n\nJuniper Networks Junos OS Evolved\n\n\n\n * All versions earlier than 21.3R3-S5-EVO;\n * 21.4 versions earlier than 21.4R3-S5-EVO;\n * 22.1 versions earlier than 22.1R3-S4-EVO;\n * 22.2 versions earlier than 22.2R3-S3-EVO;\n * 22.3 versions earlier than 22.3R3-S1-EVO;\n * 22.4 versions earlier than 22.4R2-S2-EVO, 22.4R3-EVO;\n * 23.2 versions earlier than 23.2R1-S1-EVO, 23.2R2-EVO.\n\n\n\n\n\n\n"
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e"
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755 Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-30T23:32:17.643Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA75723"
},
{
"tags": [
"technical-description"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"
},
{
"tags": [
"product"
],
"url": "https://supportportal.juniper.net/s/article/MX-GR-and-LLGR-capability-and-compatibility-changes-after-15-1-release"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue: \u003c/p\u003e\u003cp\u003eJunos OS: 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S3, 22.3R3-S1, 22.4R2-S2, 22.4R3, 23.1R2, 23.2R1-S1, 23.2R2, 23.3R1, and all subsequent releases.\u003c/p\u003e\u003cp\u003eJunos OS Evolved: 21.3R3-S5-EVO, 21.4R3-S5-EVO, 22.1R3-S4-EVO, 22.2R3-S3-EVO, 22.3R3-S1-EVO, 22.4R2-S2-EVO, 22.4R3-EVO, 23.1R2-EVO, 23.2R1-S1-EVO, 23.2R2-EVO, 23.3R1-EVO, and all subsequent releases.\u003c/p\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS: 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S3, 22.3R3-S1, 22.4R2-S2, 22.4R3, 23.1R2, 23.2R1-S1, 23.2R2, 23.3R1, and all subsequent releases.\n\nJunos OS Evolved: 21.3R3-S5-EVO, 21.4R3-S5-EVO, 22.1R3-S4-EVO, 22.2R3-S3-EVO, 22.3R3-S1-EVO, 22.4R2-S2-EVO, 22.4R3-EVO, 23.1R2-EVO, 23.2R1-S1-EVO, 23.2R2-EVO, 23.3R1-EVO, and all subsequent releases.\n\n"
}
],
"source": {
"advisory": "JSA75723",
"defect": [
"1742287"
],
"discovery": "USER"
},
"timeline": [
{
"lang": "en",
"time": "2024-01-10T17:00:00.000Z",
"value": "Initial Publication"
},
{
"lang": "en",
"time": "2024-01-16T17:00:00.000Z",
"value": "Clarified that SRX Series, which does not support NSR, is not vulnerable"
},
{
"lang": "en",
"time": "2024-01-30T17:00:00.000Z",
"value": "Updated required config and workaround to be more precise"
}
],
"title": "Junos OS and Junos OS Evolved: BGP session flaps on NSR-enabled devices can cause rpd crash",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Graceful Restart (GR) helper mode and Long-Lived Graceful Restart (LLGR) helper mode can be disabled to prevent this issue.\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e\u0026nbsp; [edit protocols bgp graceful-restart]\u003cbr\u003e\u0026nbsp; disable;\u003cbr\u003e\u003cbr\u003e\u0026nbsp; [edit protocols bgp graceful-restart long-lived receiver]\u003cbr\u003e\u0026nbsp; disable;\u003c/tt\u003e"
}
],
"value": "Graceful Restart (GR) helper mode and Long-Lived Graceful Restart (LLGR) helper mode can be disabled to prevent this issue.\n\n\u00a0 [edit protocols bgp graceful-restart]\n\u00a0 disable;\n\n\u00a0 [edit protocols bgp graceful-restart long-lived receiver]\n\u00a0 disable;"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-av217"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-21585",
"datePublished": "2024-01-12T00:50:59.105Z",
"dateReserved": "2023-12-27T19:38:25.702Z",
"dateUpdated": "2024-11-14T14:40:50.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39520 (GCVE-0-2024-39520)
Vulnerability from cvelistv5
Published
2024-07-11 15:56
Modified
2024-08-02 04:26
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.5 (High) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
8.5 (High) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
Summary
An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system.
The Junos OS Evolved CLI doesn't properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level.
This issue affects Junos OS Evolved:
* All version before 20.4R3-S6-EVO,
* 21.2-EVO versions before 21.2R3-S4-EVO,
* 21.4-EVO versions before 21.4R3-S6-EVO,
* 22.2-EVO versions before 22.2R2-S1-EVO, 22.2R3-EVO,
* 22.3-EVO versions before 22.3R2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportportal.juniper.net/JSA82975 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Version: 0 ≤ Version: 21.2-EVO ≤ Version: 21.4-EVO ≤ Version: 22.2-EVO ≤ Version: 22.3-EVO ≤ |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:juniper:junos_os_evolved:21.2:*:*:*:*:*:*:*",
"cpe:2.3:o:juniper:junos_os_evolved:21.4:*:*:*:*:*:*:*",
"cpe:2.3:o:juniper:junos_os_evolved:22.2:*:*:*:*:*:*:*",
"cpe:2.3:o:juniper:junos_os_evolved:22.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "junos_os_evolved",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.2r3-s4",
"status": "affected",
"version": "21.2",
"versionType": "semver"
},
{
"lessThan": "21.4r3-s6",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.2r2-s1",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3r2",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.2r3",
"status": "affected",
"version": "22.2",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos_os_evolved",
"vendor": "juniper",
"versions": [
{
"lessThan": "20.4r3-s6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39520",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-12T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-13T03:55:21.233Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.876Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA82975"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S6-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.2R3-S4-EVO",
"status": "affected",
"version": "21.2-EVO",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S6-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "semver"
},
{
"lessThan": "22.2R2-S1-EVO, 22.2R3-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R2-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-07-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An\u0026nbsp;Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to \u0027root\u0027 leading to a full compromise of the system.\u003cbr\u003e\u003cbr\u003eThe Junos OS Evolved CLI doesn\u0027t properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level.\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects Junos OS Evolved:\u003c/span\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll version before 20.4R3-S6-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003e21.2-EVO versions before 21.2R3-S4-EVO,\u003c/li\u003e\u003cli\u003e21.4-EVO versions before 21.4R3-S6-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003e22.2-EVO versions before 22.2R2-S1-EVO, 22.2R3-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003e22.3-EVO versions before 22.3R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "An\u00a0Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to \u0027root\u0027 leading to a full compromise of the system.\n\nThe Junos OS Evolved CLI doesn\u0027t properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level.\n\nThis issue affects Junos OS Evolved:\n\n * All version before 20.4R3-S6-EVO,\u00a0\n * 21.2-EVO versions before 21.2R3-S4-EVO,\n * 21.4-EVO versions before 21.4R3-S6-EVO,\u00a0\n * 22.2-EVO versions before 22.2R2-S1-EVO, 22.2R3-EVO,\u00a0\n * 22.3-EVO versions before 22.3R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T15:56:53.855Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA82975"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: 20.4R3-S6-EVO, 21.2R3-S4-EVO, 21.4R3-S6-EVO, 22.2R2-S1-EVO, 22.2R3-EVO, 22.3R2-EVO, 22.4R1-EVO, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue: 20.4R3-S6-EVO, 21.2R3-S4-EVO, 21.4R3-S6-EVO, 22.2R2-S1-EVO, 22.2R3-EVO, 22.3R2-EVO, 22.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA82975",
"defect": [
"1693858"
],
"discovery": "EXTERNAL"
},
"title": "Junos OS Evolved: CLI parameter processing issue allows privilege escalation",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-39520",
"datePublished": "2024-07-11T15:56:53.855Z",
"dateReserved": "2024-06-25T15:12:53.239Z",
"dateUpdated": "2024-08-02T04:26:15.876Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-0209 (GCVE-0-2021-0209)
Vulnerability from cvelistv5
Published
2021-01-15 17:35
Modified
2024-09-17 03:32
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In Juniper Networks Junos OS Evolved an attacker sending certain valid BGP update packets may cause Junos OS Evolved to access an uninitialized pointer causing RPD to core leading to a Denial of Service (DoS). Continued receipt of these types of valid BGP update packets will cause an extended Denial of Service condition. RPD will require a restart to recover. An indicator of compromise is to see if the file rpd.re exists by issuing the command: show system core-dumps This issue affects: Juniper Networks Junos OS Evolved 19.4 versions prior to 19.4R2-S2-EVO; 20.1 versions prior to 20.1R1-S2-EVO, 20.1R2-S1-EVO. This issue does not affect Junos OS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA11099 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Version: 19.4 < 19.4R2-S2-EVO Version: 20.1 < 20.1R1-S2-EVO, 20.1R2-S1-EVO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:10.126Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11099"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "19.4R2-S2-EVO",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R1-S2-EVO, 20.1R2-S1-EVO",
"status": "affected",
"version": "20.1",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "The following minimal configuration which will vary by implementation is necessary:\n\n* Must be running Junos OS Evolved\n* A BGP peering session is configured.\n* Regular expressions (REGEX) are being used with BGP."
}
],
"datePublic": "2021-01-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Juniper Networks Junos OS Evolved an attacker sending certain valid BGP update packets may cause Junos OS Evolved to access an uninitialized pointer causing RPD to core leading to a Denial of Service (DoS). Continued receipt of these types of valid BGP update packets will cause an extended Denial of Service condition. RPD will require a restart to recover. An indicator of compromise is to see if the file rpd.re exists by issuing the command: show system core-dumps This issue affects: Juniper Networks Junos OS Evolved 19.4 versions prior to 19.4R2-S2-EVO; 20.1 versions prior to 20.1R1-S2-EVO, 20.1R2-S1-EVO. This issue does not affect Junos OS."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-824",
"description": "CWE-824 Access of Uninitialized Pointer",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-15T17:35:56",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11099"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved: 19.4R2-S2-EVO, 20.1R1-S2-EVO, 20.1R2-S1-EVO, 20.2R1-EVO and all subsequent releases."
}
],
"source": {
"advisory": "JSA11099",
"defect": [
"1517128"
],
"discovery": "USER"
},
"title": "Junos OS Evolved: Receipt of certain valid BGP update packets from BGP peers may cause RPD to core when using REGEX.",
"workarounds": [
{
"lang": "en",
"value": "There are no available workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-01-13T16:00:00.000Z",
"ID": "CVE-2021-0209",
"STATE": "PUBLIC",
"TITLE": "Junos OS Evolved: Receipt of certain valid BGP update packets from BGP peers may cause RPD to core when using REGEX."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R2-S2-EVO"
},
{
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R1-S2-EVO, 20.1R2-S1-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "The following minimal configuration which will vary by implementation is necessary:\n\n* Must be running Junos OS Evolved\n* A BGP peering session is configured.\n* Regular expressions (REGEX) are being used with BGP."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Juniper Networks Junos OS Evolved an attacker sending certain valid BGP update packets may cause Junos OS Evolved to access an uninitialized pointer causing RPD to core leading to a Denial of Service (DoS). Continued receipt of these types of valid BGP update packets will cause an extended Denial of Service condition. RPD will require a restart to recover. An indicator of compromise is to see if the file rpd.re exists by issuing the command: show system core-dumps This issue affects: Juniper Networks Junos OS Evolved 19.4 versions prior to 19.4R2-S2-EVO; 20.1 versions prior to 20.1R1-S2-EVO, 20.1R2-S1-EVO. This issue does not affect Junos OS."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-824 Access of Uninitialized Pointer"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11099",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11099"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved: 19.4R2-S2-EVO, 20.1R1-S2-EVO, 20.1R2-S1-EVO, 20.2R1-EVO and all subsequent releases."
}
],
"source": {
"advisory": "JSA11099",
"defect": [
"1517128"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "There are no available workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0209",
"datePublished": "2021-01-15T17:35:56.274980Z",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-09-17T03:32:29.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1624 (GCVE-0-2020-1624)
Vulnerability from cvelistv5
Published
2020-04-08 19:25
Modified
2024-09-17 02:16
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A local, authenticated user with shell can obtain the hashed values of login passwords and shared secrets via raw objmon configuration files. This issue affects all versions of Junos OS Evolved prior to 19.1R1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA11003 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Version: unspecified < 19.1R1-EVO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:29.739Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11003"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "19.1R1-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A local, authenticated user with shell can obtain the hashed values of login passwords and shared secrets via raw objmon configuration files. This issue affects all versions of Junos OS Evolved prior to 19.1R1."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Information Exposure Through Log Files",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-09T23:09:15",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11003"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 19.1R1-EVO, 19.2R2-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11003",
"defect": [
"1406239"
],
"discovery": "INTERNAL"
},
"title": "Junos OS Evolved: objmon logs may leak sensitive information",
"workarounds": [
{
"lang": "en",
"value": "Limit access to the Junos OS shell to only trusted system administrators with a need for access below the Junos CLI."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-04-08T16:00:00.000Z",
"ID": "CVE-2020-1624",
"STATE": "PUBLIC",
"TITLE": "Junos OS Evolved: objmon logs may leak sensitive information"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "19.1R1-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A local, authenticated user with shell can obtain the hashed values of login passwords and shared secrets via raw objmon configuration files. This issue affects all versions of Junos OS Evolved prior to 19.1R1."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532 Information Exposure Through Log Files"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11003",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11003"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 19.1R1-EVO, 19.2R2-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11003",
"defect": [
"1406239"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Limit access to the Junos OS shell to only trusted system administrators with a need for access below the Junos CLI."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2020-1624",
"datePublished": "2020-04-08T19:25:57.553464Z",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-09-17T02:16:29.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22212 (GCVE-0-2022-22212)
Vulnerability from cvelistv5
Published
2022-07-20 14:15
Modified
2024-09-16 20:07
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An Allocation of Resources Without Limits or Throttling vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved allows unauthenticated network based attacker to cause a Denial of Service (DoS). On all Junos Evolved platforms hostbound protocols will be impacted by a high rate of specific hostbound traffic from ports on a PFE. Continued receipt of this amount of traffic will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS Evolved: 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 21.2R1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA69716 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Patch: unspecified Version: 21.2 < 21.2R3-EVO Version: 21.3 < 21.3R2-EVO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:07:49.954Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA69716"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R1-EVO",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "21.2R3-EVO",
"status": "affected",
"version": "21.2",
"versionType": "custom"
},
{
"lessThan": "21.3R2-EVO",
"status": "affected",
"version": "21.3",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Allocation of Resources Without Limits or Throttling vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved allows unauthenticated network based attacker to cause a Denial of Service (DoS). On all Junos Evolved platforms hostbound protocols will be impacted by a high rate of specific hostbound traffic from ports on a PFE. Continued receipt of this amount of traffic will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS Evolved: 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 21.2R1."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-20T14:15:17",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA69716"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA69716",
"defect": [
"1627344"
],
"discovery": "USER"
},
"title": "Junos OS Evolved: A high rate of specific hostbound traffic will cause unexpected hostbound traffic delays or drops",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue.\nTo reduce the risk of exploitation of this issue, use access lists or firewall filters to limit access to only trusted networks, hosts and users."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2022-07-13T16:00:00.000Z",
"ID": "CVE-2022-22212",
"STATE": "PUBLIC",
"TITLE": "Junos OS Evolved: A high rate of specific hostbound traffic will cause unexpected hostbound traffic delays or drops"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "21.2",
"version_value": "21.2R3-EVO"
},
{
"version_affected": "\u003c",
"version_name": "21.3",
"version_value": "21.3R2-EVO"
},
{
"version_affected": "!\u003c",
"version_value": "21.2R1-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Allocation of Resources Without Limits or Throttling vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved allows unauthenticated network based attacker to cause a Denial of Service (DoS). On all Junos Evolved platforms hostbound protocols will be impacted by a high rate of specific hostbound traffic from ports on a PFE. Continued receipt of this amount of traffic will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS Evolved: 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 21.2R1."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-770 Allocation of Resources Without Limits or Throttling"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA69716",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA69716"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA69716",
"defect": [
"1627344"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue.\nTo reduce the risk of exploitation of this issue, use access lists or firewall filters to limit access to only trusted networks, hosts and users."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2022-22212",
"datePublished": "2022-07-20T14:15:17.405417Z",
"dateReserved": "2021-12-21T00:00:00",
"dateUpdated": "2024-09-16T20:07:01.076Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-0273 (GCVE-0-2021-0273)
Vulnerability from cvelistv5
Published
2021-04-22 19:37
Modified
2024-09-17 00:26
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An always-incorrect control flow implementation in the implicit filter terms of Juniper Networks Junos OS and Junos OS Evolved on ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960 devices with affected Trio line cards allows an attacker to exploit an interdependency in the PFE UCODE microcode of the Trio chipset with various line cards to cause packets destined to the devices interfaces to cause a Denial of Service (DoS) condition by looping the packet with an unreachable exit condition ('Infinite Loop'). To break this loop once it begins one side of the affected LT interfaces will need to be disabled. Once disabled, the condition will clear and the disabled LT interface can be reenabled. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue only affects LT-LT interfaces. Any other interfaces are not affected by this issue. This issue affects the following cards: MPCE Type 3 3D MPC4E 3D 32XGE MPC4E 3D 2CGE+8XGE EX9200 32x10G SFP EX9200-2C-8XS FPC Type 5-3D FPC Type 5-LSR EX9200 4x40G QSFP An Indicator of Compromise (IoC) can be seen by examining the traffic of the LT-LT interfaces for excessive traffic using the following command: monitor interface traffic Before loop impact: Interface: lt-2/0/0, Enabled, Link is Up Encapsulation: Logical-tunnel, Speed: 100000mbps Traffic statistics: Current delta Input bytes: 3759900268942 (1456 bps) [0] <---------- LT interface utilization is low Output bytes: 3759900344309 (1456 bps) [0] <---------- LT interface utilization is low After loop impact: Interface: lt-2/0/0, Enabled, Link is Up Encapsulation: Logical-tunnel, Speed: 100000mbps Traffic statistics: Current delta Input bytes: 3765160313129 (2158268368 bps) [5260044187] <---------- LT interface utilization is very high Output bytes: 3765160399522 (2158266440 bps) [5260055213] <---------- LT interface utilization is very high This issue affects: Juniper Networks Junos OS on ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960. Versions 15.1F6, 16.1R1, and later versions prior to 16.1R7-S8; 17.1 versions prior to 17.1R2-S12; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S10, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3; 18.3 versions prior to 18.3R1-S7, 18.3R3-S2; 18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3-S2; 19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S4, 19.2R2; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S1, 19.4R2. This issue does not affect the MX10001. This issue does not affect Juniper Networks Junos OS versions prior to 15.1F6, 16.1R1. Juniper Networks Junos OS Evolved on ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960 19.4 versions prior to 19.4R2-EVO. This issue does not affect the MX10001.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA11164 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Patch: unspecified Version: 15.1F6 < 15.1* Version: 16.1R1 < 16.1* Version: 17.1 < 17.1R2-S12 Version: 17.2 < 17.2R3-S4 Version: 17.3 < 17.3R3-S8 Version: 17.4 < 17.4R2-S10, 17.4R3-S2 Version: 18.1 < 18.1R3-S10 Version: 18.2 < 18.2R2-S7, 18.2R3-S3 Version: 18.3 < 18.3R1-S7, 18.3R3-S2 Version: 18.4 < 18.4R1-S7, 18.4R2-S4, 18.4R3-S2 Version: 19.1 < 19.1R1-S5, 19.1R2-S1, 19.1R3 Version: 19.2 < 19.2R1-S4, 19.2R2 Version: 19.3 < 19.3R2-S3, 19.3R3 Version: 19.4 < 19.4R1-S1, 19.4R2 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:10.507Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11164"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "15.1F6, 16.1R1",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "15.1*",
"status": "affected",
"version": "15.1F6",
"versionType": "custom"
},
{
"changes": [
{
"at": "16.1R7-S8",
"status": "unaffected"
}
],
"lessThan": "16.1*",
"status": "affected",
"version": "16.1R1",
"versionType": "custom"
},
{
"lessThan": "17.1R2-S12",
"status": "affected",
"version": "17.1",
"versionType": "custom"
},
{
"lessThan": "17.2R3-S4",
"status": "affected",
"version": "17.2",
"versionType": "custom"
},
{
"lessThan": "17.3R3-S8",
"status": "affected",
"version": "17.3",
"versionType": "custom"
},
{
"lessThan": "17.4R2-S10, 17.4R3-S2",
"status": "affected",
"version": "17.4",
"versionType": "custom"
},
{
"lessThan": "18.1R3-S10",
"status": "affected",
"version": "18.1",
"versionType": "custom"
},
{
"lessThan": "18.2R2-S7, 18.2R3-S3",
"status": "affected",
"version": "18.2",
"versionType": "custom"
},
{
"lessThan": "18.3R1-S7, 18.3R3-S2",
"status": "affected",
"version": "18.3",
"versionType": "custom"
},
{
"lessThan": "18.4R1-S7, 18.4R2-S4, 18.4R3-S2",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R1-S5, 19.1R2-S1, 19.1R3",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R1-S4, 19.2R2",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R2-S3, 19.3R3",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R1-S1, 19.4R2",
"status": "affected",
"version": "19.4",
"versionType": "custom"
}
]
},
{
"platforms": [
"ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960"
],
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "19.4R2-EVO",
"status": "affected",
"version": "19.4",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "An example of an affected configuration is one where a Trio chipset line card is in use with a logical-tunnel interface set up to communicate to a second logical tunnel (LT-to-LT) interface."
}
],
"datePublic": "2021-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An always-incorrect control flow implementation in the implicit filter terms of Juniper Networks Junos OS and Junos OS Evolved on ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960 devices with affected Trio line cards allows an attacker to exploit an interdependency in the PFE UCODE microcode of the Trio chipset with various line cards to cause packets destined to the devices interfaces to cause a Denial of Service (DoS) condition by looping the packet with an unreachable exit condition (\u0027Infinite Loop\u0027). To break this loop once it begins one side of the affected LT interfaces will need to be disabled. Once disabled, the condition will clear and the disabled LT interface can be reenabled. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue only affects LT-LT interfaces. Any other interfaces are not affected by this issue. This issue affects the following cards: MPCE Type 3 3D MPC4E 3D 32XGE MPC4E 3D 2CGE+8XGE EX9200 32x10G SFP EX9200-2C-8XS FPC Type 5-3D FPC Type 5-LSR EX9200 4x40G QSFP An Indicator of Compromise (IoC) can be seen by examining the traffic of the LT-LT interfaces for excessive traffic using the following command: monitor interface traffic Before loop impact: Interface: lt-2/0/0, Enabled, Link is Up Encapsulation: Logical-tunnel, Speed: 100000mbps Traffic statistics: Current delta Input bytes: 3759900268942 (1456 bps) [0] \u003c---------- LT interface utilization is low Output bytes: 3759900344309 (1456 bps) [0] \u003c---------- LT interface utilization is low After loop impact: Interface: lt-2/0/0, Enabled, Link is Up Encapsulation: Logical-tunnel, Speed: 100000mbps Traffic statistics: Current delta Input bytes: 3765160313129 (2158268368 bps) [5260044187] \u003c---------- LT interface utilization is very high Output bytes: 3765160399522 (2158266440 bps) [5260055213] \u003c---------- LT interface utilization is very high This issue affects: Juniper Networks Junos OS on ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960. Versions 15.1F6, 16.1R1, and later versions prior to 16.1R7-S8; 17.1 versions prior to 17.1R2-S12; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S10, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3; 18.3 versions prior to 18.3R1-S7, 18.3R3-S2; 18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3-S2; 19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S4, 19.2R2; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S1, 19.4R2. This issue does not affect the MX10001. This issue does not affect Juniper Networks Junos OS versions prior to 15.1F6, 16.1R1. Juniper Networks Junos OS Evolved on ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960 19.4 versions prior to 19.4R2-EVO. This issue does not affect the MX10001."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-670",
"description": "CWE-670: Always-Incorrect Control Flow Implementation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T19:37:28",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/JSA11164"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 16.1R7-S8, 17.1R2-S12, 17.2R3-S4, 17.3R3-S8, 17.4R2-S10, 17.4R3-S2, 18.1R3-S10, 18.2R2-S7, 18.2R3-S3, 18.3R1-S7, 18.3R3-S2, 18.4R1-S7, 18.4R2-S4, 18.4R3-S2, 19.1R1-S5, 19.1R2-S1, 19.1R3, 19.2R1-S4, 19.2R2, 19.3R2-S3, 19.3R3, 19.4R1-S1, 19.4R2, 20.1R1, and all subsequent releases.\n\nJunos OS Evolved: 19.4R2-EVO, 20.1R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11164",
"defect": [
"1478759"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: Trio Chipset: Denial of Service due to packet destined to device\u0027s interfaces.",
"workarounds": [
{
"lang": "en",
"value": "There are no available workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-04-14T16:00:00.000Z",
"ID": "CVE-2021-0273",
"STATE": "PUBLIC",
"TITLE": "Junos OS and Junos OS Evolved: Trio Chipset: Denial of Service due to packet destined to device\u0027s interfaces."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960",
"version_affected": "\u003e=",
"version_name": "15.1",
"version_value": "15.1F6"
},
{
"platform": "ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960",
"version_affected": "\u003e=",
"version_name": "16.1",
"version_value": "16.1R1"
},
{
"platform": "ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960",
"version_affected": "\u003c",
"version_name": "16.1",
"version_value": "16.1R7-S8"
},
{
"platform": "ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960",
"version_affected": "\u003c",
"version_name": "17.1",
"version_value": "17.1R2-S12"
},
{
"platform": "ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960",
"version_affected": "\u003c",
"version_name": "17.2",
"version_value": "17.2R3-S4"
},
{
"platform": "ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960",
"version_affected": "\u003c",
"version_name": "17.3",
"version_value": "17.3R3-S8"
},
{
"platform": "ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960",
"version_affected": "\u003c",
"version_name": "17.4",
"version_value": "17.4R2-S10, 17.4R3-S2"
},
{
"platform": "ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960",
"version_affected": "\u003c",
"version_name": "18.1",
"version_value": "18.1R3-S10"
},
{
"platform": "ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960",
"version_affected": "\u003c",
"version_name": "18.2",
"version_value": "18.2R2-S7, 18.2R3-S3"
},
{
"platform": "ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960",
"version_affected": "\u003c",
"version_name": "18.3",
"version_value": "18.3R1-S7, 18.3R3-S2"
},
{
"platform": "ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960",
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R1-S7, 18.4R2-S4, 18.4R3-S2"
},
{
"platform": "ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960",
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R1-S5, 19.1R2-S1, 19.1R3"
},
{
"platform": "ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960",
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R1-S4, 19.2R2"
},
{
"platform": "ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960",
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R2-S3, 19.3R3"
},
{
"platform": "ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960",
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R1-S1, 19.4R2"
},
{
"platform": "ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960",
"version_affected": "!\u003c",
"version_value": "15.1F6, 16.1R1"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"platform": "ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960",
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "An example of an affected configuration is one where a Trio chipset line card is in use with a logical-tunnel interface set up to communicate to a second logical tunnel (LT-to-LT) interface."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An always-incorrect control flow implementation in the implicit filter terms of Juniper Networks Junos OS and Junos OS Evolved on ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960 devices with affected Trio line cards allows an attacker to exploit an interdependency in the PFE UCODE microcode of the Trio chipset with various line cards to cause packets destined to the devices interfaces to cause a Denial of Service (DoS) condition by looping the packet with an unreachable exit condition (\u0027Infinite Loop\u0027). To break this loop once it begins one side of the affected LT interfaces will need to be disabled. Once disabled, the condition will clear and the disabled LT interface can be reenabled. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue only affects LT-LT interfaces. Any other interfaces are not affected by this issue. This issue affects the following cards: MPCE Type 3 3D MPC4E 3D 32XGE MPC4E 3D 2CGE+8XGE EX9200 32x10G SFP EX9200-2C-8XS FPC Type 5-3D FPC Type 5-LSR EX9200 4x40G QSFP An Indicator of Compromise (IoC) can be seen by examining the traffic of the LT-LT interfaces for excessive traffic using the following command: monitor interface traffic Before loop impact: Interface: lt-2/0/0, Enabled, Link is Up Encapsulation: Logical-tunnel, Speed: 100000mbps Traffic statistics: Current delta Input bytes: 3759900268942 (1456 bps) [0] \u003c---------- LT interface utilization is low Output bytes: 3759900344309 (1456 bps) [0] \u003c---------- LT interface utilization is low After loop impact: Interface: lt-2/0/0, Enabled, Link is Up Encapsulation: Logical-tunnel, Speed: 100000mbps Traffic statistics: Current delta Input bytes: 3765160313129 (2158268368 bps) [5260044187] \u003c---------- LT interface utilization is very high Output bytes: 3765160399522 (2158266440 bps) [5260055213] \u003c---------- LT interface utilization is very high This issue affects: Juniper Networks Junos OS on ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960. Versions 15.1F6, 16.1R1, and later versions prior to 16.1R7-S8; 17.1 versions prior to 17.1R2-S12; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S10, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3; 18.3 versions prior to 18.3R1-S7, 18.3R3-S2; 18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3-S2; 19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S4, 19.2R2; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S1, 19.4R2. This issue does not affect the MX10001. This issue does not affect Juniper Networks Junos OS versions prior to 15.1F6, 16.1R1. Juniper Networks Junos OS Evolved on ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960 19.4 versions prior to 19.4R2-EVO. This issue does not affect the MX10001."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-670: Always-Incorrect Control Flow Implementation"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11164",
"refsource": "MISC",
"url": "https://kb.juniper.net/JSA11164"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 16.1R7-S8, 17.1R2-S12, 17.2R3-S4, 17.3R3-S8, 17.4R2-S10, 17.4R3-S2, 18.1R3-S10, 18.2R2-S7, 18.2R3-S3, 18.3R1-S7, 18.3R3-S2, 18.4R1-S7, 18.4R2-S4, 18.4R3-S2, 19.1R1-S5, 19.1R2-S1, 19.1R3, 19.2R1-S4, 19.2R2, 19.3R2-S3, 19.3R3, 19.4R1-S1, 19.4R2, 20.1R1, and all subsequent releases.\n\nJunos OS Evolved: 19.4R2-EVO, 20.1R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11164",
"defect": [
"1478759"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "There are no available workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0273",
"datePublished": "2021-04-22T19:37:28.349412Z",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-09-17T00:26:18.087Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-31362 (GCVE-0-2021-31362)
Vulnerability from cvelistv5
Published
2021-10-19 18:16
Modified
2024-09-17 00:15
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A Protection Mechanism Failure vulnerability in RPD (routing protocol daemon) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent unauthenticated attacker to cause established IS-IS adjacencies to go down by sending a spoofed hello PDU leading to a Denial of Service (DoS) condition. Continued receipted of these spoofed PDUs will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS All versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R3-S3; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R2-EVO; 21.1 versions prior to 21.1R2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA11224 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: unspecified < 18.2R3-S8 Version: 18.3 < 18.3R3-S5 Version: 18.4 < 18.4R3-S9 Version: 19.1 < 19.1R3-S7 Version: 19.2 < 19.2R1-S7, 19.2R3-S3 Version: 19.3 < 19.3R2-S6, 19.3R3-S2 Version: 19.4 < 19.4R3-S3 Version: 20.1 < 20.1R3 Version: 20.2 < 20.2R3 Version: 20.3 < 20.3R3 Version: 20.4 < 20.4R2 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:55:53.714Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11224"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "18.2R3-S8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "18.3R3-S5",
"status": "affected",
"version": "18.3",
"versionType": "custom"
},
{
"lessThan": "18.4R3-S9",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R3-S7",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R1-S7, 19.2R3-S3",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R2-S6, 19.3R3-S2",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R3-S3",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R3",
"status": "affected",
"version": "20.1",
"versionType": "custom"
},
{
"lessThan": "20.2R3",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R3",
"status": "affected",
"version": "20.3",
"versionType": "custom"
},
{
"lessThan": "20.4R2",
"status": "affected",
"version": "20.4",
"versionType": "custom"
}
]
},
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R2-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "21.1R2-EVO",
"status": "affected",
"version": "21.1",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "[ protocols isis interface ]"
}
],
"datePublic": "2021-10-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Protection Mechanism Failure vulnerability in RPD (routing protocol daemon) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent unauthenticated attacker to cause established IS-IS adjacencies to go down by sending a spoofed hello PDU leading to a Denial of Service (DoS) condition. Continued receipted of these spoofed PDUs will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS All versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R3-S3; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R2-EVO; 21.1 versions prior to 21.1R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693 Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-19T18:16:48",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11224"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue in JUNOS OS: 18.2R3-S8, 18.3R3-S5, 18.4R3-S9, 19.1R3-S7, 19.2R1-S7, 19.2R3-S3, 19.3R2-S6, 19.3R3-S2, 19.4R3-S3, 20.1R3, 20.2R3, 20.3R3, 20.4R2, 21.1R1, and all subsequent releases.\nThe following software releases have been updated to resolve this specific issue in JUNOS OS Evolved: 20.4R2-EVO, 21.1R2-EVO, 21.2R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11224",
"defect": [
"1556575"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: An IS-IS adjacency might be taken down if a bad hello PDU is received for an existing adjacency causing a DoS",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-10-13T16:00:00.000Z",
"ID": "CVE-2021-31362",
"STATE": "PUBLIC",
"TITLE": "Junos OS and Junos OS Evolved: An IS-IS adjacency might be taken down if a bad hello PDU is received for an existing adjacency causing a DoS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "18.2R3-S8"
},
{
"version_affected": "\u003c",
"version_name": "18.3",
"version_value": "18.3R3-S5"
},
{
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R3-S9"
},
{
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R3-S7"
},
{
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R1-S7, 19.2R3-S3"
},
{
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R2-S6, 19.3R3-S2"
},
{
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R3-S3"
},
{
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R3"
},
{
"version_affected": "\u003c",
"version_name": "20.2",
"version_value": "20.2R3"
},
{
"version_affected": "\u003c",
"version_name": "20.3",
"version_value": "20.3R3"
},
{
"version_affected": "\u003c",
"version_name": "20.4",
"version_value": "20.4R2"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "20.4R2-EVO"
},
{
"version_affected": "\u003c",
"version_name": "21.1",
"version_value": "21.1R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "[ protocols isis interface ]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Protection Mechanism Failure vulnerability in RPD (routing protocol daemon) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent unauthenticated attacker to cause established IS-IS adjacencies to go down by sending a spoofed hello PDU leading to a Denial of Service (DoS) condition. Continued receipted of these spoofed PDUs will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS All versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R3-S3; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R2-EVO; 21.1 versions prior to 21.1R2-EVO."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-693 Protection Mechanism Failure"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11224",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11224"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue in JUNOS OS: 18.2R3-S8, 18.3R3-S5, 18.4R3-S9, 19.1R3-S7, 19.2R1-S7, 19.2R3-S3, 19.3R2-S6, 19.3R3-S2, 19.4R3-S3, 20.1R3, 20.2R3, 20.3R3, 20.4R2, 21.1R1, and all subsequent releases.\nThe following software releases have been updated to resolve this specific issue in JUNOS OS Evolved: 20.4R2-EVO, 21.1R2-EVO, 21.2R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11224",
"defect": [
"1556575"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-31362",
"datePublished": "2021-10-19T18:16:49.024170Z",
"dateReserved": "2021-04-15T00:00:00",
"dateUpdated": "2024-09-17T00:15:47.397Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-30402 (GCVE-0-2024-30402)
Vulnerability from cvelistv5
Published
2024-04-12 15:27
Modified
2024-08-02 01:32
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
8.2 (High) - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
8.2 (High) - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
VLAI Severity ?
EPSS score ?
Summary
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).
When telemetry requests are sent to the device, and the Dynamic Rendering Daemon (drend) is suspended, the l2ald crashes and restarts due to factors outside the attackers control. Repeated occurrences of these events causes a sustained DoS condition.
This issue affects:
Junos OS:
* All versions earlier than 20.4R3-S10;
* 21.2 versions earlier than 21.2R3-S7;
* 21.4 versions earlier than 21.4R3-S5;
* 22.1 versions earlier than 22.1R3-S4;
* 22.2 versions earlier than 22.2R3-S3;
* 22.3 versions earlier than 22.3R3-S1;
* 22.4 versions earlier than 22.4R3;
* 23.2 versions earlier than 23.2R1-S2, 23.2R2.
Junos OS Evolved:
* All versions earlier than 21.4R3-S5-EVO;
* 22.1-EVO versions earlier than 22.1R3-S4-EVO;
* 22.2-EVO versions earlier than 22.2R3-S3-EVO;
* 22.3-EVO versions earlier than 22.3R3-S1-EVO;
* 22.4-EVO versions earlier than 22.4R3-EVO;
* 23.2-EVO versions earlier than 23.2R2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportportal.juniper.net/JSA79180 | vendor-advisory | |
| https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L | technical-description |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: 20.4 ≤ Version: 21.2 ≤ Version: 21.4 ≤ Version: 22.1 ≤ Version: 22.2 ≤ Version: 22.3 ≤ Version: 22.4 ≤ Version: 23.2 ≤ |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-30402",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-12T17:33:10.984122Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:22:41.040Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:32:07.233Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA79180"
},
{
"tags": [
"technical-description",
"x_transferred"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S10",
"status": "affected",
"version": "20.4",
"versionType": "semver"
},
{
"lessThan": "21.2R3-S7",
"status": "affected",
"version": "21.2",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S5",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S4",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S3",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S1",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R1-S2, 23.2R2",
"status": "affected",
"version": "23.2",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.4R3-S5-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S4-EVO",
"status": "affected",
"version": "22.1-EVO",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S3-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S1-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R3-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
},
{
"lessThan": "23.2R2-EVO",
"status": "affected",
"version": "23.2-EVO",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-04-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eLayer 2 Address Learning Daemon\u0026nbsp;\u003c/span\u003e(l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003eWhen telemetry requests are sent to the device,\u0026nbsp;and the Dynamic Rendering Daemon (drend) is suspended, the l2ald crashes and restarts due to factors outside the attackers control. Repeated occurrences of these events causes a sustained DoS condition.\u003cbr\u003e\u003cbr\u003e\u003cbr\u003eThis issue affects:\u003cbr\u003eJunos OS:\u003cbr\u003e\u003cul\u003e\u003cli\u003eAll versions earlier than\u0026nbsp;20.4R3-S10;\u003c/li\u003e\u003cli\u003e21.2 versions earlier than\u0026nbsp;21.2R3-S7;\u003c/li\u003e\u003cli\u003e21.4 versions earlier than\u0026nbsp;21.4R3-S5;\u003c/li\u003e\u003cli\u003e22.1 versions earlier than\u0026nbsp;22.1R3-S4;\u003c/li\u003e\u003cli\u003e22.2 versions earlier than\u0026nbsp;22.2R3-S3;\u003c/li\u003e\u003cli\u003e22.3 versions earlier than\u0026nbsp;22.3R3-S1;\u003c/li\u003e\u003cli\u003e22.4 versions earlier than\u0026nbsp;22.4R3;\u003c/li\u003e\u003cli\u003e23.2 versions earlier than\u0026nbsp;23.2R1-S2, 23.2R2.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003eJunos OS Evolved:\u003cbr\u003e\u003cbr\u003e\u003cul\u003e\u003cli\u003eAll versions earlier than\u0026nbsp;21.4R3-S5-EVO;\u003c/li\u003e\u003cli\u003e22.1-EVO versions earlier than\u0026nbsp;22.1R3-S4-EVO;\u003c/li\u003e\u003cli\u003e22.2-EVO versions earlier than\u0026nbsp;22.2R3-S3-EVO;\u003c/li\u003e\u003cli\u003e22.3-EVO versions earlier than\u0026nbsp;22.3R3-S1-EVO;\u003c/li\u003e\u003cli\u003e22.4-EVO versions earlier than\u0026nbsp;22.4R3-EVO;\u003c/li\u003e\u003cli\u003e23.2-EVO versions earlier than\u0026nbsp;23.2R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
}
],
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the Layer 2 Address Learning Daemon\u00a0(l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).\n\nWhen telemetry requests are sent to the device,\u00a0and the Dynamic Rendering Daemon (drend) is suspended, the l2ald crashes and restarts due to factors outside the attackers control. Repeated occurrences of these events causes a sustained DoS condition.\n\n\nThis issue affects:\nJunos OS:\n * All versions earlier than\u00a020.4R3-S10;\n * 21.2 versions earlier than\u00a021.2R3-S7;\n * 21.4 versions earlier than\u00a021.4R3-S5;\n * 22.1 versions earlier than\u00a022.1R3-S4;\n * 22.2 versions earlier than\u00a022.2R3-S3;\n * 22.3 versions earlier than\u00a022.3R3-S1;\n * 22.4 versions earlier than\u00a022.4R3;\n * 23.2 versions earlier than\u00a023.2R1-S2, 23.2R2.\n\n\n\nJunos OS Evolved:\n\n * All versions earlier than\u00a021.4R3-S5-EVO;\n * 22.1-EVO versions earlier than\u00a022.1R3-S4-EVO;\n * 22.2-EVO versions earlier than\u00a022.2R3-S3-EVO;\n * 22.3-EVO versions earlier than\u00a022.3R3-S1-EVO;\n * 22.4-EVO versions earlier than\u00a022.4R3-EVO;\n * 23.2-EVO versions earlier than\u00a023.2R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:33:01.059Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA79180"
},
{
"tags": [
"technical-description"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: \u003cbr\u003eJunos OS Evolved: 21.4R3-S5-EVO, 22.1R3-S4-EVO, 22.2R3-S3-EVO, 22.3R3-S1-EVO, 22.4R3-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases.\u003cbr\u003eJunos OS: 20.4R3-S10, 21.2R3-S7, 21.4R3-S5, 22.1R3-S4, 22.2R3-S3, 22.3R3-S1, 22.4R3, 23.2R1-S2, 23.2R2, 23.4R1, and all subsequent releases.\u003cbr\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue: \nJunos OS Evolved: 21.4R3-S5-EVO, 22.1R3-S4-EVO, 22.2R3-S3-EVO, 22.3R3-S1-EVO, 22.4R3-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases.\nJunos OS: 20.4R3-S10, 21.2R3-S7, 21.4R3-S5, 22.1R3-S4, 22.2R3-S3, 22.3R3-S1, 22.4R3, 23.2R1-S2, 23.2R2, 23.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA79180",
"defect": [
"1743744"
],
"discovery": "INTERNAL"
},
"title": "Junos OS and Junos OS Evolved: The l2ald crashes on receiving telemetry messages from a specific subscription",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are no known workarounds for this issue.\u003c/p\u003e"
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-30402",
"datePublished": "2024-04-12T15:27:33.140Z",
"dateReserved": "2024-03-26T23:06:19.981Z",
"dateUpdated": "2024-08-02T01:32:07.233Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28960 (GCVE-0-2023-28960)
Vulnerability from cvelistv5
Published
2023-04-17 00:00
Modified
2025-02-06 14:38
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An Incorrect Permission Assignment for Critical Resource vulnerability in Juniper Networks Junos OS Evolved allows a local, authenticated low-privileged attacker to copy potentially malicious files into an existing Docker container on the local system. A follow-on administrator could then inadvertently start the Docker container leading to the malicious files being executed as root. This issue only affects systems with Docker configured and enabled, which is not enabled by default. Systems without Docker started are not vulnerable to this issue. This issue affects Juniper Networks Junos OS Evolved: 20.4 versions prior to 20.4R3-S5-EVO; 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R3-EVO; 21.4 versions prior to 21.4R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 19.2R1-EVO.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Patch: unspecified Version: 20.4 < 20.4R3-S5-EVO Version: 21.2 < 21.2R3-EVO Version: 21.3 < 21.3R3-EVO Version: 21.4 < 21.4R2-EVO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:51:38.948Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA70585"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28960",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T14:38:13.922286Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T14:38:20.767Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "19.2R1-EVO",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "20.4R3-S5-EVO",
"status": "affected",
"version": "20.4",
"versionType": "custom"
},
{
"lessThan": "21.2R3-EVO",
"status": "affected",
"version": "21.2",
"versionType": "custom"
},
{
"lessThan": "21.3R3-EVO",
"status": "affected",
"version": "21.3",
"versionType": "custom"
},
{
"lessThan": "21.4R2-EVO",
"status": "affected",
"version": "21.4",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "Docker is started on Junos OS Evolved using the following command:\n\n root@evo# systemctl start docker@vrf0\n\nLikewise, the status of Docker running on the system can be confirmed using the following command:\n\n root@evo# systemctl status docker\n * docker.service - Docker Application Container Engine\n Loaded: loaded (/lib/systemd/system/docker.service; disabled; vendor preset: enabled)\n Active: active (running) since Tue 2023-04-11 14:44:29 PDT; 6s ago\n ...\n"
}
],
"datePublic": "2023-04-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Incorrect Permission Assignment for Critical Resource vulnerability in Juniper Networks Junos OS Evolved allows a local, authenticated low-privileged attacker to copy potentially malicious files into an existing Docker container on the local system. A follow-on administrator could then inadvertently start the Docker container leading to the malicious files being executed as root. This issue only affects systems with Docker configured and enabled, which is not enabled by default. Systems without Docker started are not vulnerable to this issue. This issue affects Juniper Networks Junos OS Evolved: 20.4 versions prior to 20.4R3-S5-EVO; 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R3-EVO; 21.4 versions prior to 21.4R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 19.2R1-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-17T00:00:00.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"url": "https://supportportal.juniper.net/JSA70585"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved 20.4R3-S5-EVO, 21.2R3-EVO, 21.3R3-EVO, 21.4R2-EVO, 22.1R1-EVO, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA70585",
"defect": [
"1621554"
],
"discovery": "INTERNAL"
},
"title": "Junos OS Evolved: Docker repository is world-writeable, allowing low-privileged local user to inject files into Docker containers",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2023-28960",
"datePublished": "2023-04-17T00:00:00.000Z",
"dateReserved": "2023-03-29T00:00:00.000Z",
"dateUpdated": "2025-02-06T14:38:20.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-0287 (GCVE-0-2021-0287)
Vulnerability from cvelistv5
Published
2021-07-15 20:01
Modified
2024-09-16 19:10
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In a Segment Routing ISIS (SR-ISIS)/MPLS environment, on Juniper Networks Junos OS and Junos OS Evolved devices, configured with ISIS Flexible Algorithm for Segment Routing and sensor-based statistics, a flap of a ISIS link in the network, can lead to a routing process daemon (RPD) crash and restart, causing a Denial of Service (DoS). Continued link flaps will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 19.4 versions prior to 19.4R1-S4, 19.4R3-S2; 20.1 versions prior to 20.1R2-S1, 20.1R3; 20.2 versions prior to 20.2R2-S2, 20.2R3; 20.3 versions prior to 20.3R2; Juniper Networks Junos OS Evolved: 20.3-EVO versions prior to 20.3R2-EVO; 20.4-EVO versions prior to 20.4R2-EVO. This issue does not affect: Juniper Networks Junos OS releases prior to 19.4R1. Juniper Networks Junos OS Evolved releases prior to 19.4R1-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA11189 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Patch: unspecified Version: 19.4R1 < 19.4* Version: 20.1 < 20.1R2-S1, 20.1R3 Version: 20.2 < 20.2R2-S2, 20.2R3 Version: 20.3 < 20.3R2 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:10.669Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11189"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "19.4R1",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
},
{
"changes": [
{
"at": "19.4R1-S4, 19.4R3-S2",
"status": "unaffected"
}
],
"lessThan": "19.4*",
"status": "affected",
"version": "19.4R1",
"versionType": "custom"
},
{
"lessThan": "20.1R2-S1, 20.1R3",
"status": "affected",
"version": "20.1",
"versionType": "custom"
},
{
"lessThan": "20.2R2-S2, 20.2R3",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R2",
"status": "affected",
"version": "20.3",
"versionType": "custom"
}
]
},
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "19.4R1-EVO",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "19.4*",
"status": "affected",
"version": "19.4R1-EVO",
"versionType": "custom"
},
{
"lessThan": "20.1*",
"status": "affected",
"version": "20.1R1-EVO",
"versionType": "custom"
},
{
"lessThan": "20.2*",
"status": "affected",
"version": "20.2R1-EVO",
"versionType": "custom"
},
{
"lessThan": "20.3R2-EVO",
"status": "affected",
"version": "20.3",
"versionType": "custom"
},
{
"lessThan": "20.4R2-EVO",
"status": "affected",
"version": "20.4",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "The two config stanzas required to be affected by this issue are shown below:\n\n [ routing-options flex-algorithm \u003cname\u003e ]\n [ protocols isis source-packet-routing sensor-based-stats per-sid egress ]"
}
],
"datePublic": "2021-07-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In a Segment Routing ISIS (SR-ISIS)/MPLS environment, on Juniper Networks Junos OS and Junos OS Evolved devices, configured with ISIS Flexible Algorithm for Segment Routing and sensor-based statistics, a flap of a ISIS link in the network, can lead to a routing process daemon (RPD) crash and restart, causing a Denial of Service (DoS). Continued link flaps will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 19.4 versions prior to 19.4R1-S4, 19.4R3-S2; 20.1 versions prior to 20.1R2-S1, 20.1R3; 20.2 versions prior to 20.2R2-S2, 20.2R3; 20.3 versions prior to 20.3R2; Juniper Networks Junos OS Evolved: 20.3-EVO versions prior to 20.3R2-EVO; 20.4-EVO versions prior to 20.4R2-EVO. This issue does not affect: Juniper Networks Junos OS releases prior to 19.4R1. Juniper Networks Junos OS Evolved releases prior to 19.4R1-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-15T20:01:01",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11189"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS: 19.4R1-S4, 19.4R3-S2, 20.1R2-S1, 20.1R3, 20.2R2-S2, 20.2R3, 20.3R2, 20.4R1, and all subsequent releases.\n\nJunos OS Evolved: 20.3R2-EVO, 20.4R2-EVO, 21.1R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11189",
"defect": [
"1555627"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: RPD could crash in SR-ISIS/MPLS environment due to a flap of an ISIS link in the network",
"workarounds": [
{
"lang": "en",
"value": "Disabling IS-IS Flexible Algorithm for Segment Routing or sensor-based statistics will mitigate this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-07-14T16:00:00.000Z",
"ID": "CVE-2021-0287",
"STATE": "PUBLIC",
"TITLE": "Junos OS and Junos OS Evolved: RPD could crash in SR-ISIS/MPLS environment due to a flap of an ISIS link in the network"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "\u003e",
"version_name": "19.4",
"version_value": "19.4R1"
},
{
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R1-S4, 19.4R3-S2"
},
{
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R2-S1, 20.1R3"
},
{
"version_affected": "\u003c",
"version_name": "20.2",
"version_value": "20.2R2-S2, 20.2R3"
},
{
"version_affected": "\u003c",
"version_name": "20.3",
"version_value": "20.3R2"
},
{
"version_affected": "!\u003c",
"version_value": "19.4R1"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "\u003e",
"version_name": "19.4",
"version_value": "19.4R1-EVO"
},
{
"version_affected": "\u003e",
"version_name": "20.1",
"version_value": "20.1R1-EVO"
},
{
"version_affected": "\u003e",
"version_name": "20.2",
"version_value": "20.2R1-EVO"
},
{
"version_affected": "\u003c",
"version_name": "20.3",
"version_value": "20.3R2-EVO"
},
{
"version_affected": "\u003c",
"version_name": "20.4",
"version_value": "20.4R2-EVO"
},
{
"version_affected": "!\u003c",
"version_value": "19.4R1-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "The two config stanzas required to be affected by this issue are shown below:\n\n [ routing-options flex-algorithm \u003cname\u003e ]\n [ protocols isis source-packet-routing sensor-based-stats per-sid egress ]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In a Segment Routing ISIS (SR-ISIS)/MPLS environment, on Juniper Networks Junos OS and Junos OS Evolved devices, configured with ISIS Flexible Algorithm for Segment Routing and sensor-based statistics, a flap of a ISIS link in the network, can lead to a routing process daemon (RPD) crash and restart, causing a Denial of Service (DoS). Continued link flaps will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 19.4 versions prior to 19.4R1-S4, 19.4R3-S2; 20.1 versions prior to 20.1R2-S1, 20.1R3; 20.2 versions prior to 20.2R2-S2, 20.2R3; 20.3 versions prior to 20.3R2; Juniper Networks Junos OS Evolved: 20.3-EVO versions prior to 20.3R2-EVO; 20.4-EVO versions prior to 20.4R2-EVO. This issue does not affect: Juniper Networks Junos OS releases prior to 19.4R1. Juniper Networks Junos OS Evolved releases prior to 19.4R1-EVO."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-754 Improper Check for Unusual or Exceptional Conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11189",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11189"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS: 19.4R1-S4, 19.4R3-S2, 20.1R2-S1, 20.1R3, 20.2R2-S2, 20.2R3, 20.3R2, 20.4R1, and all subsequent releases.\n\nJunos OS Evolved: 20.3R2-EVO, 20.4R2-EVO, 21.1R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11189",
"defect": [
"1555627"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "Disabling IS-IS Flexible Algorithm for Segment Routing or sensor-based statistics will mitigate this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0287",
"datePublished": "2021-07-15T20:01:01.666061Z",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-09-16T19:10:44.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1621 (GCVE-0-2020-1621)
Vulnerability from cvelistv5
Published
2020-04-08 19:25
Modified
2024-09-17 02:27
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A local, authenticated user with shell can obtain the hashed values of login passwords via configd traces. This issue affects all versions of Junos OS Evolved prior to 19.3R1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA11003 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Version: unspecified < 19.3R1-EVO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:29.690Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11003"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "19.3R1-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A local, authenticated user with shell can obtain the hashed values of login passwords via configd traces. This issue affects all versions of Junos OS Evolved prior to 19.3R1."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-664",
"description": "CWE-664 Improper Control of a Resource Through its Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-09T23:09:15",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11003"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 19.3R1-EVO and all subsequent releases."
}
],
"source": {
"advisory": "JSA11003",
"defect": [
"1406193"
],
"discovery": "INTERNAL"
},
"title": "Junos OS Evolved: Configd leaks hashes via stream and is world readable",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-04-08T16:00:00.000Z",
"ID": "CVE-2020-1621",
"STATE": "PUBLIC",
"TITLE": "Junos OS Evolved: Configd leaks hashes via stream and is world readable"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "19.3R1-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A local, authenticated user with shell can obtain the hashed values of login passwords via configd traces. This issue affects all versions of Junos OS Evolved prior to 19.3R1."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-664 Improper Control of a Resource Through its Lifetime"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11003",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11003"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 19.3R1-EVO and all subsequent releases."
}
],
"source": {
"advisory": "JSA11003",
"defect": [
"1406193"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2020-1621",
"datePublished": "2020-04-08T19:25:56.192291Z",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-09-17T02:27:25.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39523 (GCVE-0-2024-39523)
Vulnerability from cvelistv5
Published
2024-07-11 16:00
Modified
2024-08-02 04:26
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.5 (High) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
8.5 (High) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
Summary
An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system.
The Junos OS Evolved CLI doesn't properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level.
This issue affects Junos OS Evolved:
* All versions before 20.4R3-S7-EVO,
* 21.2-EVO versions before 21.2R3-S8-EVO,
* 21.4-EVO versions before 21.4R3-S7-EVO,
* 22.1-EVO versions before 22.1R3-S6-EVO,
* 22.2-EVO versions before 22.2R3-EVO,
* 22.3-EVO versions before 22.3R2-EVO,
* 22.4-EVO versions before 22.4R2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportportal.juniper.net/JSA82975 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Version: 0 ≤ Version: 21.2-EVO ≤ Version: 21.4-EVO ≤ Version: 22.1-EVO ≤ Version: 22.2-EVO ≤ Version: 22.3-EVO ≤ Version: 22.4-EVO ≤ |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos_os_evolved",
"vendor": "juniper",
"versions": [
{
"lessThan": "20.4r3-s7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:juniper:junos_os_evolved:22.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos_os_evolved",
"vendor": "juniper",
"versions": [
{
"lessThan": "22.1r3-s6",
"status": "affected",
"version": "22.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:juniper:junos_os_evolved:21.2:-:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos_os_evolved",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.2r3-s8",
"status": "affected",
"version": "21.2",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:juniper:junos_os_evolved:21.4:-:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos_os_evolved",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.4r3-s7",
"status": "affected",
"version": "21.4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:juniper:junos_os_evolved:22.2:-:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos_os_evolved",
"vendor": "juniper",
"versions": [
{
"lessThan": "22.2r3",
"status": "affected",
"version": "22.2",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:juniper:junos_os_evolved:22.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos_os_evolved",
"vendor": "juniper",
"versions": [
{
"lessThan": "22.3r2",
"status": "affected",
"version": "22.3",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:juniper:junos_os_evolved:22.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos_os_evolved",
"vendor": "juniper",
"versions": [
{
"lessThan": "22.4r2",
"status": "affected",
"version": "22.4",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39523",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-12T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-13T03:55:24.657Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.516Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA82975"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S7-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.2R3-S8-EVO",
"status": "affected",
"version": "21.2-EVO",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S7-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S6-EVO",
"status": "affected",
"version": "22.1-EVO",
"versionType": "semver"
},
{
"lessThan": "22.2R3-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R2-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R2-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-07-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to \u0027root\u0027 leading to a full compromise of the system.\u003cbr\u003e\u003cbr\u003eThe Junos OS Evolved CLI doesn\u0027t properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level.\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects Junos OS Evolved:\u0026nbsp;\u003c/span\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 20.4R3-S7-EVO,\u003c/li\u003e\u003cli\u003e21.2-EVO versions before 21.2R3-S8-EVO,\u003c/li\u003e\u003cli\u003e21.4-EVO versions before 21.4R3-S7-EVO,\u003c/li\u003e\u003cli\u003e22.1-EVO versions before 22.1R3-S6-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003e22.2-EVO versions before 22.2R3-EVO,\u003c/li\u003e\u003cli\u003e22.3-EVO versions before 22.3R2-EVO,\u003c/li\u003e\u003cli\u003e22.4-EVO versions before 22.4R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to \u0027root\u0027 leading to a full compromise of the system.\n\nThe Junos OS Evolved CLI doesn\u0027t properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level.\n\nThis issue affects Junos OS Evolved:\u00a0\n\n * All versions before 20.4R3-S7-EVO,\n * 21.2-EVO versions before 21.2R3-S8-EVO,\n * 21.4-EVO versions before 21.4R3-S7-EVO,\n * 22.1-EVO versions before 22.1R3-S6-EVO,\u00a0\n * 22.2-EVO versions before 22.2R3-EVO,\n * 22.3-EVO versions before 22.3R2-EVO,\n * 22.4-EVO versions before 22.4R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T16:00:58.563Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA82975"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: 20.4R3-S7-EVO, 21.2R3-S8-EVO, 21.4R3-S7-EVO, 22.1R3-S6-EVO, 22.2R3-EVO, 22.3R2-EVO, 22.4R2-EVO, 23.2R1-EVO, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue: 20.4R3-S7-EVO, 21.2R3-S8-EVO, 21.4R3-S7-EVO, 22.1R3-S6-EVO, 22.2R3-EVO, 22.3R2-EVO, 22.4R2-EVO, 23.2R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA82975",
"defect": [
"1698062"
],
"discovery": "INTERNAL"
},
"title": "Junos OS Evolved: CLI parameter processing issue allows privilege escalation",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-39523",
"datePublished": "2024-07-11T16:00:58.563Z",
"dateReserved": "2024-06-25T15:12:53.239Z",
"dateUpdated": "2024-08-02T04:26:15.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-31359 (GCVE-0-2021-31359)
Vulnerability from cvelistv5
Published
2021-10-19 18:16
Modified
2024-09-16 23:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A local privilege escalation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged user to cause the Juniper DHCP daemon (jdhcpd) process to crash, resulting in a Denial of Service (DoS), or execute arbitrary commands as root. Continued processing of malicious input will repeatedly crash the system and sustain the Denial of Service (DoS) condition. Systems are only vulnerable if jdhcpd is running, which can be confirmed via the 'show system processes' command. For example: root@host# run show system processes extensive | match dhcp 26537 root -16 0 97568K 13692K RUN 0 0:01 3.71% jdhcpd This issue affects: Juniper Networks Junos OS: All versions, including the following supported releases: 15.1 versions prior to 15.1R7-S10; 17.4 versions prior to 17.4R3-S5; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-S3-EVO; All versions of 21.1-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA11222 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: 15.1 < 15.1R7-S10 Version: 17.4 < 17.4R3-S5 Version: 18.3 < 18.3R3-S5 Version: 18.4 < 18.4R3-S9 Version: 19.1 < 19.1R3-S6 Version: 19.2 < 19.2R1-S7, 19.2R3-S3 Version: 19.3 < 19.3R2-S6, 19.3R3-S3 Version: 19.4 < 19.4R3-S6 Version: 20.1 < 20.1R2-S2, 20.1R3-S1 Version: 20.2 < 20.2R3-S2 Version: 20.3 < 20.3R3 Version: 20.4 < 20.4R2-S1, 20.4R3 Version: 21.1 < 21.1R1-S1, 21.1R2 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:55:53.717Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11222"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "15.1R7-S10",
"status": "affected",
"version": "15.1",
"versionType": "custom"
},
{
"lessThan": "17.4R3-S5",
"status": "affected",
"version": "17.4",
"versionType": "custom"
},
{
"lessThan": "18.3R3-S5",
"status": "affected",
"version": "18.3",
"versionType": "custom"
},
{
"lessThan": "18.4R3-S9",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R3-S6",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R1-S7, 19.2R3-S3",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R2-S6, 19.3R3-S3",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R3-S6",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R2-S2, 20.1R3-S1",
"status": "affected",
"version": "20.1",
"versionType": "custom"
},
{
"lessThan": "20.2R3-S2",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R3",
"status": "affected",
"version": "20.3",
"versionType": "custom"
},
{
"lessThan": "20.4R2-S1, 20.4R3",
"status": "affected",
"version": "20.4",
"versionType": "custom"
},
{
"lessThan": "21.1R1-S1, 21.1R2",
"status": "affected",
"version": "21.1",
"versionType": "custom"
}
]
},
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R2-S3-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "21.1*",
"status": "affected",
"version": "21.1R1-EVO",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "There are several configuration options that enable DHCP service. For example:\n\n [edit interfaces ... family inet dhcp]\n\n [edit system processes dhcp-service]\n\n [edit forwarding-options dhcp-relay]"
}
],
"credits": [
{
"lang": "en",
"value": "Juniper SIRT would like to acknowledge and thank awxylitol for responsibly reporting this vulnerability."
}
],
"datePublic": "2021-10-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A local privilege escalation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged user to cause the Juniper DHCP daemon (jdhcpd) process to crash, resulting in a Denial of Service (DoS), or execute arbitrary commands as root. Continued processing of malicious input will repeatedly crash the system and sustain the Denial of Service (DoS) condition. Systems are only vulnerable if jdhcpd is running, which can be confirmed via the \u0027show system processes\u0027 command. For example: root@host# run show system processes extensive | match dhcp 26537 root -16 0 97568K 13692K RUN 0 0:01 3.71% jdhcpd This issue affects: Juniper Networks Junos OS: All versions, including the following supported releases: 15.1 versions prior to 15.1R7-S10; 17.4 versions prior to 17.4R3-S5; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-S3-EVO; All versions of 21.1-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-02T14:08:38",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11222"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS 15.1R7-S10, 17.4R3-S5, 18.3R3-S5, 18.4R3-S9, 19.1R3-S6, 19.2R1-S7, 19.2R3-S3, 19.3R2-S6, 19.3R3-S3, 19.4R3-S6, 20.1R2-S2, 20.1R3-S1, 20.2R3-S2, 20.3R3, 20.4R2-S1, 20.4R3, 21.1R1-S1, 21.1R2, 21.1R3, 21.2R1, and all subsequent releases.\n\nJunos OS Evolved 20.4R2-S3-EVO, 21.2R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11222",
"defect": [
"1568654"
],
"discovery": "EXTERNAL"
},
"title": "Junos OS and Junos OS Evolved: Local Privilege Escalation vulnerability",
"workarounds": [
{
"lang": "en",
"value": "Use access lists or firewall filters to limit access to the device via CLI only from trusted hosts and from trusted administrators."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-10-13T16:00:00.000Z",
"ID": "CVE-2021-31359",
"STATE": "PUBLIC",
"TITLE": "Junos OS and Junos OS Evolved: Local Privilege Escalation vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "15.1",
"version_value": "15.1R7-S10"
},
{
"version_affected": "\u003c",
"version_name": "17.4",
"version_value": "17.4R3-S5"
},
{
"version_affected": "\u003c",
"version_name": "18.3",
"version_value": "18.3R3-S5"
},
{
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R3-S9"
},
{
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R3-S6"
},
{
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R1-S7, 19.2R3-S3"
},
{
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R2-S6, 19.3R3-S3"
},
{
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R3-S6"
},
{
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R2-S2, 20.1R3-S1"
},
{
"version_affected": "\u003c",
"version_name": "20.2",
"version_value": "20.2R3-S2"
},
{
"version_affected": "\u003c",
"version_name": "20.3",
"version_value": "20.3R3"
},
{
"version_affected": "\u003c",
"version_name": "20.4",
"version_value": "20.4R2-S1, 20.4R3"
},
{
"version_affected": "\u003c",
"version_name": "21.1",
"version_value": "21.1R1-S1, 21.1R2"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "20.4R2-S3-EVO"
},
{
"version_affected": "\u003e=",
"version_name": "21.1",
"version_value": "21.1R1-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "There are several configuration options that enable DHCP service. For example:\n\n [edit interfaces ... family inet dhcp]\n\n [edit system processes dhcp-service]\n\n [edit forwarding-options dhcp-relay]"
}
],
"credit": [
{
"lang": "eng",
"value": "Juniper SIRT would like to acknowledge and thank awxylitol for responsibly reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A local privilege escalation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged user to cause the Juniper DHCP daemon (jdhcpd) process to crash, resulting in a Denial of Service (DoS), or execute arbitrary commands as root. Continued processing of malicious input will repeatedly crash the system and sustain the Denial of Service (DoS) condition. Systems are only vulnerable if jdhcpd is running, which can be confirmed via the \u0027show system processes\u0027 command. For example: root@host# run show system processes extensive | match dhcp 26537 root -16 0 97568K 13692K RUN 0 0:01 3.71% jdhcpd This issue affects: Juniper Networks Junos OS: All versions, including the following supported releases: 15.1 versions prior to 15.1R7-S10; 17.4 versions prior to 17.4R3-S5; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-S3-EVO; All versions of 21.1-EVO."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11222",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11222"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS 15.1R7-S10, 17.4R3-S5, 18.3R3-S5, 18.4R3-S9, 19.1R3-S6, 19.2R1-S7, 19.2R3-S3, 19.3R2-S6, 19.3R3-S3, 19.4R3-S6, 20.1R2-S2, 20.1R3-S1, 20.2R3-S2, 20.3R3, 20.4R2-S1, 20.4R3, 21.1R1-S1, 21.1R2, 21.1R3, 21.2R1, and all subsequent releases.\n\nJunos OS Evolved 20.4R2-S3-EVO, 21.2R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11222",
"defect": [
"1568654"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Use access lists or firewall filters to limit access to the device via CLI only from trusted hosts and from trusted administrators."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-31359",
"datePublished": "2021-10-19T18:16:44.273410Z",
"dateReserved": "2021-04-15T00:00:00",
"dateUpdated": "2024-09-16T23:55:49.414Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22393 (GCVE-0-2023-22393)
Vulnerability from cvelistv5
Published
2023-01-12 00:00
Modified
2025-04-07 15:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An Improper Check for Unusual or Exceptional Conditions vulnerability in BGP route processing of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to cause Routing Protocol Daemon (RPD) crash by sending a BGP route with invalid next-hop resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue only affects systems without import policy configured. This issue affects: Juniper Networks Junos OS 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S2; 21.4 versions prior to 21.4R2-S2, 21.4R3; 22.1 versions prior to 22.1R1-S2, 22.1R2; 22.2 versions prior to 22.2R1-S1, 22.2R2. Juniper Networks Junos OS Evolved 21.4-EVO versions prior to 21.4R2-S2-EVO, 21.4R3-EVO; 22.1-EVO versions prior to 22.1R1-S2-EVO, 22.1R2-EVO; 22.2-EVO versions prior to 22.2R1-S1-EVO, 22.2R2-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 21.1R1. Juniper Networks Junos OS Evolved versions prior to 21.3R1-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA70189 |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Patch: unspecified Version: 21.1 < 21.1R3-S4 Version: 21.2 < 21.2R3-S3 Version: 21.3 < 21.3R3-S2 Version: 21.4 < 21.4R2-S2, 21.4R3 Version: 22.1 < 22.1R1-S2, 22.1R2 Version: 22.2 < 22.2R1-S1, 22.2R2 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.605Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.juniper.net/JSA70189"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22393",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T15:11:14.520480Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T15:43:29.583Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.1R1",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "21.1R3-S4",
"status": "affected",
"version": "21.1",
"versionType": "custom"
},
{
"lessThan": "21.2R3-S3",
"status": "affected",
"version": "21.2",
"versionType": "custom"
},
{
"lessThan": "21.3R3-S2",
"status": "affected",
"version": "21.3",
"versionType": "custom"
},
{
"lessThan": "21.4R2-S2, 21.4R3",
"status": "affected",
"version": "21.4",
"versionType": "custom"
},
{
"lessThan": "22.1R1-S2, 22.1R2",
"status": "affected",
"version": "22.1",
"versionType": "custom"
},
{
"lessThan": "22.2R1-S1, 22.2R2",
"status": "affected",
"version": "22.2",
"versionType": "custom"
}
]
},
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.3R1-EVO",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "21.4R2-S2-EVO, 21.4R3-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "custom"
},
{
"lessThan": "22.1R1-S2-EVO, 22.1R2-EVO",
"status": "affected",
"version": "22.1-EVO",
"versionType": "custom"
},
{
"lessThan": "22.2R1-S1-EVO, 22.2R2-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-01-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in BGP route processing of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to cause Routing Protocol Daemon (RPD) crash by sending a BGP route with invalid next-hop resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue only affects systems without import policy configured. This issue affects: Juniper Networks Junos OS 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S2; 21.4 versions prior to 21.4R2-S2, 21.4R3; 22.1 versions prior to 22.1R1-S2, 22.1R2; 22.2 versions prior to 22.2R1-S1, 22.2R2. Juniper Networks Junos OS Evolved 21.4-EVO versions prior to 21.4R2-S2-EVO, 21.4R3-EVO; 22.1-EVO versions prior to 22.1R1-S2-EVO, 22.1R2-EVO; 22.2-EVO versions prior to 22.2R1-S1-EVO, 22.2R2-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 21.1R1. Juniper Networks Junos OS Evolved versions prior to 21.3R1-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-358",
"description": "CWE-358 Improperly Implemented Security Check for Standard",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS) ",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-12T00:00:00.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"url": "https://kb.juniper.net/JSA70189"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS : 21.1R3-S4, 21.2R3-S3, 21.3R3-S2, 21.4R2-S2, 21.4R3, 22.1R1-S2, 22.1R2, 22.2R1-S1, 22.2R2, 22.3R1, and all subsequent releases.\n\nJunos OS Evolved : 21.4R2-S2-EVO, 21.4R3-EVO, 22.1R1-S2-EVO, 22.1R2-EVO, 22.2R1-S1-EVO, 22.2R2-EVO, 22.3R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA70189",
"defect": [
"1679539"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: RPD crash upon receipt of BGP route with invalid next-hop ",
"workarounds": [
{
"lang": "en",
"value": "\nEnsure every BGP session has an import policy configured. \n"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2023-22393",
"datePublished": "2023-01-12T00:00:00.000Z",
"dateReserved": "2022-12-27T00:00:00.000Z",
"dateUpdated": "2025-04-07T15:43:29.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21604 (GCVE-0-2024-21604)
Vulnerability from cvelistv5
Published
2024-01-12 00:54
Modified
2025-06-03 14:05
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An Allocation of Resources Without Limits or Throttling vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).
If a high rate of specific valid packets are processed by the routing engine (RE) this will lead to a loss of connectivity of the RE with other components of the chassis and thereby a complete and persistent system outage. Please note that a carefully designed lo0 firewall filter will block or limit these packets which should prevent this issue from occurring.
The following log messages can be seen when this issue occurs:
<host> kernel: nf_conntrack: nf_conntrack: table full, dropping packet
This issue affects Juniper Networks Junos OS Evolved:
* All versions earlier than 20.4R3-S7-EVO;
* 21.2R1-EVO and later versions;
* 21.4-EVO versions earlier than 21.4R3-S5-EVO;
* 22.1-EVO versions earlier than 22.1R3-S2-EVO;
* 22.2-EVO versions earlier than 22.2R3-EVO;
* 22.3-EVO versions earlier than 22.3R2-EVO;
* 22.4-EVO versions earlier than 22.4R2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportportal.juniper.net/JSA75745 | vendor-advisory | |
| https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L | technical-description |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Version: 0 ≤ Version: 21.2-EVO ≤ Version: 21.4-EVO ≤ Version: 22.1-EVO ≤ Version: 22.2-EVO ≤ Version: 22.3-EVO ≤ Version: 22.4-EVO ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:35.509Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA75745"
},
{
"tags": [
"technical-description",
"x_transferred"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21604",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T15:43:13.507515Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T14:05:41.706Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S7-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.2*-EVO",
"status": "affected",
"version": "21.2-EVO",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S5-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S2-EVO",
"status": "affected",
"version": "22.1-EVO",
"versionType": "semver"
},
{
"lessThan": "22.2R3-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R2-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R2-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-01-10T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eAn Allocation of Resources Without Limits or Throttling vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).\u003c/p\u003e\u003cp\u003eIf a high rate of specific valid packets are processed by the routing engine (RE) this will lead to a loss of connectivity of the RE with other components of the chassis and thereby a complete and persistent system outage. Please note that a carefully designed lo0 firewall filter will block or limit these packets which should prevent this issue from occurring.\u003c/p\u003e\u003cp\u003eThe following log messages can be seen when this issue occurs:\u003c/p\u003e\u003ccode\u003e\u0026lt;host\u0026gt; kernel: nf_conntrack: nf_conntrack: table full, dropping packet\u003c/code\u003e\u003cbr\u003e\u003cp\u003eThis issue affects Juniper Networks Junos OS Evolved:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions earlier than 20.4R3-S7-EVO;\u003c/li\u003e\u003cli\u003e21.2R1-EVO and later versions;\u003c/li\u003e\u003cli\u003e21.4-EVO versions earlier than 21.4R3-S5-EVO;\u003c/li\u003e\u003cli\u003e22.1-EVO versions earlier than 22.1R3-S2-EVO;\u003c/li\u003e\u003cli\u003e22.2-EVO versions earlier than 22.2R3-EVO;\u003c/li\u003e\u003cli\u003e22.3-EVO versions earlier than 22.3R2-EVO;\u003c/li\u003e\u003cli\u003e22.4-EVO versions earlier than 22.4R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\n\n"
}
],
"value": "\nAn Allocation of Resources Without Limits or Throttling vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).\n\nIf a high rate of specific valid packets are processed by the routing engine (RE) this will lead to a loss of connectivity of the RE with other components of the chassis and thereby a complete and persistent system outage. Please note that a carefully designed lo0 firewall filter will block or limit these packets which should prevent this issue from occurring.\n\nThe following log messages can be seen when this issue occurs:\n\n\u003chost\u003e kernel: nf_conntrack: nf_conntrack: table full, dropping packet\nThis issue affects Juniper Networks Junos OS Evolved:\n\n\n\n * All versions earlier than 20.4R3-S7-EVO;\n * 21.2R1-EVO and later versions;\n * 21.4-EVO versions earlier than 21.4R3-S5-EVO;\n * 22.1-EVO versions earlier than 22.1R3-S2-EVO;\n * 22.2-EVO versions earlier than 22.2R3-EVO;\n * 22.3-EVO versions earlier than 22.3R2-EVO;\n * 22.4-EVO versions earlier than 22.4R2-EVO.\n\n\n\n\n\n\n"
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e"
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-12T00:54:36.512Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA75745"
},
{
"tags": [
"technical-description"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue: Junos OS Evolved 20.4R3-S7-EVO, 21.4R3-S5-EVO, 22.1R3-S2-EVO, 22.2R3-EVO, 22.3R2-EVO, 22.4R2-EVO, 23.2R1-EVO, and all subsequent releases.\u003c/p\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved 20.4R3-S7-EVO, 21.4R3-S5-EVO, 22.1R3-S2-EVO, 22.2R3-EVO, 22.3R2-EVO, 22.4R2-EVO, 23.2R1-EVO, and all subsequent releases.\n\n"
}
],
"source": {
"advisory": "JSA75745",
"defect": [
"1663122",
"1712937"
],
"discovery": "USER"
},
"timeline": [
{
"lang": "en",
"time": "2024-01-10T17:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Junos OS Evolved: A high rate of specific traffic will cause a complete system outage",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTo prevent the device from receiving high rates of valid traffic please configure firewall filters to block unexpected and even throttle expected traffic.\u003c/p\u003e"
}
],
"value": "To prevent the device from receiving high rates of valid traffic please configure firewall filters to block unexpected and even throttle expected traffic.\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-av217"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-21604",
"datePublished": "2024-01-12T00:54:36.512Z",
"dateReserved": "2023-12-27T19:38:25.707Z",
"dateUpdated": "2025-06-03T14:05:41.706Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1626 (GCVE-0-2020-1626)
Vulnerability from cvelistv5
Published
2020-04-08 19:25
Modified
2024-09-17 02:27
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability in Juniper Networks Junos OS Evolved may allow an attacker to cause a Denial of Service (DoS) by sending a high rate of specific packets to the device, resulting in a pfemand process crash. The pfemand process is responsible for packet forwarding on the device. By continuously sending the packet flood, an attacker can repeatedly crash the pfemand process causing a sustained Denial of Service. This issue can only be triggered by traffic sent to the device. Transit traffic does not cause this issue. This issue affects all version of Junos OS Evolved prior to 19.1R1-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.ietf.org/html/rfc6192 | x_refsource_MISC | |
| https://kb.juniper.net/JSA11005 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Version: unspecified < 19.1R1-EVO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:29.956Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tools.ietf.org/html/rfc6192"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11005"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "19.1R1-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Juniper Networks Junos OS Evolved may allow an attacker to cause a Denial of Service (DoS) by sending a high rate of specific packets to the device, resulting in a pfemand process crash. The pfemand process is responsible for packet forwarding on the device. By continuously sending the packet flood, an attacker can repeatedly crash the pfemand process causing a sustained Denial of Service. This issue can only be triggered by traffic sent to the device. Transit traffic does not cause this issue. This issue affects all version of Junos OS Evolved prior to 19.1R1-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-09T23:09:15",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://tools.ietf.org/html/rfc6192"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11005"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 19.1R1-EVO, 19.2R1-EVO, 19.3R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11005",
"defect": [
"1419130"
],
"discovery": "INTERNAL"
},
"title": "Junos OS Evolved: Denial of Service vulnerability in processing high rate of specific packets",
"workarounds": [
{
"lang": "en",
"value": "Use access lists or firewall filters to limit access to the device to known TCP and UDP ports, and only from trusted, administrative networks or hosts."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-04-08T16:00:00.000Z",
"ID": "CVE-2020-1626",
"STATE": "PUBLIC",
"TITLE": "Junos OS Evolved: Denial of Service vulnerability in processing high rate of specific packets"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "19.1R1-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Juniper Networks Junos OS Evolved may allow an attacker to cause a Denial of Service (DoS) by sending a high rate of specific packets to the device, resulting in a pfemand process crash. The pfemand process is responsible for packet forwarding on the device. By continuously sending the packet flood, an attacker can repeatedly crash the pfemand process causing a sustained Denial of Service. This issue can only be triggered by traffic sent to the device. Transit traffic does not cause this issue. This issue affects all version of Junos OS Evolved prior to 19.1R1-EVO."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.ietf.org/html/rfc6192",
"refsource": "MISC",
"url": "https://tools.ietf.org/html/rfc6192"
},
{
"name": "https://kb.juniper.net/JSA11005",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11005"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 19.1R1-EVO, 19.2R1-EVO, 19.3R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11005",
"defect": [
"1419130"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Use access lists or firewall filters to limit access to the device to known TCP and UDP ports, and only from trusted, administrative networks or hosts."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2020-1626",
"datePublished": "2020-04-08T19:25:58.416739Z",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-09-17T02:27:03.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-44182 (GCVE-0-2023-44182)
Vulnerability from cvelistv5
Published
2023-10-12 23:01
Modified
2025-02-27 20:41
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An Unchecked Return Value vulnerability in the user interfaces to the Juniper Networks Junos OS and Junos OS Evolved, the CLI, the XML API, the XML Management Protocol, the NETCONF Management Protocol, the gNMI interfaces, and the J-Web User Interfaces causes unintended effects such as demotion or elevation of privileges associated with an operators actions to occur.
Multiple scenarios may occur; for example: privilege escalation over the device or another account, access to files that should not otherwise be accessible, files not being accessible where they should be accessible, code expected to run as non-root may run as root, and so forth.
This issue affects:
Juniper Networks Junos OS
* All versions prior to 20.4R3-S7;
* 21.1 versions prior to 21.1R3-S5;
* 21.2 versions prior to 21.2R3-S5;
* 21.3 versions prior to 21.3R3-S4;
* 21.4 versions prior to 21.4R3-S3;
* 22.1 versions prior to 22.1R3-S2;
* 22.2 versions prior to 22.2R2-S2, 22.2R3;
* 22.3 versions prior to 22.3R1-S2, 22.3R2.
Juniper Networks Junos OS Evolved
* All versions prior to 21.4R3-S3-EVO;
* 22.1-EVO version 22.1R1-EVO and later versions prior to 22.2R2-S2-EVO, 22.2R3-EVO;
* 22.3-EVO versions prior to 22.3R1-S2-EVO, 22.3R2-EVO.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: 0 ≤ Version: 21.1 ≤ Version: 21.2 ≤ Version: 21.3 ≤ Version: 21.4 ≤ Version: 22.1 ≤ Version: 22.2 ≤ Version: 22.3 ≤ |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:59:51.073Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA73149"
},
{
"tags": [
"product",
"x_transferred"
],
"url": "https://www.juniper.net/documentation/us/en/software/junos/interfaces-telemetry/topics/concept/junos-telemetry-interface-grpc-sensors.html"
},
{
"tags": [
"product",
"x_transferred"
],
"url": "https://www.juniper.net/documentation/en_US/junos/topics/concept/junos-software-user-interfaces-overview.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-44182",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T21:49:40.482537Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T20:41:46.766Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S7",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.1R3-S5",
"status": "affected",
"version": "21.1",
"versionType": "semver"
},
{
"lessThan": "21.2R3-S5",
"status": "affected",
"version": "21.2",
"versionType": "semver"
},
{
"lessThan": "21.3R3-S4",
"status": "affected",
"version": "21.3",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S3",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S2",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R2-S2, 22.2R3",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R1-S2, 22.3R2",
"status": "affected",
"version": "22.3",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.4R3-S3-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "22.1*-EVO",
"status": "affected",
"version": "22.1R1-EVO",
"versionType": "semver"
},
{
"lessThan": "22.2R2-S2-EVO, 22.2R3-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R1-S2-EVO, 22.3R2-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eConfigurations that are required for exposure to this issue vary. See the Reference URL resources and additional product-specific documentation.\u003c/p\u003e"
}
],
"value": "Configurations that are required for exposure to this issue vary. See the Reference URL resources and additional product-specific documentation.\n\n"
}
],
"datePublic": "2023-10-11T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eAn Unchecked Return Value vulnerability in the user interfaces to the Juniper Networks Junos OS and Junos OS Evolved, the CLI, the XML API, the XML Management Protocol, the NETCONF Management Protocol, the gNMI interfaces, and the J-Web User Interfaces causes unintended effects such as demotion or elevation of privileges associated with an operators actions to occur.\u003c/p\u003e\u003cp\u003eMultiple scenarios may occur; for example: privilege escalation over the device or another account, access to files that should not otherwise be accessible, files not being accessible where they should be accessible, code expected to run as non-root may run as root, and so forth.\u003c/p\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJuniper Networks Junos OS\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions prior to 20.4R3-S7;\u003c/li\u003e\u003cli\u003e21.1 versions prior to 21.1R3-S5;\u003c/li\u003e\u003cli\u003e21.2 versions prior to 21.2R3-S5;\u003c/li\u003e\u003cli\u003e21.3 versions prior to 21.3R3-S4;\u003c/li\u003e\u003cli\u003e21.4 versions prior to 21.4R3-S3;\u003c/li\u003e\u003cli\u003e22.1 versions prior to 22.1R3-S2;\u003c/li\u003e\u003cli\u003e22.2 versions prior to 22.2R2-S2, 22.2R3;\u003c/li\u003e\u003cli\u003e22.3 versions prior to 22.3R1-S2, 22.3R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eJuniper Networks Junos OS Evolved\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions prior to 21.4R3-S3-EVO;\u003c/li\u003e\u003cli\u003e22.1-EVO version 22.1R1-EVO and later versions prior to 22.2R2-S2-EVO, 22.2R3-EVO;\u003c/li\u003e\u003cli\u003e22.3-EVO versions prior to 22.3R1-S2-EVO, 22.3R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\n\n"
}
],
"value": "\nAn Unchecked Return Value vulnerability in the user interfaces to the Juniper Networks Junos OS and Junos OS Evolved, the CLI, the XML API, the XML Management Protocol, the NETCONF Management Protocol, the gNMI interfaces, and the J-Web User Interfaces causes unintended effects such as demotion or elevation of privileges associated with an operators actions to occur.\n\nMultiple scenarios may occur; for example: privilege escalation over the device or another account, access to files that should not otherwise be accessible, files not being accessible where they should be accessible, code expected to run as non-root may run as root, and so forth.\n\nThis issue affects:\n\nJuniper Networks Junos OS\n\n\n\n * All versions prior to 20.4R3-S7;\n * 21.1 versions prior to 21.1R3-S5;\n * 21.2 versions prior to 21.2R3-S5;\n * 21.3 versions prior to 21.3R3-S4;\n * 21.4 versions prior to 21.4R3-S3;\n * 22.1 versions prior to 22.1R3-S2;\n * 22.2 versions prior to 22.2R2-S2, 22.2R3;\n * 22.3 versions prior to 22.3R1-S2, 22.3R2.\n\n\n\n\nJuniper Networks Junos OS Evolved\n\n\n\n * All versions prior to 21.4R3-S3-EVO;\n * 22.1-EVO version 22.1R1-EVO and later versions prior to 22.2R2-S2-EVO, 22.2R3-EVO;\n * 22.3-EVO versions prior to 22.3R1-S2-EVO, 22.3R2-EVO.\n\n\n\n\n\n\n"
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e"
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-252",
"description": "CWE-252 Unchecked Return Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-12T23:07:05.978Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA73149"
},
{
"tags": [
"product"
],
"url": "https://www.juniper.net/documentation/us/en/software/junos/interfaces-telemetry/topics/concept/junos-telemetry-interface-grpc-sensors.html"
},
{
"tags": [
"product"
],
"url": "https://www.juniper.net/documentation/en_US/junos/topics/concept/junos-software-user-interfaces-overview.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue: \u003c/p\u003e\u003cp\u003eJunos OS: 20.4R3-S7, 21.1R3-S5, 21.2R3-S4, 21.2R3-S5, 21.3R3-S4, 21.4R3-S3, 22.1R3-S2, 22.2R2-S2, 22.2R3, 22.3R1-S2, 22.3R2, 22.3R3, 22.4R1, and all subsequent releases.\u003c/p\u003e\u003cp\u003eJunos OS Evolved: 21.4R3-S3-EVO, 22.2R2-S2-EVO, 22.2R3-EVO, 22.3R1-S2-EVO, 22.3R2-EVO, 22.4R1-EVO, and all subsequent releases.\u003c/p\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS: 20.4R3-S7, 21.1R3-S5, 21.2R3-S4, 21.2R3-S5, 21.3R3-S4, 21.4R3-S3, 22.1R3-S2, 22.2R2-S2, 22.2R3, 22.3R1-S2, 22.3R2, 22.3R3, 22.4R1, and all subsequent releases.\n\nJunos OS Evolved: 21.4R3-S3-EVO, 22.2R2-S2-EVO, 22.2R3-EVO, 22.3R1-S2-EVO, 22.3R2-EVO, 22.4R1-EVO, and all subsequent releases.\n\n"
}
],
"source": {
"advisory": "JSA73149",
"defect": [
"1668201"
],
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2023-10-11T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Junos OS and Junos OS Evolved: An Unchecked Return Value in multiple users interfaces affects confidentiality and integrity of device operations",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are no known workarounds for this issue.\u003c/p\u003e\u003cp\u003eMethods that may reduce, but not eliminate, the risk of exploitation of these problems, and which do not mitigate or resolve the underlying problems include:\u003c/p\u003e\u003cp\u003e\u2022\tDiscontinuing the use of any unnecessary administrative interfaces to the system\u003c/p\u003e\u003cp\u003e\u2022\tUsing access lists or firewall filters to limit access to the device only from trusted users, hosts, and networks\u003c/p\u003e\u003cp\u003e\u2022\tLimiting the number of changes performed to a device through administrative interfaces\u003c/p\u003e\u003cp\u003e\u2022\tReducing the frequency of unique telemetry events\u003c/p\u003e"
}
],
"value": "There are no known workarounds for this issue.\n\nMethods that may reduce, but not eliminate, the risk of exploitation of these problems, and which do not mitigate or resolve the underlying problems include:\n\n\u2022\tDiscontinuing the use of any unnecessary administrative interfaces to the system\n\n\u2022\tUsing access lists or firewall filters to limit access to the device only from trusted users, hosts, and networks\n\n\u2022\tLimiting the number of changes performed to a device through administrative interfaces\n\n\u2022\tReducing the frequency of unique telemetry events\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-av217"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2023-44182",
"datePublished": "2023-10-12T23:01:52.460Z",
"dateReserved": "2023-09-26T19:30:17.664Z",
"dateUpdated": "2025-02-27T20:41:46.766Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22402 (GCVE-0-2023-22402)
Vulnerability from cvelistv5
Published
2023-01-12 00:00
Modified
2025-04-07 20:06
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A Use After Free vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). In a Non Stop Routing (NSR) scenario, an unexpected kernel restart might be observed if "bgp auto-discovery" is enabled and if there is a BGP neighbor flap of auto-discovery sessions for any reason. This is a race condition which is outside of an attackers direct control and it depends on system internal timing whether this issue occurs. This issue affects Juniper Networks Junos OS Evolved: 21.3 versions prior to 21.3R3-EVO; 21.4 versions prior to 21.4R2-EVO; 22.1 versions prior to 22.1R2-EVO; 22.2 versions prior to 22.2R1-S1-EVO, 22.2R2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA70198 |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Version: 21.3 < 21.3R3-EVO Version: 21.4 < 21.4R2-EVO Version: 22.1 < 22.1R2-EVO Version: 22.2 < 22.2R1-S1-EVO, 22.2R2-EVO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.572Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.juniper.net/JSA70198"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22402",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T20:06:46.953989Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T20:06:56.856Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.3R3-EVO",
"status": "affected",
"version": "21.3",
"versionType": "custom"
},
{
"lessThan": "21.4R2-EVO",
"status": "affected",
"version": "21.4",
"versionType": "custom"
},
{
"lessThan": "22.1R2-EVO",
"status": "affected",
"version": "22.1",
"versionType": "custom"
},
{
"lessThan": "22.2R1-S1-EVO, 22.2R2-EVO",
"status": "affected",
"version": "22.2",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "To be exposed to this is issue non-stop routing (NSR) and BGP auto-discovery need to be configured:\n\n [routing-options nonstop-routing]\n [protocols bgp group \u003cname\u003e dynamic-neighbor \u003ctemplate\u003e peer-auto-discovery]"
}
],
"datePublic": "2023-01-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Use After Free vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). In a Non Stop Routing (NSR) scenario, an unexpected kernel restart might be observed if \"bgp auto-discovery\" is enabled and if there is a BGP neighbor flap of auto-discovery sessions for any reason. This is a race condition which is outside of an attackers direct control and it depends on system internal timing whether this issue occurs. This issue affects Juniper Networks Junos OS Evolved: 21.3 versions prior to 21.3R3-EVO; 21.4 versions prior to 21.4R2-EVO; 22.1 versions prior to 22.1R2-EVO; 22.2 versions prior to 22.2R1-S1-EVO, 22.2R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-12T00:00:00.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"url": "https://kb.juniper.net/JSA70198"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 21.3R3-EVO, 21.4R2-EVO, 22.1R2-EVO, 22.2R1-S1-EVO, 22.2R2-EVO, 22.3R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA70198",
"defect": [
"1636063"
],
"discovery": "USER"
},
"title": "Junos OS Evolved: The kernel might restart in a BGP scenario where \"bgp auto-discovery\" is enabled and such a neighbor flaps",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2023-22402",
"datePublished": "2023-01-12T00:00:00.000Z",
"dateReserved": "2022-12-27T00:00:00.000Z",
"dateUpdated": "2025-04-07T20:06:56.856Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22240 (GCVE-0-2022-22240)
Vulnerability from cvelistv5
Published
2022-10-18 02:46
Modified
2025-05-09 15:37
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An Allocation of Resources Without Limits or Throttling and a Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated low privileged attacker to cause a Denial of Sevice (DoS). In a high-scaled BGP routing environment with rib-sharding enabled, two issues may occur when executing a specific CLI command. One is a memory leak issue with rpd where the leak rate is not constant, and the other is a temporary spike in rpd memory usage during command execution. This issue affects: Juniper Networks Junos OS 19.4 versions prior to 19.4R3-S9; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R1-S2, 21.2R2-S1, 21.2R3; 21.3 versions prior to 21.3R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S1-EVO; 21.1-EVO version 21.1R1-EVO and later versions; 21.2-EVO versions prior to 21.2R1-S2-EVO, 21.2R3-EVO; 21.3-EVO versions prior to 21.3R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 19.2R1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA69896 |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Patch: unspecified Version: 19.4 < 19.4R3-S9 Version: 20.2 < 20.2R3-S5 Version: 20.3 < 20.3R3-S2 Version: 20.4 < 20.4R3-S1 Version: 21.1 < 21.1R3 Version: 21.2 < 21.2R1-S2, 21.2R2-S1, 21.2R3 Version: 21.3 < 21.3R2 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:07:49.912Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.juniper.net/JSA69896"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-22240",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-09T15:37:27.875814Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-09T15:37:34.307Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "19.2R1",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "19.4R3-S9",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.2R3-S5",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R3-S2",
"status": "affected",
"version": "20.3",
"versionType": "custom"
},
{
"lessThan": "20.4R3-S1",
"status": "affected",
"version": "20.4",
"versionType": "custom"
},
{
"lessThan": "21.1R3",
"status": "affected",
"version": "21.1",
"versionType": "custom"
},
{
"lessThan": "21.2R1-S2, 21.2R2-S1, 21.2R3",
"status": "affected",
"version": "21.2",
"versionType": "custom"
},
{
"lessThan": "21.3R2",
"status": "affected",
"version": "21.3",
"versionType": "custom"
}
]
},
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S1-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "21.1-EVO*",
"status": "affected",
"version": "21.1R1-EVO",
"versionType": "custom"
},
{
"lessThan": "21.2R1-S2-EVO, 21.2R3-EVO",
"status": "affected",
"version": "21.2-EVO",
"versionType": "custom"
},
{
"lessThan": "21.3R2-EVO",
"status": "affected",
"version": "21.3-EVO",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "To be exposed to this vulnerability a device needs to be configured with BGP rib sharding as follows:\n\n [system processes routing bgp rib-sharding]"
}
],
"datePublic": "2022-10-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Allocation of Resources Without Limits or Throttling and a Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated low privileged attacker to cause a Denial of Sevice (DoS). In a high-scaled BGP routing environment with rib-sharding enabled, two issues may occur when executing a specific CLI command. One is a memory leak issue with rpd where the leak rate is not constant, and the other is a temporary spike in rpd memory usage during command execution. This issue affects: Juniper Networks Junos OS 19.4 versions prior to 19.4R3-S9; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R1-S2, 21.2R2-S1, 21.2R3; 21.3 versions prior to 21.3R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S1-EVO; 21.1-EVO version 21.1R1-EVO and later versions; 21.2-EVO versions prior to 21.2R1-S2-EVO, 21.2R3-EVO; 21.3-EVO versions prior to 21.3R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 19.2R1."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-18T00:00:00.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"url": "https://kb.juniper.net/JSA69896"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue:\nJunos OS:19.4R3-S9, 20.2R3-S5, 20.3R3-S2, 20.4R3-S1, 21.1R3, 21.2R1-S2, 21.2R2-S1, 21.2R3, 21.3R2, 21.4R1, and all subsequent releases.\nJunos OS Evolved: 20.4R3-S1-EVO, 21.2R1-S2-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA69896",
"defect": [
"1615162"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: An rpd memory leak might be observed while running a specific cli command in a RIB sharding scenario",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue.\n\nTo reduce the risk of exploitation of this issue, use access lists or firewall filters to limit access to only trusted networks, hosts and users."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2022-22240",
"datePublished": "2022-10-18T02:46:42.415Z",
"dateReserved": "2021-12-21T00:00:00.000Z",
"dateUpdated": "2025-05-09T15:37:34.307Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-0250 (GCVE-0-2021-0250)
Vulnerability from cvelistv5
Published
2021-04-22 19:37
Modified
2024-09-17 00:20
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In segment routing traffic engineering (SRTE) environments where the BGP Monitoring Protocol (BMP) feature is enable, a vulnerability in the Routing Protocol Daemon (RPD) process of Juniper Networks Junos OS allows an attacker to send a specific crafted BGP update message causing the RPD service to core, creating a Denial of Service (DoS) Condition. Continued receipt and processing of this update message will create a sustained Denial of Service (DoS) condition. This issue affects IPv4 and IPv6 environments. This issue affects: Juniper Networks Junos OS 17.4 versions 17.4R1 and above prior to 17.4R2-S6, 17.4R3; 18.1 versions prior to 18.1R3-S7; 18.2 versions prior to 18.2R2-S6, 18.2R3-S3; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S4, 19.1R2; 19.2 versions prior to 19.2R1-S3, 19.2R2, This issue does not affect Junos OS releases prior to 17.4R1. This issue affects: Juniper Networks Junos OS Evolved 19.2-EVO versions prior to 19.2R2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA11143 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: 17.4R1 < unspecified Version: 17.4 < 17.4R2-S6, 17.4R3 Version: 18.1 < 18.1R3-S7 Version: 18.2 < 18.2R2-S6, 18.2R3-S3 Version: 18.3 < 18.3R1-S7, 18.3R2-S3, 18.3R3 Version: 18.4 < 18.4R1-S5, 18.4R2-S3, 18.4R3 Version: 19.1 < 19.1R1-S4, 19.1R2 Version: 19.2 < 19.2R1-S3, 19.2R2 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:10.015Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11143"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "17.4R1",
"versionType": "custom"
},
{
"lessThan": "17.4R2-S6, 17.4R3",
"status": "affected",
"version": "17.4",
"versionType": "custom"
},
{
"lessThan": "18.1R3-S7",
"status": "affected",
"version": "18.1",
"versionType": "custom"
},
{
"lessThan": "18.2R2-S6, 18.2R3-S3",
"status": "affected",
"version": "18.2",
"versionType": "custom"
},
{
"lessThan": "18.3R1-S7, 18.3R2-S3, 18.3R3",
"status": "affected",
"version": "18.3",
"versionType": "custom"
},
{
"lessThan": "18.4R1-S5, 18.4R2-S3, 18.4R3",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R1-S4, 19.1R2",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R1-S3, 19.2R2",
"status": "affected",
"version": "19.2",
"versionType": "custom"
}
]
},
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "19.2R2-EVO",
"status": "affected",
"version": "19.2-EVO",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "This issue requires a SRTE topology using BGP with BGP Monitoring Protocol to be enabled. \nFor example: \n [routing-options bmp]"
}
],
"datePublic": "2021-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In segment routing traffic engineering (SRTE) environments where the BGP Monitoring Protocol (BMP) feature is enable, a vulnerability in the Routing Protocol Daemon (RPD) process of Juniper Networks Junos OS allows an attacker to send a specific crafted BGP update message causing the RPD service to core, creating a Denial of Service (DoS) Condition. Continued receipt and processing of this update message will create a sustained Denial of Service (DoS) condition. This issue affects IPv4 and IPv6 environments. This issue affects: Juniper Networks Junos OS 17.4 versions 17.4R1 and above prior to 17.4R2-S6, 17.4R3; 18.1 versions prior to 18.1R3-S7; 18.2 versions prior to 18.2R2-S6, 18.2R3-S3; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S4, 19.1R2; 19.2 versions prior to 19.2R1-S3, 19.2R2, This issue does not affect Junos OS releases prior to 17.4R1. This issue affects: Juniper Networks Junos OS Evolved 19.2-EVO versions prior to 19.2R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T19:37:12",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/JSA11143"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue:\nJunos OS: 17.4R2-S6, 17.4R3, 18.1R3-S7, 18.2R2-S6, 18.2R3-S3, 18.3R1-S7, 18.3R2-S3, 18.3R3, 18.4R1-S5, 18.4R2-S3, 18.4R3, 19.1R1-S4, 19.1R2, 19.2R1-S3, 19.2R2, 19.3R1, and all subsequent releases.\nJunos OS Evolved: 19.2R2-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11143",
"defect": [
"1442721"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: An attacker sending a specific crafted BGP update message will crash RPD",
"workarounds": [
{
"lang": "en",
"value": "Disable BGP monitoring protocol until a fix can be applied."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-04-14T16:00:00.000Z",
"ID": "CVE-2021-0250",
"STATE": "PUBLIC",
"TITLE": "Junos OS and Junos OS Evolved: An attacker sending a specific crafted BGP update message will crash RPD"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "17.4R1"
},
{
"version_affected": "\u003c",
"version_name": "17.4",
"version_value": "17.4R2-S6, 17.4R3"
},
{
"version_affected": "\u003c",
"version_name": "18.1",
"version_value": "18.1R3-S7"
},
{
"version_affected": "\u003c",
"version_name": "18.2",
"version_value": "18.2R2-S6, 18.2R3-S3"
},
{
"version_affected": "\u003c",
"version_name": "18.3",
"version_value": "18.3R1-S7, 18.3R2-S3, 18.3R3"
},
{
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R1-S5, 18.4R2-S3, 18.4R3"
},
{
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R1-S4, 19.1R2"
},
{
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R1-S3, 19.2R2"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "19.2-EVO",
"version_value": "19.2R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "This issue requires a SRTE topology using BGP with BGP Monitoring Protocol to be enabled. \nFor example: \n [routing-options bmp]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In segment routing traffic engineering (SRTE) environments where the BGP Monitoring Protocol (BMP) feature is enable, a vulnerability in the Routing Protocol Daemon (RPD) process of Juniper Networks Junos OS allows an attacker to send a specific crafted BGP update message causing the RPD service to core, creating a Denial of Service (DoS) Condition. Continued receipt and processing of this update message will create a sustained Denial of Service (DoS) condition. This issue affects IPv4 and IPv6 environments. This issue affects: Juniper Networks Junos OS 17.4 versions 17.4R1 and above prior to 17.4R2-S6, 17.4R3; 18.1 versions prior to 18.1R3-S7; 18.2 versions prior to 18.2R2-S6, 18.2R3-S3; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S4, 19.1R2; 19.2 versions prior to 19.2R1-S3, 19.2R2, This issue does not affect Junos OS releases prior to 17.4R1. This issue affects: Juniper Networks Junos OS Evolved 19.2-EVO versions prior to 19.2R2-EVO."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11143",
"refsource": "MISC",
"url": "https://kb.juniper.net/JSA11143"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue:\nJunos OS: 17.4R2-S6, 17.4R3, 18.1R3-S7, 18.2R2-S6, 18.2R3-S3, 18.3R1-S7, 18.3R2-S3, 18.3R3, 18.4R1-S5, 18.4R2-S3, 18.4R3, 19.1R1-S4, 19.1R2, 19.2R1-S3, 19.2R2, 19.3R1, and all subsequent releases.\nJunos OS Evolved: 19.2R2-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11143",
"defect": [
"1442721"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "Disable BGP monitoring protocol until a fix can be applied."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0250",
"datePublished": "2021-04-22T19:37:12.802278Z",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-09-17T00:20:57.710Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22225 (GCVE-0-2022-22225)
Vulnerability from cvelistv5
Published
2022-10-18 02:46
Modified
2025-05-12 14:42
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated attacker with an established BGP session to cause a Denial of Service (DoS). In a BGP multipath scenario, when one of the contributing routes is flapping often and rapidly, rpd may crash. As this crash depends on whether a route is a contributing route, and on the internal timing of the events triggered by the flap this vulnerability is outside the direct control of a potential attacker. This issue affects: Juniper Networks Junos OS 19.2 versions prior to 19.2R3-S6; 20.2 versions prior to 20.2R3-S4; 20.3 versions prior to 20.3R3-S3; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2; 21.3 versions prior to 21.3R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S4-EVO; 21.1-EVO version 21.1R1-EVO and later versions; 21.2-EVO versions prior to 21.2R2-EVO; 21.3-EVO versions prior to 21.3R2-EVO. This issue does not affect: Juniper Networks Junos OS versions 19.2 versions prior to 19.2R2, 19.3R1 and above prior to 20.2R1. Juniper Networks Junos OS Evolved versions prior to 20.2R1-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA69875 |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Patch: 19.2 Patch: 19.3R1 Patch: 19.4R1 Patch: 20.1R1 Version: 20.2 < 20.2R3-S4 Version: 20.3 < 20.3R3-S3 Version: 20.4 < 20.4R3-S4 Version: 21.1 < 21.1R3 Version: 21.2 < 21.2R2 Version: 21.3 < 21.3R2 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:07:50.156Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.juniper.net/JSA69875"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-22225",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-12T14:42:21.718224Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-12T14:42:31.372Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"changes": [
{
"at": "19.2R3-S6",
"status": "unaffected"
}
],
"lessThan": "19.2R2",
"status": "unaffected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3*",
"status": "unaffected",
"version": "19.3R1",
"versionType": "custom"
},
{
"lessThan": "19.4*",
"status": "unaffected",
"version": "19.4R1",
"versionType": "custom"
},
{
"lessThan": "20.1*",
"status": "unaffected",
"version": "20.1R1",
"versionType": "custom"
},
{
"lessThan": "20.2R3-S4",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R3-S3",
"status": "affected",
"version": "20.3",
"versionType": "custom"
},
{
"lessThan": "20.4R3-S4",
"status": "affected",
"version": "20.4",
"versionType": "custom"
},
{
"lessThan": "21.1R3",
"status": "affected",
"version": "21.1",
"versionType": "custom"
},
{
"lessThan": "21.2R2",
"status": "affected",
"version": "21.2",
"versionType": "custom"
},
{
"lessThan": "21.3R2",
"status": "affected",
"version": "21.3",
"versionType": "custom"
}
]
},
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S4-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "20.2R1-EVO",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "21.1-EVO*",
"status": "affected",
"version": "21.1R1-EVO",
"versionType": "custom"
},
{
"lessThan": "21.2R2-EVO",
"status": "affected",
"version": "21.2-EVO",
"versionType": "custom"
},
{
"lessThan": "21.3R2-EVO",
"status": "affected",
"version": "21.3-EVO",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "A device can only be affected if the following BGP multipath configuration is in place:\n\n [protocols bgp ... multipath]"
}
],
"datePublic": "2022-10-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated attacker with an established BGP session to cause a Denial of Service (DoS). In a BGP multipath scenario, when one of the contributing routes is flapping often and rapidly, rpd may crash. As this crash depends on whether a route is a contributing route, and on the internal timing of the events triggered by the flap this vulnerability is outside the direct control of a potential attacker. This issue affects: Juniper Networks Junos OS 19.2 versions prior to 19.2R3-S6; 20.2 versions prior to 20.2R3-S4; 20.3 versions prior to 20.3R3-S3; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2; 21.3 versions prior to 21.3R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S4-EVO; 21.1-EVO version 21.1R1-EVO and later versions; 21.2-EVO versions prior to 21.2R2-EVO; 21.3-EVO versions prior to 21.3R2-EVO. This issue does not affect: Juniper Networks Junos OS versions 19.2 versions prior to 19.2R2, 19.3R1 and above prior to 20.2R1. Juniper Networks Junos OS Evolved versions prior to 20.2R1-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-18T00:00:00.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"url": "https://kb.juniper.net/JSA69875"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: \nJunos OS: 19.2R3-S6, 20.2R3-S4, 20.3R3-S3, 20.4R3-S4, 21.1R2, 21.2R2, 21.3R2, 21.4R1, and all subsequent releases.\nJunos OS Evolved: 20.4R3-S4-EVO, 21.2R2-EVO, 21.3R2-EVO, 21.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA69875",
"defect": [
"1611128"
],
"discovery": "INTERNAL"
},
"title": "Junos OS and Junos OS Evolved: In a BGP multipath scenario, when one of the contributing routes is flapping often and rapidly, rpd may crash",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2022-22225",
"datePublished": "2022-10-18T02:46:26.844Z",
"dateReserved": "2021-12-21T00:00:00.000Z",
"dateUpdated": "2025-05-12T14:42:31.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39519 (GCVE-0-2024-39519)
Vulnerability from cvelistv5
Published
2024-07-11 15:55
Modified
2024-08-02 04:26
Severity ?
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.1 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
7.1 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
VLAI Severity ?
EPSS score ?
Summary
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX7000 Series allows an unauthenticated, adjacent attacker to cause a
Denial-of-Service (DoS).
On all ACX 7000 Series platforms running
Junos OS Evolved, and configured with IRBs, if a Customer Edge device (CE) device is dual homed to two Provider Edge devices (PE) a traffic loop will occur when the CE sends multicast packets. This issue can be triggered by IPv4 and IPv6 traffic.
This issue affects Junos OS Evolved:
All versions from 22.2R1-EVO and later versions before 22.4R2-EVO,
This issue does not affect Junos OS Evolved versions before 22.1R1-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportportal.juniper.net/JSA82983 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Version: 22.1-EVO ≤ Version: 22.2-EVO < Version: 22.3-EVO < Version: 22.4-EVO ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39519",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T18:57:45.856923Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T18:57:54.595Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.781Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA82983"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"ACX7000 Series"
],
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"status": "affected",
"version": "22.1-EVO",
"versionType": "semver"
},
{
"lessThan": "22.1R1-EVO",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"status": "affected",
"version": "22.2-EVO",
"versionType": "custom"
},
{
"status": "affected",
"version": "22.3-EVO",
"versionType": "custom"
},
{
"lessThan": "22.4R2-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTo be potentially exposed to this issue the device must be configured as follows:\u003c/p\u003e\u003ctt\u003e[ routing-instances evpna instance-type evpn ]\u003cbr\u003e[ routing-instances evpna routing-interface irb.0 ]\u003c/tt\u003e"
}
],
"value": "To be potentially exposed to this issue the device must be configured as follows:\n\n[ routing-instances evpna instance-type evpn ]\n[ routing-instances evpna routing-interface irb.0 ]"
}
],
"datePublic": "2024-07-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX7000 Series allows an unauthenticated, adjacent attacker to cause a \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDenial-of-Service (DoS).\u003c/span\u003e\u003cp\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOn all ACX 7000 Series platforms running \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eJunos OS Evolved, and configured with IRBs\u003c/span\u003e, if a Customer Edge device (CE) device is dual homed to two Provider Edge devices (PE) a traffic loop will occur when the CE sends multicast packets. This issue can be triggered by IPv4 and IPv6 traffic.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Junos OS Evolved:\u0026nbsp;\u003c/p\u003e\u003cp\u003eAll versions from 22.2R1-EVO and later versions before 22.4R2-EVO,\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue does not affect Junos OS Evolved versions before 22.1R1-EVO.\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX7000 Series allows an unauthenticated, adjacent attacker to cause a \n\nDenial-of-Service (DoS).\n\nOn all ACX 7000 Series platforms running \n\nJunos OS Evolved, and configured with IRBs, if a Customer Edge device (CE) device is dual homed to two Provider Edge devices (PE) a traffic loop will occur when the CE sends multicast packets. This issue can be triggered by IPv4 and IPv6 traffic.\n\n\nThis issue affects Junos OS Evolved:\u00a0\n\nAll versions from 22.2R1-EVO and later versions before 22.4R2-EVO,\n\nThis issue does not affect Junos OS Evolved versions before 22.1R1-EVO."
}
],
"exploits": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\u0026nbsp;However, multiple occurrences of this issue have been reported in production."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\u00a0However, multiple occurrences of this issue have been reported in production."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T15:55:37.087Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA82983"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: 22.4R2-EVO, 23.2R1-EVO, and all subsequent releases.\u003cbr\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue: 22.4R2-EVO, 23.2R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA82983",
"defect": [
"1691134"
],
"discovery": "USER"
},
"title": "Junos OS Evolved: ACX 7000 Series: Multicast traffic is looped in a multihoming EVPN MPLS scenario",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-39519",
"datePublished": "2024-07-11T15:55:37.087Z",
"dateReserved": "2024-06-25T15:12:53.239Z",
"dateUpdated": "2024-08-02T04:26:15.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39557 (GCVE-0-2024-39557)
Vulnerability from cvelistv5
Published
2024-07-10 22:39
Modified
2024-08-02 04:26
Severity ?
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.1 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/R:A
7.1 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/R:A
VLAI Severity ?
EPSS score ?
Summary
An Uncontrolled Resource Consumption vulnerability in the
Layer 2 Address Learning Daemon (l2ald)
of Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a memory leak, eventually exhausting all system memory, leading to a system crash and Denial of Service (DoS).
Certain MAC table updates cause a small amount of memory to leak. Once memory utilization reaches its limit, the issue will result in a system crash and restart.
To identify the issue, execute the CLI command:
user@device> show platform application-info allocations app l2ald-agent
EVL Object Allocation Statistics:
Node Application Context Name Live Allocs Fails Guids
re0 l2ald-agent net::juniper::rtnh::L2Rtinfo 1069096 1069302 0 1069302
re0 l2ald-agent net::juniper::rtnh::NHOpaqueTlv 114 195 0 195
This issue affects Junos OS Evolved:
* All versions before 21.4R3-S8-EVO,
* from 22.2-EVO before 22.2R3-S4-EVO,
* from 22.3-EVO before 22.3R3-S3-EVO,
* from 22.4-EVO before 22.4R3-EVO,
* from 23.2-EVO before 23.2R2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportportal.juniper.net/JSA83017 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Version: 0 ≤ Version: 22.2-EVO ≤ Version: 22.3-EVO ≤ Version: 22.4-EVO ≤ Version: 23.2-EVO ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39557",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-12T20:01:39.694455Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T20:01:48.481Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.916Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA83017"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.4R3-S8-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S4-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S3-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R3-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
},
{
"lessThan": "23.2R2-EVO",
"status": "affected",
"version": "23.2-EVO",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-07-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Uncontrolled Resource Consumption vulnerability in the \n\nLayer 2 Address Learning Daemon (l2ald)\n\n of Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a memory leak, eventually exhausting all system memory, leading to a system crash and Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003eCertain MAC table updates cause a small amount of memory to leak.\u0026nbsp; Once memory utilization reaches its limit, the issue will result in a system crash and restart.\u003cbr\u003e\u003cbr\u003eTo identify the issue, execute the CLI command:\u003cbr\u003e \u003cbr\u003e\u003ctt\u003euser@device\u0026gt; show platform application-info allocations app l2ald-agent\u003cbr\u003eEVL Object Allocation Statistics:\u003cbr\u003e \u003cbr\u003e Node \u0026nbsp; Application \u0026nbsp; \u0026nbsp; Context Name \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Live \u0026nbsp; Allocs \u0026nbsp; Fails \u0026nbsp; \u0026nbsp; Guids\u003cbr\u003e re0 \u0026nbsp; l2ald-agent \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; net::juniper::rtnh::L2Rtinfo \u0026nbsp; \u0026nbsp; \u0026nbsp; 1069096 1069302 \u0026nbsp; 0 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 1069302\u003cbr\u003e re0 \u0026nbsp; l2ald-agent \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; net::juniper::rtnh::NHOpaqueTlv \u0026nbsp; \u0026nbsp; 114 \u0026nbsp; \u0026nbsp; 195 \u0026nbsp; \u0026nbsp; \u0026nbsp; 0 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 195\u003c/tt\u003e\u003cbr\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Junos OS Evolved: \u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--darkreader-bg--wht);\"\u003eAll versions before 21.4R3-S8-EVO,\u003c/span\u003e\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 22.2-EVO before 22.2R3-S4-EVO, \u003c/li\u003e\u003cli\u003efrom 22.3-EVO\u0026nbsp;before 22.3R3-S3-EVO, \u003c/li\u003e\u003cli\u003efrom 22.4-EVO before 22.4R3-EVO, \u003c/li\u003e\u003cli\u003efrom 23.2-EVO before 23.2R2-EVO.\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "An Uncontrolled Resource Consumption vulnerability in the \n\nLayer 2 Address Learning Daemon (l2ald)\n\n of Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a memory leak, eventually exhausting all system memory, leading to a system crash and Denial of Service (DoS).\n\nCertain MAC table updates cause a small amount of memory to leak.\u00a0 Once memory utilization reaches its limit, the issue will result in a system crash and restart.\n\nTo identify the issue, execute the CLI command:\n \nuser@device\u003e show platform application-info allocations app l2ald-agent\nEVL Object Allocation Statistics:\n \n Node \u00a0 Application \u00a0 \u00a0 Context Name \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Live \u00a0 Allocs \u00a0 Fails \u00a0 \u00a0 Guids\n re0 \u00a0 l2ald-agent \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 net::juniper::rtnh::L2Rtinfo \u00a0 \u00a0 \u00a0 1069096 1069302 \u00a0 0 \u00a0 \u00a0 \u00a0 \u00a0 1069302\n re0 \u00a0 l2ald-agent \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 net::juniper::rtnh::NHOpaqueTlv \u00a0 \u00a0 114 \u00a0 \u00a0 195 \u00a0 \u00a0 \u00a0 0 \u00a0 \u00a0 \u00a0 \u00a0 195\n\n\n\nThis issue affects Junos OS Evolved: \n\n\n * All versions before 21.4R3-S8-EVO,\n\n * from 22.2-EVO before 22.2R3-S4-EVO, \n * from 22.3-EVO\u00a0before 22.3R3-S3-EVO, \n * from 22.4-EVO before 22.4R3-EVO, \n * from 23.2-EVO before 23.2R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/R:A",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T22:39:48.575Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA83017"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: 21.4R3-S8-EVO, 22.2R3-S4-EVO, 22.3R3-S3-EVO, 22.4R3-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue: 21.4R3-S8-EVO, 22.2R3-S4-EVO, 22.3R3-S3-EVO, 22.4R3-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA83017",
"defect": [
"1756208"
],
"discovery": "USER"
},
"title": "Junos OS Evolved: MAC table changes cause a memory leak",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-39557",
"datePublished": "2024-07-10T22:39:48.575Z",
"dateReserved": "2024-06-25T15:12:53.247Z",
"dateUpdated": "2024-08-02T04:26:15.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22239 (GCVE-0-2022-22239)
Vulnerability from cvelistv5
Published
2022-10-18 02:46
Modified
2025-05-10 02:34
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An Execution with Unnecessary Privileges vulnerability in Management Daemon (mgd) of Juniper Networks Junos OS Evolved allows a locally authenticated attacker with low privileges to escalate their privileges on the device and potentially remote systems. This vulnerability allows a locally authenticated attacker with access to the ssh operational command to escalate their privileges on the system to root, or if there is user interaction on the local device to potentially escalate privileges on a remote system to root. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S5-EVO; 21.1-EVO versions prior to 21.1R3-EVO; 21.2-EVO versions prior to 21.2R2-S1-EVO, 21.2R3-EVO; 21.3-EVO versions prior to 21.3R2-EVO. This issue does not affect Juniper Networks Junos OS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA69895 |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Version: unspecified < 20.4R3-S5-EVO Version: 21.1-EVO < 21.1R3-EVO Version: 21.2-EVO < 21.2R2-S1-EVO, 21.2R3-EVO Version: 21.3-EVO < 21.3R2-EVO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:07:49.838Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.juniper.net/JSA69895"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-22239",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-10T02:34:04.074427Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-10T02:34:30.513Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S5-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "21.1R3-EVO",
"status": "affected",
"version": "21.1-EVO",
"versionType": "custom"
},
{
"lessThan": "21.2R2-S1-EVO, 21.2R3-EVO",
"status": "affected",
"version": "21.2-EVO",
"versionType": "custom"
},
{
"lessThan": "21.3R2-EVO",
"status": "affected",
"version": "21.3-EVO",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-10-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Execution with Unnecessary Privileges vulnerability in Management Daemon (mgd) of Juniper Networks Junos OS Evolved allows a locally authenticated attacker with low privileges to escalate their privileges on the device and potentially remote systems. This vulnerability allows a locally authenticated attacker with access to the ssh operational command to escalate their privileges on the system to root, or if there is user interaction on the local device to potentially escalate privileges on a remote system to root. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S5-EVO; 21.1-EVO versions prior to 21.1R3-EVO; 21.2-EVO versions prior to 21.2R2-S1-EVO, 21.2R3-EVO; 21.3-EVO versions prior to 21.3R2-EVO. This issue does not affect Juniper Networks Junos OS."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250 Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-18T00:00:00.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"url": "https://kb.juniper.net/JSA69895"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 20.4R3-S5-EVO, 21.1R3-EVO, 21.2R2-S1-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA69895",
"defect": [
"1621892"
],
"discovery": "INTERNAL"
},
"title": "Junos OS Evolved: The ssh CLI command always runs as root which can lead to privilege escalation",
"workarounds": [
{
"lang": "en",
"value": "A workaround for this issue is to modify the applicable login class(es) so that the ssh command can not be accessed anymore. This can be done by removing the \u0027network\u0027 permission or modifying the resp. allow-/deny-commands configuration."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2022-22239",
"datePublished": "2022-10-18T02:46:41.384Z",
"dateReserved": "2021-12-21T00:00:00.000Z",
"dateUpdated": "2025-05-10T02:34:30.513Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22227 (GCVE-0-2022-22227)
Vulnerability from cvelistv5
Published
2022-10-18 02:46
Modified
2025-05-12 14:29
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX7000 Series allows an unauthenticated network-based attacker to cause a partial Denial of Service (DoS). On receipt of specific IPv6 transit traffic, Junos OS Evolved on ACX7100-48L, ACX7100-32C and ACX7509 sends this traffic to the Routing Engine (RE) instead of forwarding it, leading to increased CPU utilization of the RE and a partial DoS. This issue only affects systems configured with IPv6. This issue does not affect ACX7024 which is supported from 22.3R1-EVO onwards where the fix has already been incorporated as indicated in the solution section. This issue affects Juniper Networks Junos OS Evolved on ACX7100-48L, ACX7100-32C, ACX7509: 21.1-EVO versions prior to 21.1R3-S2-EVO; 21.2-EVO versions prior to 21.2R3-S2-EVO; 21.3-EVO versions prior to 21.3R3-EVO; 21.4-EVO versions prior to 21.4R1-S1-EVO, 21.4R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 21.1R1-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA69878 |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Patch: unspecified Version: 21.1-EVO < 21.1R3-S2-EVO Version: 21.2-EVO < 21.2R3-S2-EVO Version: 21.3-EVO < 21.3R3-EVO Version: 21.4-EVO < 21.4R1-S1-EVO, 21.4R2-EVO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:07:50.130Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.juniper.net/JSA69878"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-22227",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-12T14:29:48.739364Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-12T14:29:55.117Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"ACX7100-48L, ACX7100-32C, ACX7509"
],
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.1R1-EVO",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "21.1R3-S2-EVO",
"status": "affected",
"version": "21.1-EVO",
"versionType": "custom"
},
{
"lessThan": "21.2R3-S2-EVO",
"status": "affected",
"version": "21.2-EVO",
"versionType": "custom"
},
{
"lessThan": "21.3R3-EVO",
"status": "affected",
"version": "21.3-EVO",
"versionType": "custom"
},
{
"lessThan": "21.4R1-S1-EVO, 21.4R2-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "To be exposed to this vulnerability a device needs to be configured with a minimal IPv6 configuration like in the following example:\n\n [ interfaces \u003cinterface\u003e unit \u003cunit number\u003e family inet6 ]"
}
],
"datePublic": "2022-10-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX7000 Series allows an unauthenticated network-based attacker to cause a partial Denial of Service (DoS). On receipt of specific IPv6 transit traffic, Junos OS Evolved on ACX7100-48L, ACX7100-32C and ACX7509 sends this traffic to the Routing Engine (RE) instead of forwarding it, leading to increased CPU utilization of the RE and a partial DoS. This issue only affects systems configured with IPv6. This issue does not affect ACX7024 which is supported from 22.3R1-EVO onwards where the fix has already been incorporated as indicated in the solution section. This issue affects Juniper Networks Junos OS Evolved on ACX7100-48L, ACX7100-32C, ACX7509: 21.1-EVO versions prior to 21.1R3-S2-EVO; 21.2-EVO versions prior to 21.2R3-S2-EVO; 21.3-EVO versions prior to 21.3R3-EVO; 21.4-EVO versions prior to 21.4R1-S1-EVO, 21.4R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 21.1R1-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-18T00:00:00.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"url": "https://kb.juniper.net/JSA69878"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 21.1R3-S2-EVO, 21.2R3-S2-EVO, 21.3R3-EVO, 21.4R1-S1-EVO, 21.4R2-EVO, 22.1R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA69878",
"defect": [
"1641006"
],
"discovery": "USER"
},
"title": "Junos OS Evolved: ACX7000 Series: Specific IPv6 transit traffic gets exceptioned to the routing-engine which causes increased CPU utilization",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2022-22227",
"datePublished": "2022-10-18T02:46:28.960Z",
"dateReserved": "2021-12-21T00:00:00.000Z",
"dateUpdated": "2025-05-12T14:29:55.117Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22406 (GCVE-0-2023-22406)
Vulnerability from cvelistv5
Published
2023-01-12 00:00
Modified
2025-04-07 15:37
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). In a segment-routing scenario with OSPF as IGP, when a peer interface continuously flaps, next-hop churn will happen and a continuous increase in Routing Protocol Daemon (rpd) memory consumption will be observed. This will eventually lead to an rpd crash and restart when the memory is full. The memory consumption can be monitored using the CLI command "show task memory detail" as shown in the following example: user@host> show task memory detail | match "RT_NEXTHOPS_TEMPLATE|RT_TEMPLATE_BOOK_KEE" RT_NEXTHOPS_TEMPLATE 1008 1024 T 50 51200 50 51200 RT_NEXTHOPS_TEMPLATE 688 768 T 50 38400 50 38400 RT_NEXTHOPS_TEMPLATE 368 384 T 412330 158334720 412330 158334720 RT_TEMPLATE_BOOK_KEE 2064 2560 T 33315 85286400 33315 85286400 user@host> show task memory detail | match "RT_NEXTHOPS_TEMPLATE|RT_TEMPLATE_BOOK_KEE" RT_NEXTHOPS_TEMPLATE 1008 1024 T 50 51200 50 51200 RT_NEXTHOPS_TEMPLATE 688 768 T 50 38400 50 38400 RT_NEXTHOPS_TEMPLATE 368 384 T 419005 160897920 419005 160897920 <=== RT_TEMPLATE_BOOK_KEE 2064 2560 T 39975 102336000 39975 10233600 <=== This issue affects: Juniper Networks Junos OS All versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S8, 19.4R3-S9; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S2; 21.3 versions prior to 21.3R3-S1; 21.4 versions prior to 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S4-EVO; 21.4 versions prior to 21.4R2-S1-EVO, 21.4R3-EVO; 22.1 versions prior to 22.1R2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA70202 |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: unspecified < 19.3R3-S7 Version: 19.4 < 19.4R2-S8, 19.4R3-S9 Version: 20.2 < 20.2R3-S5 Version: 20.3 < 20.3R3-S5 Version: 20.4 < 20.4R3-S4 Version: 21.1 < 21.1R3-S3 Version: 21.2 < 21.2R3-S2 Version: 21.3 < 21.3R3-S1 Version: 21.4 < 21.4R2-S1, 21.4R3 Version: 22.1 < 22.1R2 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.601Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.juniper.net/JSA70202"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22406",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T15:00:02.855812Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T15:37:55.236Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "19.3R3-S7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "19.4R2-S8, 19.4R3-S9",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.2R3-S5",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R3-S5",
"status": "affected",
"version": "20.3",
"versionType": "custom"
},
{
"lessThan": "20.4R3-S4",
"status": "affected",
"version": "20.4",
"versionType": "custom"
},
{
"lessThan": "21.1R3-S3",
"status": "affected",
"version": "21.1",
"versionType": "custom"
},
{
"lessThan": "21.2R3-S2",
"status": "affected",
"version": "21.2",
"versionType": "custom"
},
{
"lessThan": "21.3R3-S1",
"status": "affected",
"version": "21.3",
"versionType": "custom"
},
{
"lessThan": "21.4R2-S1, 21.4R3",
"status": "affected",
"version": "21.4",
"versionType": "custom"
},
{
"lessThan": "22.1R2",
"status": "affected",
"version": "22.1",
"versionType": "custom"
}
]
},
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S4-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "21.4R2-S1-EVO, 21.4R3-EVO",
"status": "affected",
"version": "21.4",
"versionType": "custom"
},
{
"lessThan": "22.1R2-EVO",
"status": "affected",
"version": "22.1",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "To be exposed to this issue a minimal SR configuration for OSPF like in the following example is required:\n\n [protocols ospf source-packet-routing}"
}
],
"datePublic": "2023-01-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). In a segment-routing scenario with OSPF as IGP, when a peer interface continuously flaps, next-hop churn will happen and a continuous increase in Routing Protocol Daemon (rpd) memory consumption will be observed. This will eventually lead to an rpd crash and restart when the memory is full. The memory consumption can be monitored using the CLI command \"show task memory detail\" as shown in the following example: user@host\u003e show task memory detail | match \"RT_NEXTHOPS_TEMPLATE|RT_TEMPLATE_BOOK_KEE\" RT_NEXTHOPS_TEMPLATE 1008 1024 T 50 51200 50 51200 RT_NEXTHOPS_TEMPLATE 688 768 T 50 38400 50 38400 RT_NEXTHOPS_TEMPLATE 368 384 T 412330 158334720 412330 158334720 RT_TEMPLATE_BOOK_KEE 2064 2560 T 33315 85286400 33315 85286400 user@host\u003e show task memory detail | match \"RT_NEXTHOPS_TEMPLATE|RT_TEMPLATE_BOOK_KEE\" RT_NEXTHOPS_TEMPLATE 1008 1024 T 50 51200 50 51200 RT_NEXTHOPS_TEMPLATE 688 768 T 50 38400 50 38400 RT_NEXTHOPS_TEMPLATE 368 384 T 419005 160897920 419005 160897920 \u003c=== RT_TEMPLATE_BOOK_KEE 2064 2560 T 39975 102336000 39975 10233600 \u003c=== This issue affects: Juniper Networks Junos OS All versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S8, 19.4R3-S9; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S2; 21.3 versions prior to 21.3R3-S1; 21.4 versions prior to 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S4-EVO; 21.4 versions prior to 21.4R2-S1-EVO, 21.4R3-EVO; 22.1 versions prior to 22.1R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-12T00:00:00.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"url": "https://kb.juniper.net/JSA70202"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: \nJunos OS: 19.3R3-S7, 19.4R2-S8, 19.4R3-S9, 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R3-S3, 21.2R3-S2, 21.3R3-S1, 21.4R2-S1, 21.4R3, 22.1R2, 22.2R1, and all subsequent releases.\nJunos OS Evolved: 20.4R3-S4-EVO, 21.4R2-S1-EVO, 21.4R3-EVO, 22.1R2-EVO, 22.2R1-EVO, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA70202",
"defect": [
"1659366"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: A memory leak which will ultimately lead to an rpd crash will be observed when a peer interface flaps continuously in a Segment Routing scenario using OSPF",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2023-22406",
"datePublished": "2023-01-12T00:00:00.000Z",
"dateReserved": "2022-12-27T00:00:00.000Z",
"dateUpdated": "2025-04-07T15:37:55.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21598 (GCVE-0-2024-21598)
Vulnerability from cvelistv5
Published
2024-04-12 14:54
Modified
2024-08-01 22:27
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
VLAI Severity ?
EPSS score ?
Summary
An Improper Validation of Syntactic Correctness of Input vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).
If a BGP update is received over an established BGP session which contains a tunnel encapsulation attribute with a specifically malformed TLV, rpd will crash and restart.
This issue affects Juniper Networks
Junos OS:
* 20.4 versions 20.4R1 and later versions earlier than 20.4R3-S9;
* 21.2 versions earlier than 21.2R3-S7;
* 21.3 versions earlier than 21.3R3-S5;
* 21.4 versions earlier than 21.4R3-S5;
* 22.1 versions earlier than 22.1R3-S4;
* 22.2 versions earlier than 22.2R3-S3;
* 22.3 versions earlier than 22.3R3-S1;
* 22.4 versions earlier than 22.4R3;
* 23.2 versions earlier than 23.2R1-S2, 23.2R2;
Junos OS Evolved:
* 20.4-EVO versions 20.4R1-EVO and later versions earlier than 20.4R3-S9-EVO;
* 21.2-EVO versions earlier than 21.2R3-S7-EVO;
* 21.3-EVO versions earlier than 21.3R3-S5-EVO;
* 21.4-EVO versions earlier than 21.4R3-S5-EVO;
* 22.1-EVO versions earlier than 22.1R3-S4-EVO;
* 22.2-EVO versions earlier than 22.2R3-S3-EVO;
* 22.3-EVO versions earlier than 22.3R3-S1-EVO;
* 22.4-EVO versions earlier than 22.4R3-EVO;
* 23.2-EVO versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO;
This issue does not affect Juniper Networks
* Junos OS versions earlier than 20.4R1;
* Junos OS Evolved versions earlier than 20.4R1-EVO.
This is a related but separate issue than the one described in JSA79095.
References
| ▼ | URL | Tags |
|---|---|---|
| http://supportportal.juniper.net/JSA75739 | vendor-advisory | |
| https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L | technical-description |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: 20.4 ≤ Version: 21.2 ≤ Version: 21.3 ≤ Version: 21.4 ≤ Version: 22.1 ≤ Version: 22.2 ≤ Version: 22.3 ≤ Version: 22.4 ≤ Version: 23.2 ≤ |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:juniper_networks:junos_os:20.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "junos_os",
"vendor": "juniper_networks",
"versions": [
{
"lessThan": "20.4r3-s9",
"status": "affected",
"version": "20.4",
"versionType": "custom"
},
{
"lessThan": "21.2r3-s7",
"status": "affected",
"version": "21.2",
"versionType": "custom"
},
{
"lessThan": "21.3r3-s5",
"status": "affected",
"version": "21.3",
"versionType": "custom"
},
{
"lessThan": "21.4r3-s5",
"status": "affected",
"version": "21.4",
"versionType": "custom"
},
{
"lessThan": "22.1r3-s4",
"status": "affected",
"version": "22.1",
"versionType": "custom"
},
{
"lessThan": "22.2r3-s3",
"status": "affected",
"version": "22.2",
"versionType": "custom"
},
{
"lessThan": "22.3r3-s1",
"status": "affected",
"version": "22.3",
"versionType": "custom"
},
{
"lessThan": "22.4r3",
"status": "affected",
"version": "22.4",
"versionType": "custom"
},
{
"lessThan": "23.2r1-s2",
"status": "affected",
"version": "23.2",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:juniper:junos_os_evolved:22.3:-:*:*:*:*:*:*",
"cpe:2.3:o:juniper:junos_os_evolved:22.4:-:*:*:*:*:*:*",
"cpe:2.3:o:juniper:junos_os_evolved:23.2:-:*:*:*:*:*:*",
"cpe:2.3:o:juniper:junos_os_evolved:20.4:r1:*:*:*:*:*:*",
"cpe:2.3:o:juniper:junos_os_evolved:21.2:-:*:*:*:*:*:*",
"cpe:2.3:o:juniper:junos_os_evolved:21.3:-:*:*:*:*:*:*",
"cpe:2.3:o:juniper:junos_os_evolved:21.4:-:*:*:*:*:*:*",
"cpe:2.3:o:juniper:junos_os_evolved:22.1:-:*:*:*:*:*:*",
"cpe:2.3:o:juniper:junos_os_evolved:22.2:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "junos_os_evolved",
"vendor": "juniper",
"versions": [
{
"lessThan": "20.4r3-s9",
"status": "affected",
"version": "20.4",
"versionType": "custom"
},
{
"lessThan": "21.2r3-s7",
"status": "affected",
"version": "21.2",
"versionType": "custom"
},
{
"lessThan": "21.3r3-s5",
"status": "affected",
"version": "21.3",
"versionType": "custom"
},
{
"lessThan": "21.4r3-s4",
"status": "affected",
"version": "21.4",
"versionType": "custom"
},
{
"lessThan": "22.1r3-s4",
"status": "affected",
"version": "22.1",
"versionType": "custom"
},
{
"lessThan": "22.2r3-s3",
"status": "affected",
"version": "22.2",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21598",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-12T18:02:57.570562Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T14:32:30.418Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:36.007Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://supportportal.juniper.net/JSA75739"
},
{
"tags": [
"technical-description",
"x_transferred"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S9",
"status": "affected",
"version": "20.4",
"versionType": "semver"
},
{
"lessThan": "21.2R3-S7",
"status": "affected",
"version": "21.2",
"versionType": "semver"
},
{
"lessThan": "21.3R3-S5",
"status": "affected",
"version": "21.3",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S5",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S4",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S3",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S1",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R1-S2, 23.2R2",
"status": "affected",
"version": "23.2",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S9-EVO",
"status": "affected",
"version": "20.4-EVO",
"versionType": "semver"
},
{
"lessThan": "21.2R3-S7-EVO",
"status": "affected",
"version": "21.2-EVO",
"versionType": "semver"
},
{
"lessThan": "21.3R3-S5-EVO",
"status": "affected",
"version": "21.3-EVO",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S5-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S4-EVO",
"status": "affected",
"version": "22.1-EVO",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S3-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S1-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R3-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
},
{
"lessThan": "23.2R1-S2-EVO, 23.2R2-EVO",
"status": "affected",
"version": "23.2-EVO",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTo be exposed to this vulnerability BGP needs to be configured as in the following example, but no further options need to be enabled:\u003c/p\u003e\u003cp\u003e\u0026nbsp; [ protocols bgp group \u0026lt;group\u0026gt; neighbor ... ]\u003c/p\u003e"
}
],
"value": "To be exposed to this vulnerability BGP needs to be configured as in the following example, but no further options need to be enabled:\n\n\u00a0 [ protocols bgp group \u003cgroup\u003e neighbor ... ]"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Juniper SIRT would like to acknowledge and thank Matteo Memelli from Amazon for responsibly reporting this vulnerability."
}
],
"datePublic": "2024-04-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Validation of Syntactic Correctness of Input vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003eIf a BGP update is received over an established BGP session which contains a tunnel encapsulation attribute with a specifically malformed TLV, rpd will crash and restart.\u003cbr\u003e\u003cbr\u003eThis issue affects Juniper Networks\u003cbr\u003eJunos OS:\u003cbr\u003e\u003cul\u003e\u003cli\u003e20.4 versions 20.4R1 and later versions earlier than 20.4R3-S9;\u003c/li\u003e\u003cli\u003e21.2 versions earlier than 21.2R3-S7;\u003c/li\u003e\u003cli\u003e21.3 versions earlier than 21.3R3-S5;\u003c/li\u003e\u003cli\u003e21.4 versions earlier than 21.4R3-S5;\u003c/li\u003e\u003cli\u003e22.1 versions earlier than 22.1R3-S4;\u003c/li\u003e\u003cli\u003e22.2 versions earlier than 22.2R3-S3;\u003c/li\u003e\u003cli\u003e22.3 versions earlier than 22.3R3-S1;\u003c/li\u003e\u003cli\u003e22.4 versions earlier than 22.4R3;\u003c/li\u003e\u003cli\u003e23.2 versions earlier than 23.2R1-S2, 23.2R2;\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003eJunos OS Evolved:\u003cbr\u003e\u003cul\u003e\u003cli\u003e20.4-EVO versions 20.4R1-EVO and later versions earlier than 20.4R3-S9-EVO;\u003c/li\u003e\u003cli\u003e21.2-EVO versions earlier than 21.2R3-S7-EVO;\u003c/li\u003e\u003cli\u003e21.3-EVO versions earlier than 21.3R3-S5-EVO;\u003c/li\u003e\u003cli\u003e21.4-EVO versions earlier than 21.4R3-S5-EVO;\u003c/li\u003e\u003cli\u003e22.1-EVO versions earlier than 22.1R3-S4-EVO;\u003c/li\u003e\u003cli\u003e22.2-EVO versions earlier than 22.2R3-S3-EVO;\u003c/li\u003e\u003cli\u003e22.3-EVO versions earlier than 22.3R3-S1-EVO;\u003c/li\u003e\u003cli\u003e22.4-EVO versions earlier than 22.4R3-EVO;\u003c/li\u003e\u003cli\u003e23.2-EVO versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO;\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003eThis issue does not affect Juniper Networks\u003cbr\u003e\u003cul\u003e\u003cli\u003eJunos OS versions earlier than 20.4R1;\u003c/li\u003e\u003cli\u003eJunos OS Evolved versions earlier than 20.4R1-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003eThis is a related but separate issue than the one described in JSA79095.\u003cbr\u003e"
}
],
"value": "An Improper Validation of Syntactic Correctness of Input vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).\n\nIf a BGP update is received over an established BGP session which contains a tunnel encapsulation attribute with a specifically malformed TLV, rpd will crash and restart.\n\nThis issue affects Juniper Networks\nJunos OS:\n * 20.4 versions 20.4R1 and later versions earlier than 20.4R3-S9;\n * 21.2 versions earlier than 21.2R3-S7;\n * 21.3 versions earlier than 21.3R3-S5;\n * 21.4 versions earlier than 21.4R3-S5;\n * 22.1 versions earlier than 22.1R3-S4;\n * 22.2 versions earlier than 22.2R3-S3;\n * 22.3 versions earlier than 22.3R3-S1;\n * 22.4 versions earlier than 22.4R3;\n * 23.2 versions earlier than 23.2R1-S2, 23.2R2;\n\n\n\nJunos OS Evolved:\n * 20.4-EVO versions 20.4R1-EVO and later versions earlier than 20.4R3-S9-EVO;\n * 21.2-EVO versions earlier than 21.2R3-S7-EVO;\n * 21.3-EVO versions earlier than 21.3R3-S5-EVO;\n * 21.4-EVO versions earlier than 21.4R3-S5-EVO;\n * 22.1-EVO versions earlier than 22.1R3-S4-EVO;\n * 22.2-EVO versions earlier than 22.2R3-S3-EVO;\n * 22.3-EVO versions earlier than 22.3R3-S1-EVO;\n * 22.4-EVO versions earlier than 22.4R3-EVO;\n * 23.2-EVO versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO;\n\n\n\nThis issue does not affect Juniper Networks\n * Junos OS versions earlier than 20.4R1;\n * Junos OS Evolved versions earlier than 20.4R1-EVO.\n\n\n\nThis is a related but separate issue than the one described in JSA79095."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e"
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1286",
"description": "CWE-1286 Improper Validation of Syntactic Correctness of Input",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T19:53:00.228Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "http://supportportal.juniper.net/JSA75739"
},
{
"tags": [
"technical-description"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue: \u003c/p\u003e\u003cp\u003eJunos OS: 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S3, 22.3R3-S1, 22.4R3, 23.2R1-S2, 23.2R2, 23.4R1, and all subsequent releases;\u003c/p\u003e\u003cp\u003eJunos OS Evolved: 20.4R3-S9-EVO, 21.2R3-S7-EVO, 21.3R3-S5-EVO, 21.4R3-S5-EVO, 22.1R3-S4-EVO, 22.2R3-S3-EVO, 22.3R3-S1-EVO, 22.4R3-EVO, 23.2R1-S2-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases.\u003c/p\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS: 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S3, 22.3R3-S1, 22.4R3, 23.2R1-S2, 23.2R2, 23.4R1, and all subsequent releases;\n\nJunos OS Evolved: 20.4R3-S9-EVO, 21.2R3-S7-EVO, 21.3R3-S5-EVO, 21.4R3-S5-EVO, 22.1R3-S4-EVO, 22.2R3-S3-EVO, 22.3R3-S1-EVO, 22.4R3-EVO, 23.2R1-S2-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA75739",
"defect": [
"1760356"
],
"discovery": "USER"
},
"timeline": [
{
"lang": "en",
"time": "2024-04-10T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Junos OS and Junos OS Evolved: A malformed BGP tunnel encapsulation attribute will lead to an rpd crash",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are no known workarounds for this issue.\u003c/p\u003e"
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-av217"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-21598",
"datePublished": "2024-04-12T14:54:23.761Z",
"dateReserved": "2023-12-27T19:38:25.705Z",
"dateUpdated": "2024-08-01T22:27:36.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-30394 (GCVE-0-2024-30394)
Vulnerability from cvelistv5
Published
2024-04-12 15:07
Modified
2024-08-02 01:32
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
VLAI Severity ?
EPSS score ?
Summary
A Stack-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) component of Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an rpd crash, leading to Denial of Service (DoS).
On all Junos OS and Junos OS Evolved platforms, when EVPN is configured, and a specific EVPN type-5 route is received via BGP, rpd crashes and restarts. Continuous receipt of this specific route will lead to a sustained Denial of Service (DoS) condition.
This issue affects:
Junos OS:
* all versions before 21.2R3-S7,
* from 21.4 before 21.4R3-S5,
* from 22.1 before 22.1R3-S4,
* from 22.2 before 22.2R3-S2,
* from 22.3 before 22.3R3-S1,
* from 22.4 before 22.4R3,
* from 23.2 before 23.2R2.
Junos OS Evolved:
* all versions before 21.4R3-S5-EVO,
* from 22.1-EVO before 22.1R3-S4-EVO,
* from 22.2-EVO before 22.2R3-S2-EVO,
* from 22.3-EVO before 22.3R3-S1-EVO,
* from 22.4-EVO before 22.4R3-EVO,
* from 23.2-EVO before 23.2R2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportportal.juniper.net/JSA79094 | vendor-advisory | |
| https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L | technical-description |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: 0 ≤ Version: 21.4 ≤ Version: 22.1 ≤ Version: 22.2 ≤ Version: 22.3 ≤ Version: 22.4 ≤ Version: 23.2 ≤ |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:juniper:junos_os:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "junos_os",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.2R3-S7",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S5",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S4",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S2",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S1",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2",
"status": "affected",
"version": "23.2",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "junos_os_evolved",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.4R3-S5-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S4-EVO",
"status": "affected",
"version": "22.1-EVO",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S2-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S1-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R3-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
},
{
"lessThan": "23.2R2-EVO",
"status": "affected",
"version": "23.2-EVO",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-30394",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-31T16:27:38.038593Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T16:36:35.111Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:32:07.269Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA79094"
},
{
"tags": [
"technical-description",
"x_transferred"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S7",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S5",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S4",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S2",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S1",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2",
"status": "affected",
"version": "23.2",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.4R3-S5-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S4-EVO",
"status": "affected",
"version": "22.1-EVO",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S2-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S1-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R3-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
},
{
"lessThan": "23.2R2-EVO",
"status": "affected",
"version": "23.2-EVO",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "For this issue to occur, EVPN needs to be enabled.\u003ctt\u003e\u003cbr\u003e\u0026nbsp; [protocols evpn]\u003c/tt\u003e"
}
],
"value": "For this issue to occur, EVPN needs to be enabled.\n\u00a0 [protocols evpn]"
}
],
"datePublic": "2024-04-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A\u0026nbsp;Stack-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) component of Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an rpd crash, leading to Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003eOn all Junos OS and Junos OS Evolved platforms, when EVPN is configured, and a specific EVPN type-5 route is received via BGP, rpd crashes and restarts. Continuous receipt of this specific route will lead to a sustained Denial of Service (DoS) condition.\u003cbr\u003e\u003cbr\u003eThis issue affects:\u003cbr\u003e\u003cp\u003eJunos OS:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 21.2R3-S7,\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 21.4 before 21.4R3-S5,\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 22.1 before 22.1R3-S4,\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S2,\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 22.3 before 22.3R3-S1,\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3,\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2.\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eJunos OS Evolved:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 21.4R3-S5-EVO,\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 22.1-EVO before 22.1R3-S4-EVO,\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 22.2-EVO before 22.2R3-S2-EVO,\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 22.3-EVO before 22.3R3-S1-EVO,\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 22.4-EVO before 22.4R3-EVO,\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 23.2-EVO before 23.2R2-EVO.\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "A\u00a0Stack-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) component of Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an rpd crash, leading to Denial of Service (DoS).\n\nOn all Junos OS and Junos OS Evolved platforms, when EVPN is configured, and a specific EVPN type-5 route is received via BGP, rpd crashes and restarts. Continuous receipt of this specific route will lead to a sustained Denial of Service (DoS) condition.\n\nThis issue affects:\nJunos OS:\n\n\n\n * all versions before 21.2R3-S7,\n\n * from 21.4 before 21.4R3-S5,\n\n * from 22.1 before 22.1R3-S4,\n\n * from 22.2 before 22.2R3-S2,\n\n * from 22.3 before 22.3R3-S1,\n\n * from 22.4 before 22.4R3,\n\n * from 23.2 before 23.2R2.\n\n\n\n\n\nJunos OS Evolved:\n\n\n\n * all versions before 21.4R3-S5-EVO,\n\n * from 22.1-EVO before 22.1R3-S4-EVO,\n\n * from 22.2-EVO before 22.2R3-S2-EVO,\n\n * from 22.3-EVO before 22.3R3-S1-EVO,\n\n * from 22.4-EVO before 22.4R3-EVO,\n\n * from 23.2-EVO before 23.2R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e"
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:28:35.032Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA79094"
},
{
"tags": [
"technical-description"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue:\u003c/p\u003e\u003cp\u003eJunos OS:\u0026nbsp;21.2R3-S7, 21.4R3-S5, 22.1R3-S4, 22.2R3-S2, 22.3R3-S1, 22.4R3, 23.2R2, 23.4R1, and all subsequent releases.\u003c/p\u003e\u003cp\u003eJunos OS Evolved: 21.4R3-S5-EVO, 22.1R3-S4-EVO, 22.2R3-S2-EVO, 22.3R3-S1-EVO, 22.4R3-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases.\u003c/p\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS:\u00a021.2R3-S7, 21.4R3-S5, 22.1R3-S4, 22.2R3-S2, 22.3R3-S1, 22.4R3, 23.2R2, 23.4R1, and all subsequent releases.\n\nJunos OS Evolved: 21.4R3-S5-EVO, 22.1R3-S4-EVO, 22.2R3-S2-EVO, 22.3R3-S1-EVO, 22.4R3-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA79094",
"defect": [
"1740634"
],
"discovery": "USER"
},
"timeline": [
{
"lang": "en",
"time": "2024-04-10T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Junos OS and Junos OS Evolved: A specific EVPN type-5 route causes rpd crash",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are no available workarounds for this issue.\u003c/p\u003e"
}
],
"value": "There are no available workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-av217"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-30394",
"datePublished": "2024-04-12T15:07:36.080Z",
"dateReserved": "2024-03-26T23:06:17.994Z",
"dateUpdated": "2024-08-02T01:32:07.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-0286 (GCVE-0-2021-0286)
Vulnerability from cvelistv5
Published
2021-07-15 20:01
Modified
2024-09-16 17:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability in the handling of exceptional conditions in Juniper Networks Junos OS Evolved (EVO) allows an attacker to send specially crafted packets to the device, causing the Advanced Forwarding Toolkit manager (evo-aftmand-bt or evo-aftmand-zx) process to crash and restart, impacting all traffic going through the FPC, resulting in a Denial of Service (DoS). Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. Following messages will be logged prior to the crash: Feb 2 10:14:39 fpc0 evo-aftmand-bt[16263]: [Error] Nexthop: Failed to get fwd nexthop for nexthop:32710470974358 label:1089551617 for session:18 probe:35 Feb 2 10:14:39 fpc0 evo-aftmand-bt[16263]: [Error] Nexthop: Failed to get fwd nexthop for nexthop:19241453497049 label:1089551617 for session:18 probe:37 Feb 2 10:14:39 fpc0 evo-aftmand-bt[16263]: [Error] Nexthop: Failed to get fwd nexthop for nexthop:19241453497049 label:1089551617 for session:18 probe:44 Feb 2 10:14:39 fpc0 evo-aftmand-bt[16263]: [Error] Nexthop: Failed to get fwd nexthop for nexthop:32710470974358 label:1089551617 for session:18 probe:47 Feb 2 10:14:39 fpc0 audit[16263]: ANOM_ABEND auid=4294967295 uid=0 gid=0 ses=4294967295 pid=16263 comm="EvoAftManBt-mai" exe="/usr/sbin/evo-aftmand-bt" sig=11 Feb 2 10:14:39 fpc0 kernel: audit: type=1701 audit(1612260879.272:17): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=16263 comm="EvoAftManBt-mai" exe="/usr/sbin/evo-aftmand-bt" sig=1 This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-EVO; 21.1 versions prior to 21.1R2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA11188 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Version: unspecified < 20.4R2-EVO Version: 21.1 < 21.1R2-EVO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:10.574Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11188"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R2-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "21.1R2-EVO",
"status": "affected",
"version": "21.1",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-07-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the handling of exceptional conditions in Juniper Networks Junos OS Evolved (EVO) allows an attacker to send specially crafted packets to the device, causing the Advanced Forwarding Toolkit manager (evo-aftmand-bt or evo-aftmand-zx) process to crash and restart, impacting all traffic going through the FPC, resulting in a Denial of Service (DoS). Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. Following messages will be logged prior to the crash: Feb 2 10:14:39 fpc0 evo-aftmand-bt[16263]: [Error] Nexthop: Failed to get fwd nexthop for nexthop:32710470974358 label:1089551617 for session:18 probe:35 Feb 2 10:14:39 fpc0 evo-aftmand-bt[16263]: [Error] Nexthop: Failed to get fwd nexthop for nexthop:19241453497049 label:1089551617 for session:18 probe:37 Feb 2 10:14:39 fpc0 evo-aftmand-bt[16263]: [Error] Nexthop: Failed to get fwd nexthop for nexthop:19241453497049 label:1089551617 for session:18 probe:44 Feb 2 10:14:39 fpc0 evo-aftmand-bt[16263]: [Error] Nexthop: Failed to get fwd nexthop for nexthop:32710470974358 label:1089551617 for session:18 probe:47 Feb 2 10:14:39 fpc0 audit[16263]: ANOM_ABEND auid=4294967295 uid=0 gid=0 ses=4294967295 pid=16263 comm=\"EvoAftManBt-mai\" exe=\"/usr/sbin/evo-aftmand-bt\" sig=11 Feb 2 10:14:39 fpc0 kernel: audit: type=1701 audit(1612260879.272:17): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=16263 comm=\"EvoAftManBt-mai\" exe=\"/usr/sbin/evo-aftmand-bt\" sig=1 This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-EVO; 21.1 versions prior to 21.1R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703 Improper Check or Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-15T20:00:59",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11188"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved 20.4R2-EVO, 21.1R2-EVO, 21.2R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11188",
"defect": [
"1572969"
],
"discovery": "USER"
},
"title": "Junos OS Evolved: Specially crafted packets may cause the AFT manager process to crash and restart",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-07-14T16:00:00.000Z",
"ID": "CVE-2021-0286",
"STATE": "PUBLIC",
"TITLE": "Junos OS Evolved: Specially crafted packets may cause the AFT manager process to crash and restart"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "20.4R2-EVO"
},
{
"version_affected": "\u003c",
"version_name": "21.1",
"version_value": "21.1R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the handling of exceptional conditions in Juniper Networks Junos OS Evolved (EVO) allows an attacker to send specially crafted packets to the device, causing the Advanced Forwarding Toolkit manager (evo-aftmand-bt or evo-aftmand-zx) process to crash and restart, impacting all traffic going through the FPC, resulting in a Denial of Service (DoS). Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. Following messages will be logged prior to the crash: Feb 2 10:14:39 fpc0 evo-aftmand-bt[16263]: [Error] Nexthop: Failed to get fwd nexthop for nexthop:32710470974358 label:1089551617 for session:18 probe:35 Feb 2 10:14:39 fpc0 evo-aftmand-bt[16263]: [Error] Nexthop: Failed to get fwd nexthop for nexthop:19241453497049 label:1089551617 for session:18 probe:37 Feb 2 10:14:39 fpc0 evo-aftmand-bt[16263]: [Error] Nexthop: Failed to get fwd nexthop for nexthop:19241453497049 label:1089551617 for session:18 probe:44 Feb 2 10:14:39 fpc0 evo-aftmand-bt[16263]: [Error] Nexthop: Failed to get fwd nexthop for nexthop:32710470974358 label:1089551617 for session:18 probe:47 Feb 2 10:14:39 fpc0 audit[16263]: ANOM_ABEND auid=4294967295 uid=0 gid=0 ses=4294967295 pid=16263 comm=\"EvoAftManBt-mai\" exe=\"/usr/sbin/evo-aftmand-bt\" sig=11 Feb 2 10:14:39 fpc0 kernel: audit: type=1701 audit(1612260879.272:17): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=16263 comm=\"EvoAftManBt-mai\" exe=\"/usr/sbin/evo-aftmand-bt\" sig=1 This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-EVO; 21.1 versions prior to 21.1R2-EVO."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-703 Improper Check or Handling of Exceptional Conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11188",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11188"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved 20.4R2-EVO, 21.1R2-EVO, 21.2R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11188",
"defect": [
"1572969"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0286",
"datePublished": "2021-07-15T20:01:00.067332Z",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-09-16T17:57:56.012Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22250 (GCVE-0-2022-22250)
Vulnerability from cvelistv5
Published
2022-10-18 02:46
Modified
2025-05-09 14:52
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An Improper Control of a Resource Through its Lifetime vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows unauthenticated adjacent attacker to cause a Denial of Service (DoS). In an EVPN-MPLS scenario, if MAC is learned locally on an access interface but later a request to delete is received indicating that the MAC was learnt remotely, this can lead to memory corruption which can result in line card crash and reload. This issue affects: Juniper Networks Junos OS All versions 17.3R1 and later versions prior to 19.2R3-S5; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R2-S6, 19.4R3-S8; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S4; 20.3 versions prior to 20.3R3-S3; 20.4 versions prior to 20.4R3-S3; 21.1 versions prior to 21.1R3-S1; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R2; 21.4 versions prior to 21.4R1-S1, 21.4R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S3-EVO; 21.1-EVO version 21.1R1-EVO and later versions; 21.2-EVO versions prior to 21.2R3-EVO; 21.3-EVO versions prior to 21.3R2-EVO; 21.4-EVO versions prior to 21.4R1-S1-EVO, 21.4R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 17.3R1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA69907 |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: 17.3R1 < unspecified Patch: unspecified Version: 19.2 < 19.2R3-S5 Version: 19.3 < 19.3R3-S5 Version: 19.4 < 19.4R2-S6, 19.4R3-S8 Version: 20.1R1 < 20.1* Version: 20.2 < 20.2R3-S4 Version: 20.3 < 20.3R3-S3 Version: 20.4 < 20.4R3-S3 Version: 21.1 < 21.1R3-S1 Version: 21.2 < 21.2R3 Version: 21.3 < 21.3R2 Version: 21.4 < 21.4R1-S1, 21.4R2 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:07:50.147Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.juniper.net/JSA69907"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-22250",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-09T14:52:08.612153Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-09T14:52:23.679Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "17.3R1",
"versionType": "custom"
},
{
"lessThan": "17.3R1",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "19.2R3-S5",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R3-S5",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R2-S6, 19.4R3-S8",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1*",
"status": "affected",
"version": "20.1R1",
"versionType": "custom"
},
{
"lessThan": "20.2R3-S4",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R3-S3",
"status": "affected",
"version": "20.3",
"versionType": "custom"
},
{
"lessThan": "20.4R3-S3",
"status": "affected",
"version": "20.4",
"versionType": "custom"
},
{
"lessThan": "21.1R3-S1",
"status": "affected",
"version": "21.1",
"versionType": "custom"
},
{
"lessThan": "21.2R3",
"status": "affected",
"version": "21.2",
"versionType": "custom"
},
{
"lessThan": "21.3R2",
"status": "affected",
"version": "21.3",
"versionType": "custom"
},
{
"lessThan": "21.4R1-S1, 21.4R2",
"status": "affected",
"version": "21.4",
"versionType": "custom"
}
]
},
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S3-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "21.1-EVO*",
"status": "affected",
"version": "21.1R1-EVO",
"versionType": "custom"
},
{
"lessThan": "21.2R3-EVO",
"status": "affected",
"version": "21.2-EVO",
"versionType": "custom"
},
{
"lessThan": "21.3R2-EVO",
"status": "affected",
"version": "21.3-EVO",
"versionType": "custom"
},
{
"lessThan": "21.4R1-S1-EVO, 21.4R2-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "To be exposed to this vulnerability a device would need to be configured with EVPN MPLS as follows:\n\n [protocols bgp group \u003cgroup-name\u003e family evpn]"
}
],
"datePublic": "2022-10-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Improper Control of a Resource Through its Lifetime vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows unauthenticated adjacent attacker to cause a Denial of Service (DoS). In an EVPN-MPLS scenario, if MAC is learned locally on an access interface but later a request to delete is received indicating that the MAC was learnt remotely, this can lead to memory corruption which can result in line card crash and reload. This issue affects: Juniper Networks Junos OS All versions 17.3R1 and later versions prior to 19.2R3-S5; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R2-S6, 19.4R3-S8; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S4; 20.3 versions prior to 20.3R3-S3; 20.4 versions prior to 20.4R3-S3; 21.1 versions prior to 21.1R3-S1; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R2; 21.4 versions prior to 21.4R1-S1, 21.4R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S3-EVO; 21.1-EVO version 21.1R1-EVO and later versions; 21.2-EVO versions prior to 21.2R3-EVO; 21.3-EVO versions prior to 21.3R2-EVO; 21.4-EVO versions prior to 21.4R1-S1-EVO, 21.4R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 17.3R1."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-664",
"description": "CWE-664 Improper Control of a Resource Through its Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-18T00:00:00.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"url": "https://kb.juniper.net/JSA69907"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue:\nJunos OS: 19.2R3-S5, 19.3R3-S5, 19.4R2-S6, 19.4R3-S8, 20.2R3-S4, 20.3R3-S3, 20.4R3-S3, 21.1R3-S1, 21.2R3, 21.3R2, 21.4R1-S1, 21.4R2, 22.1R1, and all subsequent releases;\nJunos OS Evolved: 20.4R3-S3-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-S1-EVO, 21.4R2-EVO, 22.1R1-EVO, and all subsequent releases"
}
],
"source": {
"advisory": "JSA69907",
"defect": [
"1627617"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: An FPC crash might be seen due to an EVPN MAC entry moving from local to remote",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2022-22250",
"datePublished": "2022-10-18T02:46:53.120Z",
"dateReserved": "2021-12-21T00:00:00.000Z",
"dateUpdated": "2025-05-09T14:52:23.679Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-36840 (GCVE-0-2023-36840)
Vulnerability from cvelistv5
Published
2023-07-14 17:43
Modified
2024-10-22 14:19
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A Reachable Assertion vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a locally-based, low-privileged attacker to cause a Denial of Service (DoS).
On all Junos OS and Junos OS Evolved, when a specific L2VPN command is run, RPD will crash and restart. Continued execution of this specific command will create a sustained Denial of Service (DoS) condition.
This issue affects:
Juniper Networks Junos OS
All versions prior to 19.3R3-S10;
20.1 versions prior to 20.1R3-S4;
20.2 versions prior to 20.2R3-S6;
20.3 versions prior to 20.3R3-S6;
20.4 versions prior to 20.4R3-S5;
21.1 versions prior to 21.1R3-S4;
21.2 versions prior to 21.2R3-S3;
21.3 versions prior to 21.3R3-S2;
21.4 versions prior to 21.4R3;
22.1 versions prior to 22.1R3;
22.2 versions prior to 22.2R2;
22.3 versions prior to 22.3R2;
Juniper Networks Junos OS Evolved
All versions prior to 20.4R3-S7-EVO;
21.1 versions prior to 21.1R3-S3-EVO;
21.2 versions prior to 21.2R3-S5-EVO;
21.3 versions prior to 21.3R3-S4-EVO;
21.4 versions prior to 21.4R3-EVO;
22.1 versions prior to 22.1R3-EVO;
22.2 versions prior to 22.2R2-EVO;
22.3 versions prior to 22.3R2-EVO;
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: unspecified < 19.3R3-S10 Version: 20.1 < 20.1R3-S4 Version: 20.2 < 20.2R3-S6 Version: 20.3 < 20.3R3-S6 Version: 20.4 < 20.4R3-S5 Version: 21.1 < 21.1R3-S4 Version: 21.2 < 21.2R3-S3 Version: 21.3 < 21.3R3-S2 Version: 21.4 < 21.4R3 Version: 22.1 < 22.1R3 Version: 22.2 < 22.2R2 Version: 22.3 < 22.3R2 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:01:09.669Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA71647"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36840",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T14:19:11.080521Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T14:19:42.371Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "19.3R3-S10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "20.1R3-S4",
"status": "affected",
"version": "20.1",
"versionType": "custom"
},
{
"lessThan": "20.2R3-S6",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R3-S6",
"status": "affected",
"version": "20.3",
"versionType": "custom"
},
{
"lessThan": "20.4R3-S5",
"status": "affected",
"version": "20.4",
"versionType": "custom"
},
{
"lessThan": "21.1R3-S4",
"status": "affected",
"version": "21.1",
"versionType": "custom"
},
{
"lessThan": "21.2R3-S3",
"status": "affected",
"version": "21.2",
"versionType": "custom"
},
{
"lessThan": "21.3R3-S2",
"status": "affected",
"version": "21.3",
"versionType": "custom"
},
{
"lessThan": "21.4R3",
"status": "affected",
"version": "21.4",
"versionType": "custom"
},
{
"lessThan": "22.1R3",
"status": "affected",
"version": "22.1",
"versionType": "custom"
},
{
"lessThan": "22.2R2",
"status": "affected",
"version": "22.2",
"versionType": "custom"
},
{
"lessThan": "22.3R2",
"status": "affected",
"version": "22.3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S7-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "21.1R3-S3-EVO",
"status": "affected",
"version": "21.1",
"versionType": "custom"
},
{
"lessThan": "21.2R3-S5-EVO",
"status": "affected",
"version": "21.2",
"versionType": "custom"
},
{
"lessThan": "21.3R3-S4-EVO",
"status": "affected",
"version": "21.3",
"versionType": "custom"
},
{
"lessThan": "21.4R3-EVO",
"status": "affected",
"version": "21.4",
"versionType": "custom"
},
{
"lessThan": "22.1R3-EVO",
"status": "affected",
"version": "22.1",
"versionType": "custom"
},
{
"lessThan": "22.2R2-EVO",
"status": "affected",
"version": "22.2",
"versionType": "custom"
},
{
"lessThan": "22.3R2-EVO",
"status": "affected",
"version": "22.3",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-07-12T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Reachable Assertion vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a locally-based, low-privileged attacker to cause a Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003eOn all Junos OS and Junos OS Evolved, when a specific L2VPN command is run, RPD will crash and restart. Continued execution of this specific command will create a sustained Denial of Service (DoS) condition.\u003cbr\u003e\u003cbr\u003eThis issue affects:\u003cbr\u003eJuniper Networks Junos OS\u003cbr\u003eAll versions prior to 19.3R3-S10;\u003cbr\u003e20.1 versions prior to 20.1R3-S4;\u003cbr\u003e20.2 versions prior to 20.2R3-S6;\u003cbr\u003e20.3 versions prior to 20.3R3-S6;\u003cbr\u003e20.4 versions prior to 20.4R3-S5;\u003cbr\u003e21.1 versions prior to 21.1R3-S4;\u003cbr\u003e21.2 versions prior to 21.2R3-S3;\u003cbr\u003e21.3 versions prior to 21.3R3-S2;\u003cbr\u003e21.4 versions prior to 21.4R3;\u003cbr\u003e22.1 versions prior to 22.1R3;\u003cbr\u003e22.2 versions prior to 22.2R2;\u003cbr\u003e22.3 versions prior to 22.3R2;\u003cbr\u003e\u003cbr\u003eJuniper Networks Junos OS Evolved\u003cbr\u003eAll versions prior to 20.4R3-S7-EVO;\u003cbr\u003e21.1 versions prior to 21.1R3-S3-EVO;\u003cbr\u003e21.2 versions prior to 21.2R3-S5-EVO;\u003cbr\u003e21.3 versions prior to 21.3R3-S4-EVO;\u003cbr\u003e21.4 versions prior to 21.4R3-EVO;\u003cbr\u003e22.1 versions prior to 22.1R3-EVO;\u003cbr\u003e22.2 versions prior to 22.2R2-EVO;\u003cbr\u003e22.3 versions prior to 22.3R2-EVO;\u003cbr\u003e"
}
],
"value": "A Reachable Assertion vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a locally-based, low-privileged attacker to cause a Denial of Service (DoS).\n\nOn all Junos OS and Junos OS Evolved, when a specific L2VPN command is run, RPD will crash and restart. Continued execution of this specific command will create a sustained Denial of Service (DoS) condition.\n\nThis issue affects:\nJuniper Networks Junos OS\nAll versions prior to 19.3R3-S10;\n20.1 versions prior to 20.1R3-S4;\n20.2 versions prior to 20.2R3-S6;\n20.3 versions prior to 20.3R3-S6;\n20.4 versions prior to 20.4R3-S5;\n21.1 versions prior to 21.1R3-S4;\n21.2 versions prior to 21.2R3-S3;\n21.3 versions prior to 21.3R3-S2;\n21.4 versions prior to 21.4R3;\n22.1 versions prior to 22.1R3;\n22.2 versions prior to 22.2R2;\n22.3 versions prior to 22.3R2;\n\nJuniper Networks Junos OS Evolved\nAll versions prior to 20.4R3-S7-EVO;\n21.1 versions prior to 21.1R3-S3-EVO;\n21.2 versions prior to 21.2R3-S5-EVO;\n21.3 versions prior to 21.3R3-S4-EVO;\n21.4 versions prior to 21.4R3-EVO;\n22.1 versions prior to 22.1R3-EVO;\n22.2 versions prior to 22.2R2-EVO;\n22.3 versions prior to 22.3R2-EVO;\n"
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003cbr\u003e"
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "CWE-617 Reachable Assertion",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-14T17:43:15.282Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"url": "https://supportportal.juniper.net/JSA71647"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: \u003cbr\u003eJunos OS: 19.3R3-S7, 19.4R3-S10, 20.2R3-S6, 20.4R3-S5, 21.1R3-S4, 21.2R3-S3, 21.3R3-S2, 21.4R3, 22.1R3, 22.2R2, 22.3R2, 22.4R1, and all subsequent releases;\u003cbr\u003eJunos OS Evolved: 20.4R3-S7-EVO, 21.4R3-EVO, 22.1R3-EVO, 22.2R2-EVO, 22.3R2-EVO, 22.4R1-EVO, and all subsequent releases.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue: \nJunos OS: 19.3R3-S7, 19.4R3-S10, 20.2R3-S6, 20.4R3-S5, 21.1R3-S4, 21.2R3-S3, 21.3R3-S2, 21.4R3, 22.1R3, 22.2R2, 22.3R2, 22.4R1, and all subsequent releases;\nJunos OS Evolved: 20.4R3-S7-EVO, 21.4R3-EVO, 22.1R3-EVO, 22.2R2-EVO, 22.3R2-EVO, 22.4R1-EVO, and all subsequent releases.\n\n"
}
],
"source": {
"advisory": "JSA71647",
"defect": [
"1678401"
],
"discovery": "UNKNOWN"
},
"title": "Junos OS and Junos OS Evolved: An rpd crash occurs when a specific L2VPN command is run",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue can be avoided by using access lists or firewall filters to limit access to the device to only trusted hosts, networks and administrators.\u003cbr\u003e"
}
],
"value": "This issue can be avoided by using access lists or firewall filters to limit access to the device to only trusted hosts, networks and administrators.\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2023-36840",
"datePublished": "2023-07-14T17:43:15.282Z",
"dateReserved": "2023-06-27T16:17:25.276Z",
"dateUpdated": "2024-10-22T14:19:42.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39521 (GCVE-0-2024-39521)
Vulnerability from cvelistv5
Published
2024-07-11 15:57
Modified
2024-08-02 04:26
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.5 (High) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
8.5 (High) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
Summary
An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system.
The Junos OS Evolved CLI doesn't properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level.
This issue affects Junos OS Evolved:
* 21.1-EVO versions 21.1R1-EVO and later before 21.2R3-S8-EVO,
* 21.4-EVO versions before 21.4R3-S7-EVO,
* 22.1-EVO versions before 22.1R3-S6-EVO,
* 22.2-EVO versions before 22.2R3-EVO,
* 22.3-EVO versions before 22.3R2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportportal.juniper.net/JSA82975 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Version: 21.1-EVO ≤ Version: 21.4-EVO ≤ Version: 22.1-EVO ≤ Version: 22.2-EVO ≤ Version: 22.3-EVO ≤ |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:juniper:junos_os_evolved:21.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos_os_evolved",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.2r3-s8",
"status": "affected",
"version": "21.1",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:juniper:junos_os_evolved:21.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos_os_evolved",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.4r3-s7",
"status": "affected",
"version": "21.4",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:juniper:junos_os_evolved:22.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos_os_evolved",
"vendor": "juniper",
"versions": [
{
"lessThan": "22.1r3-s6",
"status": "affected",
"version": "22.1",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:juniper:junos_os_evolved:22.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos_os_evolved",
"vendor": "juniper",
"versions": [
{
"lessThan": "22.2r3",
"status": "affected",
"version": "22.2",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:juniper:junos_os_evolved:22.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos_os_evolved",
"vendor": "juniper",
"versions": [
{
"lessThan": "22.3r2",
"status": "affected",
"version": "22.3",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39521",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-13T03:55:23.197047Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-13T11:45:58.528Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.809Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA82975"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S8-EVO",
"status": "affected",
"version": "21.1-EVO",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S7-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S6-EVO",
"status": "affected",
"version": "22.1-EVO",
"versionType": "semver"
},
{
"lessThan": "22.2R3-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R2-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-07-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to \u0027root\u0027 leading to a full compromise of the system.\u003cbr\u003e\u003cbr\u003eThe Junos OS Evolved CLI doesn\u0027t properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level.\u003cbr\u003e\n\n\u003cp\u003eThis issue affects Junos OS Evolved:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e21.1-EVO versions 21.1R1-EVO and later before 21.2R3-S8-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003e21.4-EVO versions before 21.4R3-S7-EVO,\u003c/li\u003e\u003cli\u003e22.1-EVO versions before 22.1R3-S6-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003e22.2-EVO versions before 22.2R3-EVO,\u003c/li\u003e\u003cli\u003e22.3-EVO versions before 22.3R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to \u0027root\u0027 leading to a full compromise of the system.\n\nThe Junos OS Evolved CLI doesn\u0027t properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level.\n\n\nThis issue affects Junos OS Evolved:\u00a0\n\n\n\n * 21.1-EVO versions 21.1R1-EVO and later before 21.2R3-S8-EVO,\u00a0\n * 21.4-EVO versions before 21.4R3-S7-EVO,\n * 22.1-EVO versions before 22.1R3-S6-EVO,\u00a0\n * 22.2-EVO versions before 22.2R3-EVO,\n * 22.3-EVO versions before 22.3R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T15:57:44.418Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA82975"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: 21.2R3-S8-EVO, 21.4R3-S7-EVO, 22.1R3-S6-EVO, 22.2R3-EVO, 22.3R2-EVO, 22.4R1-EVO, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue: 21.2R3-S8-EVO, 21.4R3-S7-EVO, 22.1R3-S6-EVO, 22.2R3-EVO, 22.3R2-EVO, 22.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA82975",
"defect": [
"1696780"
],
"discovery": "INTERNAL"
},
"title": "Junos OS Evolved: CLI parameter processing issue allows privilege escalation",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-39521",
"datePublished": "2024-07-11T15:57:44.418Z",
"dateReserved": "2024-06-25T15:12:53.239Z",
"dateUpdated": "2024-08-02T04:26:15.809Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22197 (GCVE-0-2022-22197)
Vulnerability from cvelistv5
Published
2022-04-14 15:50
Modified
2024-09-16 17:24
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An Operation on a Resource after Expiration or Release vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker with an established BGP session to cause a Denial of Service (DoS). This issue occurs when proxy-generate route-target filtering is enabled, and certain proxy-route add and delete events are happening. This issue affects: Juniper Networks Junos OS All versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S13, 17.4R3-S4; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R1-S8, 18.4R2-S8, 18.4R3-S6; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S1; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2; 20.3 versions prior to 20.3R1-S2, 20.3R2. Juniper Networks Junos OS Evolved All versions prior to 20.1R3-EVO; 20.2 versions prior to 20.2R3-EVO; 20.3 versions prior to 20.3R2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA69511 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: unspecified < 17.3R3-S11 Version: 17.4 < 17.4R2-S13, 17.4R3-S4 Version: 18.3 < 18.3R3-S4 Version: 18.4 < 18.4R1-S8, 18.4R2-S8, 18.4R3-S6 Version: 19.1 < 19.1R3-S4 Version: 19.2 < 19.2R1-S6, 19.2R3-S2 Version: 19.3 < 19.3R2-S6, 19.3R3-S1 Version: 19.4 < 19.4R1-S4, 19.4R2-S4, 19.4R3 Version: 20.1 < 20.1R2 Version: 20.2 < 20.2R2 Version: 20.3 < 20.3R1-S2, 20.3R2 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:07:49.722Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA69511"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "17.3R3-S11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "17.4R2-S13, 17.4R3-S4",
"status": "affected",
"version": "17.4",
"versionType": "custom"
},
{
"lessThan": "18.3R3-S4",
"status": "affected",
"version": "18.3",
"versionType": "custom"
},
{
"lessThan": "18.4R1-S8, 18.4R2-S8, 18.4R3-S6",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R3-S4",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R1-S6, 19.2R3-S2",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R2-S6, 19.3R3-S1",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R1-S4, 19.4R2-S4, 19.4R3",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R2",
"status": "affected",
"version": "20.1",
"versionType": "custom"
},
{
"lessThan": "20.2R2",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R1-S2, 20.3R2",
"status": "affected",
"version": "20.3",
"versionType": "custom"
}
]
},
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.1R3-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "20.2R3-EVO",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R2-EVO",
"status": "affected",
"version": "20.3",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "Only configurations configured with proxy-generate route-target filtering are affected:\n\n [ protocols bgp ... family route-target proxy-generate ]"
}
],
"datePublic": "2022-04-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Operation on a Resource after Expiration or Release vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker with an established BGP session to cause a Denial of Service (DoS). This issue occurs when proxy-generate route-target filtering is enabled, and certain proxy-route add and delete events are happening. This issue affects: Juniper Networks Junos OS All versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S13, 17.4R3-S4; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R1-S8, 18.4R2-S8, 18.4R3-S6; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S1; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2; 20.3 versions prior to 20.3R1-S2, 20.3R2. Juniper Networks Junos OS Evolved All versions prior to 20.1R3-EVO; 20.2 versions prior to 20.2R3-EVO; 20.3 versions prior to 20.3R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-672",
"description": "CWE-672 Operation on a Resource after Expiration or Release",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-14T15:50:59",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA69511"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: \nJunos OS: 17.3R3-S11, 17.4R2-S13, 17.4R3-S4, 18.3R3-S4, 18.4R1-S8, 18.4R2-S8, 18.4R3-S6, 19.1R3-S4, 19.2R1-S6, 19.2R3-S2, 19.3R2-S6, 19.3R3-S1, 19.4R1-S4, 19.4R2-S4, 19.4R3, 20.1R2, 20.2R2, 20.3R1-S2, 20.3R2, 20.4R1, and all subsequent releases;\nJunos OS Evolved: 20.1R3-EVO, 20.2R3-EVO, 20.3R2-EVO, 20.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA69511",
"defect": [
"1525588"
],
"discovery": "INTERNAL"
},
"title": "Junos OS and Junos OS Evolved: An rpd core will be observed with proxy BGP route-target filtering enabled and certain route add and delete event happening",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2022-04-13T16:00:00.000Z",
"ID": "CVE-2022-22197",
"STATE": "PUBLIC",
"TITLE": "Junos OS and Junos OS Evolved: An rpd core will be observed with proxy BGP route-target filtering enabled and certain route add and delete event happening"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "17.3R3-S11"
},
{
"version_affected": "\u003c",
"version_name": "17.4",
"version_value": "17.4R2-S13, 17.4R3-S4"
},
{
"version_affected": "\u003c",
"version_name": "18.3",
"version_value": "18.3R3-S4"
},
{
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R1-S8, 18.4R2-S8, 18.4R3-S6"
},
{
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R3-S4"
},
{
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R1-S6, 19.2R3-S2"
},
{
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R2-S6, 19.3R3-S1"
},
{
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R1-S4, 19.4R2-S4, 19.4R3"
},
{
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R2"
},
{
"version_affected": "\u003c",
"version_name": "20.2",
"version_value": "20.2R2"
},
{
"version_affected": "\u003c",
"version_name": "20.3",
"version_value": "20.3R1-S2, 20.3R2"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "20.1R3-EVO"
},
{
"version_affected": "\u003c",
"version_name": "20.2",
"version_value": "20.2R3-EVO"
},
{
"version_affected": "\u003c",
"version_name": "20.3",
"version_value": "20.3R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "Only configurations configured with proxy-generate route-target filtering are affected:\n\n [ protocols bgp ... family route-target proxy-generate ]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Operation on a Resource after Expiration or Release vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker with an established BGP session to cause a Denial of Service (DoS). This issue occurs when proxy-generate route-target filtering is enabled, and certain proxy-route add and delete events are happening. This issue affects: Juniper Networks Junos OS All versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S13, 17.4R3-S4; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R1-S8, 18.4R2-S8, 18.4R3-S6; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S1; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2; 20.3 versions prior to 20.3R1-S2, 20.3R2. Juniper Networks Junos OS Evolved All versions prior to 20.1R3-EVO; 20.2 versions prior to 20.2R3-EVO; 20.3 versions prior to 20.3R2-EVO."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-672 Operation on a Resource after Expiration or Release"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA69511",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA69511"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: \nJunos OS: 17.3R3-S11, 17.4R2-S13, 17.4R3-S4, 18.3R3-S4, 18.4R1-S8, 18.4R2-S8, 18.4R3-S6, 19.1R3-S4, 19.2R1-S6, 19.2R3-S2, 19.3R2-S6, 19.3R3-S1, 19.4R1-S4, 19.4R2-S4, 19.4R3, 20.1R2, 20.2R2, 20.3R1-S2, 20.3R2, 20.4R1, and all subsequent releases;\nJunos OS Evolved: 20.1R3-EVO, 20.2R3-EVO, 20.3R2-EVO, 20.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA69511",
"defect": [
"1525588"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2022-22197",
"datePublished": "2022-04-14T15:50:59.662920Z",
"dateReserved": "2021-12-21T00:00:00",
"dateUpdated": "2024-09-16T17:24:13.425Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1678 (GCVE-0-2020-1678)
Vulnerability from cvelistv5
Published
2020-10-16 20:31
Modified
2024-09-16 20:02
Severity ?
VLAI Severity ?
EPSS score ?
Summary
On Juniper Networks Junos OS and Junos OS Evolved platforms with EVPN configured, receipt of specific BGP packets causes a slow memory leak. If the memory is exhausted the rpd process might crash. If the issue occurs, the memory leak could be seen by executing the "show task memory detail | match policy | match evpn" command multiple times to check if memory (Alloc Blocks value) is increasing. root@device> show task memory detail | match policy | match evpn ------------------------ Allocator Memory Report ------------------------ Name | Size | Alloc DTXP Size | Alloc Blocks | Alloc Bytes | MaxAlloc Blocks | MaxAlloc Bytes Policy EVPN Params 20 24 3330678 79936272 3330678 79936272 root@device> show task memory detail | match policy | match evpn ------------------------ Allocator Memory Report ------------------------ Name | Size | Alloc DTXP Size | Alloc Blocks | Alloc Bytes | MaxAlloc Blocks | MaxAlloc Bytes Policy EVPN Params 20 24 36620255 878886120 36620255 878886120 This issue affects: Juniper Networks Junos OS 19.4 versions prior to 19.4R2; 20.1 versions prior to 20.1R1-S4, 20.1R2; Juniper Networks Junos OS Evolved: 19.4 versions; 20.1 versions prior to 20.1R1-S4-EVO, 20.1R2-EVO; 20.2 versions prior to 20.2R1-EVO; This issue does not affect: Juniper Networks Junos OS releases prior to 19.4R1. Juniper Networks Junos OS Evolved releases prior to 19.4R1-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA11075 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: 19.4 < 19.4R2 Version: 20.1 < 20.1R1-S4, 20.1R2 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:30.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11075"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "19.4R2",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R1-S4, 20.1R2",
"status": "affected",
"version": "20.1",
"versionType": "custom"
}
]
},
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"status": "affected",
"version": "19.4-EVO"
},
{
"lessThan": "20.1R1-S4-EVO, 20.1R2-EVO",
"status": "affected",
"version": "20.1-EVO",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "The example of the configuration stanza affected by this issue is as follows:\n [protocols evpn]"
}
],
"datePublic": "2020-10-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "On Juniper Networks Junos OS and Junos OS Evolved platforms with EVPN configured, receipt of specific BGP packets causes a slow memory leak. If the memory is exhausted the rpd process might crash. If the issue occurs, the memory leak could be seen by executing the \"show task memory detail | match policy | match evpn\" command multiple times to check if memory (Alloc Blocks value) is increasing. root@device\u003e show task memory detail | match policy | match evpn ------------------------ Allocator Memory Report ------------------------ Name | Size | Alloc DTXP Size | Alloc Blocks | Alloc Bytes | MaxAlloc Blocks | MaxAlloc Bytes Policy EVPN Params 20 24 3330678 79936272 3330678 79936272 root@device\u003e show task memory detail | match policy | match evpn ------------------------ Allocator Memory Report ------------------------ Name | Size | Alloc DTXP Size | Alloc Blocks | Alloc Bytes | MaxAlloc Blocks | MaxAlloc Bytes Policy EVPN Params 20 24 36620255 878886120 36620255 878886120 This issue affects: Juniper Networks Junos OS 19.4 versions prior to 19.4R2; 20.1 versions prior to 20.1R1-S4, 20.1R2; Juniper Networks Junos OS Evolved: 19.4 versions; 20.1 versions prior to 20.1R1-S4-EVO, 20.1R2-EVO; 20.2 versions prior to 20.2R1-EVO; This issue does not affect: Juniper Networks Junos OS releases prior to 19.4R1. Juniper Networks Junos OS Evolved releases prior to 19.4R1-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-16T20:31:33",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11075"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 19.4R2, 19.4R3, 20.1R1-S4, 20.1R2, 20.2R1 and all subsequent releases.\n\nJunos OS Evolved: 20.1R1-S4-EVO, 20.1R2-EVO, 20.2R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11075",
"defect": [
"1490269"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: RPD can crash due to a slow memory leak.",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-10-14T07:00:00.000Z",
"ID": "CVE-2020-1678",
"STATE": "PUBLIC",
"TITLE": "Junos OS and Junos OS Evolved: RPD can crash due to a slow memory leak."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R2"
},
{
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R1-S4, 20.1R2"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "19.4-EVO",
"version_value": "19.4-EVO"
},
{
"version_affected": "\u003c",
"version_name": "20.1-EVO",
"version_value": "20.1R1-S4-EVO, 20.1R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "The example of the configuration stanza affected by this issue is as follows:\n [protocols evpn]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Juniper Networks Junos OS and Junos OS Evolved platforms with EVPN configured, receipt of specific BGP packets causes a slow memory leak. If the memory is exhausted the rpd process might crash. If the issue occurs, the memory leak could be seen by executing the \"show task memory detail | match policy | match evpn\" command multiple times to check if memory (Alloc Blocks value) is increasing. root@device\u003e show task memory detail | match policy | match evpn ------------------------ Allocator Memory Report ------------------------ Name | Size | Alloc DTXP Size | Alloc Blocks | Alloc Bytes | MaxAlloc Blocks | MaxAlloc Bytes Policy EVPN Params 20 24 3330678 79936272 3330678 79936272 root@device\u003e show task memory detail | match policy | match evpn ------------------------ Allocator Memory Report ------------------------ Name | Size | Alloc DTXP Size | Alloc Blocks | Alloc Bytes | MaxAlloc Blocks | MaxAlloc Bytes Policy EVPN Params 20 24 36620255 878886120 36620255 878886120 This issue affects: Juniper Networks Junos OS 19.4 versions prior to 19.4R2; 20.1 versions prior to 20.1R1-S4, 20.1R2; Juniper Networks Junos OS Evolved: 19.4 versions; 20.1 versions prior to 20.1R1-S4-EVO, 20.1R2-EVO; 20.2 versions prior to 20.2R1-EVO; This issue does not affect: Juniper Networks Junos OS releases prior to 19.4R1. Juniper Networks Junos OS Evolved releases prior to 19.4R1-EVO."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11075",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11075"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 19.4R2, 19.4R3, 20.1R1-S4, 20.1R2, 20.2R1 and all subsequent releases.\n\nJunos OS Evolved: 20.1R1-S4-EVO, 20.1R2-EVO, 20.2R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11075",
"defect": [
"1490269"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2020-1678",
"datePublished": "2020-10-16T20:31:33.681958Z",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-09-16T20:02:44.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22397 (GCVE-0-2023-22397)
Vulnerability from cvelistv5
Published
2023-01-12 00:00
Modified
2025-04-07 15:40
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An Allocation of Resources Without Limits or Throttling weakness in the memory management of the Packet Forwarding Engine (PFE) on Juniper Networks Junos OS Evolved PTX10003 Series devices allows an adjacently located attacker who has established certain preconditions and knowledge of the environment to send certain specific genuine packets to begin a Time-of-check Time-of-use (TOCTOU) Race Condition attack which will cause a memory leak to begin. Once this condition begins, and as long as the attacker is able to sustain the offending traffic, a Distributed Denial of Service (DDoS) event occurs. As a DDoS event, the offending packets sent by the attacker will continue to flow from one device to another as long as they are received and processed by any devices, ultimately causing a cascading outage to any vulnerable devices. Devices not vulnerable to the memory leak will process and forward the offending packet(s) to neighboring devices. Due to internal anti-flood security controls and mechanisms reaching their maximum limit of response in the worst-case scenario, all affected Junos OS Evolved devices will reboot in as little as 1.5 days. Reboots to restore services cannot be avoided once the memory leak begins. The device will self-recover after crashing and rebooting. Operator intervention isn't required to restart the device. This issue affects: Juniper Networks Junos OS Evolved on PTX10003: All versions prior to 20.4R3-S4-EVO; 21.3 versions prior to 21.3R3-S1-EVO; 21.4 versions prior to 21.4R2-S2-EVO, 21.4R3-EVO; 22.1 versions prior to 22.1R1-S2-EVO, 22.1R2-EVO; 22.2 versions prior to 22.2R2-EVO. To check memory, customers may VTY to the PFE first then execute the following show statement: show jexpr jtm ingress-main-memory chip 255 | no-more Alternatively one may execute from the RE CLI: request pfe execute target fpc0 command "show jexpr jtm ingress-main-memory chip 255 | no-more" Iteration 1: Example output: Mem type: NH, alloc type: JTM 136776 bytes used (max 138216 bytes used) 911568 bytes available (909312 bytes from free pages) Iteration 2: Example output: Mem type: NH, alloc type: JTM 137288 bytes used (max 138216 bytes used) 911056 bytes available (909312 bytes from free pages) The same can be seen in the CLI below, assuming the scale does not change: show npu memory info Example output: FPC0:NPU16 mem-util-jnh-nh-size 2097152 FPC0:NPU16 mem-util-jnh-nh-allocated 135272 FPC0:NPU16 mem-util-jnh-nh-utilization 6
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA70193 |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Version: unspecified < 20.4R3-S4-EVO Version: 21.3 < 21.3R3-S1-EVO Version: 21.4 < 21.4R2-S2-EVO, 21.4R3-EVO Version: 22.1 < 22.1R1-S2-EVO, 22.1R2-EVO Version: 22.2 < 22.2R2-EVO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.643Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.juniper.net/JSA70193"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22397",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T15:10:12.134406Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T15:40:32.174Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"PTX10003"
],
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S4-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "21.3R3-S1-EVO",
"status": "affected",
"version": "21.3",
"versionType": "custom"
},
{
"lessThan": "21.4R2-S2-EVO, 21.4R3-EVO",
"status": "affected",
"version": "21.4",
"versionType": "custom"
},
{
"lessThan": "22.1R1-S2-EVO, 22.1R2-EVO",
"status": "affected",
"version": "22.1",
"versionType": "custom"
},
{
"lessThan": "22.2R2-EVO",
"status": "affected",
"version": "22.2",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "The following is the minimal configuration necessary to be affected by this issue: \n\n [protocols pim interface \u003cinterface-name\u003e]"
}
],
"datePublic": "2023-01-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Allocation of Resources Without Limits or Throttling weakness in the memory management of the Packet Forwarding Engine (PFE) on Juniper Networks Junos OS Evolved PTX10003 Series devices allows an adjacently located attacker who has established certain preconditions and knowledge of the environment to send certain specific genuine packets to begin a Time-of-check Time-of-use (TOCTOU) Race Condition attack which will cause a memory leak to begin. Once this condition begins, and as long as the attacker is able to sustain the offending traffic, a Distributed Denial of Service (DDoS) event occurs. As a DDoS event, the offending packets sent by the attacker will continue to flow from one device to another as long as they are received and processed by any devices, ultimately causing a cascading outage to any vulnerable devices. Devices not vulnerable to the memory leak will process and forward the offending packet(s) to neighboring devices. Due to internal anti-flood security controls and mechanisms reaching their maximum limit of response in the worst-case scenario, all affected Junos OS Evolved devices will reboot in as little as 1.5 days. Reboots to restore services cannot be avoided once the memory leak begins. The device will self-recover after crashing and rebooting. Operator intervention isn\u0027t required to restart the device. This issue affects: Juniper Networks Junos OS Evolved on PTX10003: All versions prior to 20.4R3-S4-EVO; 21.3 versions prior to 21.3R3-S1-EVO; 21.4 versions prior to 21.4R2-S2-EVO, 21.4R3-EVO; 22.1 versions prior to 22.1R1-S2-EVO, 22.1R2-EVO; 22.2 versions prior to 22.2R2-EVO. To check memory, customers may VTY to the PFE first then execute the following show statement: show jexpr jtm ingress-main-memory chip 255 | no-more Alternatively one may execute from the RE CLI: request pfe execute target fpc0 command \"show jexpr jtm ingress-main-memory chip 255 | no-more\" Iteration 1: Example output: Mem type: NH, alloc type: JTM 136776 bytes used (max 138216 bytes used) 911568 bytes available (909312 bytes from free pages) Iteration 2: Example output: Mem type: NH, alloc type: JTM 137288 bytes used (max 138216 bytes used) 911056 bytes available (909312 bytes from free pages) The same can be seen in the CLI below, assuming the scale does not change: show npu memory info Example output: FPC0:NPU16 mem-util-jnh-nh-size 2097152 FPC0:NPU16 mem-util-jnh-nh-allocated 135272 FPC0:NPU16 mem-util-jnh-nh-utilization 6"
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
},
{
"descriptions": [
{
"description": "Distributed Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
},
{
"descriptions": [
{
"description": "Memory Leak",
"lang": "en",
"type": "text"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-12T00:00:00.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"url": "https://kb.juniper.net/JSA70193"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve these specific issues: Junos OS Evolved: 20.4R3-S4-EVO, 21.3R3-S1-EVO, 21.4R2-S2-EVO, 21.4R3-EVO, 22.1R1-S2-EVO, 22.1R2-EVO, 22.1R3-EVO, 22.2R1-S1-EVO, 22.2R2-EVO, 22.3R1-EVO, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA70193",
"defect": [
"1670829"
],
"discovery": "USER"
},
"title": "Junos OS Evolved: PTX10003: An attacker sending specific genuine packets will cause a memory leak in the PFE leading to a Denial of Service",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue. \n\nTo reduce impact due to unplanned reboots customers may review memory thresholds as above and decide to reboot devices proactively to clear memory during planned maintenance windows.\n "
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2023-22397",
"datePublished": "2023-01-12T00:00:00.000Z",
"dateReserved": "2022-12-27T00:00:00.000Z",
"dateUpdated": "2025-04-07T15:40:32.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-30382 (GCVE-0-2024-30382)
Vulnerability from cvelistv5
Published
2024-04-12 15:22
Modified
2024-08-02 01:32
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
VLAI Severity ?
EPSS score ?
Summary
An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to send a specific routing update, causing an rpd core due to memory corruption, leading to a Denial of Service (DoS).
This issue can only be triggered when the system is configured for CoS-based forwarding (CBF) with a policy map containing a cos-next-hop-map action (see below).
This issue affects:
Junos OS:
* all versions before 20.4R3-S10,
* from 21.2 before 21.2R3-S8,
* from 21.3 before 21.3R3,
* from 21.4 before 21.4R3,
* from 22.1 before 22.1R2;
Junos OS Evolved:
* all versions before 21.2R3-S8-EVO,
* from 21.3 before 21.3R3-EVO,
* from 21.4 before 21.4R3-EVO,
* from 22.1 before 22.1R2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportportal.juniper.net/JSA79174 | vendor-advisory | |
| https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L | technical-description |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: 0 ≤ Version: 21.2 ≤ Version: 21.3 ≤ Version: 21.4 ≤ Version: 22.1 ≤ |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:juniper:junos_os_evolved:21.3:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "junos_os_evolved",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.3R3-EVO",
"status": "affected",
"version": "21.3",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:juniper:junos_os_evolved:21.4:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "junos_os_evolved",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.4R3-EVO",
"status": "affected",
"version": "21.4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:juniper:junos_os_evolved:22.1:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "junos_os_evolved",
"vendor": "juniper",
"versions": [
{
"lessThan": "22.1R2-EVO",
"status": "affected",
"version": "22.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "junos",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.2R3-S8",
"status": "affected",
"version": "21.2",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:juniper:junos:21.3:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "junos",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.3R3",
"status": "affected",
"version": "21.3",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:juniper:junos:21.4:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "junos",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.4R3",
"status": "affected",
"version": "21.4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:juniper:junos:22.1:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "junos",
"vendor": "juniper",
"versions": [
{
"lessThan": "22.1R2",
"status": "affected",
"version": "22.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:juniper:junos:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "junos",
"vendor": "juniper",
"versions": [
{
"lessThan": "20.4R3-S10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-30382",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-12T17:23:18.353034Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:39:41.914Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:32:07.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA79174"
},
{
"tags": [
"technical-description",
"x_transferred"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S10",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.2R3-S8",
"status": "affected",
"version": "21.2",
"versionType": "semver"
},
{
"lessThan": "21.3R3",
"status": "affected",
"version": "21.3",
"versionType": "semver"
},
{
"lessThan": "21.4R3",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R2",
"status": "affected",
"version": "22.1",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S8-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.3R3-EVO",
"status": "affected",
"version": "21.3",
"versionType": "semver"
},
{
"lessThan": "21.4R3-EVO",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R2-EVO",
"status": "affected",
"version": "22.1",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following is an example of CoS-based forwarding configuration:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[edit policy-options]\u003cbr\u003eset policy-statement my-cos-forwarding term 1 from route-filter destination-prefix match-type\u003cbr\u003eset policy-statement my-cos-forwarding term 1 then \u003cb\u003ecos-next-hop-map\u003c/b\u003e map-name\u003c/tt\u003e"
}
],
"value": "The following is an example of CoS-based forwarding configuration:\n\n[edit policy-options]\nset policy-statement my-cos-forwarding term 1 from route-filter destination-prefix match-type\nset policy-statement my-cos-forwarding term 1 then cos-next-hop-map map-name"
}
],
"datePublic": "2024-04-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to send a specific routing update, causing an rpd core due to memory corruption, leading to a Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003eThis issue can only be triggered when the system is configured for CoS-based forwarding (CBF) with a policy map containing a cos-next-hop-map action (see below).\u003cbr\u003e\u003cp\u003eThis issue affects:\u003cbr\u003eJunos OS: \u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 20.4R3-S10, \u003c/li\u003e\u003cli\u003efrom 21.2 before 21.2R3-S8,\u003c/li\u003e\u003cli\u003efrom 21.3 before 21.3R3, \u003c/li\u003e\u003cli\u003efrom 21.4 before 21.4R3, \u003c/li\u003e\u003cli\u003efrom 22.1 before 22.1R2;\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eJunos OS Evolved: \u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 21.2R3-S8-EVO,\u003c/li\u003e\u003cli\u003efrom 21.3 before 21.3R3-EVO, \u003c/li\u003e\u003cli\u003efrom 21.4 before 21.4R3-EVO, \u003c/li\u003e\u003cli\u003efrom 22.1 before 22.1R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to send a specific routing update, causing an rpd core due to memory corruption, leading to a Denial of Service (DoS).\n\nThis issue can only be triggered when the system is configured for CoS-based forwarding (CBF) with a policy map containing a cos-next-hop-map action (see below).\nThis issue affects:\nJunos OS: \n\n\n * all versions before 20.4R3-S10, \n * from 21.2 before 21.2R3-S8,\n * from 21.3 before 21.3R3, \n * from 21.4 before 21.4R3, \n * from 22.1 before 22.1R2;\n\n\n\n\nJunos OS Evolved: \n\n\n * all versions before 21.2R3-S8-EVO,\n * from 21.3 before 21.3R3-EVO, \n * from 21.4 before 21.4R3-EVO, \n * from 22.1 before 22.1R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755 Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T18:01:47.966Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA79174"
},
{
"tags": [
"technical-description"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: \u003cbr\u003eJunos OS: 20.4R3-S10, 21.3R3, 21.4R3, 22.1R2, 22.2R1, and all subsequent releases.\n\u003cbr\u003eJunos OS Evolved:\u0026nbsp;\u0026nbsp;21.3R3-EVO, 21.4R3-EVO, 22.1R2-EVO, 22.2R1-EVO, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue: \nJunos OS: 20.4R3-S10, 21.3R3, 21.4R3, 22.1R2, 22.2R1, and all subsequent releases.\n\nJunos OS Evolved:\u00a0\u00a021.3R3-EVO, 21.4R3-EVO, 22.1R2-EVO, 22.2R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA79174",
"defect": [
"1640813"
],
"discovery": "INTERNAL"
},
"title": "Junos OS and Junos OS Evolved: RPD crash when CoS-based forwarding (CBF) policy is configured",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are no known workarounds for this issue.\u003c/p\u003e"
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-30382",
"datePublished": "2024-04-12T15:22:03.210Z",
"dateReserved": "2024-03-26T23:06:12.474Z",
"dateUpdated": "2024-08-02T01:32:07.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-30403 (GCVE-0-2024-30403)
Vulnerability from cvelistv5
Published
2024-04-12 15:28
Modified
2024-08-02 01:32
Severity ?
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.1 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
7.1 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
VLAI Severity ?
EPSS score ?
Summary
A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).
When Layer 2 traffic is sent through a logical interface, MAC learning happens. If during this process, the interface flaps, an Advanced Forwarding Toolkit manager (evo-aftmand-bt) core is observed. This leads to a PFE restart. The crash reoccurs if the same sequence of events happens, which will lead to a sustained DoS condition.
This issue affects Juniper Networks Junos OS Evolved 23.2-EVO versions earlier than 23.2R1-S1-EVO, 23.2R2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportportal.juniper.net/JSA79181 | vendor-advisory | |
| https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L | technical-description |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Version: 23.2-EVO ≤ |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos_os_evolved",
"vendor": "juniper",
"versions": [
{
"lessThan": "23.2r1-s1-evo",
"status": "affected",
"version": "23.2-evo",
"versionType": "semver"
},
{
"lessThan": "23.2r2-evo",
"status": "affected",
"version": "23.2-evo",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-30403",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T17:34:00.563504Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:39:39.894Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:32:07.289Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA79181"
},
{
"tags": [
"technical-description",
"x_transferred"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "23.2R1-S1-EVO, 23.2R2-EVO",
"status": "affected",
"version": "23.2-EVO",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-04-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003eWhen Layer 2 traffic is sent through a logical interface, MAC learning happens. If during this process, the interface flaps,\u0026nbsp;an\u0026nbsp;\u003cspan style=\"background-color: rgb(251, 251, 251);\"\u003eAdvanced Forwarding Toolkit manager (evo-aftmand-bt) core is observed. This leads to a PFE restart. The crash reoccurs if the same sequence of events happens, which will lead to a sustained DoS condition.\u003cbr\u003e\u003cbr\u003e\u003c/span\u003eThis issue affects Juniper Networks Junos OS Evolved\u0026nbsp;\u003cspan style=\"background-color: var(--darkreader-bg--wht);\"\u003e23.2-EVO versions earlier than 23.2R1-S1-EVO, 23.2R2-EVO.\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).\n\nWhen Layer 2 traffic is sent through a logical interface, MAC learning happens. If during this process, the interface flaps,\u00a0an\u00a0Advanced Forwarding Toolkit manager (evo-aftmand-bt) core is observed. This leads to a PFE restart. The crash reoccurs if the same sequence of events happens, which will lead to a sustained DoS condition.\n\nThis issue affects Juniper Networks Junos OS Evolved\u00a023.2-EVO versions earlier than 23.2R1-S1-EVO, 23.2R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:34:33.161Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA79181"
},
{
"tags": [
"technical-description"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: 23.2R1-S1-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue: 23.2R1-S1-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA79181",
"defect": [
"1736588"
],
"discovery": "INTERNAL"
},
"title": "Junos OS Evolved: When MAC learning happens, and an interface gets flapped, the PFE crashes",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are no known workarounds for this issue.\u003c/p\u003e"
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-30403",
"datePublished": "2024-04-12T15:28:10.459Z",
"dateReserved": "2024-03-26T23:06:19.981Z",
"dateUpdated": "2024-08-02T01:32:07.289Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39522 (GCVE-0-2024-39522)
Vulnerability from cvelistv5
Published
2024-07-11 15:58
Modified
2024-08-02 04:26
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.5 (High) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
8.5 (High) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
Summary
An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system.
The Junos OS Evolved CLI doesn't properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level.
This issue affects Junos OS Evolved:
* 22.3-EVO versions before 22.3R2-EVO,
* 22.4-EVO versions before 22.4R1-S1-EVO, 22.4R2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportportal.juniper.net/JSA82975 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Version: 22.3-EVO ≤ Version: 22.4-EVO ≤ |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:juniper:junos_os_evolved:22.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos_os_evolved",
"vendor": "juniper",
"versions": [
{
"lessThan": "22.3r2",
"status": "affected",
"version": "22.3",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:juniper:junos_os_evolved:22.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos_os_evolved",
"vendor": "juniper",
"versions": [
{
"lessThan": "22.4r2",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "22.4r1-s2",
"status": "affected",
"version": "22.4",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39522",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-13T03:55:24.372855Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-13T11:40:43.932Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA82975"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "22.3R2-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R1-S1-EVO, 22.4R2-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-07-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to \u0027root\u0027 leading to a full compromise of the system.\u003cbr\u003e\u003cbr\u003eThe Junos OS Evolved CLI doesn\u0027t properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level.\u003cbr\u003e\n\n\u003cp\u003eThis issue affects Junos OS Evolved:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e22.3-EVO versions before 22.3R2-EVO,\u003c/li\u003e\u003cli\u003e22.4-EVO versions before 22.4R1-S1-EVO, 22.4R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to \u0027root\u0027 leading to a full compromise of the system.\n\nThe Junos OS Evolved CLI doesn\u0027t properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level.\n\n\nThis issue affects Junos OS Evolved:\n\n\n\n * 22.3-EVO versions before 22.3R2-EVO,\n * 22.4-EVO versions before 22.4R1-S1-EVO, 22.4R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T15:58:26.205Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA82975"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: 22.3R2-EVO, 22.4R1-S1-EVO, 22.4R2-EVO, 23.2R1-EVO, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue: 22.3R2-EVO, 22.4R1-S1-EVO, 22.4R2-EVO, 23.2R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA82975",
"defect": [
"1696784"
],
"discovery": "INTERNAL"
},
"title": "Junos OS Evolved: CLI parameter processing issue allows privilege escalation",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-39522",
"datePublished": "2024-07-11T15:58:26.205Z",
"dateReserved": "2024-06-25T15:12:53.239Z",
"dateUpdated": "2024-08-02T04:26:15.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22208 (GCVE-0-2022-22208)
Vulnerability from cvelistv5
Published
2022-10-18 02:46
Modified
2025-05-12 14:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A Use After Free vulnerability in the Routing Protocol Daemon (rdp) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to cause Denial of Service (DoS). When a BGP session flap happens, a Use After Free of a memory location that was assigned to another object can occur, which will lead to an rpd crash. This is a race condition that is outside of the attacker's control and cannot be deterministically exploited. Continued flapping of BGP sessions can create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS: All versions prior to 18.4R2-S9, 18.4R3-S11; 19.1 versions prior to 19.1R3-S8; 19.2 version 19.2R1 and later versions; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R2-S6, 19.4R3-S6; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R2-S1, 21.2R3. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S4-EVO; 21.1-EVO versions prior to 21.1R3-S2-EVO; 21.2-EVO versions prior to 21.2R3-EVO; 21.3-EVO versions prior to 21.3R2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA69879 |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: unspecified < 18.4R2-S9, 18.4R3-S11 Version: 19.1 < 19.1R3-S8 Version: 19.2R1 < 19.2* Version: 19.3 < 19.3R3-S5 Version: 19.4 < 19.4R2-S6, 19.4R3-S6 Version: 20.1R1 < 20.1* Version: 20.2 < 20.2R3-S3 Version: 20.3 < 20.3R3-S2 Version: 20.4 < 20.4R3-S1 Version: 21.1 < 21.1R3-S3 Version: 21.2 < 21.2R2-S1, 21.2R3 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:07:50.182Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.juniper.net/JSA69879"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-22208",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-12T14:46:11.093708Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-12T14:46:16.848Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "18.4R2-S9, 18.4R3-S11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "19.1R3-S8",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2*",
"status": "affected",
"version": "19.2R1",
"versionType": "custom"
},
{
"lessThan": "19.3R3-S5",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R2-S6, 19.4R3-S6",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1*",
"status": "affected",
"version": "20.1R1",
"versionType": "custom"
},
{
"lessThan": "20.2R3-S3",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R3-S2",
"status": "affected",
"version": "20.3",
"versionType": "custom"
},
{
"lessThan": "20.4R3-S1",
"status": "affected",
"version": "20.4",
"versionType": "custom"
},
{
"lessThan": "21.1R3-S3",
"status": "affected",
"version": "21.1",
"versionType": "custom"
},
{
"lessThan": "21.2R2-S1, 21.2R3",
"status": "affected",
"version": "21.2",
"versionType": "custom"
}
]
},
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S4-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "21.1R3-S2-EVO",
"status": "affected",
"version": "21.1-EVO",
"versionType": "custom"
},
{
"lessThan": "21.2R3-EVO",
"status": "affected",
"version": "21.2-EVO",
"versionType": "custom"
},
{
"lessThan": "21.3R2-EVO",
"status": "affected",
"version": "21.3-EVO",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "To be vulnerable to this issue a device needs to be configured with a minimal BGP configuration for a session to be established as shown in the following example:\n\n [protocols bgp group \u003cgroup-name\u003e neighbor \u003cneighbor IP\u003e]"
}
],
"datePublic": "2022-10-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Use After Free vulnerability in the Routing Protocol Daemon (rdp) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to cause Denial of Service (DoS). When a BGP session flap happens, a Use After Free of a memory location that was assigned to another object can occur, which will lead to an rpd crash. This is a race condition that is outside of the attacker\u0027s control and cannot be deterministically exploited. Continued flapping of BGP sessions can create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS: All versions prior to 18.4R2-S9, 18.4R3-S11; 19.1 versions prior to 19.1R3-S8; 19.2 version 19.2R1 and later versions; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R2-S6, 19.4R3-S6; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R2-S1, 21.2R3. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S4-EVO; 21.1-EVO versions prior to 21.1R3-S2-EVO; 21.2-EVO versions prior to 21.2R3-EVO; 21.3-EVO versions prior to 21.3R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-18T00:00:00.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"url": "https://kb.juniper.net/JSA69879"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: \nJunos OS: 18.4R2-S9, 18.4R3-S11, 19.1R3-S8, 19.3R3-S5, 19.4R2-S6, 19.4R3-S6, 20.2R3-S3, 20.3R3-S2, 20.4R3-S1, 21.1R3-S3, 21.2R2-S1, 21.2R3, 21.3R1, and all subsequent releases.\nJunos OS Evolved: 20.4R3-S4-EVO, 21.1R3-S2-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA69879",
"defect": [
"1600812"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: An rpd crash can occur due to memory corruption caused by flapping BGP sessions",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2022-22208",
"datePublished": "2022-10-18T02:46:19.872Z",
"dateReserved": "2021-12-21T00:00:00.000Z",
"dateUpdated": "2025-05-12T14:46:16.848Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-44177 (GCVE-0-2023-44177)
Vulnerability from cvelistv5
Published
2023-10-12 23:00
Modified
2024-09-19 13:10
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos and Junos EVO allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service.
Repeated actions by the attacker will create a sustained Denial of Service (DoS) condition.
This issue affects Juniper Networks:
Junos OS:
* All versions prior to 19.1R3-S10;
* 19.2 versions prior to 19.2R3-S7;
* 19.3 versions prior to 19.3R3-S8;
* 19.4 versions prior to 19.4R3-S12;
* 20.2 versions prior to 20.2R3-S8;
* 20.4 versions prior to 20.4R3-S8;
* 21.2 versions prior to 21.2R3-S6;
* 21.3 versions prior to 21.3R3-S5;
* 21.4 versions prior to 21.4R3-S4;
* 22.1 versions prior to 22.1R3-S3;
* 22.2 versions prior to 22.2R3-S1;
* 22.3 versions prior to 22.3R3;
* 22.4 versions prior to 22.4R2.
Junos OS Evolved:
* All versions prior to 20.4R3-S8-EVO;
* 21.2 versions prior to 21.2R3-S6-EVO;
* 21.3 versions prior to 21.3R3-S5-EVO;
* 21.4 versions prior to 21.4R3-S4-EVO;
* 22.1 versions prior to 22.1R3-S3-EVO;
* 22.2 versions prior to 22.2R3-S1-EVO;
* 22.3 versions prior to 22.3R3-EVO;
* 22.4 versions prior to 22.4R2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportportal.juniper.net/JSA73140 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: 0 ≤ Version: 19.2 ≤ Version: 19.3 ≤ Version: 19.4 ≤ Version: 20.2 ≤ Version: 20.4 ≤ Version: 21.2 ≤ Version: 21.3 ≤ Version: 21.4 ≤ Version: 22.1 ≤ Version: 22.2 ≤ Version: 22.3 ≤ Version: 22.4 ≤ |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:59:51.703Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA73140"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-44177",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T13:10:13.515342Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T13:10:23.081Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "19.1R3-S10",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "19.2R3-S7",
"status": "affected",
"version": "19.2",
"versionType": "semver"
},
{
"lessThan": "19.3R3-S8",
"status": "affected",
"version": "19.3",
"versionType": "semver"
},
{
"lessThan": "19.4R3-S12",
"status": "affected",
"version": "19.4",
"versionType": "semver"
},
{
"lessThan": "20.2R3-S8",
"status": "affected",
"version": "20.2",
"versionType": "semver"
},
{
"lessThan": "20.4R3-S8",
"status": "affected",
"version": "20.4",
"versionType": "semver"
},
{
"lessThan": "21.2R3-S6",
"status": "affected",
"version": "21.2",
"versionType": "semver"
},
{
"lessThan": "21.3R3-S5",
"status": "affected",
"version": "21.3",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S4",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S3",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S1",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R2",
"status": "affected",
"version": "22.4",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S8-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.2R3-S6-EVO",
"status": "affected",
"version": "21.2",
"versionType": "semver"
},
{
"lessThan": "21.3R3-S5-EVO",
"status": "affected",
"version": "21.3",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S4-EVO",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S3-EVO",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S1-EVO",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-EVO",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R2-EVO",
"status": "affected",
"version": "22.4",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-10-11T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eA Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos and Junos EVO allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service.\u003c/p\u003e\u003cp\u003eRepeated actions by the attacker will create a sustained Denial of Service (DoS) condition.\u003c/p\u003e\u003cp\u003eThis issue affects Juniper Networks:\u003c/p\u003e\u003cp\u003eJunos OS:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions prior to 19.1R3-S10;\u003c/li\u003e\u003cli\u003e19.2 versions prior to 19.2R3-S7;\u003c/li\u003e\u003cli\u003e19.3 versions prior to 19.3R3-S8;\u003c/li\u003e\u003cli\u003e19.4 versions prior to 19.4R3-S12;\u003c/li\u003e\u003cli\u003e20.2 versions prior to 20.2R3-S8;\u003c/li\u003e\u003cli\u003e20.4 versions prior to 20.4R3-S8;\u003c/li\u003e\u003cli\u003e21.2 versions prior to 21.2R3-S6;\u003c/li\u003e\u003cli\u003e21.3 versions prior to 21.3R3-S5;\u003c/li\u003e\u003cli\u003e21.4 versions prior to 21.4R3-S4;\u003c/li\u003e\u003cli\u003e22.1 versions prior to 22.1R3-S3;\u003c/li\u003e\u003cli\u003e22.2 versions prior to 22.2R3-S1;\u003c/li\u003e\u003cli\u003e22.3 versions prior to 22.3R3;\u003c/li\u003e\u003cli\u003e22.4 versions prior to 22.4R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eJunos OS Evolved:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions prior to 20.4R3-S8-EVO;\u003c/li\u003e\u003cli\u003e21.2 versions prior to 21.2R3-S6-EVO;\u003c/li\u003e\u003cli\u003e21.3 versions prior to 21.3R3-S5-EVO;\u003c/li\u003e\u003cli\u003e21.4 versions prior to 21.4R3-S4-EVO;\u003c/li\u003e\u003cli\u003e22.1 versions prior to 22.1R3-S3-EVO;\u003c/li\u003e\u003cli\u003e22.2 versions prior to 22.2R3-S1-EVO;\u003c/li\u003e\u003cli\u003e22.3 versions prior to 22.3R3-EVO;\u003c/li\u003e\u003cli\u003e22.4 versions prior to 22.4R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\n\n"
}
],
"value": "\nA Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos and Junos EVO allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service.\n\nRepeated actions by the attacker will create a sustained Denial of Service (DoS) condition.\n\nThis issue affects Juniper Networks:\n\nJunos OS:\n\n\n\n * All versions prior to 19.1R3-S10;\n * 19.2 versions prior to 19.2R3-S7;\n * 19.3 versions prior to 19.3R3-S8;\n * 19.4 versions prior to 19.4R3-S12;\n * 20.2 versions prior to 20.2R3-S8;\n * 20.4 versions prior to 20.4R3-S8;\n * 21.2 versions prior to 21.2R3-S6;\n * 21.3 versions prior to 21.3R3-S5;\n * 21.4 versions prior to 21.4R3-S4;\n * 22.1 versions prior to 22.1R3-S3;\n * 22.2 versions prior to 22.2R3-S1;\n * 22.3 versions prior to 22.3R3;\n * 22.4 versions prior to 22.4R2.\n\n\n\n\nJunos OS Evolved:\n\n\n\n * All versions prior to 20.4R3-S8-EVO;\n * 21.2 versions prior to 21.2R3-S6-EVO;\n * 21.3 versions prior to 21.3R3-S5-EVO;\n * 21.4 versions prior to 21.4R3-S4-EVO;\n * 22.1 versions prior to 22.1R3-S3-EVO;\n * 22.2 versions prior to 22.2R3-S1-EVO;\n * 22.3 versions prior to 22.3R3-EVO;\n * 22.4 versions prior to 22.4R2-EVO.\n\n\n\n\n\n\n"
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e"
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS) ",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-12T23:00:43.889Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA73140"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue: \u003c/p\u003e\u003cp\u003eJunos OS: 19.1R3-S10, 19.2R3-S7, 19.3R3-S8, 19.4R3-S12, 20.2R3-S8, 20.4R3-S8, 21.2R3-S5, 21.2R3-S6, 21.3R3-S5, 21.4R3-S4, 22.1R3-S3, 22.2R3-S1, 22.3R3, 22.4R2, 22.4R3, 23.2R1, and all subsequent releases.\u003c/p\u003e\u003cp\u003eJunos OS Evolved: 20.4R3-S8-EVO, 21.2R3-S6-EVO, 21.3R3-S5-EVO, 21.4R3-S4-EVO, 22.1R3-S3-EVO, 22.2R3-S1-EVO, 22.3R3-EVO, 22.4R2-EVO, 22.4R3-EVO, 23.2R1-EVO, and all subsequent releases.\u003c/p\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS: 19.1R3-S10, 19.2R3-S7, 19.3R3-S8, 19.4R3-S12, 20.2R3-S8, 20.4R3-S8, 21.2R3-S5, 21.2R3-S6, 21.3R3-S5, 21.4R3-S4, 22.1R3-S3, 22.2R3-S1, 22.3R3, 22.4R2, 22.4R3, 23.2R1, and all subsequent releases.\n\nJunos OS Evolved: 20.4R3-S8-EVO, 21.2R3-S6-EVO, 21.3R3-S5-EVO, 21.4R3-S4-EVO, 22.1R3-S3-EVO, 22.2R3-S1-EVO, 22.3R3-EVO, 22.4R2-EVO, 22.4R3-EVO, 23.2R1-EVO, and all subsequent releases.\n\n"
}
],
"source": {
"advisory": "JSA73140",
"defect": [
"1720521"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2023-10-11T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Junos OS and Junos OS Evolved: Stack overflow vulnerability in CLI command processing",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTo reduce the risk of malicious exploitation use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.\u003c/p\u003e\u003cp\u003eThere are no known workarounds for this issue.\u003c/p\u003e"
}
],
"value": "To reduce the risk of malicious exploitation use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.\n\nThere are no known workarounds for this issue.\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-av217"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2023-44177",
"datePublished": "2023-10-12T23:00:43.889Z",
"dateReserved": "2023-09-26T19:30:17.662Z",
"dateUpdated": "2024-09-19T13:10:23.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-0298 (GCVE-0-2021-0298)
Vulnerability from cvelistv5
Published
2021-10-19 18:16
Modified
2024-09-17 02:06
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A Race Condition in the 'show chassis pic' command in Juniper Networks Junos OS Evolved may allow an attacker to crash the port interface concentrator daemon (picd) process on the FPC, if the command is executed coincident with other system events outside the attacker's control, leading to a Denial of Service (DoS) condition. Continued execution of the CLI command, under precise conditions, could create a sustained Denial of Service (DoS) condition. This issue affects all Juniper Networks Junos OS Evolved versions prior to 20.1R2-EVO on PTX10003 and PTX10008 platforms. Junos OS is not affected by this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA11212 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Version: unspecified < 20.1R2-EVO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:10.629Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11212"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"PTX10003, PTX10008"
],
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.1R2-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-10-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Race Condition in the \u0027show chassis pic\u0027 command in Juniper Networks Junos OS Evolved may allow an attacker to crash the port interface concentrator daemon (picd) process on the FPC, if the command is executed coincident with other system events outside the attacker\u0027s control, leading to a Denial of Service (DoS) condition. Continued execution of the CLI command, under precise conditions, could create a sustained Denial of Service (DoS) condition. This issue affects all Juniper Networks Junos OS Evolved versions prior to 20.1R2-EVO on PTX10003 and PTX10008 platforms. Junos OS is not affected by this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-19T18:16:25",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11212"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved 20.1R2-EVO, 20.2R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11212",
"defect": [
"1497285"
],
"discovery": "INTERNAL"
},
"title": "Junos OS Evolved: PTX10003, PTX10008: picd core while executing the \"show chassis pic\" command under certain conditions",
"workarounds": [
{
"lang": "en",
"value": "Use access lists or firewall filters to limit access to the router via CLI only from trusted hosts and from trusted administrators."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-10-13T16:00:00.000Z",
"ID": "CVE-2021-0298",
"STATE": "PUBLIC",
"TITLE": "Junos OS Evolved: PTX10003, PTX10008: picd core while executing the \"show chassis pic\" command under certain conditions"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"platform": "PTX10003, PTX10008",
"version_affected": "\u003c",
"version_value": "20.1R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Race Condition in the \u0027show chassis pic\u0027 command in Juniper Networks Junos OS Evolved may allow an attacker to crash the port interface concentrator daemon (picd) process on the FPC, if the command is executed coincident with other system events outside the attacker\u0027s control, leading to a Denial of Service (DoS) condition. Continued execution of the CLI command, under precise conditions, could create a sustained Denial of Service (DoS) condition. This issue affects all Juniper Networks Junos OS Evolved versions prior to 20.1R2-EVO on PTX10003 and PTX10008 platforms. Junos OS is not affected by this vulnerability."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11212",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11212"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved 20.1R2-EVO, 20.2R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11212",
"defect": [
"1497285"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Use access lists or firewall filters to limit access to the router via CLI only from trusted hosts and from trusted administrators."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0298",
"datePublished": "2021-10-19T18:16:25.323981Z",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-09-17T02:06:18.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-30380 (GCVE-0-2024-30380)
Vulnerability from cvelistv5
Published
2024-04-16 20:04
Modified
2024-08-02 01:32
Severity ?
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.1 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
7.1 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
VLAI Severity ?
EPSS score ?
Summary
An Improper Handling of Exceptional Conditions vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an adjacent unauthenticated attacker to cause a Denial of Service (DoS), which causes the l2cpd process to crash by sending a specific TLV.
The l2cpd process is responsible for layer 2 control protocols, such as STP, RSTP, MSTP, VSTP, ERP, and LLDP. The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP, leading to a Denial of Service. Continued receipt and processing of this specific TLV will create a sustained Denial of Service (DoS) condition.
This issue affects:
Junos OS:
all versions before 20.4R3-S9,
from 21.2 before 21.2R3-S7,
from 21.3 before 21.3R3-S5,
from 21.4 before 21.4R3-S4,
from 22.1 before 22.1R3-S4,
from 22.2 before 22.2R3-S2,
from 22.3 before 22.3R2-S2, 22.3R3-S1,
from 22.4 before 22.4R2-S2, 22.4R3,
from 23.2 before 23.2R1-S1, 23.2R2;
Junos OS Evolved:
all versions before 21.2R3-S7,
from 21.3 before 21.3R3-S5-EVO,
from 21.4 before 21.4R3-S5-EVO,
from 22.1 before 22.1R3-S4-EVO,
from 22.2 before 22.2R3-S2-EVO,
from 22.3 before 22.3R2-S2-EVO, 22.3R3-S1-EVO,
from 22.4 before 22.4R2-S2-EVO, 22.4R3-EVO,
from 23.2 before 23.2R1-S1-EVO, 23.2R2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportportal.juniper.net/JSA79171 | vendor-advisory | |
| https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L | technical-description |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: 0 ≤ Version: 21.2 ≤ Version: 21.3 ≤ Version: 21.4 ≤ Version: 22.1 ≤ Version: 22.2 ≤ Version: 22.3 ≤ Version: 22.4 ≤ Version: 23.2 ≤ |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-30380",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-01T18:16:07.416039Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-01T18:16:14.031Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:32:07.069Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA79171"
},
{
"tags": [
"technical-description",
"x_transferred"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S9",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.2R3-S7",
"status": "affected",
"version": "21.2",
"versionType": "semver"
},
{
"lessThan": "21.3R3-S5",
"status": "affected",
"version": "21.3",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S4",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S4",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S2",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R2-S2, 22.3R3-S1",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R2-S2, 22.4R3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R1-S1, 23.2R2",
"status": "affected",
"version": "23.2",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S7-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.3R3-S5-EVO",
"status": "affected",
"version": "21.3",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S5-EVO",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S4-EVO",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S2-EVO",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R2-S2-EVO, 22.3R3-S1-EVO",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R2-S2-EVO, 22.4R3-EVO",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R1-S1-EVO, 23.2R2-EVO",
"status": "affected",
"version": "23.2",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A sample configuration enabling LLDP is shown below:\u003cbr\u003e\u003cbr\u003e\n\n\u003ctt\u003e\u003cspan style=\"background-color: rgb(40, 44, 52);\"\u003e[set protocols lldp interface all]\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003c/tt\u003e\u003ctt\u003e\u003cspan style=\"background-color: rgb(40, 44, 52);\"\u003e[set interfaces ge-0/0/0 lldp ...]\u003c/span\u003e\u003c/tt\u003e\u003cbr\u003e\n\n\u003cbr\u003e"
}
],
"value": "A sample configuration enabling LLDP is shown below:\n\n\n\n[set protocols lldp interface all]\n\n[set interfaces ge-0/0/0 lldp ...]"
}
],
"datePublic": "2024-04-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Handling of Exceptional Conditions vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an adjacent unauthenticated attacker to cause a Denial of Service (DoS), which causes the l2cpd process to crash by sending a specific TLV.\u003cbr\u003e\u003cbr\u003eThe l2cpd process is responsible for layer 2 control protocols, such as STP, RSTP, MSTP, VSTP, ERP, and LLDP.\u0026nbsp; The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP, leading to a Denial of Service.\u0026nbsp;\u0026nbsp;Continued receipt and processing of this specific TLV will create a sustained Denial of Service (DoS) condition.\u003cbr\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJunos OS: \u003cbr\u003eall versions before 20.4R3-S9, \u003cbr\u003efrom 21.2 before 21.2R3-S7, \u003cbr\u003efrom 21.3 before 21.3R3-S5, \u003cbr\u003efrom 21.4 before 21.4R3-S4, \u003cbr\u003efrom 22.1 before 22.1R3-S4, \u003cbr\u003efrom 22.2 before 22.2R3-S2, \u003cbr\u003efrom 22.3 before 22.3R2-S2, 22.3R3-S1, \u003cbr\u003efrom 22.4 before 22.4R2-S2, 22.4R3, \u003cbr\u003efrom 23.2 before 23.2R1-S1, 23.2R2;\u003c/p\u003e\u003cp\u003eJunos OS Evolved: \u003cbr\u003eall versions before 21.2R3-S7,\n\n \u003cbr\u003efrom 21.3 before 21.3R3-S5-EVO, \u003cbr\u003efrom 21.4 before 21.4R3-S5-EVO, \u003cbr\u003efrom 22.1 before 22.1R3-S4-EVO, \u003cbr\u003efrom 22.2 before 22.2R3-S2-EVO, \u003cbr\u003efrom 22.3 before 22.3R2-S2-EVO, 22.3R3-S1-EVO, \u003cbr\u003efrom 22.4 before 22.4R2-S2-EVO, 22.4R3-EVO, \u003cbr\u003efrom 23.2 before 23.2R1-S1-EVO, 23.2R2-EVO.\u003c/p\u003e"
}
],
"value": "An Improper Handling of Exceptional Conditions vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an adjacent unauthenticated attacker to cause a Denial of Service (DoS), which causes the l2cpd process to crash by sending a specific TLV.\n\nThe l2cpd process is responsible for layer 2 control protocols, such as STP, RSTP, MSTP, VSTP, ERP, and LLDP.\u00a0 The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP, leading to a Denial of Service.\u00a0\u00a0Continued receipt and processing of this specific TLV will create a sustained Denial of Service (DoS) condition.\nThis issue affects:\n\nJunos OS: \nall versions before 20.4R3-S9, \nfrom 21.2 before 21.2R3-S7, \nfrom 21.3 before 21.3R3-S5, \nfrom 21.4 before 21.4R3-S4, \nfrom 22.1 before 22.1R3-S4, \nfrom 22.2 before 22.2R3-S2, \nfrom 22.3 before 22.3R2-S2, 22.3R3-S1, \nfrom 22.4 before 22.4R2-S2, 22.4R3, \nfrom 23.2 before 23.2R1-S1, 23.2R2;\n\nJunos OS Evolved: \nall versions before 21.2R3-S7,\n\n \nfrom 21.3 before 21.3R3-S5-EVO, \nfrom 21.4 before 21.4R3-S5-EVO, \nfrom 22.1 before 22.1R3-S4-EVO, \nfrom 22.2 before 22.2R3-S2-EVO, \nfrom 22.3 before 22.3R2-S2-EVO, 22.3R3-S1-EVO, \nfrom 22.4 before 22.4R2-S2-EVO, 22.4R3-EVO, \nfrom 23.2 before 23.2R1-S1-EVO, 23.2R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755 Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T18:02:13.456Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA79171"
},
{
"tags": [
"technical-description"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: \u003cbr\u003eJunos OS: 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S4, 22.1R3-S4, 22.2R3-S2, 22.3R2-S2, 22.3R3-S1, 22.4R2-S2, 22.4R3, 23.2R1-S1, 23.2R2, 23.4R1, and all subsequent releases.\n\u003cbr\u003eJunos OS Evolved:\u0026nbsp;21.2R3-S7-EVO, 21.3R3-S5-EVO, 21.4R3-S5-EVO, 22.1R3-S4-EVO, 22.2R3-S2-EVO, 22.3R2-S2-EVO, 22.3R3-S1-EVO, 22.4R2-S2-EVO, 22.4R3-EVO, 23.2R1-S1-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue: \nJunos OS: 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S4, 22.1R3-S4, 22.2R3-S2, 22.3R2-S2, 22.3R3-S1, 22.4R2-S2, 22.4R3, 23.2R1-S1, 23.2R2, 23.4R1, and all subsequent releases.\n\nJunos OS Evolved:\u00a021.2R3-S7-EVO, 21.3R3-S5-EVO, 21.4R3-S5-EVO, 22.1R3-S4-EVO, 22.2R3-S2-EVO, 22.3R2-S2-EVO, 22.3R3-S1-EVO, 22.4R2-S2-EVO, 22.4R3-EVO, 23.2R1-S1-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA79171",
"defect": [
"1748720"
],
"discovery": "INTERNAL"
},
"title": "Junos OS and Junos OS Evolved: l2cpd crash upon receipt of a specific TLV",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are no known workarounds for this issue.\u003c/p\u003e"
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-30380",
"datePublished": "2024-04-16T20:04:53.599Z",
"dateReserved": "2024-03-26T23:06:12.474Z",
"dateUpdated": "2024-08-02T01:32:07.069Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-30395 (GCVE-0-2024-30395)
Vulnerability from cvelistv5
Published
2024-04-12 15:07
Modified
2024-08-02 01:32
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
VLAI Severity ?
EPSS score ?
Summary
An Improper Validation of Specified Type of Input vulnerability in Routing Protocol Daemon (RPD) of Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause Denial of Service (DoS).
If a BGP update is received over an established BGP session which contains a tunnel encapsulation attribute with a specifically malformed TLV, rpd will crash and restart.
This issue affects:
Junos OS:
* all versions before 21.2R3-S7,
* from 21.3 before 21.3R3-S5,
* from 21.4 before 21.4R3-S5,
* from 22.1 before 22.1R3-S5,
* from 22.2 before 22.2R3-S3,
* from 22.3 before 22.3R3-S2,
* from 22.4 before 22.4R3,
* from 23.2 before 23.2R1-S2, 23.2R2.
Junos OS Evolved:
* all versions before 21.2R3-S7-EVO,
* from 21.3-EVO before 21.3R3-S5-EVO,
* from 21.4-EVO before 21.4R3-S5-EVO,
* from 22.2-EVO before 22.2R3-S3-EVO,
* from 22.3-EVO before 22.3R3-S2-EVO,
* from 22.4-EVO before 22.4R3-EVO,
* from 23.2-EVO before 23.2R1-S2-EVO, 23.2R2-EVO.
This is a related but separate issue than the one described in JSA75739
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportportal.juniper.net/JSA79095 | vendor-advisory | |
| https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L | technical-description |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: 0 ≤ Version: 21.3 ≤ Version: 21.4 ≤ Version: 22.1 ≤ Version: 22.2 ≤ Version: 22.3 ≤ Version: 22.4 ≤ Version: 23.2 ≤ |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:juniper:junos_os_evolved:21.3:-:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos_os_evolved",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.3r3-s5",
"status": "affected",
"version": "21.3",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:juniper:junos_os_evolved:21.4:-:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos_os_evolved",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.4r3-s5",
"status": "affected",
"version": "21.4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:juniper:junos_os_evolved:22.2:-:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos_os_evolved",
"vendor": "juniper",
"versions": [
{
"lessThan": "22.2.r3-s3",
"status": "affected",
"version": "22.2",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:juniper:junos_os_evolved:22.3:-:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos_os_evolved",
"vendor": "juniper",
"versions": [
{
"lessThan": "22.3r3-s2",
"status": "affected",
"version": "22.3",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:juniper:junos_os_evolved:22.4:-:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos_os_evolved",
"vendor": "juniper",
"versions": [
{
"lessThan": "22.4r3",
"status": "affected",
"version": "22.4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:juniper:junos_os_evolved:23.2:-:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos_os_evolved",
"vendor": "juniper",
"versions": [
{
"lessThan": "23.r1-s2",
"status": "affected",
"version": "23.2",
"versionType": "custom"
},
{
"lessThan": "23.2r2",
"status": "affected",
"version": "23.2",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "junos_os_evolved",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.2r3-s7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-30395",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-12T17:13:16.848193Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T19:53:30.958Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:32:07.173Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA79095"
},
{
"tags": [
"technical-description",
"x_transferred"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S7",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.3R3-S5",
"status": "affected",
"version": "21.3",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S5",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S5",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S3",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S2",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R1-S2, 23.2R2",
"status": "affected",
"version": "23.2",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S7-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.3R3-S5-EVO",
"status": "affected",
"version": "21.3-EVO",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S5-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S3-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S2-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R3-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
},
{
"lessThan": "23.2R1-S2-EVO, 23.2R2-EVO",
"status": "affected",
"version": "23.2-EVO",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTo be exposed to this vulnerability BGP needs to be configured as in the following example, but no further options need to be enabled:\u003c/p\u003e\u003cp\u003e\u0026nbsp; [protocols bgp group \u0026lt;group\u0026gt; neighbor ...]\u003c/p\u003e\u003ctt\u003e\u003ctt\u003e\u003c/tt\u003e\u003c/tt\u003e"
}
],
"value": "To be exposed to this vulnerability BGP needs to be configured as in the following example, but no further options need to be enabled:\n\n\u00a0 [protocols bgp group \u003cgroup\u003e neighbor ...]"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Juniper SIRT would like to acknowledge and thank Matteo Memelli from Amazon for responsibly reporting this vulnerability."
}
],
"datePublic": "2024-04-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An\u0026nbsp;Improper Validation of Specified Type of Input\u003ca target=\"_blank\" rel=\"nofollow\"\u003e\u003c/a\u003e vulnerability in Routing Protocol Daemon (RPD) of Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003eIf a BGP update is received over an established BGP session which contains a tunnel encapsulation attribute with a specifically malformed TLV, rpd will crash and restart.\u003cbr\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJunos OS:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 21.2R3-S7,\u0026nbsp;\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 21.3 before 21.3R3-S5,\u0026nbsp;\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 21.4 before 21.4R3-S5,\u0026nbsp;\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 22.1 before 22.1R3-S5,\u0026nbsp;\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S3,\u0026nbsp;\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 22.3 before 22.3R3-S2,\u0026nbsp;\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3,\u0026nbsp;\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R1-S2, 23.2R2.\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eJunos OS Evolved:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 21.2R3-S7-EVO,\u0026nbsp;\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 21.3-EVO before 21.3R3-S5-EVO,\u0026nbsp;\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 21.4-EVO before 21.4R3-S5-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.2-EVO before 22.2R3-S3-EVO,\u0026nbsp;\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 22.3-EVO before 22.3R3-S2-EVO,\u0026nbsp;\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 22.4-EVO before 22.4R3-EVO,\u0026nbsp;\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 23.2-EVO before 23.2R1-S2-EVO, 23.2R2-EVO.\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003eThis is a related but separate issue than the one described in\u0026nbsp;JSA75739\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "An\u00a0Improper Validation of Specified Type of Input vulnerability in Routing Protocol Daemon (RPD) of Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause Denial of Service (DoS).\n\nIf a BGP update is received over an established BGP session which contains a tunnel encapsulation attribute with a specifically malformed TLV, rpd will crash and restart.\nThis issue affects:\n\nJunos OS:\n\n\n\n * all versions before 21.2R3-S7,\u00a0\n\n * from 21.3 before 21.3R3-S5,\u00a0\n\n * from 21.4 before 21.4R3-S5,\u00a0\n\n * from 22.1 before 22.1R3-S5,\u00a0\n\n * from 22.2 before 22.2R3-S3,\u00a0\n\n * from 22.3 before 22.3R3-S2,\u00a0\n\n * from 22.4 before 22.4R3,\u00a0\n\n * from 23.2 before 23.2R1-S2, 23.2R2.\n\n\n\n\n\nJunos OS Evolved:\n\n\n\n * all versions before 21.2R3-S7-EVO,\u00a0\n\n * from 21.3-EVO before 21.3R3-S5-EVO,\u00a0\n\n * from 21.4-EVO before 21.4R3-S5-EVO,\u00a0\n * from 22.2-EVO before 22.2R3-S3-EVO,\u00a0\n\n * from 22.3-EVO before 22.3R3-S2-EVO,\u00a0\n\n * from 22.4-EVO before 22.4R3-EVO,\u00a0\n\n * from 23.2-EVO before 23.2R1-S2-EVO, 23.2R2-EVO.\n\n\n\nThis is a related but separate issue than the one described in\u00a0JSA75739"
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e"
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1287",
"description": "CWE-1287 Improper Validation of Specified Type of Input",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T19:59:00.342Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA79095"
},
{
"tags": [
"technical-description"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue:\u003c/p\u003e\u003cp\u003eJunos OS:\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e21.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3, 23.2R1-S2, 23.2R2, 23.4R1, and all subsequent releases.\u003c/span\u003e\u003c/p\u003e\u003cp\u003eJunos OS Evolved: 21.2R3-S7-EVO, 21.3R3-S5-EVO, 21.4R3-S5-EVO, 22.2R3-S3-EVO, 22.3R3-S2-EVO, 22.4R3-EVO, 23.2R1-S2-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases.\u003c/p\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS:\u00a021.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3, 23.2R1-S2, 23.2R2, 23.4R1, and all subsequent releases.\n\nJunos OS Evolved: 21.2R3-S7-EVO, 21.3R3-S5-EVO, 21.4R3-S5-EVO, 22.2R3-S3-EVO, 22.3R3-S2-EVO, 22.4R3-EVO, 23.2R1-S2-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA79095",
"defect": [
"1750441"
],
"discovery": "USER"
},
"timeline": [
{
"lang": "en",
"time": "2024-04-10T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Junos OS and Junos OS Evolved: A malformed BGP tunnel encapsulation attribute will lead to an rpd crash",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are no available workarounds for this issue.\u003c/p\u003e"
}
],
"value": "There are no available workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-av217"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-30395",
"datePublished": "2024-04-12T15:07:20.344Z",
"dateReserved": "2024-03-26T23:06:17.995Z",
"dateUpdated": "2024-08-02T01:32:07.173Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28967 (GCVE-0-2023-28967)
Vulnerability from cvelistv5
Published
2023-04-17 00:00
Modified
2025-02-05 21:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A Use of Uninitialized Resource vulnerability in the Border Gateway Protocol (BGP) software of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to send specific genuine BGP packets to a device configured with BGP to cause a Denial of Service (DoS) by crashing the Routing Protocol Daemon (rpd). This issue is triggered when the packets attempt to initiate a BGP connection before a BGP session is successfully established. Continued receipt of these specific BGP packets will cause a sustained Denial of Service condition. This issue is triggerable in both iBGP and eBGP deployments. This issue affects: Juniper Networks Junos OS 21.1 version 21.1R1 and later versions prior to 21.1R3-S5; 21.2 version 21.2R1 and later versions prior to 21.2R3-S2; 21.3 version 21.3R1 and later versions prior to 21.3R3-S2; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R3; 22.2 versions prior to 22.2R2. This issue does not affect Juniper Networks Junos OS versions prior to 21.1R1. This issue affects: Juniper Networks Junos OS Evolved 21.1-EVO version 21.1R1-EVO and later versions prior to 21.4R3-EVO; 22.1-EVO versions prior to 22.1R3-EVO; 22.2-EVO versions prior to 22.2R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 21.1R1-EVO.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Patch: unspecified Version: 21.1R1 < 21.1* Version: 21.2R1 < 21.2* Version: 21.3R1 < 21.3* Version: 21.4 < 21.4R3 Version: 22.1 < 22.1R3 Version: 22.2 < 22.2R2 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:51:38.962Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA70591"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28967",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T21:46:52.361632Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T21:46:57.008Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.1R1",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
},
{
"changes": [
{
"at": "21.1R3-S5",
"status": "unaffected"
}
],
"lessThan": "21.1*",
"status": "affected",
"version": "21.1R1",
"versionType": "custom"
},
{
"changes": [
{
"at": "21.2R3-S2",
"status": "unaffected"
}
],
"lessThan": "21.2*",
"status": "affected",
"version": "21.2R1",
"versionType": "custom"
},
{
"changes": [
{
"at": "21.3R3-S2",
"status": "unaffected"
}
],
"lessThan": "21.3*",
"status": "affected",
"version": "21.3R1",
"versionType": "custom"
},
{
"lessThan": "21.4R3",
"status": "affected",
"version": "21.4",
"versionType": "custom"
},
{
"lessThan": "22.1R3",
"status": "affected",
"version": "22.1",
"versionType": "custom"
},
{
"lessThan": "22.2R2",
"status": "affected",
"version": "22.2",
"versionType": "custom"
}
]
},
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.1R1-EVO",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "21.1-EVO*",
"status": "affected",
"version": "21.1R1-EVO",
"versionType": "custom"
},
{
"lessThan": "21.4R3-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "custom"
},
{
"lessThan": "22.1R3-EVO",
"status": "affected",
"version": "22.1-EVO",
"versionType": "custom"
},
{
"lessThan": "22.2R2-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "The following minimal configuration is required:\n\n [protocols bgp]"
}
],
"datePublic": "2023-04-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Use of Uninitialized Resource vulnerability in the Border Gateway Protocol (BGP) software of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to send specific genuine BGP packets to a device configured with BGP to cause a Denial of Service (DoS) by crashing the Routing Protocol Daemon (rpd). This issue is triggered when the packets attempt to initiate a BGP connection before a BGP session is successfully established. Continued receipt of these specific BGP packets will cause a sustained Denial of Service condition. This issue is triggerable in both iBGP and eBGP deployments. This issue affects: Juniper Networks Junos OS 21.1 version 21.1R1 and later versions prior to 21.1R3-S5; 21.2 version 21.2R1 and later versions prior to 21.2R3-S2; 21.3 version 21.3R1 and later versions prior to 21.3R3-S2; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R3; 22.2 versions prior to 22.2R2. This issue does not affect Juniper Networks Junos OS versions prior to 21.1R1. This issue affects: Juniper Networks Junos OS Evolved 21.1-EVO version 21.1R1-EVO and later versions prior to 21.4R3-EVO; 22.1-EVO versions prior to 22.1R3-EVO; 22.2-EVO versions prior to 22.2R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 21.1R1-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-908",
"description": "CWE-908: Use of Uninitialized Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-17T00:00:00.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"url": "https://supportportal.juniper.net/JSA70591"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS: 21.1R3-S5, 21.2R3-S2, 21.3R3-S2, 21.4R3, 22.1R3, 22.2R2, 22.3R1, and all subsequent releases.\n\nJunos OS Evolved: 21.4R3-EVO, 22.1R3-EVO, 22.2R2-EVO, 22.3R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA70591",
"defect": [
"1673833"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: An attacker sending genuine BGP packets causes an RPD crash",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue. \n\nTo reduce the risk of exploitation utilize common security BCPs to limit the exploitable surface by disallowing access to all BGP services on networks and devices to only trusted systems, administrators, networks and hosts."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2023-28967",
"datePublished": "2023-04-17T00:00:00.000Z",
"dateReserved": "2023-03-29T00:00:00.000Z",
"dateUpdated": "2025-02-05T21:46:57.008Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39559 (GCVE-0-2024-39559)
Vulnerability from cvelistv5
Published
2024-07-10 22:42
Modified
2024-08-02 04:26
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
8.2 (High) - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/R:A
8.2 (High) - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/R:A
VLAI Severity ?
EPSS score ?
Summary
An Improper Check for Unusual or Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS Evolved may allow a network-based unauthenticated attacker to crash the device (vmcore) by sending a specific TCP packet over an established TCP session with MD5 authentication enabled, destined to an accessible port on the device, resulting in a Denial of Service (DoS). The receipt of this packet must occur within a specific timing window outside the attacker's control (i.e., race condition).
Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.
This issue only affects dual RE systems with Nonstop Active Routing (NSR) enabled.
Exploitation can only occur over TCP sessions with MD5 authentication enabled (e.g., BGP with MD5 authentication).
This issue affects Junos OS Evolved:
* All versions before 21.2R3-S8-EVO,
* from 21.4-EVO before 21.4R3-S6-EVO,
* from 22.1-EVO before 22.1R3-S4-EVO,
* from 22.2-EVO before 22.2R3-S4-EVO,
* from 22.3-EVO before 22.3R3-S3-EVO,
* from 22.4-EVO before 22.4R2-S2-EVO, 22.4R3-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportportal.juniper.net/JSA83019 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Version: 0 ≤ Version: 21.4-EVO ≤ Version: 22.1-EVO ≤ Version: 22.2-EVO ≤ Version: 22.3-EVO ≤ Version: 22.4-EVO ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39559",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T18:58:52.449170Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T18:58:59.544Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.950Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA83019"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S8-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S6-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S4-EVO",
"status": "affected",
"version": "22.1-EVO",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S4-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S3-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R2-S2-EVO, 22.4R3-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An example of a system with NSR enabled is shown below:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ routing-options\u0026nbsp;nonstop-routing ]\u003c/tt\u003e\u003cbr\u003e\u003cbr\u003e\n\nMD5 authentication is enabled for BGP using the following configuration option:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ protocols bgp ... authentication-key \u0026lt;password\u0026gt; ]\u003c/tt\u003e"
}
],
"value": "An example of a system with NSR enabled is shown below:\n\n[ routing-options\u00a0nonstop-routing ]\n\n\n\nMD5 authentication is enabled for BGP using the following configuration option:\n\n[ protocols bgp ... authentication-key \u003cpassword\u003e ]"
}
],
"datePublic": "2024-07-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS Evolved may allow a network-based unauthenticated attacker to crash the device (vmcore) by sending a specific TCP packet over an established TCP session with MD5 authentication enabled, destined to an accessible port on the device, resulting in a Denial of Service (DoS).\u0026nbsp; The receipt of this packet must occur within a specific timing window outside the attacker\u0027s control (i.e., race condition).\u003cbr\u003e\u003cbr\u003eContinued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.\u003cbr\u003e\u003cbr\u003eThis issue only affects\u0026nbsp;dual RE systems with Nonstop Active Routing (NSR) enabled.\u003cbr\u003eExploitation can only occur over TCP sessions with MD5 authentication enabled (e.g., BGP with MD5 authentication).\u003cbr\u003e\u003cbr\u003e\u003cp\u003eThis issue affects Junos OS Evolved:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.2R3-S8-EVO, \u003c/li\u003e\u003cli\u003efrom 21.4-EVO before 21.4R3-S6-EVO, \u003c/li\u003e\u003cli\u003efrom 22.1-EVO before 22.1R3-S4-EVO, \u003c/li\u003e\u003cli\u003efrom 22.2-EVO before 22.2R3-S4-EVO, \u003c/li\u003e\u003cli\u003efrom 22.3-EVO before 22.3R3-S3-EVO, \u003c/li\u003e\u003cli\u003efrom 22.4-EVO before 22.4R2-S2-EVO, 22.4R3-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS Evolved may allow a network-based unauthenticated attacker to crash the device (vmcore) by sending a specific TCP packet over an established TCP session with MD5 authentication enabled, destined to an accessible port on the device, resulting in a Denial of Service (DoS).\u00a0 The receipt of this packet must occur within a specific timing window outside the attacker\u0027s control (i.e., race condition).\n\nContinued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.\n\nThis issue only affects\u00a0dual RE systems with Nonstop Active Routing (NSR) enabled.\nExploitation can only occur over TCP sessions with MD5 authentication enabled (e.g., BGP with MD5 authentication).\n\nThis issue affects Junos OS Evolved:\u00a0\n\n\n\n * All versions before 21.2R3-S8-EVO, \n * from 21.4-EVO before 21.4R3-S6-EVO, \n * from 22.1-EVO before 22.1R3-S4-EVO, \n * from 22.2-EVO before 22.2R3-S4-EVO, \n * from 22.3-EVO before 22.3R3-S3-EVO, \n * from 22.4-EVO before 22.4R2-S2-EVO, 22.4R3-EVO."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/R:A",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T22:42:02.555Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA83019"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: 21.2R3-S8-EVO, 21.4R3-S6-EVO, 22.1R3-S4-EVO, 22.2R3-S4-EVO, 22.3R3-S3-EVO, 22.4R2-S2-EVO, 22.4R3-EVO, 23.2R1-EVO, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue: 21.2R3-S8-EVO, 21.4R3-S6-EVO, 22.1R3-S4-EVO, 22.2R3-S4-EVO, 22.3R3-S3-EVO, 22.4R2-S2-EVO, 22.4R3-EVO, 23.2R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA83019",
"defect": [
"1723268"
],
"discovery": "INTERNAL"
},
"title": "Junos OS Evolved: Receipt of a specific TCP packet may result in a system crash (vmcore) on dual RE systems with NSR enabled",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-39559",
"datePublished": "2024-07-10T22:42:02.555Z",
"dateReserved": "2024-06-25T15:12:53.247Z",
"dateUpdated": "2024-08-02T04:26:15.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22183 (GCVE-0-2022-22183)
Vulnerability from cvelistv5
Published
2022-04-14 15:50
Modified
2024-09-16 20:13
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An Improper Access Control vulnerability in Juniper Networks Junos OS Evolved allows a network-based unauthenticated attacker who is able to connect to a specific open IPv4 port, which in affected releases should otherwise be unreachable, to cause the CPU to consume all resources as more traffic is sent to the port to create a Denial of Service (DoS) condition. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS Evolved 20.4 versions prior to 20.4R3-S2-EVO; 21.1 versions prior to 21.1R3-S1-EVO; 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO; 21.4 versions prior to 21.4R2-EVO. This issue does not affect Junos OS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA69516 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS Evolved |
Version: 20.4 < 20.4R3-S2-EVO Version: 21.1 < 21.1R3-S1-EVO Version: 21.2 < 21.2R3-EVO Version: 21.3 < 21.3R2-EVO Version: 21.4 < 21.4R2-EVO |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:07:50.192Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA69516"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S2-EVO",
"status": "affected",
"version": "20.4",
"versionType": "custom"
},
{
"lessThan": "21.1R3-S1-EVO",
"status": "affected",
"version": "21.1",
"versionType": "custom"
},
{
"lessThan": "21.2R3-EVO",
"status": "affected",
"version": "21.2",
"versionType": "custom"
},
{
"lessThan": "21.3R2-EVO",
"status": "affected",
"version": "21.3",
"versionType": "custom"
},
{
"lessThan": "21.4R2-EVO",
"status": "affected",
"version": "21.4",
"versionType": "custom"
}
]
},
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"status": "unaffected",
"version": "Any"
}
]
}
],
"datePublic": "2022-04-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Improper Access Control vulnerability in Juniper Networks Junos OS Evolved allows a network-based unauthenticated attacker who is able to connect to a specific open IPv4 port, which in affected releases should otherwise be unreachable, to cause the CPU to consume all resources as more traffic is sent to the port to create a Denial of Service (DoS) condition. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS Evolved 20.4 versions prior to 20.4R3-S2-EVO; 21.1 versions prior to 21.1R3-S1-EVO; 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO; 21.4 versions prior to 21.4R2-EVO. This issue does not affect Junos OS."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-16",
"description": "CWE-16 Configuration",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-14T15:50:40",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA69516"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 20.4R3-S2-EVO, 21.1R3-S1-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R2-EVO, 22.1R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA69516",
"defect": [
"1636338"
],
"discovery": "USER"
},
"title": "Junos OS Evolved: A remote attacker may cause a CPU Denial of Service by sending genuine traffic to a device on a specific IPv4 port.",
"workarounds": [
{
"lang": "en",
"value": "There are no available workarounds for this issue.\n\nTo reduce the risk of exploitation customers may enable loopback firewall filters on the device to drop unnecessary connections and traffic from untrusted networks and devices."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2022-04-13T16:00:00.000Z",
"ID": "CVE-2022-22183",
"STATE": "PUBLIC",
"TITLE": "Junos OS Evolved: A remote attacker may cause a CPU Denial of Service by sending genuine traffic to a device on a specific IPv4 port."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "20.4",
"version_value": "20.4R3-S2-EVO"
},
{
"version_affected": "\u003c",
"version_name": "21.1",
"version_value": "21.1R3-S1-EVO"
},
{
"version_affected": "\u003c",
"version_name": "21.2",
"version_value": "21.2R3-EVO"
},
{
"version_affected": "\u003c",
"version_name": "21.3",
"version_value": "21.3R2-EVO"
},
{
"version_affected": "\u003c",
"version_name": "21.4",
"version_value": "21.4R2-EVO"
}
]
}
},
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "!",
"version_value": "Any"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Improper Access Control vulnerability in Juniper Networks Junos OS Evolved allows a network-based unauthenticated attacker who is able to connect to a specific open IPv4 port, which in affected releases should otherwise be unreachable, to cause the CPU to consume all resources as more traffic is sent to the port to create a Denial of Service (DoS) condition. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS Evolved 20.4 versions prior to 20.4R3-S2-EVO; 21.1 versions prior to 21.1R3-S1-EVO; 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO; 21.4 versions prior to 21.4R2-EVO. This issue does not affect Junos OS."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-16 Configuration"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA69516",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA69516"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 20.4R3-S2-EVO, 21.1R3-S1-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R2-EVO, 22.1R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA69516",
"defect": [
"1636338"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "There are no available workarounds for this issue.\n\nTo reduce the risk of exploitation customers may enable loopback firewall filters on the device to drop unnecessary connections and traffic from untrusted networks and devices."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2022-22183",
"datePublished": "2022-04-14T15:50:40.506078Z",
"dateReserved": "2021-12-21T00:00:00",
"dateUpdated": "2024-09-16T20:13:18.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22238 (GCVE-0-2022-22238)
Vulnerability from cvelistv5
Published
2022-10-18 02:46
Modified
2025-05-10 02:35
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). When an incoming RESV message corresponding to a protected LSP is malformed it causes an incorrect internal state resulting in an rpd core. This issue affects: Juniper Networks Junos OS All versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S6; 19.4 versions prior to 19.4R3-S8; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R1-S2, 21.2R3; 21.3 versions prior to 21.3R2. Juniper Networks Junos OS Evolved All versions prior to 20.2R3-S3-EVO; 20.3-EVO version 20.3R1-EVO and later versions; 20.4-EVO versions prior to 20.4R3-S1-EVO; 21.1-EVO version 21.1R1-EVO and later versions; 21.2-EVO version 21.2R1-EVO and later versions; 21.3-EVO versions prior to 21.3R2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA69894 |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: unspecified < 19.2R3-S6 Version: 19.3 < 19.3R3-S6 Version: 19.4 < 19.4R3-S8 Version: 20.1 < 20.1R3-S2 Version: 20.2 < 20.2R3-S3 Version: 20.3 < 20.3R3-S2 Version: 20.4 < 20.4R3-S1 Version: 21.1 < 21.1R3 Version: 21.2 < 21.2R1-S2, 21.2R3 Version: 21.3 < 21.3R2 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:07:50.170Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.juniper.net/JSA69894"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-22238",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-10T02:35:40.270232Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-10T02:35:56.995Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "19.2R3-S6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "19.3R3-S6",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R3-S8",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R3-S2",
"status": "affected",
"version": "20.1",
"versionType": "custom"
},
{
"lessThan": "20.2R3-S3",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R3-S2",
"status": "affected",
"version": "20.3",
"versionType": "custom"
},
{
"lessThan": "20.4R3-S1",
"status": "affected",
"version": "20.4",
"versionType": "custom"
},
{
"lessThan": "21.1R3",
"status": "affected",
"version": "21.1",
"versionType": "custom"
},
{
"lessThan": "21.2R1-S2, 21.2R3",
"status": "affected",
"version": "21.2",
"versionType": "custom"
},
{
"lessThan": "21.3R2",
"status": "affected",
"version": "21.3",
"versionType": "custom"
}
]
},
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.2R3-S3-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "20.3-EVO*",
"status": "affected",
"version": "20.3R1-EVO",
"versionType": "custom"
},
{
"lessThan": "20.4R3-S1-EVO",
"status": "affected",
"version": "20.4-EVO",
"versionType": "custom"
},
{
"lessThan": "21.1-EVO*",
"status": "affected",
"version": "21.1R1-EVO",
"versionType": "custom"
},
{
"lessThan": "21.2-EVO*",
"status": "affected",
"version": "21.2R1-EVO",
"versionType": "custom"
},
{
"lessThan": "21.3R2-EVO",
"status": "affected",
"version": "21.3-EVO",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "To be affected by this issue the device must be configured with node protection for at least one LSP with either of:\n\n [protocols rsvp mpls label-switched-path \u003clsp-name\u003e node-protection]\n [protocols rsvp mpls label-switched-path \u003clsp-name\u003e node-link-protection]"
}
],
"datePublic": "2022-10-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). When an incoming RESV message corresponding to a protected LSP is malformed it causes an incorrect internal state resulting in an rpd core. This issue affects: Juniper Networks Junos OS All versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S6; 19.4 versions prior to 19.4R3-S8; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R1-S2, 21.2R3; 21.3 versions prior to 21.3R2. Juniper Networks Junos OS Evolved All versions prior to 20.2R3-S3-EVO; 20.3-EVO version 20.3R1-EVO and later versions; 20.4-EVO versions prior to 20.4R3-S1-EVO; 21.1-EVO version 21.1R1-EVO and later versions; 21.2-EVO version 21.2R1-EVO and later versions; 21.3-EVO versions prior to 21.3R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-18T00:00:00.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"url": "https://kb.juniper.net/JSA69894"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: \nJunos OS: 19.4R3-S8, 20.1R3-S2, 20.2R3-S3, 20.3R3-S2, 20.4R3-S1, 21.1R3, 21.2R1-S2, 21.2R3, 21.3R2, 21.4R1, and all subsequent releases.\nJunos OS Evolved: 20.2R3-S3-EVO, 20.4R3-S1-EVO, 21.3R2-EVO, 21.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA69894",
"defect": [
"1560059"
],
"discovery": "INTERNAL"
},
"title": "Junos OS and Junos OS Evolved: The rpd process will crash when a malformed incoming RESV message is processed",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2022-22238",
"datePublished": "2022-10-18T02:46:40.306Z",
"dateReserved": "2021-12-21T00:00:00.000Z",
"dateUpdated": "2025-05-10T02:35:56.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39512 (GCVE-0-2024-39512)
Vulnerability from cvelistv5
Published
2024-07-10 23:02
Modified
2024-08-02 04:26
Severity ?
6.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.0 (High) - CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.0 (High) - CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
Summary
An Improper Physical Access Control vulnerability in the console port control of Juniper Networks Junos OS Evolved allows an attacker with physical access to the device to get access to a user account.
When the console cable is disconnected, the logged in user is not logged out. This allows a malicious attacker with physical access to the console to resume a previous session and possibly gain administrative privileges.
This issue affects Junos OS Evolved:
* from 23.2R2-EVO before 23.2R2-S1-EVO,
* from 23.4R1-EVO before 23.4R2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportportal.juniper.net/JSA82977 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Version: 23.2R2-EVO ≤ Version: 23.4R1-EVO ≤ |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:juniper:junos_evolved:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "junos_evolved",
"vendor": "juniper",
"versions": [
{
"lessThan": "23.2R2-S1-EVO",
"status": "affected",
"version": "23.2R2-EVO",
"versionType": "semver"
},
{
"lessThan": "23.4R2-EVO",
"status": "affected",
"version": "23.4R1-EVO",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39512",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-12T15:12:54.866035Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T16:25:36.401Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.874Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA82977"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "23.2R2-S1-EVO",
"status": "affected",
"version": "23.2R2-EVO",
"versionType": "semver"
},
{
"lessThan": "23.4R2-EVO",
"status": "affected",
"version": "23.4R1-EVO",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-07-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Physical Access Control vulnerability in the console port control of Juniper Networks Junos OS Evolved allows an attacker with physical access to the device to get access to a user account.\u003cbr\u003e\u003cbr\u003eWhen the console cable is disconnected, the logged in user is not logged out.\u0026nbsp;This allows a malicious attacker with physical access to the console to resume a previous session and possibly gain administrative privileges.\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects Junos OS Evolved: \u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 23.2R2-EVO before 23.2R2-S1-EVO,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 23.4R1-EVO before 23.4R2-EVO.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/span\u003e"
}
],
"value": "An Improper Physical Access Control vulnerability in the console port control of Juniper Networks Junos OS Evolved allows an attacker with physical access to the device to get access to a user account.\n\nWhen the console cable is disconnected, the logged in user is not logged out.\u00a0This allows a malicious attacker with physical access to the console to resume a previous session and possibly gain administrative privileges.\n\nThis issue affects Junos OS Evolved: \n * from 23.2R2-EVO before 23.2R2-S1-EVO,\u00a0\n * from 23.4R1-EVO before 23.4R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "PHYSICAL",
"baseScore": 7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1263",
"description": "CWE-1263 Improper Physical Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T23:02:05.458Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA82977"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: 23.2R2-S1-EVO, 23.4R2-EVO, 24.2R1-EVO, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue: 23.2R2-S1-EVO, 23.4R2-EVO, 24.2R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA82977",
"defect": [
"1802653"
],
"discovery": "INTERNAL"
},
"title": "Junos OS Evolved: User is not logged out when the console cable is disconnected",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-39512",
"datePublished": "2024-07-10T23:02:05.458Z",
"dateReserved": "2024-06-25T15:12:53.237Z",
"dateUpdated": "2024-08-02T04:26:15.874Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22196 (GCVE-0-2022-22196)
Vulnerability from cvelistv5
Published
2022-04-14 15:50
Modified
2024-09-16 20:59
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker with an established ISIS adjacency to cause a Denial of Service (DoS). The rpd CPU spikes to 100% after a malformed ISIS TLV has been received which will lead to processing issues of routing updates and in turn traffic impact. This issue affects: Juniper Networks Junos OS 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R2-S6, 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S3-EVO; 21.2 versions prior to 21.2R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 19.3R1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA69509 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Patch: unspecified Version: 19.3 < 19.3R3-S4 Version: 19.4 < 19.4R2-S6, 19.4R3-S6 Version: 20.1 < 20.1R3-S2 Version: 20.2 < 20.2R3-S3 Version: 20.3 < 20.3R3-S1 Version: 20.4 < 20.4R3 Version: 21.1 < 21.1R3 Version: 21.2 < 21.2R2 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:07:49.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA69509"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "19.3R1",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "19.3R3-S4",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R2-S6, 19.4R3-S6",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R3-S2",
"status": "affected",
"version": "20.1",
"versionType": "custom"
},
{
"lessThan": "20.2R3-S3",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R3-S1",
"status": "affected",
"version": "20.3",
"versionType": "custom"
},
{
"lessThan": "20.4R3",
"status": "affected",
"version": "20.4",
"versionType": "custom"
},
{
"lessThan": "21.1R3",
"status": "affected",
"version": "21.1",
"versionType": "custom"
},
{
"lessThan": "21.2R2",
"status": "affected",
"version": "21.2",
"versionType": "custom"
}
]
},
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S3-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "21.2R2-EVO",
"status": "affected",
"version": "21.2",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-04-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker with an established ISIS adjacency to cause a Denial of Service (DoS). The rpd CPU spikes to 100% after a malformed ISIS TLV has been received which will lead to processing issues of routing updates and in turn traffic impact. This issue affects: Juniper Networks Junos OS 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R2-S6, 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S3-EVO; 21.2 versions prior to 21.2R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 19.3R1."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-14T15:50:58",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA69509"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: \nJunos OS: 19.3R3-S4, 19.4R2-S6, 19.4R3-S6, 20.1R3-S2, 20.2R3-S3, 20.3R3-S1, 20.4R3, 21.1R3, 21.2R2, 21.3R1, and all subsequent releases;\nJunos OS Evolved: 20.4R3-S3-EVO, 21.2R2-EVO, 21.3R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA69509",
"defect": [
"1610983"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: The rpd CPU spikes to 100% after a malformed ISIS TLV has been received",
"workarounds": [
{
"lang": "en",
"value": "There are no workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2022-04-13T07:00:00.000Z",
"ID": "CVE-2022-22196",
"STATE": "PUBLIC",
"TITLE": "Junos OS and Junos OS Evolved: The rpd CPU spikes to 100% after a malformed ISIS TLV has been received"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R3-S4"
},
{
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R2-S6, 19.4R3-S6"
},
{
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R3-S2"
},
{
"version_affected": "\u003c",
"version_name": "20.2",
"version_value": "20.2R3-S3"
},
{
"version_affected": "\u003c",
"version_name": "20.3",
"version_value": "20.3R3-S1"
},
{
"version_affected": "\u003c",
"version_name": "20.4",
"version_value": "20.4R3"
},
{
"version_affected": "\u003c",
"version_name": "21.1",
"version_value": "21.1R3"
},
{
"version_affected": "\u003c",
"version_name": "21.2",
"version_value": "21.2R2"
},
{
"version_affected": "!\u003c",
"version_value": "19.3R1"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "20.4R3-S3-EVO"
},
{
"version_affected": "\u003c",
"version_name": "21.2",
"version_value": "21.2R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker with an established ISIS adjacency to cause a Denial of Service (DoS). The rpd CPU spikes to 100% after a malformed ISIS TLV has been received which will lead to processing issues of routing updates and in turn traffic impact. This issue affects: Juniper Networks Junos OS 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R2-S6, 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S3-EVO; 21.2 versions prior to 21.2R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 19.3R1."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-754 Improper Check for Unusual or Exceptional Conditions"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA69509",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA69509"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: \nJunos OS: 19.3R3-S4, 19.4R2-S6, 19.4R3-S6, 20.1R3-S2, 20.2R3-S3, 20.3R3-S1, 20.4R3, 21.1R3, 21.2R2, 21.3R1, and all subsequent releases;\nJunos OS Evolved: 20.4R3-S3-EVO, 21.2R2-EVO, 21.3R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA69509",
"defect": [
"1610983"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "There are no workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2022-22196",
"datePublished": "2022-04-14T15:50:58.157754Z",
"dateReserved": "2021-12-21T00:00:00",
"dateUpdated": "2024-09-16T20:59:04.245Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-44189 (GCVE-0-2023-44189)
Vulnerability from cvelistv5
Published
2023-10-11 21:00
Modified
2024-09-18 14:34
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An Origin Validation vulnerability in MAC address validation of Juniper Networks Junos OS Evolved on PTX10003 Series allows a network-adjacent attacker to bypass MAC address checking, allowing MAC addresses not intended to reach the adjacent LAN to be forwarded to the downstream network. Due to this issue, the router will start forwarding traffic if a valid route is present in forwarding-table, causing a loop and congestion in the downstream layer-2 domain connected to the device.
This issue affects Juniper Networks Junos OS Evolved on PTX10003 Series:
* All versions prior to 21.4R3-S4-EVO;
* 22.1 versions prior to 22.1R3-S3-EVO;
* 22.2 version 22.2R1-EVO and later versions;
* 22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO;
* 22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO;
* 23.2 versions prior to 23.2R2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportportal.juniper.net/JSA73153 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Version: 0 ≤ Version: 22.1 ≤ Version: 22.2R1-EVO ≤ Version: 22.3 ≤ Version: 22.4 ≤ Version: 23.2 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:59:51.251Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA73153"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-44189",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T14:34:36.367068Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T14:34:40.247Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"PTX10003 Series"
],
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.4R3-S4-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S3-EVO",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2*-EVO",
"status": "affected",
"version": "22.2R1-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R2-S2-EVO, 22.3R3-S1-EVO",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R2-S1-EVO, 22.4R3-EVO",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2-EVO",
"status": "affected",
"version": "23.2",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eNo specific configuration is required.\u003c/p\u003e"
}
],
"value": "No specific configuration is required.\n\n"
}
],
"datePublic": "2023-10-11T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eAn Origin Validation vulnerability in MAC address validation of Juniper Networks Junos OS Evolved on PTX10003 Series allows a network-adjacent attacker to bypass MAC address checking, allowing MAC addresses not intended to reach the adjacent LAN to be forwarded to the downstream network. Due to this issue, the router will start forwarding traffic if a valid route is present in forwarding-table, causing a loop and congestion in the downstream layer-2 domain connected to the device.\u003c/p\u003e\u003cp\u003eThis issue affects Juniper Networks Junos OS Evolved on PTX10003 Series:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions prior to 21.4R3-S4-EVO;\u003c/li\u003e\u003cli\u003e22.1 versions prior to 22.1R3-S3-EVO;\u003c/li\u003e\u003cli\u003e22.2 version 22.2R1-EVO and later versions;\u003c/li\u003e\u003cli\u003e22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO;\u003c/li\u003e\u003cli\u003e22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO;\u003c/li\u003e\u003cli\u003e23.2 versions prior to 23.2R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\n\n"
}
],
"value": "\nAn Origin Validation vulnerability in MAC address validation of Juniper Networks Junos OS Evolved on PTX10003 Series allows a network-adjacent attacker to bypass MAC address checking, allowing MAC addresses not intended to reach the adjacent LAN to be forwarded to the downstream network. Due to this issue, the router will start forwarding traffic if a valid route is present in forwarding-table, causing a loop and congestion in the downstream layer-2 domain connected to the device.\n\nThis issue affects Juniper Networks Junos OS Evolved on PTX10003 Series:\n\n\n\n * All versions prior to 21.4R3-S4-EVO;\n * 22.1 versions prior to 22.1R3-S3-EVO;\n * 22.2 version 22.2R1-EVO and later versions;\n * 22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO;\n * 22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO;\n * 23.2 versions prior to 23.2R2-EVO.\n\n\n\n\n\n\n"
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e"
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346 Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-11T21:10:46.791Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA73153"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue: Junos OS Evolved 21.4R3-S4-EVO, 22.1R3-S3-EVO, 22.3R2-S2-EVO, 22.3R3-S1-EVO, 22.4R2-S1-EVO, 22.4R3-EVO, 23.2R2-EVO, 23.3R1-EVO, and all subsequent releases.\u003c/p\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved 21.4R3-S4-EVO, 22.1R3-S3-EVO, 22.3R2-S2-EVO, 22.3R3-S1-EVO, 22.4R2-S1-EVO, 22.4R3-EVO, 23.2R2-EVO, 23.3R1-EVO, and all subsequent releases.\n\n"
}
],
"source": {
"advisory": "JSA73153",
"defect": [
"1732283"
],
"discovery": "USER"
},
"timeline": [
{
"lang": "en",
"time": "2023-10-11T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Junos OS Evolved: PTX10003 Series: MAC address validation bypass vulnerability",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are no known workarounds for this issue.\u003c/p\u003e"
}
],
"value": "There are no known workarounds for this issue.\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-av217"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2023-44189",
"datePublished": "2023-10-11T21:00:54.637Z",
"dateReserved": "2023-09-26T19:30:27.953Z",
"dateUpdated": "2024-09-18T14:34:40.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28982 (GCVE-0-2023-28982)
Vulnerability from cvelistv5
Published
2023-04-17 00:00
Modified
2025-02-05 21:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS). In a BGP rib sharding scenario, when an attribute of an active BGP route is updated memory will leak. As rpd memory usage increases over time the rpd process will eventually run out of memory, crash, and restart. The memory utilization can be monitored with the following CLI commands: show task memory show system processes extensive | match rpd This issue affects: Juniper Networks Junos OS 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S6; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R2. Juniper Networks Junos OS Evolved 20.3-EVO version 20.3R1-EVO and later versions; 20.4-EVO versions prior to 20.4R3-S6-EVO; 21.2-EVO versions prior to 21.2R3-EVO; 21.3-EVO versions prior to 21.3R2-EVO.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: 20.3 < 20.3R3-S2 Version: 20.4 < 20.4R3-S6 Version: 21.1 < 21.1R3 Version: 21.2 < 21.2R3 Version: 21.3 < 21.3R2 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:51:38.912Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA70608"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28982",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T21:39:46.561533Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T21:39:58.563Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.3R3-S2",
"status": "affected",
"version": "20.3",
"versionType": "custom"
},
{
"lessThan": "20.4R3-S6",
"status": "affected",
"version": "20.4",
"versionType": "custom"
},
{
"lessThan": "21.1R3",
"status": "affected",
"version": "21.1",
"versionType": "custom"
},
{
"lessThan": "21.2R3",
"status": "affected",
"version": "21.2",
"versionType": "custom"
},
{
"lessThan": "21.3R2",
"status": "affected",
"version": "21.3",
"versionType": "custom"
}
]
},
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.3-EVO*",
"status": "affected",
"version": "20.3R1-EVO",
"versionType": "custom"
},
{
"lessThan": "20.4R3-S6-EVO",
"status": "affected",
"version": "20.4-EVO",
"versionType": "custom"
},
{
"lessThan": "21.2R3-EVO",
"status": "affected",
"version": "21.2-EVO",
"versionType": "custom"
},
{
"lessThan": "21.3R2-EVO",
"status": "affected",
"version": "21.3-EVO",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "To be exposed to this issue the system needs to be configured with rib sharding as follows:\n\n [system processes routing bgp rib-sharding]"
}
],
"datePublic": "2023-04-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS). In a BGP rib sharding scenario, when an attribute of an active BGP route is updated memory will leak. As rpd memory usage increases over time the rpd process will eventually run out of memory, crash, and restart. The memory utilization can be monitored with the following CLI commands: show task memory show system processes extensive | match rpd This issue affects: Juniper Networks Junos OS 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S6; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R2. Juniper Networks Junos OS Evolved 20.3-EVO version 20.3R1-EVO and later versions; 20.4-EVO versions prior to 20.4R3-S6-EVO; 21.2-EVO versions prior to 21.2R3-EVO; 21.3-EVO versions prior to 21.3R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-17T00:00:00.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"url": "https://supportportal.juniper.net/JSA70608"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: \nJunos OS Evolved: 20.4R3-S6-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, and all subsequent releases.\nJunos OS: 20.3R3-S2, 20.4R3-S6, 21.1R3, 21.2R3, 21.3R2, 21.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA70608",
"defect": [
"1617618"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: In a BGP rib sharding scenario when a route is frequently updated an rpd memory leak will occur",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2023-28982",
"datePublished": "2023-04-17T00:00:00.000Z",
"dateReserved": "2023-03-29T00:00:00.000Z",
"dateUpdated": "2025-02-05T21:39:58.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22400 (GCVE-0-2023-22400)
Vulnerability from cvelistv5
Published
2023-01-12 00:00
Modified
2025-04-07 15:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An Uncontrolled Resource Consumption vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause an FPC crash leading to a Denial of Service (DoS). When a specific SNMP GET operation or a specific CLI command is executed this will cause a GUID resource leak, eventually leading to exhaustion and result in an FPC crash and reboot. GUID exhaustion will trigger a syslog message like one of the following for example: evo-pfemand[<pid>]: get_next_guid: Ran out of Guid Space ... evo-aftmand-zx[<pid>]: get_next_guid: Ran out of Guid Space ... This leak can be monitored by running the following command and taking note of the value in the rightmost column labeled Guids: user@host> show platform application-info allocations app evo-pfemand | match "IFDId|IFLId|Context" Node Application Context Name Live Allocs Fails Guids re0 evo-pfemand net::juniper::interfaces::IFDId 0 3448 0 3448 re0 evo-pfemand net::juniper::interfaces::IFLId 0 561 0 561 user@host> show platform application-info allocations app evo-pfemand | match "IFDId|IFLId|Context" Node Application Context Name Live Allocs Fails Guids re0 evo-pfemand net::juniper::interfaces::IFDId 0 3784 0 3784 re0 evo-pfemand net::juniper::interfaces::IFLId 0 647 0 647 This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S3-EVO; 21.1-EVO version 21.1R1-EVO and later versions; 21.2-EVO versions prior to 21.2R3-S4-EVO; 21.3-EVO version 21.3R1-EVO and later versions; 21.4-EVO versions prior to 21.4R2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA70196 |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Version: unspecified < 20.4R3-S3-EVO Version: 21.1R1-EVO < 21.1-EVO* Version: 21.2-EVO < 21.2R3-S4-EVO Version: 21.3R1-EVO < 21.3-EVO* Version: 21.4-EVO < 21.4R2-EVO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.juniper.net/JSA70196"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22400",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T15:07:38.833935Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T15:39:30.618Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S3-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "21.1-EVO*",
"status": "affected",
"version": "21.1R1-EVO",
"versionType": "custom"
},
{
"lessThan": "21.2R3-S4-EVO",
"status": "affected",
"version": "21.2-EVO",
"versionType": "custom"
},
{
"lessThan": "21.3-EVO*",
"status": "affected",
"version": "21.3R1-EVO",
"versionType": "custom"
},
{
"lessThan": "21.4R2-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-01-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Uncontrolled Resource Consumption vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause an FPC crash leading to a Denial of Service (DoS). When a specific SNMP GET operation or a specific CLI command is executed this will cause a GUID resource leak, eventually leading to exhaustion and result in an FPC crash and reboot. GUID exhaustion will trigger a syslog message like one of the following for example: evo-pfemand[\u003cpid\u003e]: get_next_guid: Ran out of Guid Space ... evo-aftmand-zx[\u003cpid\u003e]: get_next_guid: Ran out of Guid Space ... This leak can be monitored by running the following command and taking note of the value in the rightmost column labeled Guids: user@host\u003e show platform application-info allocations app evo-pfemand | match \"IFDId|IFLId|Context\" Node Application Context Name Live Allocs Fails Guids re0 evo-pfemand net::juniper::interfaces::IFDId 0 3448 0 3448 re0 evo-pfemand net::juniper::interfaces::IFLId 0 561 0 561 user@host\u003e show platform application-info allocations app evo-pfemand | match \"IFDId|IFLId|Context\" Node Application Context Name Live Allocs Fails Guids re0 evo-pfemand net::juniper::interfaces::IFDId 0 3784 0 3784 re0 evo-pfemand net::juniper::interfaces::IFLId 0 647 0 647 This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S3-EVO; 21.1-EVO version 21.1R1-EVO and later versions; 21.2-EVO versions prior to 21.2R3-S4-EVO; 21.3-EVO version 21.3R1-EVO and later versions; 21.4-EVO versions prior to 21.4R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-12T00:00:00.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"url": "https://kb.juniper.net/JSA70196"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 20.4R3-S3-EVO, 21.2R3-S4-EVO, 21.4R2-EVO, 22.1R1-EVO, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA70196",
"defect": [
"1641313"
],
"discovery": "USER"
},
"title": "Junos OS Evolved: A specific SNMP GET operation and a specific CLI commands cause resources to leak and eventually the evo-pfemand process will crash",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue.\n\nTo reduce the risk of exploitation of this issue, use access lists or firewall filters to limit access to only trusted networks, hosts and users."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2023-22400",
"datePublished": "2023-01-12T00:00:00.000Z",
"dateReserved": "2022-12-27T00:00:00.000Z",
"dateUpdated": "2025-04-07T15:39:30.618Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-44196 (GCVE-0-2023-44196)
Vulnerability from cvelistv5
Published
2023-10-12 23:05
Modified
2024-09-18 14:01
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An Improper Check for Unusual or Exceptional Conditions in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS Evolved on PTX10003 Series allows an unauthenticated adjacent attacker to cause an impact to the integrity of the system.
When specific transit MPLS packets are received by the PFE, these packets are internally forwarded to the RE. This issue is a prerequisite for CVE-2023-44195.
This issue affects Juniper Networks Junos OS Evolved:
* All versions prior to 20.4R3-S8-EVO;
* 21.1-EVO version 21.1R1-EVO and later;
* 21.2-EVO versions prior to 21.2R3-S6-EVO;
* 21.3-EVO version 21.3R1-EVO and later;
* 21.4-EVO versions prior to 21.4R3-S3-EVO;
* 22.1-EVO versions prior to 22.1R3-S4-EVO;
* 22.2-EVO versions prior to 22.2R3-S3-EVO;
* 22.3-EVO versions prior to 22.3R2-S2-EVO, 22.3R3-EVO;
* 22.4-EVO versions prior to 22.4R2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportportal.juniper.net/JSA73162 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Version: 0 ≤ Version: 21.1R1-EVO ≤ Version: 21.2-EVO ≤ Version: 21.3R1-EVO ≤ Version: 21.4-EVO ≤ Version: 22.1-EVO ≤ Version: 22.2-EVO ≤ Version: 22.3-EVO ≤ Version: 22.4-EVO ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:59:51.639Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA73162"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-44196",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T14:00:31.476860Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T14:01:01.123Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"PTX10003 Series"
],
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S8-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.1*-EVO",
"status": "affected",
"version": "21.1R1-EVO",
"versionType": "semver"
},
{
"lessThan": "21.2R3-S6-EVO",
"status": "affected",
"version": "21.2-EVO",
"versionType": "semver"
},
{
"lessThan": "21.3*-EVO",
"status": "affected",
"version": "21.3R1-EVO",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S3-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S4-EVO",
"status": "affected",
"version": "22.1-EVO",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S3-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R2-S2-EVO, 22.3R3-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R2-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTo be affected by this vulnerability the device needs to be configured with MPLS like in the following example:\u003c/p\u003e \u003ctt\u003e[interfaces unit family mpls]\u003c/tt\u003e"
}
],
"value": "To be affected by this vulnerability the device needs to be configured with MPLS like in the following example:\n\n [interfaces unit family mpls]"
}
],
"datePublic": "2023-10-11T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eAn Improper Check for Unusual or Exceptional Conditions in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS Evolved on PTX10003 Series allows an unauthenticated adjacent attacker to cause an impact to the integrity of the system.\u003c/p\u003e\u003cp\u003eWhen specific transit MPLS packets are received by the PFE, these packets are internally forwarded to the RE. This issue is a prerequisite for CVE-2023-44195.\u003c/p\u003e\u003cp\u003eThis issue affects Juniper Networks Junos OS Evolved:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions prior to 20.4R3-S8-EVO;\u003c/li\u003e\u003cli\u003e21.1-EVO version 21.1R1-EVO and later;\u003c/li\u003e\u003cli\u003e21.2-EVO versions prior to 21.2R3-S6-EVO;\u003c/li\u003e\u003cli\u003e21.3-EVO version 21.3R1-EVO and later;\u003c/li\u003e\u003cli\u003e21.4-EVO versions prior to 21.4R3-S3-EVO;\u003c/li\u003e\u003cli\u003e22.1-EVO versions prior to 22.1R3-S4-EVO;\u003c/li\u003e\u003cli\u003e22.2-EVO versions prior to 22.2R3-S3-EVO;\u003c/li\u003e\u003cli\u003e22.3-EVO versions prior to 22.3R2-S2-EVO, 22.3R3-EVO;\u003c/li\u003e\u003cli\u003e22.4-EVO versions prior to 22.4R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\n\n"
}
],
"value": "\nAn Improper Check for Unusual or Exceptional Conditions in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS Evolved on PTX10003 Series allows an unauthenticated adjacent attacker to cause an impact to the integrity of the system.\n\nWhen specific transit MPLS packets are received by the PFE, these packets are internally forwarded to the RE. This issue is a prerequisite for CVE-2023-44195.\n\nThis issue affects Juniper Networks Junos OS Evolved:\n\n\n\n * All versions prior to 20.4R3-S8-EVO;\n * 21.1-EVO version 21.1R1-EVO and later;\n * 21.2-EVO versions prior to 21.2R3-S6-EVO;\n * 21.3-EVO version 21.3R1-EVO and later;\n * 21.4-EVO versions prior to 21.4R3-S3-EVO;\n * 22.1-EVO versions prior to 22.1R3-S4-EVO;\n * 22.2-EVO versions prior to 22.2R3-S3-EVO;\n * 22.3-EVO versions prior to 22.3R2-S2-EVO, 22.3R3-EVO;\n * 22.4-EVO versions prior to 22.4R2-EVO.\n\n\n\n\n\n\n"
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e"
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-12T23:05:06.222Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA73162"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue: Junos OS Evolved 20.4R3-S8-EVO, 21.2R3-S6-EVO, 21.4R3-S3-EVO, 22.1R3-S4-EVO, 22.2R3-S3-EVO, 22.3R2-S2-EVO, 22.3R3-EVO, 22.4R2-EVO, 23.2R1-EVO, and all subsequent releases.\u003c/p\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved 20.4R3-S8-EVO, 21.2R3-S6-EVO, 21.4R3-S3-EVO, 22.1R3-S4-EVO, 22.2R3-S3-EVO, 22.3R2-S2-EVO, 22.3R3-EVO, 22.4R2-EVO, 23.2R1-EVO, and all subsequent releases.\n\n"
}
],
"source": {
"advisory": "JSA73162",
"defect": [
"1705997"
],
"discovery": "USER"
},
"timeline": [
{
"lang": "en",
"time": "2023-10-11T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Junos OS Evolved: PTX10003 Series: Packets which are not destined to the router can reach the RE",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are no known workarounds for this issue.\u003c/p\u003e"
}
],
"value": "There are no known workarounds for this issue.\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-av217"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2023-44196",
"datePublished": "2023-10-12T23:05:06.222Z",
"dateReserved": "2023-09-26T19:30:32.349Z",
"dateUpdated": "2024-09-18T14:01:01.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-44190 (GCVE-0-2023-44190)
Vulnerability from cvelistv5
Published
2023-10-11 21:04
Modified
2024-09-18 14:32
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An Origin Validation vulnerability in MAC address validation of Juniper Networks Junos OS Evolved on PTX10001, PTX10004, PTX10008, and PTX10016 devices allows a network-adjacent attacker to bypass MAC address checking, allowing MAC addresses not intended to reach the adjacent LAN to be forwarded to the downstream network. Due to this issue, the router will start forwarding traffic if a valid route is present in forwarding-table, causing a loop and congestion in the downstream layer-2 domain connected to the device.
This issue affects Juniper Networks Junos OS Evolved on PTX10001, PTX10004, PTX10008, and PTX10016:
* All versions prior to 21.4R3-S5-EVO;
* 22.1 versions prior to 22.1R3-S4-EVO;
* 22.2 versions 22.2R1-EVO and later;
* 22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO;
* 22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO;
* 23.2 versions prior to 23.2R1-S1-EVO, 23.2R2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportportal.juniper.net/JSA73154 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Version: 0 ≤ Version: 22.1 ≤ Version: 22.2R1-EVO ≤ Version: 22.3 ≤ Version: 22.4 ≤ Version: 23.2 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:59:51.191Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA73154"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-44190",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T14:32:10.891227Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T14:32:43.527Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"PTX10001",
"PTX10004",
"PTX10008",
"PTX10016"
],
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.4R3-S5-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S4-EVO",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2*-EVO",
"status": "affected",
"version": "22.2R1-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R2-S2-EVO, 22.3R3-S1-EVO",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R2-S1-EVO, 22.4R3-EVO",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R1-S1-EVO, 23.2R2-EVO",
"status": "affected",
"version": "23.2",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eNo specific configuration is required.\u003c/p\u003e"
}
],
"value": "No specific configuration is required.\n\n"
}
],
"datePublic": "2023-10-11T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eAn Origin Validation vulnerability in MAC address validation of Juniper Networks Junos OS Evolved on PTX10001, PTX10004, PTX10008, and PTX10016 devices allows a network-adjacent attacker to bypass MAC address checking, allowing MAC addresses not intended to reach the adjacent LAN to be forwarded to the downstream network. Due to this issue, the router will start forwarding traffic if a valid route is present in forwarding-table, causing a loop and congestion in the downstream layer-2 domain connected to the device.\u003c/p\u003e\u003cp\u003eThis issue affects Juniper Networks Junos OS Evolved on PTX10001, PTX10004, PTX10008, and PTX10016:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions prior to 21.4R3-S5-EVO;\u003c/li\u003e\u003cli\u003e22.1 versions prior to 22.1R3-S4-EVO;\u003c/li\u003e\u003cli\u003e22.2 versions 22.2R1-EVO and later;\u003c/li\u003e\u003cli\u003e22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO;\u003c/li\u003e\u003cli\u003e22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO;\u003c/li\u003e\u003cli\u003e23.2 versions prior to 23.2R1-S1-EVO, 23.2R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\n\n"
}
],
"value": "\nAn Origin Validation vulnerability in MAC address validation of Juniper Networks Junos OS Evolved on PTX10001, PTX10004, PTX10008, and PTX10016 devices allows a network-adjacent attacker to bypass MAC address checking, allowing MAC addresses not intended to reach the adjacent LAN to be forwarded to the downstream network. Due to this issue, the router will start forwarding traffic if a valid route is present in forwarding-table, causing a loop and congestion in the downstream layer-2 domain connected to the device.\n\nThis issue affects Juniper Networks Junos OS Evolved on PTX10001, PTX10004, PTX10008, and PTX10016:\n\n\n\n * All versions prior to 21.4R3-S5-EVO;\n * 22.1 versions prior to 22.1R3-S4-EVO;\n * 22.2 versions 22.2R1-EVO and later;\n * 22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO;\n * 22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO;\n * 23.2 versions prior to 23.2R1-S1-EVO, 23.2R2-EVO.\n\n\n\n\n\n\n"
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e"
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346 Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-11T21:11:10.663Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA73154"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue: Junos OS Evolved 21.4R3-S5-EVO, 22.1R3-S4-EVO, 22.3R2-S2-EVO, 22.3R3-S1-EVO, 22.4R2-S1-EVO, 22.4R3-EVO, 23.2R1-S1-EVO, 23.2R2-EVO, 23.3R1-EVO, and all subsequent releases.\u003c/p\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved 21.4R3-S5-EVO, 22.1R3-S4-EVO, 22.3R2-S2-EVO, 22.3R3-S1-EVO, 22.4R2-S1-EVO, 22.4R3-EVO, 23.2R1-S1-EVO, 23.2R2-EVO, 23.3R1-EVO, and all subsequent releases.\n\n"
}
],
"source": {
"advisory": "JSA73154",
"defect": [
"1735224"
],
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2023-10-11T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Junos OS Evolved: PTX10001, PTX10004, PTX10008, PTX10016: MAC address validation bypass vulnerability",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are no known workarounds for this issue.\u003c/p\u003e"
}
],
"value": "There are no known workarounds for this issue.\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-av217"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2023-44190",
"datePublished": "2023-10-11T21:04:01.884Z",
"dateReserved": "2023-09-26T19:30:27.953Z",
"dateUpdated": "2024-09-18T14:32:43.527Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-31356 (GCVE-0-2021-31356)
Vulnerability from cvelistv5
Published
2021-10-19 18:16
Modified
2024-09-16 20:42
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A command injection vulnerability in command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to execute arbitrary shell commands within the context of the current user. The vulnerability allows an attacker to bypass command authorization restrictions assigned to their specific user account and execute commands that are available to the privilege level for which the user is assigned. For example, a user that is in the super-user login class, but restricted to executing specific CLI commands could exploit the vulnerability to execute any other command available to an unrestricted admin user. This vulnerability does not increase the privilege level of the user, but rather bypasses any CLI command restrictions by allowing full access to the shell. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S1-EVO; All versions of 21.1-EVO and 21.2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA11221 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Version: unspecified < 20.4R3-S1-EVO Version: 21.1R1-EVO < 21.1* Version: 21.2R1-EVO < 21.2* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:55:53.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11221"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S1-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "21.1*",
"status": "affected",
"version": "21.1R1-EVO",
"versionType": "custom"
},
{
"lessThan": "21.2*",
"status": "affected",
"version": "21.2R1-EVO",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-10-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability in command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to execute arbitrary shell commands within the context of the current user. The vulnerability allows an attacker to bypass command authorization restrictions assigned to their specific user account and execute commands that are available to the privilege level for which the user is assigned. For example, a user that is in the super-user login class, but restricted to executing specific CLI commands could exploit the vulnerability to execute any other command available to an unrestricted admin user. This vulnerability does not increase the privilege level of the user, but rather bypasses any CLI command restrictions by allowing full access to the shell. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S1-EVO; All versions of 21.1-EVO and 21.2-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-19T18:16:39",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11221"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved 20.4R3-S1-EVO*, 21.3R1-EVO, and all subsequent releases.\n\n*Late availability"
}
],
"source": {
"advisory": "JSA11221",
"defect": [
"1594651"
],
"discovery": "INTERNAL"
},
"title": "Junos OS Evolved: Multiple shell-injection vulnerabilities in EVO UI wrapper scripts",
"workarounds": [
{
"lang": "en",
"value": "Use access lists or firewall filters to limit access to the device via CLI only from trusted hosts and from trusted administrators."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-10-13T16:00:00.000Z",
"ID": "CVE-2021-31356",
"STATE": "PUBLIC",
"TITLE": "Junos OS Evolved: Multiple shell-injection vulnerabilities in EVO UI wrapper scripts"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "20.4R3-S1-EVO"
},
{
"version_affected": "\u003e=",
"version_name": "21.1",
"version_value": "21.1R1-EVO"
},
{
"version_affected": "\u003e=",
"version_name": "21.2",
"version_value": "21.2R1-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A command injection vulnerability in command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to execute arbitrary shell commands within the context of the current user. The vulnerability allows an attacker to bypass command authorization restrictions assigned to their specific user account and execute commands that are available to the privilege level for which the user is assigned. For example, a user that is in the super-user login class, but restricted to executing specific CLI commands could exploit the vulnerability to execute any other command available to an unrestricted admin user. This vulnerability does not increase the privilege level of the user, but rather bypasses any CLI command restrictions by allowing full access to the shell. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S1-EVO; All versions of 21.1-EVO and 21.2-EVO."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11221",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11221"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved 20.4R3-S1-EVO*, 21.3R1-EVO, and all subsequent releases.\n\n*Late availability"
}
],
"source": {
"advisory": "JSA11221",
"defect": [
"1594651"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Use access lists or firewall filters to limit access to the device via CLI only from trusted hosts and from trusted administrators."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-31356",
"datePublished": "2021-10-19T18:16:39.614593Z",
"dateReserved": "2021-04-15T00:00:00",
"dateUpdated": "2024-09-16T20:42:59.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22172 (GCVE-0-2022-22172)
Vulnerability from cvelistv5
Published
2022-01-19 00:21
Modified
2024-09-16 20:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A Missing Release of Memory after Effective Lifetime vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a memory leak. Continued exploitation can lead to memory exhaustion and thereby a Denial of Service (DoS). This issue occurs when specific LLDP packets are received. The impact of the l2cpd cores is that if any of the stp protocols (rstp, mstp or vstp) is used then stp re-converges and traffic loss will occur during that time. Also if any services depend on LLDP state (like PoE or VoIP device recognition) then these will also be affected. The memory utilization of the L2CPd process can be monitored with the following command: user@host> show system processes extensive | match l2cpd 1234 root 52 0 521M 43412K RUN 1 4:02 34.47% l2cpd This issue affects: Juniper Networks Junos OS 18.4 version 18.4R2-S4 and later versions prior to 18.4R2-S10. 19.2 versions prior to 19.2R1-S8, 19.2R3-S4; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R3-S7; 20.1 versions prior to 20.1R3-S3; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2-S2, 21.1R3; 21.2 versions prior to 21.2R2; Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S2-EVO; 21.1 version 21.1R1-EVO and later versions; 21.2 versions prior to 21.2R2-EVO. This issue does not affect: Juniper Networks Junos OS 19.1 version 19.1R1 and later versions.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA11278 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Patch: unspecified Version: 18.4R2-S4 < 18.4* Patch: 19.1R1 Version: 19.2 < 19.2R1-S8, 19.2R3-S4 Version: 19.3 < 19.3R3-S5 Version: 19.4 < 19.4R3-S7 Version: 20.1 < 20.1R3-S3 Version: 20.2 < 20.2R3-S2 Version: 20.3 < 20.3R3-S1 Version: 20.4 < 20.4R3 Version: 21.1 < 21.1R2-S2, 21.1R3 Version: 21.2 < 21.2R2 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:07:49.700Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11278"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "18.4R2-S4",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
},
{
"changes": [
{
"at": "18.4R2-S10",
"status": "unaffected"
}
],
"lessThan": "18.4*",
"status": "affected",
"version": "18.4R2-S4",
"versionType": "custom"
},
{
"lessThan": "19.1*",
"status": "unaffected",
"version": "19.1R1",
"versionType": "custom"
},
{
"lessThan": "19.2R1-S8, 19.2R3-S4",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R3-S5",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R3-S7",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R3-S3",
"status": "affected",
"version": "20.1",
"versionType": "custom"
},
{
"lessThan": "20.2R3-S2",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R3-S1",
"status": "affected",
"version": "20.3",
"versionType": "custom"
},
{
"lessThan": "20.4R3",
"status": "affected",
"version": "20.4",
"versionType": "custom"
},
{
"lessThan": "21.1R2-S2, 21.1R3",
"status": "affected",
"version": "21.1",
"versionType": "custom"
},
{
"lessThan": "21.2R2",
"status": "affected",
"version": "21.2",
"versionType": "custom"
}
]
},
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S2-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "21.1*",
"status": "affected",
"version": "21.1R1-EVO",
"versionType": "custom"
},
{
"lessThan": "21.2R2-EVO",
"status": "affected",
"version": "21.2",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "This vulnerability is only exploitable on interfaces with LLDP enabled. \n [ protocols lldp ]"
}
],
"datePublic": "2022-01-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Missing Release of Memory after Effective Lifetime vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a memory leak. Continued exploitation can lead to memory exhaustion and thereby a Denial of Service (DoS). This issue occurs when specific LLDP packets are received. The impact of the l2cpd cores is that if any of the stp protocols (rstp, mstp or vstp) is used then stp re-converges and traffic loss will occur during that time. Also if any services depend on LLDP state (like PoE or VoIP device recognition) then these will also be affected. The memory utilization of the L2CPd process can be monitored with the following command: user@host\u003e show system processes extensive | match l2cpd 1234 root 52 0 521M 43412K RUN 1 4:02 34.47% l2cpd This issue affects: Juniper Networks Junos OS 18.4 version 18.4R2-S4 and later versions prior to 18.4R2-S10. 19.2 versions prior to 19.2R1-S8, 19.2R3-S4; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R3-S7; 20.1 versions prior to 20.1R3-S3; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2-S2, 21.1R3; 21.2 versions prior to 21.2R2; Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S2-EVO; 21.1 version 21.1R1-EVO and later versions; 21.2 versions prior to 21.2R2-EVO. This issue does not affect: Juniper Networks Junos OS 19.1 version 19.1R1 and later versions."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-19T00:21:19",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11278"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: \nfor Junos OS: 19.2R1-S8, 19.2R3-S4, 19.3R3-S5, 19.4R3-S7, 20.1R3-S3, 20.2R3-S2, 20.3R3-S1, 20.4R3, 21.1R2-S2, 21.1R3, 21.2R2, 21.3R1, and all subsequent releases.\nfor Junos OS Evolved: 20.4R3-S2-EVO, 21.2R2-EVO, 21.3R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11278",
"defect": [
"1602588"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: An l2cpd memory leak can occur when specific LLDP packets are received leading to a DoS",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2022-01-12T17:00:00.000Z",
"ID": "CVE-2022-22172",
"STATE": "PUBLIC",
"TITLE": "Junos OS and Junos OS Evolved: An l2cpd memory leak can occur when specific LLDP packets are received leading to a DoS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "18.4",
"version_value": "18.4R2-S4"
},
{
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R2-S10"
},
{
"version_affected": "!\u003e=",
"version_name": "19.1",
"version_value": "19.1R1"
},
{
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R1-S8, 19.2R3-S4"
},
{
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R3-S5"
},
{
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R3-S7"
},
{
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R3-S3"
},
{
"version_affected": "\u003c",
"version_name": "20.2",
"version_value": "20.2R3-S2"
},
{
"version_affected": "\u003c",
"version_name": "20.3",
"version_value": "20.3R3-S1"
},
{
"version_affected": "\u003c",
"version_name": "20.4",
"version_value": "20.4R3"
},
{
"version_affected": "\u003c",
"version_name": "21.1",
"version_value": "21.1R2-S2, 21.1R3"
},
{
"version_affected": "\u003c",
"version_name": "21.2",
"version_value": "21.2R2"
},
{
"version_affected": "!\u003c",
"version_value": "18.4R2-S4"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "20.4R3-S2-EVO"
},
{
"version_affected": "\u003e=",
"version_name": "21.1",
"version_value": "21.1R1-EVO"
},
{
"version_affected": "\u003c",
"version_name": "21.2",
"version_value": "21.2R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "This vulnerability is only exploitable on interfaces with LLDP enabled. \n [ protocols lldp ]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Missing Release of Memory after Effective Lifetime vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a memory leak. Continued exploitation can lead to memory exhaustion and thereby a Denial of Service (DoS). This issue occurs when specific LLDP packets are received. The impact of the l2cpd cores is that if any of the stp protocols (rstp, mstp or vstp) is used then stp re-converges and traffic loss will occur during that time. Also if any services depend on LLDP state (like PoE or VoIP device recognition) then these will also be affected. The memory utilization of the L2CPd process can be monitored with the following command: user@host\u003e show system processes extensive | match l2cpd 1234 root 52 0 521M 43412K RUN 1 4:02 34.47% l2cpd This issue affects: Juniper Networks Junos OS 18.4 version 18.4R2-S4 and later versions prior to 18.4R2-S10. 19.2 versions prior to 19.2R1-S8, 19.2R3-S4; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R3-S7; 20.1 versions prior to 20.1R3-S3; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2-S2, 21.1R3; 21.2 versions prior to 21.2R2; Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S2-EVO; 21.1 version 21.1R1-EVO and later versions; 21.2 versions prior to 21.2R2-EVO. This issue does not affect: Juniper Networks Junos OS 19.1 version 19.1R1 and later versions."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-401 Missing Release of Memory after Effective Lifetime"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11278",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11278"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: \nfor Junos OS: 19.2R1-S8, 19.2R3-S4, 19.3R3-S5, 19.4R3-S7, 20.1R3-S3, 20.2R3-S2, 20.3R3-S1, 20.4R3, 21.1R2-S2, 21.1R3, 21.2R2, 21.3R1, and all subsequent releases.\nfor Junos OS Evolved: 20.4R3-S2-EVO, 21.2R2-EVO, 21.3R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11278",
"defect": [
"1602588"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2022-22172",
"datePublished": "2022-01-19T00:21:20.016310Z",
"dateReserved": "2021-12-21T00:00:00",
"dateUpdated": "2024-09-16T20:36:59.235Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-0226 (GCVE-0-2021-0226)
Vulnerability from cvelistv5
Published
2021-04-22 19:36
Modified
2024-09-17 00:11
Severity ?
VLAI Severity ?
EPSS score ?
Summary
On Juniper Networks Junos OS Evolved devices, receipt of a specific IPv6 packet may cause an established IPv6 BGP session to terminate, creating a Denial of Service (DoS) condition. Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue does not affect IPv4 BGP sessions. This issue affects IBGP or EBGP peer sessions with IPv6. This issue affects: Juniper Networks Junos OS Evolved: 19.4 versions prior to 19.4R2-S3-EVO; 20.1 versions prior to 20.1R2-S3-EVO; 20.2 versions prior to 20.2R2-S1-EVO; 20.3 versions prior to 20.3R2-EVO. This issue does not affect Juniper Networks Junos OS releases.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA11121 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Version: 19.4-EVO < 19.4R2-S3-EVO Version: 20.1-EVO < 20.1R2-S3-EVO Version: 20.2-EVO < 20.2R2-S1-EVO Version: 20.3-EVO < 20.3R2-EVO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:10.081Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11121"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "19.4R2-S3-EVO",
"status": "affected",
"version": "19.4-EVO",
"versionType": "custom"
},
{
"lessThan": "20.1R2-S3-EVO",
"status": "affected",
"version": "20.1-EVO",
"versionType": "custom"
},
{
"lessThan": "20.2R2-S1-EVO",
"status": "affected",
"version": "20.2-EVO",
"versionType": "custom"
},
{
"lessThan": "20.3R2-EVO",
"status": "affected",
"version": "20.3-EVO",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "On Juniper Networks Junos OS Evolved devices, receipt of a specific IPv6 packet may cause an established IPv6 BGP session to terminate, creating a Denial of Service (DoS) condition. Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue does not affect IPv4 BGP sessions. This issue affects IBGP or EBGP peer sessions with IPv6. This issue affects: Juniper Networks Junos OS Evolved: 19.4 versions prior to 19.4R2-S3-EVO; 20.1 versions prior to 20.1R2-S3-EVO; 20.2 versions prior to 20.2R2-S1-EVO; 20.3 versions prior to 20.3R2-EVO. This issue does not affect Juniper Networks Junos OS releases."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-665",
"description": "CWE-665: Improper Initialization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T19:36:56",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/JSA11121"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved: 19.4R2-S3-EVO, 20.1R2-S3-EVO, 20.2R2-S1-EVO, 20.3R2-EVO, 20.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11121",
"defect": [
"1544978"
],
"discovery": "USER"
},
"title": "Junos OS Evolved: The IPv6 BGP session will flap due to receipt of a specific IPv6 packet",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-04-14T16:00:00.000Z",
"ID": "CVE-2021-0226",
"STATE": "PUBLIC",
"TITLE": "Junos OS Evolved: The IPv6 BGP session will flap due to receipt of a specific IPv6 packet"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "19.4-EVO",
"version_value": "19.4R2-S3-EVO"
},
{
"version_affected": "\u003c",
"version_name": "20.1-EVO",
"version_value": "20.1R2-S3-EVO"
},
{
"version_affected": "\u003c",
"version_name": "20.2-EVO",
"version_value": "20.2R2-S1-EVO"
},
{
"version_affected": "\u003c",
"version_name": "20.3-EVO",
"version_value": "20.3R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Juniper Networks Junos OS Evolved devices, receipt of a specific IPv6 packet may cause an established IPv6 BGP session to terminate, creating a Denial of Service (DoS) condition. Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue does not affect IPv4 BGP sessions. This issue affects IBGP or EBGP peer sessions with IPv6. This issue affects: Juniper Networks Junos OS Evolved: 19.4 versions prior to 19.4R2-S3-EVO; 20.1 versions prior to 20.1R2-S3-EVO; 20.2 versions prior to 20.2R2-S1-EVO; 20.3 versions prior to 20.3R2-EVO. This issue does not affect Juniper Networks Junos OS releases."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-665: Improper Initialization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11121",
"refsource": "MISC",
"url": "https://kb.juniper.net/JSA11121"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved: 19.4R2-S3-EVO, 20.1R2-S3-EVO, 20.2R2-S1-EVO, 20.3R2-EVO, 20.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11121",
"defect": [
"1544978"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0226",
"datePublished": "2021-04-22T19:36:56.622655Z",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-09-17T00:11:39.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22192 (GCVE-0-2022-22192)
Vulnerability from cvelistv5
Published
2022-10-18 02:46
Modified
2025-05-12 14:47
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An Improper Validation of Syntactic Correctness of Input vulnerability in the kernel of Juniper Networks Junos OS Evolved on PTX series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). When an incoming TCP packet destined to the device is malformed there is a possibility of a kernel panic. Only TCP packets destined to the ports for BGP, LDP and MSDP can trigger this. This issue only affects PTX10004, PTX10008, PTX10016. No other PTX Series devices or other platforms are affected. This issue affects Juniper Networks Junos OS Evolved: 20.4-EVO versions prior to 20.4R3-S4-EVO; 21.3-EVO versions prior to 21.3R3-EVO; 21.4-EVO versions prior to 21.4R3-EVO; 22.1-EVO versions prior to 22.1R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 20.4R1-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA69915 |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Patch: unspecified Version: 20.4-EVO < 20.4R3-S4-EVO Version: 21.3-EVO < 21.3R3-EVO Version: 21.4-EVO < 21.4R3-EVO Version: 22.1-EVO < 22.1R2-EVO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:07:50.066Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.juniper.net/JSA69915"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-22192",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-12T14:46:56.646973Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-12T14:47:03.406Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"PTX10004, PTX10008, PTX10016"
],
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R1-EVO",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "20.4R3-S4-EVO",
"status": "affected",
"version": "20.4-EVO",
"versionType": "custom"
},
{
"lessThan": "21.3R3-EVO",
"status": "affected",
"version": "21.3-EVO",
"versionType": "custom"
},
{
"lessThan": "21.4R3-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "custom"
},
{
"lessThan": "22.1R2-EVO",
"status": "affected",
"version": "22.1-EVO",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-10-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Improper Validation of Syntactic Correctness of Input vulnerability in the kernel of Juniper Networks Junos OS Evolved on PTX series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). When an incoming TCP packet destined to the device is malformed there is a possibility of a kernel panic. Only TCP packets destined to the ports for BGP, LDP and MSDP can trigger this. This issue only affects PTX10004, PTX10008, PTX10016. No other PTX Series devices or other platforms are affected. This issue affects Juniper Networks Junos OS Evolved: 20.4-EVO versions prior to 20.4R3-S4-EVO; 21.3-EVO versions prior to 21.3R3-EVO; 21.4-EVO versions prior to 21.4R3-EVO; 22.1-EVO versions prior to 22.1R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 20.4R1-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1286",
"description": "CWE-1286 Improper Validation of Syntactic Correctness of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-18T00:00:00.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"url": "https://kb.juniper.net/JSA69915"
}
],
"solutions": [
{
"lang": "en",
"value": "The following Junos OS Evolved software releases have been updated to resolve this specific issue: 20.4R3-S4-EVO, 21.4R3-EVO, 22.1R2-EVO, 22.2R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA69915",
"defect": [
"1663201"
],
"discovery": "USER"
},
"title": "Junos OS Evolved: PTX Series: An attacker can cause a kernel panic by sending a malformed TCP packet to the device",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2022-22192",
"datePublished": "2022-10-18T02:46:17.784Z",
"dateReserved": "2021-12-21T00:00:00.000Z",
"dateUpdated": "2025-05-12T14:47:03.406Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-0236 (GCVE-0-2021-0236)
Vulnerability from cvelistv5
Published
2021-04-22 19:37
Modified
2024-09-16 19:15
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Due to an improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved the Routing Protocol Daemon (RPD) service, upon receipt of a specific matching BGP packet meeting a specific term in the flowspec configuration, crashes and restarts causing a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects only Multiprotocol BGP (MP-BGP) VPNv6 FlowSpec deployments. This issue affects: Juniper Networks Junos OS: 18.4 versions prior to 18.4R1-S8, 18.4R2-S7, 18.4R3-S7; 19.1 versions prior to 19.1R2-S2, 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2; 19.3 versions prior to 19.3R3-S2; 19.4 versions prior to 19.4R2-S4, 19.4R3-S1; 20.1 versions prior to 20.1R2, 20.1R3; 20.2 versions prior to 20.2R2, 20.2R3; 20.3 versions prior to 20.3R1-S1, 20.3R2. Juniper Networks Junos OS Evolved: All versions after 18.4R1-EVO prior to 20.3R2-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 18.4R1. Juniper Networks Junos OS Evolved versions prior to 18.4R1-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA11131 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Patch: unspecified Version: 18.4 < 18.4R1-S8, 18.4R2-S7, 18.4R3-S7 Version: 19.1 < 19.1R2-S2, 19.1R3-S4 Version: 19.2 < 19.2R1-S6, 19.2R3-S2 Version: 19.3 < 19.3R3-S2 Version: 19.4 < 19.4R2-S4, 19.4R3-S1 Version: 20.1 < 20.1R2, 20.1R3, 20.1R3-EVO Version: 20.2 < 20.2R2, 20.2R3, 20.2R3-EVO Version: 20.3 < 20.3R1-S1, 20.3R2, 20.3R2-EVO |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:10.109Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11131"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "18.4R1",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "18.4R1-S8, 18.4R2-S7, 18.4R3-S7",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R2-S2, 19.1R3-S4",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R1-S6, 19.2R3-S2",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R3-S2",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R2-S4, 19.4R3-S1",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R2, 20.1R3, 20.1R3-EVO",
"status": "affected",
"version": "20.1",
"versionType": "custom"
},
{
"lessThan": "20.2R2, 20.2R3, 20.2R3-EVO",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R1-S1, 20.3R2, 20.3R2-EVO",
"status": "affected",
"version": "20.3",
"versionType": "custom"
}
]
},
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "18.4R1-EVO",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "20.3R2-EVO",
"status": "affected",
"version": "20.3-EVO",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "The examples of the config stanza affected by this issue:\n [ protocols bgp group \u003cgroup-name\u003e family inet6-vpn flow ]"
}
],
"datePublic": "2021-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Due to an improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved the Routing Protocol Daemon (RPD) service, upon receipt of a specific matching BGP packet meeting a specific term in the flowspec configuration, crashes and restarts causing a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects only Multiprotocol BGP (MP-BGP) VPNv6 FlowSpec deployments. This issue affects: Juniper Networks Junos OS: 18.4 versions prior to 18.4R1-S8, 18.4R2-S7, 18.4R3-S7; 19.1 versions prior to 19.1R2-S2, 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2; 19.3 versions prior to 19.3R3-S2; 19.4 versions prior to 19.4R2-S4, 19.4R3-S1; 20.1 versions prior to 20.1R2, 20.1R3; 20.2 versions prior to 20.2R2, 20.2R3; 20.3 versions prior to 20.3R1-S1, 20.3R2. Juniper Networks Junos OS Evolved: All versions after 18.4R1-EVO prior to 20.3R2-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 18.4R1. Juniper Networks Junos OS Evolved versions prior to 18.4R1-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T19:37:03",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/JSA11131"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 18.4R1-S8, 18.4R2-S7, 18.4R3-S7, 19.1R2-S2, 19.1R3-S4, 19.2R1-S6, 19.2R3-S2, 19.3R3-S2, 19.4R2-S4, 19.4R3-S1, 20.1R2, 20.1R3, 20.2R2, 20.2R3, 20.3R1-S1, 20.3R2, 20.4R1 and all subsequent releases.\n\nJunos OS Evolved: 20.3R2-EVO, 20.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11131",
"defect": [
"1537085"
],
"discovery": "INTERNAL"
},
"title": "Junos OS: A specific BGP VPNv6 flowspec message causes routing protocol daemon (rpd) process to crash with a core.",
"workarounds": [
{
"lang": "en",
"value": "Do not configure \"family inet6-vpn flow\" under BGP if no inet6-vpn routes are required to be received."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-04-14T16:00:00.000Z",
"ID": "CVE-2021-0236",
"STATE": "PUBLIC",
"TITLE": "Junos OS: A specific BGP VPNv6 flowspec message causes routing protocol daemon (rpd) process to crash with a core."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "!\u003c",
"version_value": "18.4R1"
},
{
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R1-S8, 18.4R2-S7, 18.4R3-S7"
},
{
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R2-S2, 19.1R3-S4"
},
{
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R1-S6, 19.2R3-S2"
},
{
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R3-S2"
},
{
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R2-S4, 19.4R3-S1"
},
{
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R2, 20.1R3, 20.1R3-EVO"
},
{
"version_affected": "\u003c",
"version_name": "20.2",
"version_value": "20.2R2, 20.2R3, 20.2R3-EVO"
},
{
"version_affected": "\u003c",
"version_name": "20.3",
"version_value": "20.3R1-S1, 20.3R2, 20.3R2-EVO"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "!\u003c",
"version_value": "18.4R1-EVO"
},
{
"version_affected": "\u003c",
"version_name": "20.3-EVO",
"version_value": "20.3R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "The examples of the config stanza affected by this issue:\n [ protocols bgp group \u003cgroup-name\u003e family inet6-vpn flow ]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Due to an improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved the Routing Protocol Daemon (RPD) service, upon receipt of a specific matching BGP packet meeting a specific term in the flowspec configuration, crashes and restarts causing a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects only Multiprotocol BGP (MP-BGP) VPNv6 FlowSpec deployments. This issue affects: Juniper Networks Junos OS: 18.4 versions prior to 18.4R1-S8, 18.4R2-S7, 18.4R3-S7; 19.1 versions prior to 19.1R2-S2, 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2; 19.3 versions prior to 19.3R3-S2; 19.4 versions prior to 19.4R2-S4, 19.4R3-S1; 20.1 versions prior to 20.1R2, 20.1R3; 20.2 versions prior to 20.2R2, 20.2R3; 20.3 versions prior to 20.3R1-S1, 20.3R2. Juniper Networks Junos OS Evolved: All versions after 18.4R1-EVO prior to 20.3R2-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 18.4R1. Juniper Networks Junos OS Evolved versions prior to 18.4R1-EVO."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-754 Improper Check for Unusual or Exceptional Conditions"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11131",
"refsource": "MISC",
"url": "https://kb.juniper.net/JSA11131"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 18.4R1-S8, 18.4R2-S7, 18.4R3-S7, 19.1R2-S2, 19.1R3-S4, 19.2R1-S6, 19.2R3-S2, 19.3R3-S2, 19.4R2-S4, 19.4R3-S1, 20.1R2, 20.1R3, 20.2R2, 20.2R3, 20.3R1-S1, 20.3R2, 20.4R1 and all subsequent releases.\n\nJunos OS Evolved: 20.3R2-EVO, 20.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11131",
"defect": [
"1537085"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Do not configure \"family inet6-vpn flow\" under BGP if no inet6-vpn routes are required to be received."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0236",
"datePublished": "2021-04-22T19:37:03.319394Z",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-09-16T19:15:47.001Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28978 (GCVE-0-2023-28978)
Vulnerability from cvelistv5
Published
2023-04-17 00:00
Modified
2025-02-05 21:42
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An Insecure Default Initialization of Resource vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network based attacker to read certain confidential information. In the default configuration it is possible to read confidential information about locally configured (administrative) users of the affected system. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S7-EVO on pending commit???; 21.1-EVO versions prior to 21.1R3-S4-EVO on awaiting build; 21.4-EVO versions prior to 21.4R3-S1-EVO; 22.2-EVO versions prior to 22.2R3-EVO; 21.2-EVO versions prior to 21.2R3-S5-EVO on pending commit???; 21.3-EVO version 21.3R1-EVO and later versions; 22.1-EVO version 22.1R1-EVO and later versions; 22.2-EVO versions prior to 22.2R2-S1-EVO.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Version: 21.3R1-EVO < 21.3-EVO* Version: 21.4-EVO < 21.4R3-S1-EVO Version: 22.1R1-EVO < 22.1-EVO* Version: 22.2-EVO < 22.2R2-S1-EVO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:51:38.902Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA70603"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28978",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T21:41:50.909751Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T21:42:03.756Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.3-EVO*",
"status": "affected",
"version": "21.3R1-EVO",
"versionType": "custom"
},
{
"lessThan": "21.4R3-S1-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "custom"
},
{
"lessThan": "22.1-EVO*",
"status": "affected",
"version": "22.1R1-EVO",
"versionType": "custom"
},
{
"lessThan": "22.2R2-S1-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-04-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Insecure Default Initialization of Resource vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network based attacker to read certain confidential information. In the default configuration it is possible to read confidential information about locally configured (administrative) users of the affected system. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S7-EVO on pending commit???; 21.1-EVO versions prior to 21.1R3-S4-EVO on awaiting build; 21.4-EVO versions prior to 21.4R3-S1-EVO; 22.2-EVO versions prior to 22.2R3-EVO; 21.2-EVO versions prior to 21.2R3-S5-EVO on pending commit???; 21.3-EVO version 21.3R1-EVO and later versions; 22.1-EVO version 22.1R1-EVO and later versions; 22.2-EVO versions prior to 22.2R2-S1-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1188",
"description": "CWE-1188 Insecure Default Initialization of Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-17T00:00:00.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"url": "https://supportportal.juniper.net/JSA70603"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 20.4R3-S7-EVO, 21.1R3-S4-EVO, 21.2R3-S5-EVO, 21.4R3-S1-EVO, 22.2R2-EVO, 22.3R1-EVO, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA70603",
"defect": [
"1687838"
],
"discovery": "USER"
},
"title": "Junos OS Evolved: Read access to some confidential user information is possible",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue.\n\nTo reduce the risk of exploitation use access lists or firewall filters to limit access to the device only from trusted, administrative networks or hosts."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2023-28978",
"datePublished": "2023-04-17T00:00:00.000Z",
"dateReserved": "2023-03-29T00:00:00.000Z",
"dateUpdated": "2025-02-05T21:42:03.756Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39556 (GCVE-0-2024-39556)
Vulnerability from cvelistv5
Published
2024-07-10 22:38
Modified
2024-08-02 04:26
Severity ?
6.4 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
7.1 (High) - CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.1 (High) - CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
Summary
A Stack-Based Buffer Overflow vulnerability in Juniper Networks Junos OS and Juniper Networks Junos OS Evolved may allow a local, low-privileged attacker with access to the CLI the ability to load a malicious certificate file, leading to a limited Denial of Service (DoS) or privileged code execution.
By exploiting the 'set security certificates' command with a crafted certificate file, a malicious attacker with access to the CLI could cause a crash of the command management daemon (mgd), limited to the local user's command interpreter, or potentially trigger a stack-based buffer overflow.
This issue affects:
Junos OS:
* All versions before 21.4R3-S7,
* from 22.1 before 22.1R3-S6,
* from 22.2 before 22.2R3-S4,
* from 22.3 before 22.3R3-S3,
* from 22.4 before 22.4R3-S2,
* from 23.2 before 23.2R2,
* from 23.4 before 23.4R1-S1, 23.4R2;
Junos OS Evolved:
* All versions before 21.4R3-S7-EVO,
* from 22.1-EVO before 22.1R3-S6-EVO,
* from 22.2-EVO before 22.2R3-S4-EVO,
* from 22.3-EVO before 22.3R3-S3-EVO,
* from 22.4-EVO before 22.4R3-S2-EVO,
* from 23.2-EVO before 23.2R2-EVO,
* from 23.4-EVO before 23.4R1-S1-EVO, 23.4R2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportportal.juniper.net/JSA83016 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: 0 ≤ Version: 22.1 ≤ Version: 22.2 ≤ Version: 22.3 ≤ Version: 22.4 ≤ Version: 23.2 ≤ Version: 23.4 ≤ |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "junos_os_evolved",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.4r3-s7-evo",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "22.1r3-s6-evo",
"status": "affected",
"version": "22.1-evo",
"versionType": "semver"
},
{
"lessThan": "22.2r3-s4-evo",
"status": "affected",
"version": "22.2-evo",
"versionType": "semver"
},
{
"lessThan": "22.3r3-s3-evo",
"status": "affected",
"version": "22.3-evo",
"versionType": "semver"
},
{
"lessThan": "22.4r3-s3-evo",
"status": "affected",
"version": "22.4-evo",
"versionType": "semver"
},
{
"lessThan": "23.2r2-evo",
"status": "affected",
"version": "23.2-evo",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:juniper:junos_os:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "junos_os",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.4r3-s7",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "22.1r3-s6",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2r3-s4",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3r3-s3",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4r3-s2",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2r2",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4r1-s1",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "23.4r2",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "23.4r1-s1-evo",
"status": "affected",
"version": "23.4-evo",
"versionType": "semver"
},
{
"lessThan": "23.4r2-evo",
"status": "affected",
"version": "23.4-evo",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39556",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-12T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-13T03:55:17.897Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA83016"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.4R3-S7",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S6",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S4",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S3",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S2",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R1-S1, 23.4R2",
"status": "affected",
"version": "23.4",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.4R3-S7-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S6-EVO",
"status": "affected",
"version": "22.1-EVO",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S4-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S3-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S2-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
},
{
"lessThan": "23.2R2-EVO",
"status": "affected",
"version": "23.2-EVO",
"versionType": "semver"
},
{
"lessThan": "23.4R1-S1-EVO, 23.4R2-EVO",
"status": "affected",
"version": "23.4-EVO",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-07-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Stack-Based Buffer Overflow vulnerability in Juniper Networks Junos OS and Juniper Networks Junos OS Evolved may allow a local, low-privileged attacker with access to the CLI the ability to load a malicious certificate file, leading to a limited Denial of Service (DoS) or privileged code execution.\u003cbr\u003e\u003cbr\u003eBy exploiting the \u0027set security certificates\u0027 command with a crafted certificate file, a malicious attacker with access to the CLI could cause a crash of the command management daemon (mgd), limited to the local user\u0027s command interpreter, or potentially trigger a stack-based buffer overflow.\n\n\u003cbr\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003e\u0026nbsp;Junos OS: \u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.4R3-S7, \u003c/li\u003e\u003cli\u003efrom 22.1 before 22.1R3-S6, \u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S4, \u003c/li\u003e\u003cli\u003efrom 22.3 before 22.3R3-S3, \u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3-S2, \u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2, \u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R1-S1, 23.4R2;\u0026nbsp;\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eJunos OS Evolved: \u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.4R3-S7-EVO, \u003c/li\u003e\u003cli\u003efrom 22.1-EVO before 22.1R3-S6-EVO, \u003c/li\u003e\u003cli\u003efrom 22.2-EVO before 22.2R3-S4-EVO, \u003c/li\u003e\u003cli\u003efrom 22.3-EVO before 22.3R3-S3-EVO, \u003c/li\u003e\u003cli\u003efrom 22.4-EVO before 22.4R3-S2-EVO, \u003c/li\u003e\u003cli\u003efrom 23.2-EVO before 23.2R2-EVO, \u003c/li\u003e\u003cli\u003efrom 23.4-EVO before 23.4R1-S1-EVO, 23.4R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "A Stack-Based Buffer Overflow vulnerability in Juniper Networks Junos OS and Juniper Networks Junos OS Evolved may allow a local, low-privileged attacker with access to the CLI the ability to load a malicious certificate file, leading to a limited Denial of Service (DoS) or privileged code execution.\n\nBy exploiting the \u0027set security certificates\u0027 command with a crafted certificate file, a malicious attacker with access to the CLI could cause a crash of the command management daemon (mgd), limited to the local user\u0027s command interpreter, or potentially trigger a stack-based buffer overflow.\n\n\nThis issue affects:\n\n\u00a0Junos OS: \n\n\n * All versions before 21.4R3-S7, \n * from 22.1 before 22.1R3-S6, \n * from 22.2 before 22.2R3-S4, \n * from 22.3 before 22.3R3-S3, \n * from 22.4 before 22.4R3-S2, \n * from 23.2 before 23.2R2, \n * from 23.4 before 23.4R1-S1, 23.4R2;\u00a0\n\n\n\n\nJunos OS Evolved: \n\n\n * All versions before 21.4R3-S7-EVO, \n * from 22.1-EVO before 22.1R3-S6-EVO, \n * from 22.2-EVO before 22.2R3-S4-EVO, \n * from 22.3-EVO before 22.3R3-S3-EVO, \n * from 22.4-EVO before 22.4R3-S2-EVO, \n * from 23.2-EVO before 23.2R2-EVO, \n * from 23.4-EVO before 23.4R1-S1-EVO, 23.4R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T22:38:44.894Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA83016"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: \u003cbr\u003eJunos OS: 21.2R3-S8, 21.4R3-S7, 22.1R3-S6, 22.2R3-S4, 22.3R3-S3, 22.4R3-S2, 23.2R2, 23.4R1-S1, 23.4R2, 24.2R1, and all subsequent releases.\u003cbr\u003e\nJunos OS Evolved:\u0026nbsp;21.2R3-S8-EVO, 21.4R3-S7-EVO, 22.1R3-S6-EVO, 22.2R3-S4-EVO, 22.3R3-S3-EVO, 22.4R3-S2-EVO, 23.2R2-EVO, 23.4R1-S1-EVO, 23.4R2-EVO, 24.2R1-EVO, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue: \nJunos OS: 21.2R3-S8, 21.4R3-S7, 22.1R3-S6, 22.2R3-S4, 22.3R3-S3, 22.4R3-S2, 23.2R2, 23.4R1-S1, 23.4R2, 24.2R1, and all subsequent releases.\n\nJunos OS Evolved:\u00a021.2R3-S8-EVO, 21.4R3-S7-EVO, 22.1R3-S6-EVO, 22.2R3-S4-EVO, 22.3R3-S3-EVO, 22.4R3-S2-EVO, 23.2R2-EVO, 23.4R1-S1-EVO, 23.4R2-EVO, 24.2R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA83016",
"defect": [
"1780283"
],
"discovery": "INTERNAL"
},
"title": "Junos OS and Junos OS Evolved: Loading a malicious certificate from the CLI may result in a stack-based overflow",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-39556",
"datePublished": "2024-07-10T22:38:44.894Z",
"dateReserved": "2024-06-25T15:12:53.247Z",
"dateUpdated": "2024-08-02T04:26:15.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1638 (GCVE-0-2020-1638)
Vulnerability from cvelistv5
Published
2020-04-08 19:26
Modified
2024-09-17 02:53
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The FPC (Flexible PIC Concentrator) of Juniper Networks Junos OS and Junos OS Evolved may restart after processing a specific IPv4 packet. Only packets destined to the device itself, successfully reaching the RE through existing edge and control plane filtering, will be able to cause the FPC restart. When this issue occurs, all traffic via the FPC will be dropped. By continuously sending this specific IPv4 packet, an attacker can repeatedly crash the FPC, causing an extended Denial of Service (DoS) condition. This issue can only occur when processing a specific IPv4 packet. IPv6 packets cannot trigger this issue. This issue affects: Juniper Networks Junos OS on MX Series with MPC10E or MPC11E and PTX10001: 19.2 versions prior to 19.2R1-S4, 19.2R2; 19.3 versions prior to 19.3R2-S2, 19.3R3; 19.4 versions prior to 19.4R1-S1, 19.4R2. Juniper Networks Junos OS Evolved on on QFX5220, and PTX10003 series: 19.2-EVO versions; 19.3-EVO versions; 19.4-EVO versions prior to 19.4R2-EVO. This issue does not affect Junos OS versions prior to 19.2R1. This issue does not affect Junos OS Evolved versions prior to 19.2R1-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA11019 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: 19.2 < 19.2R1-S4, 19.2R2 Version: 19.3 < 19.3R2-S2, 19.3R3 Version: 19.4 < 19.4R1-S1, 19.4R2 |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:29.694Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11019"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"MX Series with MPC10E or MPC11E and PTX10001"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "19.2R1-S4, 19.2R2",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R2-S2, 19.3R3",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R1-S1, 19.4R2",
"status": "affected",
"version": "19.4",
"versionType": "custom"
}
]
},
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "19.2R1",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QFX5220, and PTX10003 series"
],
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"status": "affected",
"version": "19.2-EVO"
},
{
"status": "affected",
"version": "19.3-EVO 19.2-EVO"
},
{
"lessThan": "19.4R2-EVO",
"status": "affected",
"version": "19.4-EVO",
"versionType": "custom"
}
]
},
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "19.2R1-EVO",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The FPC (Flexible PIC Concentrator) of Juniper Networks Junos OS and Junos OS Evolved may restart after processing a specific IPv4 packet. Only packets destined to the device itself, successfully reaching the RE through existing edge and control plane filtering, will be able to cause the FPC restart. When this issue occurs, all traffic via the FPC will be dropped. By continuously sending this specific IPv4 packet, an attacker can repeatedly crash the FPC, causing an extended Denial of Service (DoS) condition. This issue can only occur when processing a specific IPv4 packet. IPv6 packets cannot trigger this issue. This issue affects: Juniper Networks Junos OS on MX Series with MPC10E or MPC11E and PTX10001: 19.2 versions prior to 19.2R1-S4, 19.2R2; 19.3 versions prior to 19.3R2-S2, 19.3R3; 19.4 versions prior to 19.4R1-S1, 19.4R2. Juniper Networks Junos OS Evolved on on QFX5220, and PTX10003 series: 19.2-EVO versions; 19.3-EVO versions; 19.4-EVO versions prior to 19.4R2-EVO. This issue does not affect Junos OS versions prior to 19.2R1. This issue does not affect Junos OS Evolved versions prior to 19.2R1-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-467",
"description": "CWE-467: Use of sizeof() on a Pointer Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-08T19:26:01",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11019"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue:\nJunos OS: 19.2R1-S4, 19.2R2, 19.3R2-S2, 19.3R3, 19.4R1-S1, 19.4R2, 20.1R1, and all subsequent releases.\nJunos OS Evolved: 19.4R2-EVO, 20.1R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11019",
"defect": [
"1493176"
],
"discovery": "USER"
},
"title": "Junos OS \u0026 Junos OS Evolved: A specific IPv4 packet can lead to FPC restart.",
"workarounds": [
{
"lang": "en",
"value": "There is no workaround for this issue.\n\nStandard security best common practices such as limiting packet toward the RE only from trusted networks/host using firewall filter in combination with source address anti-spoofing should be applied to reduce the risk of exposure."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-04-08T16:00:00.000Z",
"ID": "CVE-2020-1638",
"STATE": "PUBLIC",
"TITLE": "Junos OS \u0026 Junos OS Evolved: A specific IPv4 packet can lead to FPC restart."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "MX Series with MPC10E or MPC11E and PTX10001",
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R1-S4, 19.2R2"
},
{
"platform": "MX Series with MPC10E or MPC11E and PTX10001",
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R2-S2, 19.3R3"
},
{
"platform": "MX Series with MPC10E or MPC11E and PTX10001",
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R1-S1, 19.4R2"
},
{
"version_affected": "!\u003c",
"version_value": "19.2R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
},
{
"product": {
"product_data": [
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"platform": "QFX5220, and PTX10003 series",
"version_affected": "=",
"version_name": "19.2-EVO",
"version_value": "19.2-EVO"
},
{
"platform": "QFX5220, and PTX10003 series",
"version_affected": "=",
"version_name": "19.3-EVO",
"version_value": "19.2-EVO"
},
{
"platform": "QFX5220, and PTX10003 series",
"version_affected": "\u003c",
"version_name": "19.4-EVO",
"version_value": "19.4R2-EVO"
},
{
"version_affected": "!\u003c",
"version_value": "19.2R1-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FPC (Flexible PIC Concentrator) of Juniper Networks Junos OS and Junos OS Evolved may restart after processing a specific IPv4 packet. Only packets destined to the device itself, successfully reaching the RE through existing edge and control plane filtering, will be able to cause the FPC restart. When this issue occurs, all traffic via the FPC will be dropped. By continuously sending this specific IPv4 packet, an attacker can repeatedly crash the FPC, causing an extended Denial of Service (DoS) condition. This issue can only occur when processing a specific IPv4 packet. IPv6 packets cannot trigger this issue. This issue affects: Juniper Networks Junos OS on MX Series with MPC10E or MPC11E and PTX10001: 19.2 versions prior to 19.2R1-S4, 19.2R2; 19.3 versions prior to 19.3R2-S2, 19.3R3; 19.4 versions prior to 19.4R1-S1, 19.4R2. Juniper Networks Junos OS Evolved on on QFX5220, and PTX10003 series: 19.2-EVO versions; 19.3-EVO versions; 19.4-EVO versions prior to 19.4R2-EVO. This issue does not affect Junos OS versions prior to 19.2R1. This issue does not affect Junos OS Evolved versions prior to 19.2R1-EVO."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-467: Use of sizeof() on a Pointer Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11019",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11019"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue:\nJunos OS: 19.2R1-S4, 19.2R2, 19.3R2-S2, 19.3R3, 19.4R1-S1, 19.4R2, 20.1R1, and all subsequent releases.\nJunos OS Evolved: 19.4R2-EVO, 20.1R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11019",
"defect": [
"1493176"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "There is no workaround for this issue.\n\nStandard security best common practices such as limiting packet toward the RE only from trusted networks/host using firewall filter in combination with source address anti-spoofing should be applied to reduce the risk of exposure."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2020-1638",
"datePublished": "2020-04-08T19:26:01.632253Z",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-09-17T02:53:25.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1623 (GCVE-0-2020-1623)
Vulnerability from cvelistv5
Published
2020-04-08 19:25
Modified
2024-09-16 22:50
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A local, authenticated user with shell can view sensitive configuration information via the ev.ops configuration file. This issue affects all versions of Junos OS Evolved prior to 19.2R1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA11003 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Version: unspecified < 19.2R1-EVO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:29.806Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11003"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "19.2R1-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A local, authenticated user with shell can view sensitive configuration information via the ev.ops configuration file. This issue affects all versions of Junos OS Evolved prior to 19.2R1."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Information Exposure Through Log Files",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-09T23:09:15",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11003"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 19.2R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11003",
"defect": [
"1406191"
],
"discovery": "INTERNAL"
},
"title": "Junos OS Evolved: ev.ops file may leak sensitive information",
"workarounds": [
{
"lang": "en",
"value": "Limit access to the Junos OS shell to only trusted system administrators with a need for access below the Junos CLI."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-04-08T16:00:00.000Z",
"ID": "CVE-2020-1623",
"STATE": "PUBLIC",
"TITLE": "Junos OS Evolved: ev.ops file may leak sensitive information"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "19.2R1-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A local, authenticated user with shell can view sensitive configuration information via the ev.ops configuration file. This issue affects all versions of Junos OS Evolved prior to 19.2R1."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532 Information Exposure Through Log Files"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11003",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11003"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 19.2R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11003",
"defect": [
"1406191"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Limit access to the Junos OS shell to only trusted system administrators with a need for access below the Junos CLI."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2020-1623",
"datePublished": "2020-04-08T19:25:57.070284Z",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-09-16T22:50:51.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22177 (GCVE-0-2022-22177)
Vulnerability from cvelistv5
Published
2022-01-19 00:21
Modified
2024-09-16 23:31
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A release of illegal memory vulnerability in the snmpd daemon of Juniper Networks Junos OS, Junos OS Evolved allows an attacker to halt the snmpd daemon causing a sustained Denial of Service (DoS) to the service until it is manually restarted. This issue impacts any version of SNMP – v1,v2, v3 This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S20; 15.1 versions prior to 15.1R7-S11; 18.3 versions prior to 18.3R3-S6; 18.4 versions prior to 18.4R2-S9, 18.4R3-S10; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S8, 19.2R3-S4; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R2-S5, 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2-S2, 21.1R3; 21.2 versions prior to 21.2R1-S2, 21.2R2. Juniper Networks Junos OS Evolved 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA11283 | x_refsource_CONFIRM | |
| https://www.juniper.net/documentation/us/en/software/junos/network-mgmt/topics/ref/statement/client-list-edit-snmp.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: 12.3 < 12.3R12-S20 Version: 15.1 < 15.1R7-S11 Version: 18.3 < 18.3R3-S6 Version: 18.4 < 18.4R2-S9, 18.4R3-S10 Version: 19.1 < 19.1R2-S3, 19.1R3-S7 Version: 19.2 < 19.2R1-S8, 19.2R3-S4 Version: 19.3 < 19.3R3-S4 Version: 19.4 < 19.4R2-S5, 19.4R3-S6 Version: 20.1 < 20.1R3-S2 Version: 20.2 < 20.2R3-S3 Version: 20.3 < 20.3R3-S1 Version: 20.4 < 20.4R3 Version: 21.1 < 21.1R2-S2, 21.1R3 Version: 21.2 < 21.2R1-S2, 21.2R2 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:07:49.948Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11283"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.juniper.net/documentation/us/en/software/junos/network-mgmt/topics/ref/statement/client-list-edit-snmp.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "12.3R12-S20",
"status": "affected",
"version": "12.3",
"versionType": "custom"
},
{
"lessThan": "15.1R7-S11",
"status": "affected",
"version": "15.1",
"versionType": "custom"
},
{
"lessThan": "18.3R3-S6",
"status": "affected",
"version": "18.3",
"versionType": "custom"
},
{
"lessThan": "18.4R2-S9, 18.4R3-S10",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R2-S3, 19.1R3-S7",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R1-S8, 19.2R3-S4",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R3-S4",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R2-S5, 19.4R3-S6",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R3-S2",
"status": "affected",
"version": "20.1",
"versionType": "custom"
},
{
"lessThan": "20.2R3-S3",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R3-S1",
"status": "affected",
"version": "20.3",
"versionType": "custom"
},
{
"lessThan": "20.4R3",
"status": "affected",
"version": "20.4",
"versionType": "custom"
},
{
"lessThan": "21.1R2-S2, 21.1R3",
"status": "affected",
"version": "21.1",
"versionType": "custom"
},
{
"lessThan": "21.2R1-S2, 21.2R2",
"status": "affected",
"version": "21.2",
"versionType": "custom"
}
]
},
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "21.3R2-EVO",
"status": "affected",
"version": "21.3",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "The following minimal configuration is needed: \n [snmp community \u0027community-name\"] using a Read Write (RW) Community \n\nRead Only (RO) communities are not impacted by this issue."
}
],
"credits": [
{
"lang": "en",
"value": "Nanyu Zhong and Yu Zhang of VARAS at the Institute of Information Engineering"
}
],
"datePublic": "2022-01-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A release of illegal memory vulnerability in the snmpd daemon of Juniper Networks Junos OS, Junos OS Evolved allows an attacker to halt the snmpd daemon causing a sustained Denial of Service (DoS) to the service until it is manually restarted. This issue impacts any version of SNMP \u2013 v1,v2, v3 This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S20; 15.1 versions prior to 15.1R7-S11; 18.3 versions prior to 18.3R3-S6; 18.4 versions prior to 18.4R2-S9, 18.4R3-S10; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S8, 19.2R3-S4; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R2-S5, 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2-S2, 21.1R3; 21.2 versions prior to 21.2R1-S2, 21.2R2. Juniper Networks Junos OS Evolved 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Release of illegal memory",
"lang": "en",
"type": "text"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755 Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-19T00:21:26",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11283"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.juniper.net/documentation/us/en/software/junos/network-mgmt/topics/ref/statement/client-list-edit-snmp.html"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue:\nJunos OS: 12.3R12-S20, 15.1R7-S11, 18.3R3-S6, 18.4R2-S9, 18.4R3-S10, 19.1R2-S3, 19.1R3-S7, 19.2R1-S8, 19.2R3-S4, 19.3R3-S4, 19.4R2-S5, 19.4R3-S6, 20.1R3-S2, 20.2R3-S3, 20.3R3-S1, 20.4R3, 21.1R2-S2, 21.1R3, 21.2R1-S2, 21.2R2, 21.3R1, and all subsequ ent releases.\n\nJunos OS Evolved: 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11283",
"defect": [
"1613874"
],
"discovery": "EXTERNAL"
},
"title": "Junos OS and Junos OS Evolved: After receiving a specific number of crafted packets snmpd will segmentation fault (SIGSEGV) requiring a manual restart.",
"workarounds": [
{
"lang": "en",
"value": "There are no workarounds for this issue. \n\nFor V1, V2 you can reduce the risk of exploitation by configuring the client-list to limit access to network management system (NMS) machines. \n\nSee the Network Management and Monitoring Guide for further instructions.\n\nexample:\n\n [snmp client-list client-list-name \"ip-addresses\";]\n\nFor V3 you can reduce the risk of exploitation by configuring SNMP security to trusted devices only. \n\nFor any release of SNMP you can reduce the risk of exploitation by implementing source and destination IP filter rules as well as using Read Only communities where possible.\n\nRegardless of these risk reduction methods, an attacker able to spoof trusted IP addresses can send the attack to an exposed and reachable SNMP RW community."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2022-01-12T17:00:00.000Z",
"ID": "CVE-2022-22177",
"STATE": "PUBLIC",
"TITLE": "Junos OS and Junos OS Evolved: After receiving a specific number of crafted packets snmpd will segmentation fault (SIGSEGV) requiring a manual restart."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "12.3",
"version_value": "12.3R12-S20"
},
{
"version_affected": "\u003c",
"version_name": "15.1",
"version_value": "15.1R7-S11"
},
{
"version_affected": "\u003c",
"version_name": "18.3",
"version_value": "18.3R3-S6"
},
{
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R2-S9, 18.4R3-S10"
},
{
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R2-S3, 19.1R3-S7"
},
{
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R1-S8, 19.2R3-S4"
},
{
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R3-S4"
},
{
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R2-S5, 19.4R3-S6"
},
{
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R3-S2"
},
{
"version_affected": "\u003c",
"version_name": "20.2",
"version_value": "20.2R3-S3"
},
{
"version_affected": "\u003c",
"version_name": "20.3",
"version_value": "20.3R3-S1"
},
{
"version_affected": "\u003c",
"version_name": "20.4",
"version_value": "20.4R3"
},
{
"version_affected": "\u003c",
"version_name": "21.1",
"version_value": "21.1R2-S2, 21.1R3"
},
{
"version_affected": "\u003c",
"version_name": "21.2",
"version_value": "21.2R1-S2, 21.2R2"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "21.2R3-EVO"
},
{
"version_affected": "\u003c",
"version_name": "21.3",
"version_value": "21.3R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "The following minimal configuration is needed: \n [snmp community \u0027community-name\"] using a Read Write (RW) Community \n\nRead Only (RO) communities are not impacted by this issue."
}
],
"credit": [
{
"lang": "eng",
"value": "Nanyu Zhong and Yu Zhang of VARAS at the Institute of Information Engineering"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A release of illegal memory vulnerability in the snmpd daemon of Juniper Networks Junos OS, Junos OS Evolved allows an attacker to halt the snmpd daemon causing a sustained Denial of Service (DoS) to the service until it is manually restarted. This issue impacts any version of SNMP \u2013 v1,v2, v3 This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S20; 15.1 versions prior to 15.1R7-S11; 18.3 versions prior to 18.3R3-S6; 18.4 versions prior to 18.4R2-S9, 18.4R3-S10; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S8, 19.2R3-S4; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R2-S5, 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2-S2, 21.1R3; 21.2 versions prior to 21.2R1-S2, 21.2R2. Juniper Networks Junos OS Evolved 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Release of illegal memory"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-755 Improper Handling of Exceptional Conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11283",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11283"
},
{
"name": "https://www.juniper.net/documentation/us/en/software/junos/network-mgmt/topics/ref/statement/client-list-edit-snmp.html",
"refsource": "MISC",
"url": "https://www.juniper.net/documentation/us/en/software/junos/network-mgmt/topics/ref/statement/client-list-edit-snmp.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue:\nJunos OS: 12.3R12-S20, 15.1R7-S11, 18.3R3-S6, 18.4R2-S9, 18.4R3-S10, 19.1R2-S3, 19.1R3-S7, 19.2R1-S8, 19.2R3-S4, 19.3R3-S4, 19.4R2-S5, 19.4R3-S6, 20.1R3-S2, 20.2R3-S3, 20.3R3-S1, 20.4R3, 21.1R2-S2, 21.1R3, 21.2R1-S2, 21.2R2, 21.3R1, and all subsequ ent releases.\n\nJunos OS Evolved: 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11283",
"defect": [
"1613874"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There are no workarounds for this issue. \n\nFor V1, V2 you can reduce the risk of exploitation by configuring the client-list to limit access to network management system (NMS) machines. \n\nSee the Network Management and Monitoring Guide for further instructions.\n\nexample:\n\n [snmp client-list client-list-name \"ip-addresses\";]\n\nFor V3 you can reduce the risk of exploitation by configuring SNMP security to trusted devices only. \n\nFor any release of SNMP you can reduce the risk of exploitation by implementing source and destination IP filter rules as well as using Read Only communities where possible.\n\nRegardless of these risk reduction methods, an attacker able to spoof trusted IP addresses can send the attack to an exposed and reachable SNMP RW community."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2022-22177",
"datePublished": "2022-01-19T00:21:26.884156Z",
"dateReserved": "2021-12-21T00:00:00",
"dateUpdated": "2024-09-16T23:31:19.366Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28964 (GCVE-0-2023-28964)
Vulnerability from cvelistv5
Published
2023-04-17 00:00
Modified
2025-02-06 14:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An Improper Handling of Length Parameter Inconsistency vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network based, unauthenticated attacker to cause an RPD crash leading to a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. Upon receipt of a malformed BGP flowspec update, RPD will crash resulting in a Denial of Service. This issue affects Juniper Networks Junos OS: All versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R3-S6; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R3-S1; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2; 20.3 versions prior to 20.3R1-S1, 20.3R2; Juniper Networks Junos OS Evolved: All versions prior to 20.1R3-EVO; 20.2 versions prior to 20.2R2-EVO; 20.3 versions prior to 20.3R2-EVO;
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: unspecified < 18.1R3-S11 Version: 18.2 < 18.2R3-S6 Version: 18.3 < 18.3R3-S4 Version: 18.4 < 18.4R3-S6 Version: 19.1 < 19.1R3-S4 Version: 19.2 < 19.2R3-S1 Version: 19.3 < 19.3R3-S1 Version: 19.4 < 19.4R3 Version: 20.1 < 20.1R2 Version: 20.2 < 20.2R2 Version: 20.3 < 20.3R1-S1, 20.3R2 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:51:38.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA70588"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28964",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T14:39:13.224675Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T14:39:18.192Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "18.1R3-S11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "18.2R3-S6",
"status": "affected",
"version": "18.2",
"versionType": "custom"
},
{
"lessThan": "18.3R3-S4",
"status": "affected",
"version": "18.3",
"versionType": "custom"
},
{
"lessThan": "18.4R3-S6",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R3-S4",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R3-S1",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R3-S1",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R3",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R2",
"status": "affected",
"version": "20.1",
"versionType": "custom"
},
{
"lessThan": "20.2R2",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R1-S1, 20.3R2",
"status": "affected",
"version": "20.3",
"versionType": "custom"
}
]
},
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.1R3-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "20.2R2-EVO",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R2-EVO",
"status": "affected",
"version": "20.3",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-04-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Improper Handling of Length Parameter Inconsistency vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network based, unauthenticated attacker to cause an RPD crash leading to a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. Upon receipt of a malformed BGP flowspec update, RPD will crash resulting in a Denial of Service. This issue affects Juniper Networks Junos OS: All versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R3-S6; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R3-S1; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2; 20.3 versions prior to 20.3R1-S1, 20.3R2; Juniper Networks Junos OS Evolved: All versions prior to 20.1R3-EVO; 20.2 versions prior to 20.2R2-EVO; 20.3 versions prior to 20.3R2-EVO;"
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-130",
"description": "CWE-130 Improper Handling of Length Parameter Inconsistency ",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-17T00:00:00.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"url": "https://supportportal.juniper.net/JSA70588"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS: 18.1R3-S11, 18.2R3-S6, 18.3R3-S4, 18.4R3-S6, 19.1R3-S4, 19.2R3-S1, 19.3R3-S1, 19.4R3, 20.1R2, 20.2R2, 20.3R1-S1, 20.3R2, 20.4R1, and all subsequent releases.\nJunos OS Evolved: 20.1R3-EVO, 20.2R2-EVO, 20.3R2-EVO, 20.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA70588",
"defect": [
"1535740"
],
"discovery": "INTERNAL"
},
"title": "Junos OS and Junos OS Evolved: Malformed BGP flowspec update causes RPD crash",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2023-28964",
"datePublished": "2023-04-17T00:00:00.000Z",
"dateReserved": "2023-03-29T00:00:00.000Z",
"dateUpdated": "2025-02-06T14:39:18.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28966 (GCVE-0-2023-28966)
Vulnerability from cvelistv5
Published
2023-04-17 00:00
Modified
2025-02-06 14:37
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS Evolved allows a low-privileged local attacker with shell access to modify existing files or execute commands as root. The issue is caused by improper file and directory permissions on certain system files, allowing an attacker with access to these files and folders to inject CLI commands as root. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S5-EVO; 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Version: unspecified < 20.4R3-S5-EVO Version: 21.2 < 21.2R3-EVO Version: 21.3 < 21.3R2-EVO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:51:38.941Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA70590"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28966",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T14:37:50.413716Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T14:37:54.875Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S5-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "21.2R3-EVO",
"status": "affected",
"version": "21.2",
"versionType": "custom"
},
{
"lessThan": "21.3R2-EVO",
"status": "affected",
"version": "21.3",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-04-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS Evolved allows a low-privileged local attacker with shell access to modify existing files or execute commands as root. The issue is caused by improper file and directory permissions on certain system files, allowing an attacker with access to these files and folders to inject CLI commands as root. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S5-EVO; 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-17T00:00:00.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"url": "https://supportportal.juniper.net/JSA70590"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved 20.4R3-S5-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA70590",
"defect": [
"1621521"
],
"discovery": "INTERNAL"
},
"title": "Junos OS Evolved: Local low-privileged user with shell access can execute CLI commands as root",
"workarounds": [
{
"lang": "en",
"value": "Limit access to the system shell from trusted administrators only."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2023-28966",
"datePublished": "2023-04-17T00:00:00.000Z",
"dateReserved": "2023-03-29T00:00:00.000Z",
"dateUpdated": "2025-02-06T14:37:54.875Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-44186 (GCVE-0-2023-44186)
Vulnerability from cvelistv5
Published
2023-10-11 20:08
Modified
2024-12-03 14:49
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An Improper Handling of Exceptional Conditions vulnerability in AS PATH processing of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a BGP update message with an AS PATH containing a large number of 4-byte ASes, leading to a Denial of Service (DoS). Continued receipt and processing of these BGP updates will create a sustained Denial of Service (DoS) condition.
This issue is hit when the router has Non-Stop Routing (NSR) enabled, has a non-4-byte-AS capable BGP neighbor, receives a BGP update message with a prefix that includes a long AS PATH containing large number of 4-byte ASes, and has to advertise the prefix towards the non-4-byte-AS capable BGP neighbor.
Note: NSR is not supported on the SRX Series and is therefore not affected by this vulnerability.
This issue affects:
Juniper Networks Junos OS:
* All versions prior to 20.4R3-S8;
* 21.1 versions 21.1R1 and later;
* 21.2 versions prior to 21.2R3-S6;
* 21.3 versions prior to 21.3R3-S5;
* 21.4 versions prior to 21.4R3-S5;
* 22.1 versions prior to 22.1R3-S4;
* 22.2 versions prior to 22.2R3-S2;
* 22.3 versions prior to 22.3R2-S2, 22.3R3-S1;
* 22.4 versions prior to 22.4R2-S1, 22.4R3.
Juniper Networks Junos OS Evolved
* All versions prior to 20.4R3-S8-EVO;
* 21.1 versions 21.1R1-EVO and later;
* 21.2 versions prior to 21.2R3-S6-EVO;
* 21.3 versions prior to 21.3R3-S5-EVO;
* 21.4 versions prior to 21.4R3-S5-EVO;
* 22.1 versions prior to 22.1R3-S4-EVO;
* 22.2 versions prior to 22.2R3-S2-EVO;
* 22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO;
* 22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportportal.juniper.net/JSA73150 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: 0 ≤ Version: 21.1R1 ≤ Version: 21.2 ≤ Version: 21.3 ≤ Version: 21.4 ≤ Version: 22.1 ≤ Version: 22.2 ≤ Version: 22.3 ≤ Version: 22.4 ≤ |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:59:51.607Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA73150"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-44186",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-06T16:45:50.764805Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T14:49:41.755Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"MX Series",
"PTX Series",
"ACX Series",
"EX Series",
"QFX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.1*",
"status": "affected",
"version": "21.1R1",
"versionType": "semver"
},
{
"lessThan": "21.2R3-S6",
"status": "affected",
"version": "21.2",
"versionType": "semver"
},
{
"lessThan": "21.3R3-S5",
"status": "affected",
"version": "21.3",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S5",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S4",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S2",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R2-S2, 22.3R3-S1",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R2-S1, 22.4R3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"PTX Series",
"ACX Series",
"QFX Series"
],
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S8-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.1*-EVO",
"status": "affected",
"version": "21.1",
"versionType": "semver"
},
{
"lessThan": "21.2R3-S6-EVO",
"status": "affected",
"version": "21.2",
"versionType": "semver"
},
{
"lessThan": "21.3R3-S5-EVO",
"status": "affected",
"version": "21.3",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S5-EVO",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S4-EVO",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S2-EVO",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R2-S2-EVO, 22.3R3-S1-EVO",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R2-S1-EVO, 22.4R3-EVO",
"status": "affected",
"version": "22.4",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eNonstop Active Routing is enabled using the following configuration:\u003c/p\u003e \u003ctt\u003e[edit chassis redundancy]\u003cbr\u003e\u003c/tt\u003e\u003ctt\u003egraceful-switchover;\u003cbr\u003e\u003c/tt\u003e\u003ctt\u003e\u003cbr\u003e[edit routing-options]\u003cbr\u003e\u003c/tt\u003e\u003ctt\u003enonstop-routing;\u003c/tt\u003e"
}
],
"value": "Nonstop Active Routing is enabled using the following configuration:\n\n [edit chassis redundancy]\ngraceful-switchover;\n\n[edit routing-options]\nnonstop-routing;"
}
],
"datePublic": "2023-10-11T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eAn Improper Handling of Exceptional Conditions vulnerability in AS PATH processing of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a BGP update message with an AS PATH containing a large number of 4-byte ASes, leading to a Denial of Service (DoS). Continued receipt and processing of these BGP updates will create a sustained Denial of Service (DoS) condition.\u003c/p\u003e\u003cp\u003eThis issue is hit when the router has Non-Stop Routing (NSR) enabled, has a non-4-byte-AS capable BGP neighbor, receives a BGP update message with a prefix that includes a long AS PATH containing large number of 4-byte ASes, and has to advertise the prefix towards the non-4-byte-AS capable BGP neighbor.\u003c/p\u003eNote: NSR is not supported on the SRX Series and is therefore not affected by this vulnerability.\u003cbr\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJuniper Networks Junos OS:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions prior to 20.4R3-S8;\u003c/li\u003e\u003cli\u003e21.1 versions 21.1R1 and later;\u003c/li\u003e\u003cli\u003e21.2 versions prior to 21.2R3-S6;\u003c/li\u003e\u003cli\u003e21.3 versions prior to 21.3R3-S5;\u003c/li\u003e\u003cli\u003e21.4 versions prior to 21.4R3-S5;\u003c/li\u003e\u003cli\u003e22.1 versions prior to 22.1R3-S4;\u003c/li\u003e\u003cli\u003e22.2 versions prior to 22.2R3-S2;\u003c/li\u003e\u003cli\u003e22.3 versions prior to 22.3R2-S2, 22.3R3-S1;\u003c/li\u003e\u003cli\u003e22.4 versions prior to 22.4R2-S1, 22.4R3.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eJuniper Networks Junos OS Evolved\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions prior to 20.4R3-S8-EVO;\u003c/li\u003e\u003cli\u003e21.1 versions 21.1R1-EVO and later;\u003c/li\u003e\u003cli\u003e21.2 versions prior to 21.2R3-S6-EVO;\u003c/li\u003e\u003cli\u003e21.3 versions prior to 21.3R3-S5-EVO;\u003c/li\u003e\u003cli\u003e21.4 versions prior to 21.4R3-S5-EVO;\u003c/li\u003e\u003cli\u003e22.1 versions prior to 22.1R3-S4-EVO;\u003c/li\u003e\u003cli\u003e22.2 versions prior to 22.2R3-S2-EVO;\u003c/li\u003e\u003cli\u003e22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO;\u003c/li\u003e\u003cli\u003e22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\n\n"
}
],
"value": "\nAn Improper Handling of Exceptional Conditions vulnerability in AS PATH processing of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a BGP update message with an AS PATH containing a large number of 4-byte ASes, leading to a Denial of Service (DoS). Continued receipt and processing of these BGP updates will create a sustained Denial of Service (DoS) condition.\n\nThis issue is hit when the router has Non-Stop Routing (NSR) enabled, has a non-4-byte-AS capable BGP neighbor, receives a BGP update message with a prefix that includes a long AS PATH containing large number of 4-byte ASes, and has to advertise the prefix towards the non-4-byte-AS capable BGP neighbor.\n\nNote: NSR is not supported on the SRX Series and is therefore not affected by this vulnerability.\nThis issue affects:\n\nJuniper Networks Junos OS:\n\n\n\n * All versions prior to 20.4R3-S8;\n * 21.1 versions 21.1R1 and later;\n * 21.2 versions prior to 21.2R3-S6;\n * 21.3 versions prior to 21.3R3-S5;\n * 21.4 versions prior to 21.4R3-S5;\n * 22.1 versions prior to 22.1R3-S4;\n * 22.2 versions prior to 22.2R3-S2;\n * 22.3 versions prior to 22.3R2-S2, 22.3R3-S1;\n * 22.4 versions prior to 22.4R2-S1, 22.4R3.\n\n\n\n\nJuniper Networks Junos OS Evolved\n\n\n\n * All versions prior to 20.4R3-S8-EVO;\n * 21.1 versions 21.1R1-EVO and later;\n * 21.2 versions prior to 21.2R3-S6-EVO;\n * 21.3 versions prior to 21.3R3-S5-EVO;\n * 21.4 versions prior to 21.4R3-S5-EVO;\n * 22.1 versions prior to 22.1R3-S4-EVO;\n * 22.2 versions prior to 22.2R3-S2-EVO;\n * 22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO;\n * 22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO.\n\n\n\n\n\n\n"
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e"
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755 Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-05T23:07:57.356Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA73150"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue: \u003c/p\u003e\u003cp\u003eJunos OS: 20.4R3-S8, 21.2R3-S6, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S2, 22.3R2-S2, 22.3R3-S1, 22.4R2-S1, 22.4R3, 23.2R1, and all subsequent releases.\u003c/p\u003e\u003cp\u003eJunos OS Evolved: 20.4R3-S8-EVO, 21.2R3-S6-EVO, 21.3R3-S5-EVO, 21.4R3-S5-EVO, 22.1R3-S4-EVO, 22.2R3-S2-EVO, 22.3R2-S2-EVO, 22.3R3-S1-EVO, 22.4R2-S1-EVO, 22.4R3-EVO, 23.2R1-EVO, and all subsequent releases.\u003c/p\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS: 20.4R3-S8, 21.2R3-S6, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S2, 22.3R2-S2, 22.3R3-S1, 22.4R2-S1, 22.4R3, 23.2R1, and all subsequent releases.\n\nJunos OS Evolved: 20.4R3-S8-EVO, 21.2R3-S6-EVO, 21.3R3-S5-EVO, 21.4R3-S5-EVO, 22.1R3-S4-EVO, 22.2R3-S2-EVO, 22.3R2-S2-EVO, 22.3R3-S1-EVO, 22.4R2-S1-EVO, 22.4R3-EVO, 23.2R1-EVO, and all subsequent releases.\n\n"
}
],
"source": {
"advisory": "JSA73150",
"defect": [
"1736029"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2023-10-11T16:00:00.000Z",
"value": "Initial Publication"
},
{
"lang": "en",
"time": "2023-10-16T16:00:00.000Z",
"value": "Added specific platforms affected and unaffected"
},
{
"lang": "en",
"time": "2024-03-05T17:00:00.000Z",
"value": "Updated affected/fixed releases to convey that 23.2R1 and all subsequent releases are fixed."
}
],
"title": "Junos OS and Junos OS Evolved: RPD crash when attempting to send a very long AS PATH to a non-4-byte-AS capable BGP neighbor",
"workarounds": [
{
"lang": "en",
"value": "Current operational and security best practices, such as limiting the AS PATH length, should mitigate risk of this issue.\n\nBelow is an example configuration to limit AS PATH to 30 entries:\n\nset groups BASE-POLICY policy-options policy-statement MaxAS-Limit-30 term more-than-30 from protocol bgp\nset groups BASE-POLICY policy-options policy-statement MaxAS-Limit-30 term more-than-30 from as-path 31as\nset groups BASE-POLICY policy-options policy-statement MaxAS-Limit-30 term more-than-30 then reject\nset groups BASE-POLICY policy-options policy-statement MaxAS-Limit-30 then accept\nset groups BASE-POLICY policy-options policy-statement Customer-IN term MaxAS-Limit from policy MaxAS-Limit-30\nset groups BASE-BGP protocols bgp group \u003c*-CUSTOMER\u003e import Customer-IN\nset groups BASE-PREFIX-LISTS policy-options as-path 31as \".{31,}\""
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-av217"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2023-44186",
"datePublished": "2023-10-11T20:08:26.308Z",
"dateReserved": "2023-09-26T19:30:27.953Z",
"dateUpdated": "2024-12-03T14:49:41.755Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39528 (GCVE-0-2024-39528)
Vulnerability from cvelistv5
Published
2024-07-11 16:02
Modified
2024-08-02 04:26
Severity ?
5.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
6.0 (Medium) - CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
6.0 (Medium) - CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
VLAI Severity ?
EPSS score ?
Summary
A Use After Free vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an authenticated, network-based attacker to cause a Denial of Service (DoS).On all Junos OS and Junos Evolved platforms, if a routing-instance deactivation is triggered, and at the same time a specific SNMP request is received, a segmentation fault occurs which causes rpd to crash and restart.
This issue affects:
Junos OS:
* All versions before 21.2R3-S8,
* 21.4 versions before 21.4R3-S5,
* 22.2 versions before 22.2R3-S3,
* 22.3 versions before 22.3R3-S2,
* 22.4 versions before 22.4R3,
* 23.2 versions before 23.2R2.
Junos OS Evolved:
* All versions before 21.2R3-S8-EVO,
* 21.4-EVO versions before 21.4R3-S5-EVO,
* 22.2-EVO versions before 22.2R3-S3-EVO,
* 22.3-EVO versions before 22.3R3-S2-EVO,
* 22.4-EVO versions before 22.4R3-EVO,
* 23.2-EVO versions before 23.2R2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportportal.juniper.net/JSA82987 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: 0 ≤ Version: 21.4 ≤ Version: 22.2 ≤ Version: 22.3 ≤ Version: 22.4 ≤ Version: 23.2 ≤ |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39528",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T18:58:24.226448Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T18:58:33.830Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.902Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA82987"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S5",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S3",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S2",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2",
"status": "affected",
"version": "23.2",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S8-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S5-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S3-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S2-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R3-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
},
{
"lessThan": "23.2R2-EVO",
"status": "affected",
"version": "23.2-EVO",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "To be exposed to this issue, the device needs to be configured for SNMP v2 or v3 with at least read access:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ snmp\u0026nbsp;community \u0026lt;name\u0026gt; ]\u003cbr\u003e\u003cbr\u003e\u003c/tt\u003eor\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ snmp v3 ... ]\u003c/tt\u003e\u003cbr\u003e"
}
],
"value": "To be exposed to this issue, the device needs to be configured for SNMP v2 or v3 with at least read access:\n\n[ snmp\u00a0community \u003cname\u003e ]\n\nor\n\n[ snmp v3 ... ]"
}
],
"datePublic": "2024-07-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Use After Free vulnerability in the Routing Protocol Daemon (rpd) of\u0026nbsp;Juniper Networks Junos OS and Junos OS Evolved allows an authenticated, network-based attacker to cause a Denial of Service (DoS).\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eOn all Junos OS and Junos Evolved platforms, if a routing-instance deactivation is triggered, and at the same time a specific SNMP request is received, a segmentation fault occurs which causes rpd to crash and restart.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u003cbr\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003e\u0026nbsp; \u0026nbsp;Junos OS:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.2R3-S8,\u0026nbsp;\u003c/li\u003e\u003cli\u003e21.4 versions before 21.4R3-S5,\u003c/li\u003e\u003cli\u003e22.2 versions before 22.2R3-S3,\u003c/li\u003e\u003cli\u003e22.3 versions before 22.3R3-S2,\u003c/li\u003e\u003cli\u003e22.4 versions before 22.4R3,\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e \u003cp\u003e\u0026nbsp; Junos OS Evolved:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.2R3-S8-EVO,\u003c/li\u003e\u003cli\u003e21.4-EVO versions before 21.4R3-S5-EVO,\u003c/li\u003e\u003cli\u003e22.2-EVO versions before 22.2R3-S3-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003e22.3-EVO versions before 22.3R3-S2-EVO,\u003c/li\u003e\u003cli\u003e22.4-EVO versions before 22.4R3-EVO,\u003c/li\u003e\u003cli\u003e23.2-EVO versions before 23.2R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "A Use After Free vulnerability in the Routing Protocol Daemon (rpd) of\u00a0Juniper Networks Junos OS and Junos OS Evolved allows an authenticated, network-based attacker to cause a Denial of Service (DoS).On all Junos OS and Junos Evolved platforms, if a routing-instance deactivation is triggered, and at the same time a specific SNMP request is received, a segmentation fault occurs which causes rpd to crash and restart.\n\n\n\n\nThis issue affects:\n\n\u00a0 \u00a0Junos OS:\n\n\n\n * All versions before 21.2R3-S8,\u00a0\n * 21.4 versions before 21.4R3-S5,\n * 22.2 versions before 22.2R3-S3,\n * 22.3 versions before 22.3R3-S2,\n * 22.4 versions before 22.4R3,\n * 23.2 versions before 23.2R2.\n\n\n\n\n \u00a0 Junos OS Evolved:\n\n\n\n * All versions before 21.2R3-S8-EVO,\n * 21.4-EVO versions before 21.4R3-S5-EVO,\n * 22.2-EVO versions before 22.2R3-S3-EVO,\u00a0\n * 22.3-EVO versions before 22.3R3-S2-EVO,\n * 22.4-EVO versions before 22.4R3-EVO,\n * 23.2-EVO versions before 23.2R2-EVO."
}
],
"exploits": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T16:02:45.680Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA82987"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue:\u003cbr\u003eJunos OS: 21.2R3-S8, 21.4R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3, 23.2R2, 23.4R1, and all subsequent releases.\u003cbr\u003eJunos OS Evolved: 21.2R3-S8-EVO, 21.4R3-S5-EVO, 22.2R3-S3-EVO, 22.3R3-S2-EVO, 22.4R3-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue:\nJunos OS: 21.2R3-S8, 21.4R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3, 23.2R2, 23.4R1, and all subsequent releases.\nJunos OS Evolved: 21.2R3-S8-EVO, 21.4R3-S5-EVO, 22.2R3-S3-EVO, 22.3R3-S2-EVO, 22.4R3-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA82987",
"defect": [
"1740028"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: Concurrent deletion of a routing-instance and receipt of an SNMP request cause an RPD crash",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-39528",
"datePublished": "2024-07-11T16:02:45.680Z",
"dateReserved": "2024-06-25T15:12:53.240Z",
"dateUpdated": "2024-08-02T04:26:15.902Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22398 (GCVE-0-2023-22398)
Vulnerability from cvelistv5
Published
2023-01-12 00:00
Modified
2025-04-07 15:40
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An Access of Uninitialized Pointer vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). When an MPLS ping is performed on BGP LSPs, the RPD might crash. Repeated execution of this operation will lead to a sustained DoS. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S12; 19.1 versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R1-S9, 19.2R3-S5; 19.3 versions prior to 19.3R3-S6; 19.4 versions prior to 19.4R2-S7, 19.4R3-S8; 20.1 versions prior to 20.1R3-S4; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R1-S1, 21.1R2; Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA70181 |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: 15.1 < 15.1R7-S12 Version: 19.1 < 19.1R3-S9 Version: 19.2 < 19.2R1-S9, 19.2R3-S5 Version: 19.3 < 19.3R3-S6 Version: 19.4 < 19.4R2-S7, 19.4R3-S8 Version: 20.1 < 20.1R3-S4 Version: 20.2 < 20.2R3-S5 Version: 20.3 < 20.3R3-S5 Version: 20.4 < 20.4R3-S4 Version: 21.1 < 21.1R1-S1, 21.1R2 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.701Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.juniper.net/JSA70181"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22398",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T15:08:28.355622Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T15:40:07.629Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "15.1R7-S12",
"status": "affected",
"version": "15.1",
"versionType": "custom"
},
{
"lessThan": "19.1R3-S9",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R1-S9, 19.2R3-S5",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R3-S6",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R2-S7, 19.4R3-S8",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R3-S4",
"status": "affected",
"version": "20.1",
"versionType": "custom"
},
{
"lessThan": "20.2R3-S5",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R3-S5",
"status": "affected",
"version": "20.3",
"versionType": "custom"
},
{
"lessThan": "20.4R3-S4",
"status": "affected",
"version": "20.4",
"versionType": "custom"
},
{
"lessThan": "21.1R1-S1, 21.1R2",
"status": "affected",
"version": "21.1",
"versionType": "custom"
}
]
},
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S4-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "21.1R2-EVO",
"status": "affected",
"version": "21.1",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-01-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Access of Uninitialized Pointer vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). When an MPLS ping is performed on BGP LSPs, the RPD might crash. Repeated execution of this operation will lead to a sustained DoS. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S12; 19.1 versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R1-S9, 19.2R3-S5; 19.3 versions prior to 19.3R3-S6; 19.4 versions prior to 19.4R2-S7, 19.4R3-S8; 20.1 versions prior to 20.1R3-S4; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R1-S1, 21.1R2; Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-824",
"description": "CWE-824 Access of Uninitialized Pointer",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-12T00:00:00.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"url": "https://kb.juniper.net/JSA70181"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue:\nJunos OS: 15.1R7-S12, 19.1R3-S9, 19.2R1-S9, 19.2R3-S5, 19.3R3-S6, 19.4R2-S7, 19.4R3-S8, 20.1R3-S4, 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R1-S1, 21.1R2, 21.2R1, and all subsequent releases.\nJunos OS Evolved: 20.4R3-S4-EVO, 21.1R2-EVO, 21.2R1-EVO and all subsequent releases."
}
],
"source": {
"advisory": "JSA70181",
"defect": [
"1593770"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: RPD might crash when MPLS ping is performed on BGP LSPs",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue.\n\nTo reduce the risk of exploitation of this issue, use access lists or firewall filters to limit access to only trusted networks, hosts and users."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2023-22398",
"datePublished": "2023-01-12T00:00:00.000Z",
"dateReserved": "2022-12-27T00:00:00.000Z",
"dateUpdated": "2025-04-07T15:40:07.629Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22233 (GCVE-0-2022-22233)
Vulnerability from cvelistv5
Published
2022-10-18 02:46
Modified
2025-05-09 17:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An Unchecked Return Value to NULL Pointer Dereference vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). In Segment Routing (SR) to Label Distribution Protocol (LDP) interworking scenario, configured with Segment Routing Mapping Server (SRMS) at any node, when an Area Border Router (ABR) leaks the SRMS entries having "S" flag set from IS-IS Level 2 to Level 1, an rpd core might be observed when a specific low privileged CLI command is issued. This issue affects: Juniper Networks Junos OS 21.4 versions prior to 21.4R1-S2, 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R2. Juniper Networks Junos OS Evolved 21.4-EVO versions prior to 21.4R1-S2-EVO, 21.4R2-S1-EVO, 21.4R3-EVO; 22.1-EVO versions prior to 22.1R2-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 21.4R1. Juniper Networks Junos OS Evolved versions prior to 21.4R1-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA69887 |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Patch: unspecified Version: 21.4 < 21.4R1-S2, 21.4R2-S1, 21.4R3 Version: 22.1 < 22.1R2 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:07:50.057Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.juniper.net/JSA69887"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-22233",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-09T17:56:10.828053Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-09T17:56:29.500Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.4R1",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "21.4R1-S2, 21.4R2-S1, 21.4R3",
"status": "affected",
"version": "21.4",
"versionType": "custom"
},
{
"lessThan": "22.1R2",
"status": "affected",
"version": "22.1",
"versionType": "custom"
}
]
},
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.4R1-EVO",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "21.4R1-S2-EVO, 21.4R2-S1-EVO, 21.4R3-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "custom"
},
{
"lessThan": "22.1R2-EVO",
"status": "affected",
"version": "22.1-EVO",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "To be affected by the issue the device needs to be configured with ISIS L2 and L1 (neither disabled) and Segment Routing:\n\n [protocols isis interface \u003cinterface\u003e]\n [protocols isis source-packet-routing]"
}
],
"datePublic": "2022-10-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Unchecked Return Value to NULL Pointer Dereference vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). In Segment Routing (SR) to Label Distribution Protocol (LDP) interworking scenario, configured with Segment Routing Mapping Server (SRMS) at any node, when an Area Border Router (ABR) leaks the SRMS entries having \"S\" flag set from IS-IS Level 2 to Level 1, an rpd core might be observed when a specific low privileged CLI command is issued. This issue affects: Juniper Networks Junos OS 21.4 versions prior to 21.4R1-S2, 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R2. Juniper Networks Junos OS Evolved 21.4-EVO versions prior to 21.4R1-S2-EVO, 21.4R2-S1-EVO, 21.4R3-EVO; 22.1-EVO versions prior to 22.1R2-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 21.4R1. Juniper Networks Junos OS Evolved versions prior to 21.4R1-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-690",
"description": "CWE-690 Unchecked Return Value to NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-18T00:00:00.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"url": "https://kb.juniper.net/JSA69887"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: \nJunos OS: 21.4R1-S2, 21.4R2-S1, 21.4R3, 22.1R2, 22.2R1 and all subsequent releases.\nJunos OS Evolved: 21.4R1-S2-EVO, 21.4R2-S1-EVO, 21.4R3-EVO, 22.1R2-EVO, 22.2R1-EVO and all subsequent releases."
}
],
"source": {
"advisory": "JSA69887",
"defect": [
"1662559"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: In an SR to LDP interworking scenario, with SRMS, when a specific low privileged command is issued on an ABR rpd will crash",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue.\n\nTo reduce the risk of exploitation of this issue, use access lists or firewall filters to limit access to only trusted networks, hosts and users."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2022-22233",
"datePublished": "2022-10-18T02:46:35.104Z",
"dateReserved": "2021-12-21T00:00:00.000Z",
"dateUpdated": "2025-05-09T17:56:29.500Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21602 (GCVE-0-2024-21602)
Vulnerability from cvelistv5
Published
2024-01-12 00:54
Modified
2025-06-17 21:09
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS Evolved on ACX7024, ACX7100-32C and ACX7100-48L allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).
If a specific IPv4 UDP packet is received and sent to the Routing Engine (RE) packetio crashes and restarts which causes a momentary traffic interruption. Continued receipt of such packets will lead to a sustained DoS.
This issue does not happen with IPv6 packets.
This issue affects Juniper Networks Junos OS Evolved on ACX7024, ACX7100-32C and ACX7100-48L:
* 21.4-EVO versions earlier than 21.4R3-S6-EVO;
* 22.1-EVO versions earlier than 22.1R3-S5-EVO;
* 22.2-EVO versions earlier than 22.2R2-S1-EVO, 22.2R3-EVO;
* 22.3-EVO versions earlier than 22.3R2-EVO.
This issue does not affect Juniper Networks Junos OS Evolved versions earlier than 21.4R1-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportportal.juniper.net/JSA75743 | vendor-advisory | |
| https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L | technical-description |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Version: 21.4-EVO ≤ Version: 22.1-EVO ≤ Version: 22.2-EVO ≤ Version: 22.3-EVO ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:35.715Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA75743"
},
{
"tags": [
"technical-description",
"x_transferred"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21602",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-12T15:42:43.703668Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T21:09:19.515Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"ACX7024",
"ACX7100-32C",
"ACX7100-48L"
],
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.4R3-S6-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S5-EVO",
"status": "affected",
"version": "22.1-EVO",
"versionType": "semver"
},
{
"lessThan": "22.2R2-S1-EVO, 22.2R3-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R2-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-01-10T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eA NULL Pointer Dereference vulnerability in Juniper Networks Junos OS Evolved on ACX7024, ACX7100-32C and ACX7100-48L allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).\u003c/p\u003e\u003cp\u003eIf a specific IPv4 UDP packet is received and sent to the Routing Engine (RE) packetio crashes and restarts which causes a momentary traffic interruption. Continued receipt of such packets will lead to a sustained DoS.\u003c/p\u003e\u003cp\u003eThis issue does not happen with IPv6 packets.\u003c/p\u003e\u003cp\u003eThis issue affects Juniper Networks Junos OS Evolved on ACX7024, ACX7100-32C and ACX7100-48L:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e21.4-EVO versions earlier than 21.4R3-S6-EVO;\u003c/li\u003e\u003cli\u003e22.1-EVO versions earlier than 22.1R3-S5-EVO;\u003c/li\u003e\u003cli\u003e22.2-EVO versions earlier than 22.2R2-S1-EVO, 22.2R3-EVO;\u003c/li\u003e\u003cli\u003e22.3-EVO versions earlier than 22.3R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eThis issue does not affect Juniper Networks Junos OS Evolved versions earlier than 21.4R1-EVO.\u003c/p\u003e\n\n"
}
],
"value": "\nA NULL Pointer Dereference vulnerability in Juniper Networks Junos OS Evolved on ACX7024, ACX7100-32C and ACX7100-48L allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).\n\nIf a specific IPv4 UDP packet is received and sent to the Routing Engine (RE) packetio crashes and restarts which causes a momentary traffic interruption. Continued receipt of such packets will lead to a sustained DoS.\n\nThis issue does not happen with IPv6 packets.\n\nThis issue affects Juniper Networks Junos OS Evolved on ACX7024, ACX7100-32C and ACX7100-48L:\n\n\n\n * 21.4-EVO versions earlier than 21.4R3-S6-EVO;\n * 22.1-EVO versions earlier than 22.1R3-S5-EVO;\n * 22.2-EVO versions earlier than 22.2R2-S1-EVO, 22.2R3-EVO;\n * 22.3-EVO versions earlier than 22.3R2-EVO.\n\n\n\n\nThis issue does not affect Juniper Networks Junos OS Evolved versions earlier than 21.4R1-EVO.\n\n\n\n"
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e"
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-12T00:54:08.862Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA75743"
},
{
"tags": [
"technical-description"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue: 21.4R3-S6-EVO, 22.1R3-S5-EVO, 22.2R2-S1-EVO, 22.2R3-EVO, 22.3R2-EVO, 22.4R1-EVO, and all subsequent releases.\u003c/p\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue: 21.4R3-S6-EVO, 22.1R3-S5-EVO, 22.2R2-S1-EVO, 22.2R3-EVO, 22.3R2-EVO, 22.4R1-EVO, and all subsequent releases.\n\n"
}
],
"source": {
"advisory": "JSA75743",
"defect": [
"1690815"
],
"discovery": "USER"
},
"timeline": [
{
"lang": "en",
"time": "2024-01-10T17:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Junos OS Evolved: ACX7024, ACX7100-32C and ACX7100-48L: Traffic stops when a specific IPv4 UDP packet is received by the RE",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are no known workarounds for this issue.\u003c/p\u003e"
}
],
"value": "There are no known workarounds for this issue.\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-av217"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-21602",
"datePublished": "2024-01-12T00:54:08.862Z",
"dateReserved": "2023-12-27T19:38:25.707Z",
"dateUpdated": "2025-06-17T21:09:19.515Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22220 (GCVE-0-2022-22220)
Vulnerability from cvelistv5
Published
2022-10-18 02:46
Modified
2025-05-12 14:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS, Junos OS Evolved allows a network-based unauthenticated attacker to cause a Denial of Service (DoS). When a BGP flow route with redirect IP extended community is received, and the reachability to the next-hop of the corresponding redirect IP is flapping, the rpd process might crash. Whether the crash occurs depends on the timing of the internally processing of these two events and is outside the attackers control. Please note that this issue also affects Route-Reflectors unless 'routing-options flow firewall-install-disable' is configured. This issue affects: Juniper Networks Junos OS: 18.4 versions prior to 18.4R2-S10, 18.4R3-S10; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R1-S8, 19.2R3-S4; 19.4 versions prior to 19.4R3-S8; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2. Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-EVO; 21.1-EVO versions prior to 21.1R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 18.4R1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA69902 |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Patch: unspecified Version: 18.4 < 18.4R2-S10, 18.4R3-S10 Version: 19.1 < 19.1R3-S7 Version: 19.2 < 19.2R1-S8, 19.2R3-S4 Version: 19.4 < 19.4R3-S8 Version: 20.2 < 20.2R3-S3 Version: 20.3 < 20.3R3-S2 Version: 20.4 < 20.4R3 Version: 21.1 < 21.1R2 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:07:49.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.juniper.net/JSA69902"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-22220",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-12T14:43:18.952402Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-12T14:43:24.715Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "18.4R1",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "18.4R2-S10, 18.4R3-S10",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R3-S7",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R1-S8, 19.2R3-S4",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.4R3-S8",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.2R3-S3",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R3-S2",
"status": "affected",
"version": "20.3",
"versionType": "custom"
},
{
"lessThan": "20.4R3",
"status": "affected",
"version": "20.4",
"versionType": "custom"
},
{
"lessThan": "21.1R2",
"status": "affected",
"version": "21.1",
"versionType": "custom"
}
]
},
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R2-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "21.1R2-EVO",
"status": "affected",
"version": "21.1-EVO",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "To be vulnerable to this issue a device needs to be configured with a minimal BGP flow spec configuration like in the following example:\n\n [protocols bgp group \u003cgroup-name\u003e family \u003cfamily\u003e flow]"
}
],
"datePublic": "2022-10-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS, Junos OS Evolved allows a network-based unauthenticated attacker to cause a Denial of Service (DoS). When a BGP flow route with redirect IP extended community is received, and the reachability to the next-hop of the corresponding redirect IP is flapping, the rpd process might crash. Whether the crash occurs depends on the timing of the internally processing of these two events and is outside the attackers control. Please note that this issue also affects Route-Reflectors unless \u0027routing-options flow firewall-install-disable\u0027 is configured. This issue affects: Juniper Networks Junos OS: 18.4 versions prior to 18.4R2-S10, 18.4R3-S10; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R1-S8, 19.2R3-S4; 19.4 versions prior to 19.4R3-S8; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2. Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-EVO; 21.1-EVO versions prior to 21.1R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 18.4R1."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-18T00:00:00.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"url": "https://kb.juniper.net/JSA69902"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: \nJunos OS: 18.4R2-S10, 18.4R3-S10, 19.1R3-S7, 19.2R1-S8, 19.2R3-S4, 19.4R3-S8, 20.2R3-S3, 20.3R3-S2, 20.4R3, 21.1R2, 21.2R1, and all subsequent releases.\nJunos OS Evolved: 20.4R2-EVO, 21.1R2-EVO, 21.2R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA69902",
"defect": [
"1583490"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: Due to a race condition the rpd process can crash upon receipt of a BGP update message containing flow spec route",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2022-22220",
"datePublished": "2022-10-18T02:46:23.907Z",
"dateReserved": "2021-12-21T00:00:00.000Z",
"dateUpdated": "2025-05-12T14:43:24.715Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-31350 (GCVE-0-2021-31350)
Vulnerability from cvelistv5
Published
2021-10-19 18:16
Modified
2024-09-16 18:49
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An Improper Privilege Management vulnerability in the gRPC framework, used by the Juniper Extension Toolkit (JET) API on Juniper Networks Junos OS and Junos OS Evolved, allows a network-based, low-privileged authenticated attacker to perform operations as root, leading to complete compromise of the targeted system. The issue is caused by the JET service daemon (jsd) process authenticating the user, then passing configuration operations directly to the management daemon (mgd) process, which runs as root. This issue affects Juniper Networks Junos OS: 18.4 versions prior to 18.4R1-S8, 18.4R2-S8, 18.4R3-S8; 19.1 versions prior to 19.1R2-S3, 19.1R3-S5; 19.2 versions prior to 19.2R1-S7, 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R2-S3, 20.2R3; 20.3 versions prior to 20.3R2-S1, 20.3R3; 20.4 versions prior to 20.4R2. This issue does not affect Juniper Networks Junos OS versions prior to 18.4R1. Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-EVO; 21.1-EVO versions prior to 21.1R2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA11215 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Patch: unspecified Version: 18.4 < 18.4R1-S8, 18.4R2-S8, 18.4R3-S8 Version: 19.1 < 19.1R2-S3, 19.1R3-S5 Version: 19.2 < 19.2R1-S7, 19.2R3-S2 Version: 19.3 < 19.3R2-S6, 19.3R3-S2 Version: 19.4 < 19.4R1-S4, 19.4R2-S4, 19.4R3-S3 Version: 20.1 < 20.1R2-S2, 20.1R3 Version: 20.2 < 20.2R2-S3, 20.2R3 Version: 20.3 < 20.3R2-S1, 20.3R3 Version: 20.4 < 20.4R2 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:55:53.551Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11215"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "18.4R1",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "18.4R1-S8, 18.4R2-S8, 18.4R3-S8",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R2-S3, 19.1R3-S5",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R1-S7, 19.2R3-S2",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R2-S6, 19.3R3-S2",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R1-S4, 19.4R2-S4, 19.4R3-S3",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R2-S2, 20.1R3",
"status": "affected",
"version": "20.1",
"versionType": "custom"
},
{
"lessThan": "20.2R2-S3, 20.2R3",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R2-S1, 20.3R3",
"status": "affected",
"version": "20.3",
"versionType": "custom"
},
{
"lessThan": "20.4R2",
"status": "affected",
"version": "20.4",
"versionType": "custom"
}
]
},
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R2-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "21.1R2-EVO",
"status": "affected",
"version": "21.1-EVO",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "The following is an example of enabling gRPC in Junos:\n\n set system services extension-service request-response grpc ssl"
}
],
"datePublic": "2021-10-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Improper Privilege Management vulnerability in the gRPC framework, used by the Juniper Extension Toolkit (JET) API on Juniper Networks Junos OS and Junos OS Evolved, allows a network-based, low-privileged authenticated attacker to perform operations as root, leading to complete compromise of the targeted system. The issue is caused by the JET service daemon (jsd) process authenticating the user, then passing configuration operations directly to the management daemon (mgd) process, which runs as root. This issue affects Juniper Networks Junos OS: 18.4 versions prior to 18.4R1-S8, 18.4R2-S8, 18.4R3-S8; 19.1 versions prior to 19.1R2-S3, 19.1R3-S5; 19.2 versions prior to 19.2R1-S7, 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R2-S3, 20.2R3; 20.3 versions prior to 20.3R2-S1, 20.3R3; 20.4 versions prior to 20.4R2. This issue does not affect Juniper Networks Junos OS versions prior to 18.4R1. Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-EVO; 21.1-EVO versions prior to 21.1R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-19T18:16:30",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11215"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS 18.4R1-S8, 18.4R2-S8, 18.4R3-S8, 19.1R2-S3, 19.1R3-S5, 19.2R1-S7, 19.2R3-S2, 19.3R2-S6, 19.3R3-S2, 19.4R1-S4, 19.4R2-S4, 19.4R3-S3, 20.1R2-S2, 20.1R3, 20.2R2-S3, 20.2R3, 20.3R2-S1, 20.3R3, 20.4R2, 21.1R1, and all subsequent releases.\n\nJunos OS Evolved 20.4R2-EVO, 21.1R2-EVO, 21.2R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11215",
"defect": [
"1578302"
],
"discovery": "INTERNAL"
},
"title": "Junos OS and Junos OS Evolved: Privilege escalation vulnerability in Juniper Extension Toolkit (JET)",
"workarounds": [
{
"lang": "en",
"value": "Use access lists or firewall filters to limit access to the device via gRPC only from trusted hosts and from trusted administrators"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-10-13T16:00:00.000Z",
"ID": "CVE-2021-31350",
"STATE": "PUBLIC",
"TITLE": "Junos OS and Junos OS Evolved: Privilege escalation vulnerability in Juniper Extension Toolkit (JET)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R1-S8, 18.4R2-S8, 18.4R3-S8"
},
{
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R2-S3, 19.1R3-S5"
},
{
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R1-S7, 19.2R3-S2"
},
{
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R2-S6, 19.3R3-S2"
},
{
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R1-S4, 19.4R2-S4, 19.4R3-S3"
},
{
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R2-S2, 20.1R3"
},
{
"version_affected": "\u003c",
"version_name": "20.2",
"version_value": "20.2R2-S3, 20.2R3"
},
{
"version_affected": "\u003c",
"version_name": "20.3",
"version_value": "20.3R2-S1, 20.3R3"
},
{
"version_affected": "\u003c",
"version_name": "20.4",
"version_value": "20.4R2"
},
{
"version_affected": "!\u003c",
"version_value": "18.4R1"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "20.4R2-EVO"
},
{
"version_affected": "\u003c",
"version_name": "21.1-EVO",
"version_value": "21.1R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "The following is an example of enabling gRPC in Junos:\n\n set system services extension-service request-response grpc ssl"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Improper Privilege Management vulnerability in the gRPC framework, used by the Juniper Extension Toolkit (JET) API on Juniper Networks Junos OS and Junos OS Evolved, allows a network-based, low-privileged authenticated attacker to perform operations as root, leading to complete compromise of the targeted system. The issue is caused by the JET service daemon (jsd) process authenticating the user, then passing configuration operations directly to the management daemon (mgd) process, which runs as root. This issue affects Juniper Networks Junos OS: 18.4 versions prior to 18.4R1-S8, 18.4R2-S8, 18.4R3-S8; 19.1 versions prior to 19.1R2-S3, 19.1R3-S5; 19.2 versions prior to 19.2R1-S7, 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R2-S3, 20.2R3; 20.3 versions prior to 20.3R2-S1, 20.3R3; 20.4 versions prior to 20.4R2. This issue does not affect Juniper Networks Junos OS versions prior to 18.4R1. Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-EVO; 21.1-EVO versions prior to 21.1R2-EVO."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11215",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11215"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS 18.4R1-S8, 18.4R2-S8, 18.4R3-S8, 19.1R2-S3, 19.1R3-S5, 19.2R1-S7, 19.2R3-S2, 19.3R2-S6, 19.3R3-S2, 19.4R1-S4, 19.4R2-S4, 19.4R3-S3, 20.1R2-S2, 20.1R3, 20.2R2-S3, 20.2R3, 20.3R2-S1, 20.3R3, 20.4R2, 21.1R1, and all subsequent releases.\n\nJunos OS Evolved 20.4R2-EVO, 21.1R2-EVO, 21.2R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11215",
"defect": [
"1578302"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Use access lists or firewall filters to limit access to the device via gRPC only from trusted hosts and from trusted administrators"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-31350",
"datePublished": "2021-10-19T18:16:30.117409Z",
"dateReserved": "2021-04-15T00:00:00",
"dateUpdated": "2024-09-16T18:49:28.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22211 (GCVE-0-2022-22211)
Vulnerability from cvelistv5
Published
2022-10-18 02:46
Modified
2025-05-12 14:45
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A limitless resource allocation vulnerability in FPC resources of Juniper Networks Junos OS Evolved on PTX Series allows an unprivileged attacker to cause Denial of Service (DoS). Continuously polling the SNMP jnxCosQstatTable causes the FPC to run out of GUID space, causing a Denial of Service to the FPC resources. When the FPC runs out of the GUID space, you will see the following syslog messages. The evo-aftmand-bt process is asserting. fpc1 evo-aftmand-bt[17556]: %USER-3: get_next_guid: Ran out of Guid Space start 1748051689472 end 1752346656767 fpc1 audit[17556]: %AUTH-5: ANOM_ABEND auid=4294967295 uid=0 gid=0 ses=4294967295 pid=17556 comm="EvoAftManBt-mai" exe="/usr/sbin/evo-aftmand-bt" sig=6 fpc1 kernel: %KERN-5: audit: type=1701 audit(1648567505.119:57): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=17556 comm="EvoAftManBt-mai" exe="/usr/sbin/evo-aftmand-bt" sig=6 fpc1 emfd-fpa[14438]: %USER-5: Alarm set: APP color=red, class=CHASSIS, reason=Application evo-aftmand-bt fail on node Fpc1 fpc1 emfd-fpa[14438]: %USER-3-EMF_FPA_ALARM_REP: RaiseAlarm: Alarm(Location: /Chassis[0]/Fpc[1] Module: sysman Object: evo-aftmand-bt:0 Error: 2) reported fpc1 sysepochman[12738]: %USER-5-SYSTEM_REBOOT_EVENT: Reboot [node] [ungraceful reboot] [evo-aftmand-bt exited] The FPC resources can be monitored using the following commands: user@router> start shell [vrf:none] user@router-re0:~$ cli -c "show platform application-info allocations app evo-aftmand-bt" | grep ^fpc | grep -v Route | grep -i -v Nexthop | awk '{total[$1] += $5} END { for (key in total) { print key " " total[key]/4294967296 }}' Once the FPCs become unreachable they must be manually restarted as they do not self-recover. This issue affects Juniper Networks Junos OS Evolved on PTX Series: All versions prior to 20.4R3-S4-EVO; 21.1-EVO version 21.1R1-EVO and later versions; 21.2-EVO version 21.2R1-EVO and later versions; 21.3-EVO versions prior to 21.3R3-EVO; 21.4-EVO versions prior to 21.4R2-EVO; 22.1-EVO versions prior to 22.1R2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA69916 |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Version: unspecified < 20.4R3-S4-EVO Version: 21.1R1-EVO < 21.1-EVO* Version: 21.2R1-EVO < 21.2-EVO* Version: 21.3-EVO < 21.3R3-EVO Version: 21.4-EVO < 21.4R2-EVO Version: 22.1-EVO < 22.1R2-EVO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:07:49.929Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.juniper.net/JSA69916"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-22211",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-12T14:45:53.769716Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-12T14:45:58.936Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"PTX Series"
],
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S4-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "21.1-EVO*",
"status": "affected",
"version": "21.1R1-EVO",
"versionType": "custom"
},
{
"lessThan": "21.2-EVO*",
"status": "affected",
"version": "21.2R1-EVO",
"versionType": "custom"
},
{
"lessThan": "21.3R3-EVO",
"status": "affected",
"version": "21.3-EVO",
"versionType": "custom"
},
{
"lessThan": "21.4R2-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "custom"
},
{
"lessThan": "22.1R2-EVO",
"status": "affected",
"version": "22.1-EVO",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "The following minimal configuration must be present to be potentially vulnerable to this issue:\n [snmp]"
}
],
"datePublic": "2022-10-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A limitless resource allocation vulnerability in FPC resources of Juniper Networks Junos OS Evolved on PTX Series allows an unprivileged attacker to cause Denial of Service (DoS). Continuously polling the SNMP jnxCosQstatTable causes the FPC to run out of GUID space, causing a Denial of Service to the FPC resources. When the FPC runs out of the GUID space, you will see the following syslog messages. The evo-aftmand-bt process is asserting. fpc1 evo-aftmand-bt[17556]: %USER-3: get_next_guid: Ran out of Guid Space start 1748051689472 end 1752346656767 fpc1 audit[17556]: %AUTH-5: ANOM_ABEND auid=4294967295 uid=0 gid=0 ses=4294967295 pid=17556 comm=\"EvoAftManBt-mai\" exe=\"/usr/sbin/evo-aftmand-bt\" sig=6 fpc1 kernel: %KERN-5: audit: type=1701 audit(1648567505.119:57): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=17556 comm=\"EvoAftManBt-mai\" exe=\"/usr/sbin/evo-aftmand-bt\" sig=6 fpc1 emfd-fpa[14438]: %USER-5: Alarm set: APP color=red, class=CHASSIS, reason=Application evo-aftmand-bt fail on node Fpc1 fpc1 emfd-fpa[14438]: %USER-3-EMF_FPA_ALARM_REP: RaiseAlarm: Alarm(Location: /Chassis[0]/Fpc[1] Module: sysman Object: evo-aftmand-bt:0 Error: 2) reported fpc1 sysepochman[12738]: %USER-5-SYSTEM_REBOOT_EVENT: Reboot [node] [ungraceful reboot] [evo-aftmand-bt exited] The FPC resources can be monitored using the following commands: user@router\u003e start shell [vrf:none] user@router-re0:~$ cli -c \"show platform application-info allocations app evo-aftmand-bt\" | grep ^fpc | grep -v Route | grep -i -v Nexthop | awk \u0027{total[$1] += $5} END { for (key in total) { print key \" \" total[key]/4294967296 }}\u0027 Once the FPCs become unreachable they must be manually restarted as they do not self-recover. This issue affects Juniper Networks Junos OS Evolved on PTX Series: All versions prior to 20.4R3-S4-EVO; 21.1-EVO version 21.1R1-EVO and later versions; 21.2-EVO version 21.2R1-EVO and later versions; 21.3-EVO versions prior to 21.3R3-EVO; 21.4-EVO versions prior to 21.4R2-EVO; 22.1-EVO versions prior to 22.1R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-18T00:00:00.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"url": "https://kb.juniper.net/JSA69916"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue:\nJunos OS Evolved: 20.4R3-S4-EVO, 21.3R3-EVO, 21.4R2-EVO, 22.1R2-EVO, 22.2R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA69916",
"defect": [
"1657659"
],
"discovery": "USER"
},
"title": "Junos OS Evolved: PTX Series: Multiple FPCs become unreachable due to continuous polling of specific SNMP OID",
"workarounds": [
{
"lang": "en",
"value": "To apply a workaround exclude the MIB from being polled with the following configuration snippet:\n\n [snmp view cos oid 1.3.6.1.4.1.2636.3.15.4 exclude]\n [snmp community public view cos]\n\nAdditionally, disable SNMP (disabled by default), utilize edge filtering with source-address validation (uRPF, etc.), access control lists (ACLs), and/or SNMPv3 authentication to limit access to the device only from trusted hosts.\n\nIn addition to the workaround recommendations listed above, it is good security practice to limit the exploitable attack surface of critical infrastructure networking equipment. Use access lists or firewall filters to limit access to the device to only trusted networks, administrators and hosts."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2022-22211",
"datePublished": "2022-10-18T02:46:20.936Z",
"dateReserved": "2021-12-21T00:00:00.000Z",
"dateUpdated": "2025-05-12T14:45:58.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-0211 (GCVE-0-2021-0211)
Vulnerability from cvelistv5
Published
2021-01-15 17:35
Modified
2024-09-16 20:52
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved Routing Protocol Daemon (RPD) service allows an attacker to send a valid BGP FlowSpec message thereby causing an unexpected change in the route advertisements within the BGP FlowSpec domain leading to disruptions in network traffic causing a Denial of Service (DoS) condition. Continued receipt of these update messages will cause a sustained Denial of Service condition. This issue affects Juniper Networks: Junos OS: All versions prior to 17.3R3-S10 with the exceptions of 15.1X49-D240 on SRX Series and 15.1R7-S8 on EX Series; 17.3 versions prior to 17.3R3-S10; 17.4 versions prior to 17.4R2-S12, 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R2-S8, 18.2R3-S6; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R1-S8, 18.4R2-S6, 18.4R3-S6; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S3; 19.2 versions prior to 19.2R3-S1; 19.3 versions prior to 19.3R2-S5, 19.3R3-S1; 19.4 versions prior to 19.4R1-S3, 19.4R2-S3, 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R1-S3 20.2R2; 20.3 versions prior to 20.3R1-S1, 20.3R2. Junos OS Evolved: All versions prior to 20.3R1-S1-EVO, 20.3R2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA11101 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: 15.1 < 15.1R7-S8 |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:10.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11101"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"EX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "15.1R7-S8",
"status": "affected",
"version": "15.1",
"versionType": "custom"
}
]
},
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "17.3R3-S10",
"status": "affected",
"version": "17.3",
"versionType": "custom"
},
{
"lessThan": "17.4R2-S12, 17.4R3-S4",
"status": "affected",
"version": "17.4",
"versionType": "custom"
},
{
"lessThan": "18.1R3-S12",
"status": "affected",
"version": "18.1",
"versionType": "custom"
},
{
"lessThan": "18.2R2-S8, 18.2R3-S6",
"status": "affected",
"version": "18.2",
"versionType": "custom"
},
{
"lessThan": "18.3R3-S4",
"status": "affected",
"version": "18.3",
"versionType": "custom"
},
{
"lessThan": "18.4R1-S8, 18.4R2-S6, 18.4R3-S6",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R1-S6, 19.1R2-S2, 19.1R3-S3",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R3-S1",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R2-S5, 19.3R3-S1",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R1-S3, 19.4R2-S3, 19.4R3",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R2",
"status": "affected",
"version": "20.1",
"versionType": "custom"
},
{
"lessThan": "20.2R1-S3 20.2R2",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R1-S1, 20.3R2",
"status": "affected",
"version": "20.3",
"versionType": "custom"
}
]
},
{
"platforms": [
"SRX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "15.1X490-D240",
"status": "affected",
"version": "15.1X49",
"versionType": "custom"
}
]
},
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.3R1-S1-EVO, 20.3R2-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "The following minimal configuration is required to potentially hit this issue:\n\n protocols bgp family inet flow"
}
],
"datePublic": "2021-01-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved Routing Protocol Daemon (RPD) service allows an attacker to send a valid BGP FlowSpec message thereby causing an unexpected change in the route advertisements within the BGP FlowSpec domain leading to disruptions in network traffic causing a Denial of Service (DoS) condition. Continued receipt of these update messages will cause a sustained Denial of Service condition. This issue affects Juniper Networks: Junos OS: All versions prior to 17.3R3-S10 with the exceptions of 15.1X49-D240 on SRX Series and 15.1R7-S8 on EX Series; 17.3 versions prior to 17.3R3-S10; 17.4 versions prior to 17.4R2-S12, 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R2-S8, 18.2R3-S6; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R1-S8, 18.4R2-S6, 18.4R3-S6; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S3; 19.2 versions prior to 19.2R3-S1; 19.3 versions prior to 19.3R2-S5, 19.3R3-S1; 19.4 versions prior to 19.4R1-S3, 19.4R2-S3, 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R1-S3 20.2R2; 20.3 versions prior to 20.3R1-S1, 20.3R2. Junos OS Evolved: All versions prior to 20.3R1-S1-EVO, 20.3R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "754 - Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "text"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-15T17:35:57",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11101"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS: 15.1R7-S8, 15.1X49-D240, 17.3R3-S10, 17.4R2-S12, 17.4R3-S4, 18.1R3-S12, 18.2R2-S8, 18.2R3-S6, 18.3R3-S4, 18.4R1-S8, 18.4R2-S6, 18.4R3-S6, 19.1R2-S2, 19.1R3-S3, 19.2R3-S1, 19.3R2-S5, 19.3R3-S1, 19.4R1-S3, 19.4R2-S3, 19.4R3, 20.1R2, 20.2R1-S3, 20.2R2, 20.3R1-S1, 20.3R2, 20.4R1, and all subsequent releases.\n\nJunos OS Evolved: 20.3R1-S1-EVO, 20.3R2-EVO, 20.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11101",
"defect": [
"1539109"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: Upon receipt of a specific BGP FlowSpec message network traffic may be disrupted.",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-01-13T17:00:00.000Z",
"ID": "CVE-2021-0211",
"STATE": "PUBLIC",
"TITLE": "Junos OS and Junos OS Evolved: Upon receipt of a specific BGP FlowSpec message network traffic may be disrupted."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "EX Series",
"version_affected": "\u003c",
"version_name": "15.1",
"version_value": "15.1R7-S8"
},
{
"version_affected": "\u003c",
"version_name": "17.3",
"version_value": "17.3R3-S10"
},
{
"version_affected": "\u003c",
"version_name": "17.4",
"version_value": "17.4R2-S12, 17.4R3-S4"
},
{
"version_affected": "\u003c",
"version_name": "18.1",
"version_value": "18.1R3-S12"
},
{
"version_affected": "\u003c",
"version_name": "18.2",
"version_value": "18.2R2-S8, 18.2R3-S6"
},
{
"version_affected": "\u003c",
"version_name": "18.3",
"version_value": "18.3R3-S4"
},
{
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R1-S8, 18.4R2-S6, 18.4R3-S6"
},
{
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R1-S6, 19.1R2-S2, 19.1R3-S3"
},
{
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R3-S1"
},
{
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R2-S5, 19.3R3-S1"
},
{
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R1-S3, 19.4R2-S3, 19.4R3"
},
{
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R2"
},
{
"version_affected": "\u003c",
"version_name": "20.2",
"version_value": "20.2R1-S3 20.2R2"
},
{
"version_affected": "\u003c",
"version_name": "20.3",
"version_value": "20.3R1-S1, 20.3R2"
},
{
"platform": "SRX Series",
"version_affected": "\u003c",
"version_name": "15.1X49",
"version_value": "15.1X490-D240"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "20.3R1-S1-EVO, 20.3R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "The following minimal configuration is required to potentially hit this issue:\n\n protocols bgp family inet flow"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved Routing Protocol Daemon (RPD) service allows an attacker to send a valid BGP FlowSpec message thereby causing an unexpected change in the route advertisements within the BGP FlowSpec domain leading to disruptions in network traffic causing a Denial of Service (DoS) condition. Continued receipt of these update messages will cause a sustained Denial of Service condition. This issue affects Juniper Networks: Junos OS: All versions prior to 17.3R3-S10 with the exceptions of 15.1X49-D240 on SRX Series and 15.1R7-S8 on EX Series; 17.3 versions prior to 17.3R3-S10; 17.4 versions prior to 17.4R2-S12, 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R2-S8, 18.2R3-S6; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R1-S8, 18.4R2-S6, 18.4R3-S6; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S3; 19.2 versions prior to 19.2R3-S1; 19.3 versions prior to 19.3R2-S5, 19.3R3-S1; 19.4 versions prior to 19.4R1-S3, 19.4R2-S3, 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R1-S3 20.2R2; 20.3 versions prior to 20.3R1-S1, 20.3R2. Junos OS Evolved: All versions prior to 20.3R1-S1-EVO, 20.3R2-EVO."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "754 - Improper Check for Unusual or Exceptional Conditions"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11101",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11101"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS: 15.1R7-S8, 15.1X49-D240, 17.3R3-S10, 17.4R2-S12, 17.4R3-S4, 18.1R3-S12, 18.2R2-S8, 18.2R3-S6, 18.3R3-S4, 18.4R1-S8, 18.4R2-S6, 18.4R3-S6, 19.1R2-S2, 19.1R3-S3, 19.2R3-S1, 19.3R2-S5, 19.3R3-S1, 19.4R1-S3, 19.4R2-S3, 19.4R3, 20.1R2, 20.2R1-S3, 20.2R2, 20.3R1-S1, 20.3R2, 20.4R1, and all subsequent releases.\n\nJunos OS Evolved: 20.3R1-S1-EVO, 20.3R2-EVO, 20.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11101",
"defect": [
"1539109"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0211",
"datePublished": "2021-01-15T17:35:57.520545Z",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-09-16T20:52:46.854Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21614 (GCVE-0-2024-21614)
Vulnerability from cvelistv5
Published
2024-01-12 00:56
Modified
2025-06-17 21:09
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An Improper Check for Unusual or Exceptional Conditions vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause rpd to crash, leading to Denial of Service (DoS).
On all Junos OS and Junos OS Evolved platforms, when NETCONF and gRPC are enabled, and a specific query is executed via Dynamic Rendering (DREND), rpd will crash and restart. Continuous execution of this specific query will cause a sustained Denial of Service (DoS) condition.
This issue affects:
Juniper Networks Junos OS
* 22.2 versions earlier than 22.2R2-S2, 22.2R3;
* 22.3 versions earlier than 22.3R2, 22.3R3.
Juniper Networks Junos OS Evolved
* 22.2 versions earlier than 22.2R2-S2-EVO, 22.2R3-EVO;
* 22.3 versions earlier than 22.3R2-EVO, 22.3R3-EVO.
This issue does not affect Juniper Networks:
Junos OS versions earlier than 22.2R1;
Junos OS Evolved versions earlier than 22.2R1-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportportal.juniper.net/JSA75755 | vendor-advisory | |
| https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N | technical-description |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: 22.2 ≤ Version: 22.3 ≤ |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:35.708Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA75755"
},
{
"tags": [
"technical-description",
"x_transferred"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21614",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-12T15:43:59.854503Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T21:09:20.833Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "22.2R2-S2, 22.2R3",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R2, 22.3R3",
"status": "affected",
"version": "22.3",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "22.2R2-S2-EVO, 22.2R3-EVO",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R2-EVO, 22.3R3-EVO",
"status": "affected",
"version": "22.3",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eFor this issue to occur, NETCONF and gRPC should be enabled.\u003c/p\u003e\u003ccode\u003e [ netconf ssh ]\u003c/code\u003e\u003cbr/\u003e\u003ccode\u003e [ system services extension-service request-response grpc ]\u003c/code\u003e\u003cbr/\u003e"
}
],
"value": "For this issue to occur, NETCONF and gRPC should be enabled.\n\n [ netconf ssh ]\n [ system services extension-service request-response grpc ]\n"
}
],
"datePublic": "2024-01-10T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eAn Improper Check for Unusual or Exceptional Conditions vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause rpd to crash, leading to Denial of Service (DoS).\u003c/p\u003e\u003cp\u003eOn all Junos OS and Junos OS Evolved platforms, when NETCONF and gRPC are enabled, and a specific query is executed via Dynamic Rendering (DREND), rpd will crash and restart. Continuous execution of this specific query will cause a sustained Denial of Service (DoS) condition.\u003c/p\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJuniper Networks Junos OS\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e22.2 versions earlier than 22.2R2-S2, 22.2R3;\u003c/li\u003e\u003cli\u003e22.3 versions earlier than 22.3R2, 22.3R3.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eJuniper Networks Junos OS Evolved\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e22.2 versions earlier than 22.2R2-S2-EVO, 22.2R3-EVO;\u003c/li\u003e\u003cli\u003e22.3 versions earlier than 22.3R2-EVO, 22.3R3-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eThis issue does not affect Juniper Networks:\u003c/p\u003e\u003cp\u003eJunos OS versions earlier than 22.2R1;\u003c/p\u003e\u003cp\u003eJunos OS Evolved versions earlier than 22.2R1-EVO.\u003c/p\u003e\n\n"
}
],
"value": "\nAn Improper Check for Unusual or Exceptional Conditions vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause rpd to crash, leading to Denial of Service (DoS).\n\nOn all Junos OS and Junos OS Evolved platforms, when NETCONF and gRPC are enabled, and a specific query is executed via Dynamic Rendering (DREND), rpd will crash and restart. Continuous execution of this specific query will cause a sustained Denial of Service (DoS) condition.\n\nThis issue affects:\n\nJuniper Networks Junos OS\n\n\n\n * 22.2 versions earlier than 22.2R2-S2, 22.2R3;\n * 22.3 versions earlier than 22.3R2, 22.3R3.\n\n\n\n\nJuniper Networks Junos OS Evolved\n\n\n\n * 22.2 versions earlier than 22.2R2-S2-EVO, 22.2R3-EVO;\n * 22.3 versions earlier than 22.3R2-EVO, 22.3R3-EVO.\n\n\n\n\nThis issue does not affect Juniper Networks:\n\nJunos OS versions earlier than 22.2R1;\n\nJunos OS Evolved versions earlier than 22.2R1-EVO.\n\n\n\n"
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e"
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-12T00:56:05.953Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA75755"
},
{
"tags": [
"technical-description"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue.\u003c/p\u003e\u003cp\u003eJunos OS: 22.2R2-S2, 22.2R3, 22.3R2, 22.3R3, 22.4R1, and all subsequent releases.\u003c/p\u003e\u003cp\u003eJunos OS Evolved: 22.2R2-S2-EVO, 22.2R3-EVO, 22.3R2-EVO, 22.3R3-EVO, 22.4R1-EVO, and all subsequent releases.\u003c/p\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue.\n\nJunos OS: 22.2R2-S2, 22.2R3, 22.3R2, 22.3R3, 22.4R1, and all subsequent releases.\n\nJunos OS Evolved: 22.2R2-S2-EVO, 22.2R3-EVO, 22.3R2-EVO, 22.3R3-EVO, 22.4R1-EVO, and all subsequent releases.\n\n"
}
],
"source": {
"advisory": "JSA75755",
"defect": [
"1697622"
],
"discovery": "USER"
},
"timeline": [
{
"lang": "en",
"time": "2024-01-10T17:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Junos OS and Junos OS Evolved: A specific query via DREND causes rpd crash",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are no known workarounds for this issue.\u003c/p\u003e"
}
],
"value": "There are no known workarounds for this issue.\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-av217"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-21614",
"datePublished": "2024-01-12T00:56:05.953Z",
"dateReserved": "2023-12-27T19:38:25.709Z",
"dateUpdated": "2025-06-17T21:09:20.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-31383 (GCVE-0-2021-31383)
Vulnerability from cvelistv5
Published
2021-10-19 18:17
Modified
2024-09-16 20:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In Point to MultiPoint (P2MP) scenarios within established sessions between network or adjacent neighbors the improper use of a source to destination copy write operation combined with a Stack-based Buffer Overflow on certain specific packets processed by the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved sent by a remote unauthenticated network attacker causes the RPD to crash causing a Denial of Service (DoS). Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS 19.2 versions prior to 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R2-S3, 20.2R3; 20.3 versions prior to 20.3R2. This issue does not affect Juniper Networks Junos OS versions prior to 19.2R1. Juniper Networks Junos OS Evolved 20.1 versions prior to 20.1R3-EVO; 20.2 versions prior to 20.2R3-EVO; 20.3 versions prior to 20.3R2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA11251 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Patch: unspecified Version: 19.2 < 19.2R3-S2 Version: 19.3 < 19.3R2-S6, 19.3R3-S2 Version: 19.4 < 19.4R1-S4, 19.4R2-S4, 19.4R3-S3 Version: 20.1 < 20.1R2-S2, 20.1R3 Version: 20.2 < 20.2R2-S3, 20.2R3 Version: 20.3 < 20.3R2 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:55:53.730Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11251"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "19.2R1",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "19.2R3-S2",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R2-S6, 19.3R3-S2",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R1-S4, 19.4R2-S4, 19.4R3-S3",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R2-S2, 20.1R3",
"status": "affected",
"version": "20.1",
"versionType": "custom"
},
{
"lessThan": "20.2R2-S3, 20.2R3",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R2",
"status": "affected",
"version": "20.3",
"versionType": "custom"
}
]
},
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.1R3-EVO",
"status": "affected",
"version": "20.1",
"versionType": "custom"
},
{
"lessThan": "20.2R3-EVO",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R2-EVO",
"status": "affected",
"version": "20.3",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "The following configuration is required for Junos OS:\n [protocols ldp p2mp]\n [protocols ldp interface \"interface\"]\n [protocols ldp traffic-statistics {sensor-based-stats;}]\n\nThe following configuration is required for Junos OS Evolved: \n [configuration protocols ldp p2mp]\n [configuration protocols ldp interface \"interface\"]"
}
],
"datePublic": "2021-10-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Point to MultiPoint (P2MP) scenarios within established sessions between network or adjacent neighbors the improper use of a source to destination copy write operation combined with a Stack-based Buffer Overflow on certain specific packets processed by the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved sent by a remote unauthenticated network attacker causes the RPD to crash causing a Denial of Service (DoS). Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS 19.2 versions prior to 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R2-S3, 20.2R3; 20.3 versions prior to 20.3R2. This issue does not affect Juniper Networks Junos OS versions prior to 19.2R1. Juniper Networks Junos OS Evolved 20.1 versions prior to 20.1R3-EVO; 20.2 versions prior to 20.2R3-EVO; 20.3 versions prior to 20.3R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "improper usage of a source to destination copy write operation",
"lang": "en",
"type": "text"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-19T18:17:26",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11251"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS: 19.2R3-S2, 19.3R2-S6, 19.3R3-S2, 19.4R1-S4, 19.4R2-S4, 19.4R3-S3, 20.1R2-S2, 20.1R3, 20.2R2-S3, 20.2R3, 20.3R2, 20.4R1, and all subsequent releases.\n\nJunos OS Evolved: 20.1R3-EVO, 20.2R3-EVO, 20.3R2-EVO, 20.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11251",
"defect": [
"1558672"
],
"discovery": "INTERNAL"
},
"title": "Junos OS and Junos OS Evolved: In Point to MultiPoint (P2MP) scenarios receipt of various crafted packets causes RPD to core.",
"workarounds": [
{
"lang": "en",
"value": "For Junos OS you can remove the traffic-statistics from the configuration to work around this issue.\n\n [protoccols ldp traffic-statistics {sensor-based-stats;}]\n\nFor Junos OS Evolved there are no viable workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-10-13T16:00:00.000Z",
"ID": "CVE-2021-31383",
"STATE": "PUBLIC",
"TITLE": "Junos OS and Junos OS Evolved: In Point to MultiPoint (P2MP) scenarios receipt of various crafted packets causes RPD to core."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R3-S2"
},
{
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R2-S6, 19.3R3-S2"
},
{
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R1-S4, 19.4R2-S4, 19.4R3-S3"
},
{
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R2-S2, 20.1R3"
},
{
"version_affected": "\u003c",
"version_name": "20.2",
"version_value": "20.2R2-S3, 20.2R3"
},
{
"version_affected": "\u003c",
"version_name": "20.3",
"version_value": "20.3R2"
},
{
"version_affected": "!\u003c",
"version_value": "19.2R1"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R3-EVO"
},
{
"version_affected": "\u003c",
"version_name": "20.2",
"version_value": "20.2R3-EVO"
},
{
"version_affected": "\u003c",
"version_name": "20.3",
"version_value": "20.3R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "The following configuration is required for Junos OS:\n [protocols ldp p2mp]\n [protocols ldp interface \"interface\"]\n [protocols ldp traffic-statistics {sensor-based-stats;}]\n\nThe following configuration is required for Junos OS Evolved: \n [configuration protocols ldp p2mp]\n [configuration protocols ldp interface \"interface\"]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Point to MultiPoint (P2MP) scenarios within established sessions between network or adjacent neighbors the improper use of a source to destination copy write operation combined with a Stack-based Buffer Overflow on certain specific packets processed by the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved sent by a remote unauthenticated network attacker causes the RPD to crash causing a Denial of Service (DoS). Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS 19.2 versions prior to 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R2-S3, 20.2R3; 20.3 versions prior to 20.3R2. This issue does not affect Juniper Networks Junos OS versions prior to 19.2R1. Juniper Networks Junos OS Evolved 20.1 versions prior to 20.1R3-EVO; 20.2 versions prior to 20.2R3-EVO; 20.3 versions prior to 20.3R2-EVO."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "improper usage of a source to destination copy write operation"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11251",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11251"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS: 19.2R3-S2, 19.3R2-S6, 19.3R3-S2, 19.4R1-S4, 19.4R2-S4, 19.4R3-S3, 20.1R2-S2, 20.1R3, 20.2R2-S3, 20.2R3, 20.3R2, 20.4R1, and all subsequent releases.\n\nJunos OS Evolved: 20.1R3-EVO, 20.2R3-EVO, 20.3R2-EVO, 20.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11251",
"defect": [
"1558672"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "For Junos OS you can remove the traffic-statistics from the configuration to work around this issue.\n\n [protoccols ldp traffic-statistics {sensor-based-stats;}]\n\nFor Junos OS Evolved there are no viable workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-31383",
"datePublished": "2021-10-19T18:17:26.471382Z",
"dateReserved": "2021-04-15T00:00:00",
"dateUpdated": "2024-09-16T20:21:34.268Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-30386 (GCVE-0-2024-30386)
Vulnerability from cvelistv5
Published
2024-04-12 15:23
Modified
2024-08-02 01:32
Severity ?
5.3 (Medium) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
7.1 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
7.1 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
VLAI Severity ?
EPSS score ?
Summary
A Use-After-Free vulnerability in the Layer 2 Address Learning Daemon (l2ald)
of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause l2ald to crash leading to a Denial-of-Service (DoS).
In an EVPN-VXLAN scenario, when
state updates are received and processed by the affected system, the correct order of some processing steps is not ensured, which can lead to an l2ald crash and restart. Whether the crash occurs depends on system internal timing which is outside the attackers control.
This issue affects:
Junos OS:
* All versions before 20.4R3-S8,
* 21.2 versions before 21.2R3-S6,
* 21.3 versions before 21.3R3-S5,
* 21.4 versions before 21.4R3-S4,
* 22.1 versions before 22.1R3-S3,
* 22.2 versions before 22.2R3-S1,
* 22.3 versions before 22.3R3,,
* 22.4 versions before 22.4R2;
Junos OS Evolved:
* All versions before 20.4R3-S8-EVO,
* 21.2-EVO versions before 21.2R3-S6-EVO,
* 21.3-EVO
versions before 21.3R3-S5-EVO,
* 21.4-EVO
versions before 21.4R3-S4-EVO,
* 22.1-EVO
versions before 22.1R3-S3-EVO,
* 22.2-EVO
versions before 22.2R3-S1-EVO,
* 22.3-EVO
versions before 22.3R3-EVO,
* 22.4-EVO
versions before 22.4R2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| http://supportportal.juniper.net/JSA79184 | vendor-advisory | |
| https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L | technical-description |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: 0 ≤ Version: 21.2 ≤ Version: 21.3 ≤ Version: 21.4 ≤ Version: 22.1 ≤ Version: 22.2 ≤ Version: 22.3 ≤ Version: 22.4 ≤ |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-30386",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-12T17:34:57.452134Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:39:00.999Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:32:07.240Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://supportportal.juniper.net/JSA79184"
},
{
"tags": [
"technical-description",
"x_transferred"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.2R3-S6",
"status": "affected",
"version": "21.2",
"versionType": "semver"
},
{
"lessThan": "21.3R3-S5",
"status": "affected",
"version": "21.3",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S4",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S3",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S1",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R2",
"status": "affected",
"version": "22.4",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S8-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.2R3-S6-EVO",
"status": "affected",
"version": "21.2-EVO",
"versionType": "semver"
},
{
"lessThan": "21.3R3-S5-EVO",
"status": "affected",
"version": "21.3-EVO",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S4-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S3-EVO",
"status": "affected",
"version": "22.1-EVO",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S1-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R3-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R2-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(251, 251, 251);\"\u003eTo be exposed to this issue the device must be configured for EVPN-VXLAN. Refer to product documentation for how to configure EVPN-VXLAN as there are different configuration options.\u003c/span\u003e"
}
],
"value": "To be exposed to this issue the device must be configured for EVPN-VXLAN. Refer to product documentation for how to configure EVPN-VXLAN as there are different configuration options."
}
],
"datePublic": "2024-04-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Use-After-Free vulnerability in the\u0026nbsp;\u003cspan style=\"background-color: rgb(251, 251, 251);\"\u003eLayer 2 Address Learning Daemon (l2ald)\u003c/span\u003e\n\n of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause l2ald to crash leading to a Denial-of-Service (DoS).\u003cbr\u003e\u003cbr\u003eIn an EVPN-VXLAN scenario,\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ewhen \u003c/span\u003e\n\nstate updates are received and processed by the affected system, the correct order of some processing steps is not ensured, which can lead to an l2ald crash and restart. Whether the crash occurs depends on system internal timing which is outside the attackers control.\u003cbr\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJunos OS:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 20.4R3-S8,\u003c/li\u003e\u003cli\u003e21.2 versions before 21.2R3-S6,\u003c/li\u003e\u003cli\u003e21.3 versions before 21.3R3-S5,\u003c/li\u003e\u003cli\u003e21.4 versions before 21.4R3-S4,\u003c/li\u003e\u003cli\u003e22.1 versions before 22.1R3-S3,\u003c/li\u003e\u003cli\u003e22.2 versions before 22.2R3-S1,\u003c/li\u003e\u003cli\u003e22.3 versions before 22.3R3,,\u003c/li\u003e\u003cli\u003e22.4 versions before 22.4R2;\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eJunos OS Evolved:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 20.4R3-S8-EVO,\u003c/li\u003e\u003cli\u003e21.2-EVO versions before 21.2R3-S6-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003e21.3-EVO\n\n versions before 21.3R3-S5-EVO,\u003c/li\u003e\u003cli\u003e21.4-EVO\n\n versions before 21.4R3-S4-EVO,\u003c/li\u003e\u003cli\u003e22.1-EVO\n\n versions before 22.1R3-S3-EVO,\u003c/li\u003e\u003cli\u003e22.2-EVO\n\n versions before 22.2R3-S1-EVO,\u003c/li\u003e\u003cli\u003e22.3-EVO\n\n versions before 22.3R3-EVO,\u003c/li\u003e\u003cli\u003e22.4-EVO\n\n\u003cspan style=\"background-color: var(--wht);\"\u003e versions before 22.4R2-EVO.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "A Use-After-Free vulnerability in the\u00a0Layer 2 Address Learning Daemon (l2ald)\n\n of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause l2ald to crash leading to a Denial-of-Service (DoS).\n\nIn an EVPN-VXLAN scenario,\u00a0when \n\nstate updates are received and processed by the affected system, the correct order of some processing steps is not ensured, which can lead to an l2ald crash and restart. Whether the crash occurs depends on system internal timing which is outside the attackers control.\nThis issue affects:\n\nJunos OS:\u00a0\n\n\n\n * All versions before 20.4R3-S8,\n * 21.2 versions before 21.2R3-S6,\n * 21.3 versions before 21.3R3-S5,\n * 21.4 versions before 21.4R3-S4,\n * 22.1 versions before 22.1R3-S3,\n * 22.2 versions before 22.2R3-S1,\n * 22.3 versions before 22.3R3,,\n * 22.4 versions before 22.4R2;\n\n\n\n\nJunos OS Evolved:\u00a0\n\n\n\n * All versions before 20.4R3-S8-EVO,\n * 21.2-EVO versions before 21.2R3-S6-EVO,\u00a0\n * 21.3-EVO\n\n versions before 21.3R3-S5-EVO,\n * 21.4-EVO\n\n versions before 21.4R3-S4-EVO,\n * 22.1-EVO\n\n versions before 22.1R3-S3-EVO,\n * 22.2-EVO\n\n versions before 22.2R3-S1-EVO,\n * 22.3-EVO\n\n versions before 22.3R3-EVO,\n * 22.4-EVO\n\n versions before 22.4R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial-of-Service (DoS)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:15:40.526Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "http://supportportal.juniper.net/JSA79184"
},
{
"tags": [
"technical-description"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue:\u003cbr\u003eJunos OS: 20.4R3-S8, 21.2R3-S6, 21.3R3-S5, 21.4R3-S4, 21.4R3-S5, 22.1R3-S3, 22.2R3-S1, 22.3R3, 22.3R3-S2, 22.4R2, 23.2R1, and all subsequent releases;\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eJunos OS Evolved: 20.4R3-S8-EVO, 21.2R3-S6-EVO, 21.3R3-S5-EVO, 21.4R3-S4-EVO, 22.1R3-S3-EVO, 22.2R3-S1-EVO, 22.3R3-EVO, 22.4R2-EVO, 23.2R1-EVO, and all subsequent releases.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue:\nJunos OS: 20.4R3-S8, 21.2R3-S6, 21.3R3-S5, 21.4R3-S4, 21.4R3-S5, 22.1R3-S3, 22.2R3-S1, 22.3R3, 22.3R3-S2, 22.4R2, 23.2R1, and all subsequent releases;\n\n\nJunos OS Evolved: 20.4R3-S8-EVO, 21.2R3-S6-EVO, 21.3R3-S5-EVO, 21.4R3-S4-EVO, 22.1R3-S3-EVO, 22.2R3-S1-EVO, 22.3R3-EVO, 22.4R2-EVO, 23.2R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA79184",
"defect": [
"1700170"
],
"discovery": "INTERNAL"
},
"title": "Junos OS and Junos OS Evolved: In a EVPN-VXLAN scenario state changes on adjacent systems can cause an l2ald process crash",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are no known workarounds for this issue.\u003c/p\u003e"
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-30386",
"datePublished": "2024-04-12T15:23:24.249Z",
"dateReserved": "2024-03-26T23:06:12.476Z",
"dateUpdated": "2024-08-02T01:32:07.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-44175 (GCVE-0-2023-44175)
Vulnerability from cvelistv5
Published
2023-10-12 22:59
Modified
2024-09-19 13:10
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A Reachable Assertion vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows to send specific genuine PIM packets to the device resulting in rpd to crash causing a Denial of Service (DoS).
Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.
Note: This issue is not noticed when all the devices in the network are Juniper devices.
This issue affects Juniper Networks:
Junos OS:
* All versions prior to 20.4R3-S7;
* 21.2 versions prior to 21.2R3-S5;
* 21.3 versions prior to 21.3R3-S4;
* 21.4 versions prior to 21.4R3-S4;
* 22.1 versions prior to 22.1R3-S4;
* 22.2 versions prior to 22.2R3;
* 22.3 versions prior to 22.3R3;
* 22.4 versions prior to 22.4R3.
Junos OS Evolved:
* All versions prior to 22.3R3-EVO;
* 22.4-EVO versions prior to 22.4R3-EVO;
* 23.2-EVO versions prior to 23.2R1-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportportal.juniper.net/JSA73141 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: 0 ≤ Version: 21.1 ≤ Version: 21.2 ≤ Version: 21.3 ≤ Version: 21.4 ≤ Version: 22.1 ≤ Version: 22.2 ≤ Version: 22.3 ≤ Version: 22.4 ≤ |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:59:51.593Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA73141"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-44175",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T13:10:37.854157Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T13:10:45.668Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S7",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.1R3-S4",
"status": "affected",
"version": "21.1",
"versionType": "semver"
},
{
"lessThan": "21.2R3-S5",
"status": "affected",
"version": "21.2",
"versionType": "semver"
},
{
"lessThan": "21.3R3-S4",
"status": "affected",
"version": "21.3",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S4",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S4",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "22.3R3-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "22.4R3-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
},
{
"lessThan": "23.2R1-EVO",
"status": "affected",
"version": "23.2-EVO",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThis issue is applicable to devices where PIM is enabled.\u003c/p\u003e\u003ctt\u003e[protocols pim]\u003cbr\u003e\u003c/tt\u003e\u003ctt\u003e[protocols pim rp config]\u003cbr\u003e\u003c/tt\u003e\u003ctt\u003e[protocols pim interface ]\u003c/tt\u003e"
}
],
"value": "This issue is applicable to devices where PIM is enabled.\n\n[protocols pim]\n[protocols pim rp config]\n[protocols pim interface ]"
}
],
"datePublic": "2023-10-11T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eA Reachable Assertion vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows to send specific genuine PIM packets to the device resulting in rpd to crash causing a Denial of Service (DoS).\u003c/p\u003e\u003cp\u003eContinued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.\u003c/p\u003e\u003cp\u003eNote: This issue is not noticed when all the devices in the network are Juniper devices.\u003c/p\u003e\u003cp\u003eThis issue affects Juniper Networks:\u003c/p\u003e\u003cp\u003eJunos OS:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions prior to 20.4R3-S7;\u003c/li\u003e\u003cli\u003e21.2 versions prior to 21.2R3-S5;\u003c/li\u003e\u003cli\u003e21.3 versions prior to 21.3R3-S4;\u003c/li\u003e\u003cli\u003e21.4 versions prior to 21.4R3-S4;\u003c/li\u003e\u003cli\u003e22.1 versions prior to 22.1R3-S4;\u003c/li\u003e\u003cli\u003e22.2 versions prior to 22.2R3;\u003c/li\u003e\u003cli\u003e22.3 versions prior to 22.3R3;\u003c/li\u003e\u003cli\u003e22.4 versions prior to 22.4R3.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eJunos OS Evolved:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions prior to 22.3R3-EVO;\u003c/li\u003e\u003cli\u003e22.4-EVO versions prior to 22.4R3-EVO;\u003c/li\u003e\u003cli\u003e23.2-EVO versions prior to 23.2R1-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\n\n"
}
],
"value": "\nA Reachable Assertion vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows to send specific genuine PIM packets to the device resulting in rpd to crash causing a Denial of Service (DoS).\n\nContinued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.\n\nNote: This issue is not noticed when all the devices in the network are Juniper devices.\n\nThis issue affects Juniper Networks:\n\nJunos OS:\n\n\n\n * All versions prior to 20.4R3-S7;\n * 21.2 versions prior to 21.2R3-S5;\n * 21.3 versions prior to 21.3R3-S4;\n * 21.4 versions prior to 21.4R3-S4;\n * 22.1 versions prior to 22.1R3-S4;\n * 22.2 versions prior to 22.2R3;\n * 22.3 versions prior to 22.3R3;\n * 22.4 versions prior to 22.4R3.\n\n\n\n\nJunos OS Evolved:\n\n\n\n * All versions prior to 22.3R3-EVO;\n * 22.4-EVO versions prior to 22.4R3-EVO;\n * 23.2-EVO versions prior to 23.2R1-EVO.\n\n\n\n\n\n\n"
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e"
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "CWE-617 Reachable Assertion",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-12T22:59:53.340Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA73141"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue:\u003c/p\u003e\u003cp\u003eJunos OS: 20.4R3-S7, 21.2R3-S5, 21.3R3-S4, 21.4R3-S4, 22.1R3-S4, 22.2R3, 22.3R2-S1, 22.3R3, 22.4R2, 22.4R3, 23.2R1, and all subsequent releases.\u003c/p\u003e\u003cp\u003eJunos OS Evolved: 22.3R3-EVO, 22.4R3-EVO, 23.2R1-EVO, and all subsequent releases.\u003c/p\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 20.4R3-S7, 21.2R3-S5, 21.3R3-S4, 21.4R3-S4, 22.1R3-S4, 22.2R3, 22.3R2-S1, 22.3R3, 22.4R2, 22.4R3, 23.2R1, and all subsequent releases.\n\nJunos OS Evolved: 22.3R3-EVO, 22.4R3-EVO, 23.2R1-EVO, and all subsequent releases.\n\n"
}
],
"source": {
"advisory": "JSA73141",
"defect": [
"1719596"
],
"discovery": "USER"
},
"timeline": [
{
"lang": "en",
"time": "2023-10-11T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Junos OS and Junos OS Evolved: Receipt of a specific genuine PIM packet causes RPD crash",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are no known workarounds for this issue.\u003c/p\u003e"
}
],
"value": "There are no known workarounds for this issue.\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-av217"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2023-44175",
"datePublished": "2023-10-12T22:59:53.340Z",
"dateReserved": "2023-09-26T19:30:17.662Z",
"dateUpdated": "2024-09-19T13:10:45.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-36833 (GCVE-0-2023-36833)
Vulnerability from cvelistv5
Published
2023-07-14 16:56
Modified
2024-10-22 14:31
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A Use After Free vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS Evolved on PTX10001-36MR, and PTX10004, PTX10008, PTX10016 with LC1201/1202 allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS).
The process 'aftman-bt' will crash after multiple flaps on a multicast-only fast reroute (MoFRR) enabled interface. This will cause the respective FPC to stop forwarding traffic and it needs to be rebooted to restore the service.
An indication that the system experienced this issue is the following log message:
<date> <hostname> evo-aftmand-bt[<pid>]: [Error] jexpr_fdb: sanity check failed, ... , app_name L3 Mcast Routes
This issue affects Juniper Networks Junos OS Evolved on PTX10001-36MR, PTX10004, PTX10008, PTX10016 with LC1201/1202:
21.2 version 21.2R1-EVO and later versions;
21.3 version 21.3R1-EVO and later versions;
21.4 versions prior to 21.4R3-S3-EVO;
22.1 version 22.1R1-EVO and later versions;
22.2 versions prior to 22.2R3-S2-EVO;
22.3 versions prior to 22.3R3-EVO;
22.4 versions prior to 22.4R1-S2-EVO, 22.4R2-EVO.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Version: 21.2 < 21.2* Version: 21.3 < 21.3* Version: 21.4 < 21.4R3-S3-EVO Version: 22.1 < 22.1* Version: 22.2 < 22.2R3-S2-EVO Version: 22.3 < 22.3R3-EVO Version: 22.4 < 22.4R1-S2-EVO, 22.4R2-EVO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:01:09.767Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA71640"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36833",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T14:20:03.605266Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T14:31:21.501Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"PTX10001-36MR",
"PTX10004",
"PTX10008",
"PTX10016"
],
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"changes": [
{
"at": "21.2R1-EVO",
"status": "affected"
}
],
"lessThan": "21.2*",
"status": "affected",
"version": "21.2",
"versionType": "custom"
},
{
"changes": [
{
"at": "21.3R1-EVO",
"status": "affected"
}
],
"lessThan": "21.3*",
"status": "affected",
"version": "21.3",
"versionType": "custom"
},
{
"lessThan": "21.4R3-S3-EVO",
"status": "affected",
"version": "21.4",
"versionType": "custom"
},
{
"changes": [
{
"at": "22.1R1-EVO",
"status": "affected"
}
],
"lessThan": "22.1*",
"status": "affected",
"version": "22.1",
"versionType": "custom"
},
{
"lessThan": "22.2R3-S2-EVO",
"status": "affected",
"version": "22.2",
"versionType": "custom"
},
{
"lessThan": "22.3R3-EVO",
"status": "affected",
"version": "22.3",
"versionType": "custom"
},
{
"lessThan": "22.4R1-S2-EVO, 22.4R2-EVO",
"status": "affected",
"version": "22.4",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "To be exposed to this issue an interfaces need to be configured for multicast-only fast reroute (MoFRR) as follows:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e\u0026nbsp; [ routing-options multicast stream-protection ]\u003c/tt\u003e"
}
],
"value": "To be exposed to this issue an interfaces need to be configured for multicast-only fast reroute (MoFRR) as follows:\n\n\u00a0 [ routing-options multicast stream-protection ]"
}
],
"datePublic": "2023-07-12T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Use After Free vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS Evolved on PTX10001-36MR, and PTX10004, PTX10008, PTX10016 with LC1201/1202 allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003eThe process \u0027aftman-bt\u0027 will crash after multiple flaps on a multicast-only fast reroute (MoFRR) enabled interface. This will cause the respective FPC to stop forwarding traffic and it needs to be rebooted to restore the service.\u003cbr\u003e\u003cbr\u003eAn indication that the system experienced this issue is the following log message:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e\u0026nbsp; \u0026lt;date\u0026gt; \u0026lt;hostname\u0026gt; evo-aftmand-bt[\u0026lt;pid\u0026gt;]: [Error] jexpr_fdb: sanity check failed, ... , app_name L3 Mcast Routes\u003cbr\u003e\u003cbr\u003e\n\n\u003c/tt\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis issue affects Juniper Networks Junos OS Evolved on PTX10001-36MR, PTX10004, PTX10008, PTX10016 with LC1201/1202:\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e21.2 version 21.2R1-EVO and later versions;\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e21.3 version 21.3R1-EVO and later versions;\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e21.4 versions prior to 21.4R3-S3-EVO;\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e22.1 version 22.1R1-EVO and later versions;\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e22.2 versions prior to 22.2R3-S2-EVO;\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e22.3 versions prior to 22.3R3-EVO;\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e22.4 versions prior to 22.4R1-S2-EVO, 22.4R2-EVO.\u003c/span\u003e\u003cbr\u003e\u003ctt\u003e\n\n\u003cbr\u003e\u003c/tt\u003e"
}
],
"value": "A Use After Free vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS Evolved on PTX10001-36MR, and PTX10004, PTX10008, PTX10016 with LC1201/1202 allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS).\n\nThe process \u0027aftman-bt\u0027 will crash after multiple flaps on a multicast-only fast reroute (MoFRR) enabled interface. This will cause the respective FPC to stop forwarding traffic and it needs to be rebooted to restore the service.\n\nAn indication that the system experienced this issue is the following log message:\n\n\u00a0 \u003cdate\u003e \u003chostname\u003e evo-aftmand-bt[\u003cpid\u003e]: [Error] jexpr_fdb: sanity check failed, ... , app_name L3 Mcast Routes\n\n\n\n\nThis issue affects Juniper Networks Junos OS Evolved on PTX10001-36MR, PTX10004, PTX10008, PTX10016 with LC1201/1202:\n21.2 version 21.2R1-EVO and later versions;\n21.3 version 21.3R1-EVO and later versions;\n21.4 versions prior to 21.4R3-S3-EVO;\n22.1 version 22.1R1-EVO and later versions;\n22.2 versions prior to 22.2R3-S2-EVO;\n22.3 versions prior to 22.3R3-EVO;\n22.4 versions prior to 22.4R1-S2-EVO, 22.4R2-EVO.\n\n\n\n"
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003cbr\u003e"
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-14T16:56:37.708Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"url": "https://supportportal.juniper.net/JSA71640"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved 21.4R3-S3-EVO, 22.2R3-S2-EVO*, 22.3R3-EVO, 22.4R1-S2-EVO, 22.4R2-EVO, 23.1R1-EVO, and all subsequent releases.\u003cbr\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved 21.4R3-S3-EVO, 22.2R3-S2-EVO*, 22.3R3-EVO, 22.4R1-S2-EVO, 22.4R2-EVO, 23.1R1-EVO, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA71640",
"defect": [
"1671799"
],
"discovery": "USER"
},
"title": "Junos OS Evolved: PTX10001-36MR, and PTX10004, PTX10008, PTX10016 with LC1201/1202: The aftman-bt process will crash in a MoFRR scenario after multiple link flaps",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue.\u003cbr\u003e"
}
],
"value": "There are no known workarounds for this issue.\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2023-36833",
"datePublished": "2023-07-14T16:56:37.708Z",
"dateReserved": "2023-06-27T16:17:25.275Z",
"dateUpdated": "2024-10-22T14:31:21.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-31357 (GCVE-0-2021-31357)
Vulnerability from cvelistv5
Published
2021-10-19 18:16
Modified
2024-09-17 02:16
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A command injection vulnerability in tcpdump command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to execute arbitrary shell commands within the context of the current user. The vulnerability allows an attacker to bypass command authorization restrictions assigned to their specific user account and execute commands that are available to the privilege level for which the user is assigned. For example, a user that is in the super-user login class, but restricted to executing specific CLI commands could exploit the vulnerability to execute any other command available to an unrestricted admin user. This vulnerability does not increase the privilege level of the user, but rather bypasses any CLI command restrictions by allowing full access to the shell. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.3R2-S1-EVO; 20.4 versions prior to 20.4R2-S2-EVO; 21.1 versions prior to 21.1R2-EVO; 21.2 versions prior to 21.2R1-S1-EVO, 21.2R2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA11221 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Version: unspecified < 20.3R2-S1-EVO Version: 20.4 < 20.4R2-S2-EVO Version: 21.1 < 21.1R2-EVO Version: 21.2 < 21.2R1-S1-EVO, 21.2R2-EVO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:55:53.479Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11221"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.3R2-S1-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "20.4R2-S2-EVO",
"status": "affected",
"version": "20.4",
"versionType": "custom"
},
{
"lessThan": "21.1R2-EVO",
"status": "affected",
"version": "21.1",
"versionType": "custom"
},
{
"lessThan": "21.2R1-S1-EVO, 21.2R2-EVO",
"status": "affected",
"version": "21.2",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-10-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability in tcpdump command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to execute arbitrary shell commands within the context of the current user. The vulnerability allows an attacker to bypass command authorization restrictions assigned to their specific user account and execute commands that are available to the privilege level for which the user is assigned. For example, a user that is in the super-user login class, but restricted to executing specific CLI commands could exploit the vulnerability to execute any other command available to an unrestricted admin user. This vulnerability does not increase the privilege level of the user, but rather bypasses any CLI command restrictions by allowing full access to the shell. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.3R2-S1-EVO; 20.4 versions prior to 20.4R2-S2-EVO; 21.1 versions prior to 21.1R2-EVO; 21.2 versions prior to 21.2R1-S1-EVO, 21.2R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-19T18:16:41",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11221"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved 20.3R2-S1-EVO, 20.4R2-S2-EVO, 21.1R2-EVO, 21.2R1-S1-EVO, 21.2R2-EVO, 21.3R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11221",
"defect": [
"1596122"
],
"discovery": "INTERNAL"
},
"title": "Junos OS Evolved: shell-injection vulnerabilities in evo_tcpdump UI wrapper script",
"workarounds": [
{
"lang": "en",
"value": "Use access lists or firewall filters to limit access to the device via CLI only from trusted hosts and from trusted administrators.\n\nLimit access to the \u0027monitor traffic\u0027 command to authorized administrators."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-10-13T16:00:00.000Z",
"ID": "CVE-2021-31357",
"STATE": "PUBLIC",
"TITLE": "Junos OS Evolved: shell-injection vulnerabilities in evo_tcpdump UI wrapper script"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "20.3R2-S1-EVO"
},
{
"version_affected": "\u003c",
"version_name": "20.4",
"version_value": "20.4R2-S2-EVO"
},
{
"version_affected": "\u003c",
"version_name": "21.1",
"version_value": "21.1R2-EVO"
},
{
"version_affected": "\u003c",
"version_name": "21.2",
"version_value": "21.2R1-S1-EVO, 21.2R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A command injection vulnerability in tcpdump command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to execute arbitrary shell commands within the context of the current user. The vulnerability allows an attacker to bypass command authorization restrictions assigned to their specific user account and execute commands that are available to the privilege level for which the user is assigned. For example, a user that is in the super-user login class, but restricted to executing specific CLI commands could exploit the vulnerability to execute any other command available to an unrestricted admin user. This vulnerability does not increase the privilege level of the user, but rather bypasses any CLI command restrictions by allowing full access to the shell. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.3R2-S1-EVO; 20.4 versions prior to 20.4R2-S2-EVO; 21.1 versions prior to 21.1R2-EVO; 21.2 versions prior to 21.2R1-S1-EVO, 21.2R2-EVO."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11221",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11221"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved 20.3R2-S1-EVO, 20.4R2-S2-EVO, 21.1R2-EVO, 21.2R1-S1-EVO, 21.2R2-EVO, 21.3R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11221",
"defect": [
"1596122"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Use access lists or firewall filters to limit access to the device via CLI only from trusted hosts and from trusted administrators.\n\nLimit access to the \u0027monitor traffic\u0027 command to authorized administrators."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-31357",
"datePublished": "2021-10-19T18:16:41.144548Z",
"dateReserved": "2021-04-15T00:00:00",
"dateUpdated": "2024-09-17T02:16:18.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1622 (GCVE-0-2020-1622)
Vulnerability from cvelistv5
Published
2020-04-08 19:25
Modified
2024-09-16 19:35
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A local, authenticated user with shell can obtain the hashed values of login passwords and shared secrets via the EvoSharedObjStore. This issue affects all versions of Junos OS Evolved prior to 19.1R1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA11003 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Version: unspecified < 19.1R1-EVO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:29.670Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11003"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "19.1R1-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A local, authenticated user with shell can obtain the hashed values of login passwords and shared secrets via the EvoSharedObjStore. This issue affects all versions of Junos OS Evolved prior to 19.1R1."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-664",
"description": "CWE-664 Improper Control of a Resource Through its Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-09T23:09:15",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11003"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 19.1R1-EVO, 19.2R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11003",
"defect": [
"1406195"
],
"discovery": "INTERNAL"
},
"title": "Junos OS Evolved: EvoSharedObjStore may leak sensitive information",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-04-08T16:00:00.000Z",
"ID": "CVE-2020-1622",
"STATE": "PUBLIC",
"TITLE": "Junos OS Evolved: EvoSharedObjStore may leak sensitive information"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "19.1R1-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A local, authenticated user with shell can obtain the hashed values of login passwords and shared secrets via the EvoSharedObjStore. This issue affects all versions of Junos OS Evolved prior to 19.1R1."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-664 Improper Control of a Resource Through its Lifetime"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11003",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11003"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 19.1R1-EVO, 19.2R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11003",
"defect": [
"1406195"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2020-1622",
"datePublished": "2020-04-08T19:25:56.635992Z",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-09-16T19:35:46.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21596 (GCVE-0-2024-21596)
Vulnerability from cvelistv5
Published
2024-01-12 00:52
Modified
2024-09-25 19:17
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A Heap-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS).
If an attacker sends a specific BGP UPDATE message to the device, this will cause a memory overwrite and therefore an RPD crash and restart in the backup Routing Engine (RE). Continued receipt of these packets will cause a sustained Denial of Service (DoS) condition in the backup RE.
The primary RE is not impacted by this issue and there is no impact on traffic.
This issue only affects devices with NSR enabled.
Note: NSR is not supported on the SRX Series and is therefore not affected by this vulnerability.
This issue requires an attacker to have an established BGP session to a system affected by the issue. This issue affects both eBGP and iBGP implementations.
This issue affects:
Juniper Networks Junos OS
* All versions earlier than 20.4R3-S9;
* 21.2 versions earlier than 21.2R3-S7;
* 21.3 versions earlier than 21.3R3-S5;
* 21.4 versions earlier than 21.4R3-S5;
* 22.1 versions earlier than 22.1R3-S4;
* 22.2 versions earlier than 22.2R3-S2;
* 22.3 versions earlier than 22.3R3-S1;
* 22.4 versions earlier than 22.4R2-S2, 22.4R3;
* 23.1 versions earlier than 23.1R2;
* 23.2 versions earlier than 23.2R1-S2, 23.2R2.
Juniper Networks Junos OS Evolved
* All versions earlier than 21.3R3-S5-EVO;
* 21.4-EVO versions earlier than 21.4R3-S5-EVO;
* 22.1-EVO versions earlier than 22.1R3-S4-EVO;
* 22.2-EVO versions earlier than 22.2R3-S2-EVO;
* 22.3-EVO versions later than 22.3R1-EVO;
* 22.4-EVO versions earlier than 22.4R2-S2-EVO, 22.4R3-EVO;
* 23.1-EVO versions earlier than 23.1R2-EVO;
* 23.2-EVO versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportportal.juniper.net/JSA75735 | vendor-advisory | |
| https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N | technical-description |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: 0 ≤ Version: 21.2 ≤ Version: 21.3 ≤ Version: 21.4 ≤ Version: 22.1 ≤ Version: 22.2 ≤ Version: 22.3 ≤ Version: 22.4 ≤ Version: 23.1 ≤ Version: 23.2 ≤ |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:35.534Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA75735"
},
{
"tags": [
"technical-description",
"x_transferred"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21596",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T19:16:48.164675Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T19:17:45.753Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"MX Series",
"PTX Series",
"ACX Series",
"EX Series",
"QFX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S9",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.2R3-S7",
"status": "affected",
"version": "21.2",
"versionType": "semver"
},
{
"lessThan": "21.3R3-S5",
"status": "affected",
"version": "21.3",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S5",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S4",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S2",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S1",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R2-S2, 22.4R3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.1R2",
"status": "affected",
"version": "23.1",
"versionType": "semver"
},
{
"lessThan": "23.2R1-S2, 23.2R2",
"status": "affected",
"version": "23.2",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"PTX Series",
"ACX Series",
"QFX Series"
],
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.3R3-S5-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S5-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S4-EVO",
"status": "affected",
"version": "22.1-EVO",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S2-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R2-S2-EVO, 22.4R3-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
},
{
"lessThan": "23.1R2-EVO",
"status": "affected",
"version": "23.1-EVO",
"versionType": "semver"
},
{
"lessThan": "23.2R1-S2-EVO, 23.2R2-EVO",
"status": "affected",
"version": "23.2-EVO",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following minimal configuration is required:\u003c/p\u003e\u003ccode\u003e [protocols bgp]\u003c/code\u003e\u003cbr/\u003e"
}
],
"value": "The following minimal configuration is required:\n\n [protocols bgp]\n"
}
],
"datePublic": "2024-01-10T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eA Heap-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS).\u003c/p\u003e\u003cp\u003eIf an attacker sends a specific BGP UPDATE message to the device, this will cause a memory overwrite and therefore an RPD crash and restart in the backup Routing Engine (RE). Continued receipt of these packets will cause a sustained Denial of Service (DoS) condition in the backup RE.\u003c/p\u003e\u003cp\u003eThe primary RE is not impacted by this issue and there is no impact on traffic.\u003c/p\u003e\u003cp\u003eThis issue only affects devices with NSR enabled.\u003c/p\u003eNote: NSR is not supported on the SRX Series and is therefore not affected by this vulnerability.\u003cbr\u003e\u003cp\u003eThis issue requires an attacker to have an established BGP session to a system affected by the issue. This issue affects both eBGP and iBGP implementations.\u003c/p\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJuniper Networks Junos OS\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions earlier than 20.4R3-S9;\u003c/li\u003e\u003cli\u003e21.2 versions earlier than 21.2R3-S7;\u003c/li\u003e\u003cli\u003e21.3 versions earlier than 21.3R3-S5;\u003c/li\u003e\u003cli\u003e21.4 versions earlier than 21.4R3-S5;\u003c/li\u003e\u003cli\u003e22.1 versions earlier than 22.1R3-S4;\u003c/li\u003e\u003cli\u003e22.2 versions earlier than 22.2R3-S2;\u003c/li\u003e\u003cli\u003e22.3 versions earlier than 22.3R3-S1;\u003c/li\u003e\u003cli\u003e22.4 versions earlier than 22.4R2-S2, 22.4R3;\u003c/li\u003e\u003cli\u003e23.1 versions earlier than 23.1R2;\u003c/li\u003e\u003cli\u003e23.2 versions earlier than 23.2R1-S2, 23.2R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eJuniper Networks Junos OS Evolved\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions earlier than 21.3R3-S5-EVO;\u003c/li\u003e\u003cli\u003e21.4-EVO versions earlier than 21.4R3-S5-EVO;\u003c/li\u003e\u003cli\u003e22.1-EVO versions earlier than 22.1R3-S4-EVO;\u003c/li\u003e\u003cli\u003e22.2-EVO versions earlier than 22.2R3-S2-EVO;\u003c/li\u003e\u003cli\u003e22.3-EVO versions later than 22.3R1-EVO;\u003c/li\u003e\u003cli\u003e22.4-EVO versions earlier than 22.4R2-S2-EVO, 22.4R3-EVO;\u003c/li\u003e\u003cli\u003e23.1-EVO versions earlier than 23.1R2-EVO;\u003c/li\u003e\u003cli\u003e23.2-EVO versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\n\n"
}
],
"value": "\nA Heap-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS).\n\nIf an attacker sends a specific BGP UPDATE message to the device, this will cause a memory overwrite and therefore an RPD crash and restart in the backup Routing Engine (RE). Continued receipt of these packets will cause a sustained Denial of Service (DoS) condition in the backup RE.\n\nThe primary RE is not impacted by this issue and there is no impact on traffic.\n\nThis issue only affects devices with NSR enabled.\n\nNote: NSR is not supported on the SRX Series and is therefore not affected by this vulnerability.\nThis issue requires an attacker to have an established BGP session to a system affected by the issue. This issue affects both eBGP and iBGP implementations.\n\nThis issue affects:\n\nJuniper Networks Junos OS\n\n\n\n * All versions earlier than 20.4R3-S9;\n * 21.2 versions earlier than 21.2R3-S7;\n * 21.3 versions earlier than 21.3R3-S5;\n * 21.4 versions earlier than 21.4R3-S5;\n * 22.1 versions earlier than 22.1R3-S4;\n * 22.2 versions earlier than 22.2R3-S2;\n * 22.3 versions earlier than 22.3R3-S1;\n * 22.4 versions earlier than 22.4R2-S2, 22.4R3;\n * 23.1 versions earlier than 23.1R2;\n * 23.2 versions earlier than 23.2R1-S2, 23.2R2.\n\n\n\n\nJuniper Networks Junos OS Evolved\n\n\n\n * All versions earlier than 21.3R3-S5-EVO;\n * 21.4-EVO versions earlier than 21.4R3-S5-EVO;\n * 22.1-EVO versions earlier than 22.1R3-S4-EVO;\n * 22.2-EVO versions earlier than 22.2R3-S2-EVO;\n * 22.3-EVO versions later than 22.3R1-EVO;\n * 22.4-EVO versions earlier than 22.4R2-S2-EVO, 22.4R3-EVO;\n * 23.1-EVO versions earlier than 23.1R2-EVO;\n * 23.2-EVO versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO.\n\n\n\n\n\n\n"
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e"
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-26T00:09:12.040Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA75735"
},
{
"tags": [
"technical-description"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue:\u003c/p\u003e\u003cp\u003eJunos OS:\u00a021.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S2, 22.3R3-S1, 22.4R2-S2, 22.4R3, 23.1R2, 23.2R1-S2, 23.2R2, 23.3R1, 23.4R1, and all subsequent releases.\u003c/p\u003e\u003cp\u003eJunos OS Evolved:\u00a021.3R3-S5-EVO, 21.4R3-S5-EVO, 22.1R3-S4-EVO, 22.2R3-S2-EVO, 22.4R2-S2-EVO, 22.4R3-EVO, 23.1R2-EVO, 23.2R1-S2-EVO, 23.2R2-EVO, 23.3R1-EVO, 23.4R1-EVO, and all subsequent releases.\u003c/p\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS:\u00a021.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S2, 22.3R3-S1, 22.4R2-S2, 22.4R3, 23.1R2, 23.2R1-S2, 23.2R2, 23.3R1, 23.4R1, and all subsequent releases.\n\nJunos OS Evolved:\u00a021.3R3-S5-EVO, 21.4R3-S5-EVO, 22.1R3-S4-EVO, 22.2R3-S2-EVO, 22.4R2-S2-EVO, 22.4R3-EVO, 23.1R2-EVO, 23.2R1-S2-EVO, 23.2R2-EVO, 23.3R1-EVO, 23.4R1-EVO, and all subsequent releases.\n\n"
}
],
"source": {
"advisory": "JSA75735",
"defect": [
"1711727"
],
"discovery": "USER"
},
"timeline": [
{
"lang": "en",
"time": "2024-01-10T17:00:00.000Z",
"value": "Initial Publication"
},
{
"lang": "en",
"time": "2024-01-23T17:00:00.000Z",
"value": "Clarified that the SRX Series does not support NSR, and is therefore not affected by this vulnerability"
}
],
"title": "Junos OS and Junos OS Evolved: A specific BGP UPDATE message will cause a crash in the backup Routing Engine in NSR-enabled devices",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are no known workarounds for this issue.\u003c/p\u003e"
}
],
"value": "There are no known workarounds for this issue.\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-av217"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-21596",
"datePublished": "2024-01-12T00:52:52.522Z",
"dateReserved": "2023-12-27T19:38:25.704Z",
"dateUpdated": "2024-09-25T19:17:45.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-0264 (GCVE-0-2021-0264)
Vulnerability from cvelistv5
Published
2021-04-22 19:37
Modified
2024-09-16 20:37
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability in the processing of traffic matching a firewall filter containing a syslog action in Juniper Networks Junos OS on MX Series with MPC10/MPC11 cards installed, PTX10003 and PTX10008 Series devices, will cause the line card to crash and restart, creating a Denial of Service (DoS). Continued receipt and processing of packets matching the firewall filter can create a sustained Denial of Service (DoS) condition. When traffic hits the firewall filter, configured on lo0 or any physical interface on the line card, containing a term with a syslog action (e.g. 'term <name> then syslog'), the affected line card will crash and restart, impacting traffic processing through the ports of the line card. This issue only affects MX Series routers with MPC10 or MPC11 line cards, and PTX10003 or PTX10008 Series packet transport routers. No other platforms or models of line cards are affected by this issue. Note: This issue has also been identified and described in technical service bulletin TSB17931 (login required). This issue affects: Juniper Networks Junos OS on MX Series: 19.3 versions prior to 19.3R3-S2; 19.4 versions prior to 19.4R3-S2; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R2-S2, 20.2R3; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2. Juniper Networks Junos OS Evolved on PTX10003, PTX10008: All versions prior to 20.4R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 19.3R1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA11155 | x_refsource_MISC | |
| https://kb.juniper.net/TSB17931 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Patch: unspecified |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:10.542Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11155"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/TSB17931"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "19.3R1",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"MX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "19.3R3-S2",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R3-S2",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R3",
"status": "affected",
"version": "20.1",
"versionType": "custom"
},
{
"lessThan": "20.2R2-S2, 20.2R3",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R3",
"status": "affected",
"version": "20.3",
"versionType": "custom"
},
{
"lessThan": "20.4R2",
"status": "affected",
"version": "20.4",
"versionType": "custom"
}
]
},
{
"platforms": [
"PTX10003, PTX10008"
],
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R2-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "An example of a vulnerable configuration is shown below:\n\n user@router\u003eshow configuration firewall family inet filter protect-re | display set\n set firewall family inet filter protect-re term reject-everything-else then count discard-counter\n set firewall family inet filter protect-re term reject-everything-else then syslog\n set firewall family inet filter protect-re term reject-everything-else then discard"
}
],
"datePublic": "2021-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the processing of traffic matching a firewall filter containing a syslog action in Juniper Networks Junos OS on MX Series with MPC10/MPC11 cards installed, PTX10003 and PTX10008 Series devices, will cause the line card to crash and restart, creating a Denial of Service (DoS). Continued receipt and processing of packets matching the firewall filter can create a sustained Denial of Service (DoS) condition. When traffic hits the firewall filter, configured on lo0 or any physical interface on the line card, containing a term with a syslog action (e.g. \u0027term \u003cname\u003e then syslog\u0027), the affected line card will crash and restart, impacting traffic processing through the ports of the line card. This issue only affects MX Series routers with MPC10 or MPC11 line cards, and PTX10003 or PTX10008 Series packet transport routers. No other platforms or models of line cards are affected by this issue. Note: This issue has also been identified and described in technical service bulletin TSB17931 (login required). This issue affects: Juniper Networks Junos OS on MX Series: 19.3 versions prior to 19.3R3-S2; 19.4 versions prior to 19.4R3-S2; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R2-S2, 20.2R3; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2. Juniper Networks Junos OS Evolved on PTX10003, PTX10008: All versions prior to 20.4R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 19.3R1."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703 Improper Check or Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T19:37:22",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/JSA11155"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/TSB17931"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS 19.4R3-S2, 20.1R3, 20.2R2-S2, 20.2R3, 20.3R3, 20.4R2, 21.1R1, and all subsequent releases.\n\nJunos OS Evolved 20.4R2-EVO, 21.1R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11155",
"defect": [
"1559174"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: MX Series with MPC10/MPC11, PTX10003, PTX10008: Line card may crash and restart when traffic is hitting a firewall filter having a term with syslog action configured",
"workarounds": [
{
"lang": "en",
"value": "Remove the \"syslog\" action from the firewall filter configuration."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-04-14T16:00:00.000Z",
"ID": "CVE-2021-0264",
"STATE": "PUBLIC",
"TITLE": "Junos OS and Junos OS Evolved: MX Series with MPC10/MPC11, PTX10003, PTX10008: Line card may crash and restart when traffic is hitting a firewall filter having a term with syslog action configured"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "!\u003c",
"version_value": "19.3R1"
},
{
"platform": "MX Series",
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R3-S2"
},
{
"platform": "MX Series",
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R3-S2"
},
{
"platform": "MX Series",
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R3"
},
{
"platform": "MX Series",
"version_affected": "\u003c",
"version_name": "20.2",
"version_value": "20.2R2-S2, 20.2R3"
},
{
"platform": "MX Series",
"version_affected": "\u003c",
"version_name": "20.3",
"version_value": "20.3R3"
},
{
"platform": "MX Series",
"version_affected": "\u003c",
"version_name": "20.4",
"version_value": "20.4R2"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"platform": "PTX10003, PTX10008",
"version_affected": "\u003c",
"version_value": "20.4R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "An example of a vulnerable configuration is shown below:\n\n user@router\u003eshow configuration firewall family inet filter protect-re | display set\n set firewall family inet filter protect-re term reject-everything-else then count discard-counter\n set firewall family inet filter protect-re term reject-everything-else then syslog\n set firewall family inet filter protect-re term reject-everything-else then discard"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the processing of traffic matching a firewall filter containing a syslog action in Juniper Networks Junos OS on MX Series with MPC10/MPC11 cards installed, PTX10003 and PTX10008 Series devices, will cause the line card to crash and restart, creating a Denial of Service (DoS). Continued receipt and processing of packets matching the firewall filter can create a sustained Denial of Service (DoS) condition. When traffic hits the firewall filter, configured on lo0 or any physical interface on the line card, containing a term with a syslog action (e.g. \u0027term \u003cname\u003e then syslog\u0027), the affected line card will crash and restart, impacting traffic processing through the ports of the line card. This issue only affects MX Series routers with MPC10 or MPC11 line cards, and PTX10003 or PTX10008 Series packet transport routers. No other platforms or models of line cards are affected by this issue. Note: This issue has also been identified and described in technical service bulletin TSB17931 (login required). This issue affects: Juniper Networks Junos OS on MX Series: 19.3 versions prior to 19.3R3-S2; 19.4 versions prior to 19.4R3-S2; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R2-S2, 20.2R3; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2. Juniper Networks Junos OS Evolved on PTX10003, PTX10008: All versions prior to 20.4R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 19.3R1."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-703 Improper Check or Handling of Exceptional Conditions"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11155",
"refsource": "MISC",
"url": "https://kb.juniper.net/JSA11155"
},
{
"name": "https://kb.juniper.net/TSB17931",
"refsource": "MISC",
"url": "https://kb.juniper.net/TSB17931"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS 19.4R3-S2, 20.1R3, 20.2R2-S2, 20.2R3, 20.3R3, 20.4R2, 21.1R1, and all subsequent releases.\n\nJunos OS Evolved 20.4R2-EVO, 21.1R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11155",
"defect": [
"1559174"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "Remove the \"syslog\" action from the firewall filter configuration."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0264",
"datePublished": "2021-04-22T19:37:22.213763Z",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-09-16T20:37:12.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21612 (GCVE-0-2024-21612)
Vulnerability from cvelistv5
Published
2024-01-12 00:55
Modified
2025-06-17 21:09
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An Improper Handling of Syntactically Invalid Structure vulnerability in Object Flooding Protocol (OFP) service of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).
On all Junos OS Evolved platforms, when specific TCP packets are received on an open OFP port, the OFP crashes leading to a restart of Routine Engine (RE). Continuous receipt of these specific TCP packets will lead to a sustained Denial of Service (DoS) condition.
This issue affects:
Juniper Networks Junos OS Evolved
* All versions earlier than 21.2R3-S7-EVO;
* 21.3 versions earlier than 21.3R3-S5-EVO ;
* 21.4 versions earlier than 21.4R3-S5-EVO;
* 22.1 versions earlier than 22.1R3-S4-EVO;
* 22.2 versions earlier than 22.2R3-S3-EVO ;
* 22.3 versions earlier than 22.3R3-EVO;
* 22.4 versions earlier than 22.4R2-EVO, 22.4R3-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportportal.juniper.net/JSA75753 | vendor-advisory | |
| https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N | technical-description |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Version: 0 ≤ Version: 21.3 ≤ Version: 21.4 ≤ Version: 22.1 ≤ Version: 22.2 ≤ Version: 22.3 ≤ Version: 22.4 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:36.014Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA75753"
},
{
"tags": [
"technical-description",
"x_transferred"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21612",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-12T15:44:31.372599Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T21:09:20.546Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S7-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.3R3-S5-EVO ",
"status": "affected",
"version": "21.3",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S5-EVO",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S4-EVO",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S3-EVO ",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-EVO",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R2-EVO, 22.4R3-EVO",
"status": "affected",
"version": "22.4",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eTo be affected by this issue, OFP needs to be enabled. Execute the following command to check if OFP is running and on which ports.\u003c/p\u003e\u003ccode\u003e[ show system connections | match ofp | match LISTEN ]\u003c/code\u003e\u003cbr\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nTo be affected by this issue, OFP needs to be enabled. Execute the following command to check if OFP is running and on which ports.\n\n[ show system connections | match ofp | match LISTEN ]\n\n\n\n"
}
],
"datePublic": "2024-01-10T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eAn Improper Handling of Syntactically Invalid Structure vulnerability in Object Flooding Protocol (OFP) service of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).\u003c/p\u003e\u003cp\u003eOn all Junos OS Evolved platforms, when specific TCP packets are received on an open OFP port, the OFP crashes leading to a restart of Routine Engine (RE). Continuous receipt of these specific TCP packets will lead to a sustained Denial of Service (DoS) condition.\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJuniper Networks Junos OS Evolved\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions earlier than 21.2R3-S7-EVO;\u003c/li\u003e\u003cli\u003e21.3 versions earlier than 21.3R3-S5-EVO ;\u003c/li\u003e\u003cli\u003e21.4 versions earlier than 21.4R3-S5-EVO;\u003c/li\u003e\u003cli\u003e22.1 versions earlier than 22.1R3-S4-EVO;\u003c/li\u003e\u003cli\u003e22.2 versions earlier than 22.2R3-S3-EVO ;\u003c/li\u003e\u003cli\u003e22.3 versions earlier than 22.3R3-EVO;\u003c/li\u003e\u003cli\u003e22.4 versions earlier than 22.4R2-EVO, 22.4R3-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\n\n"
}
],
"value": "\n\n\n\n\nAn Improper Handling of Syntactically Invalid Structure vulnerability in Object Flooding Protocol (OFP) service of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).\n\nOn all Junos OS Evolved platforms, when specific TCP packets are received on an open OFP port, the OFP crashes leading to a restart of Routine Engine (RE). Continuous receipt of these specific TCP packets will lead to a sustained Denial of Service (DoS) condition.\n\n\n\n\n\nThis issue affects:\n\nJuniper Networks Junos OS Evolved\n\n\n\n * All versions earlier than 21.2R3-S7-EVO;\n * 21.3 versions earlier than 21.3R3-S5-EVO ;\n * 21.4 versions earlier than 21.4R3-S5-EVO;\n * 22.1 versions earlier than 22.1R3-S4-EVO;\n * 22.2 versions earlier than 22.2R3-S3-EVO ;\n * 22.3 versions earlier than 22.3R3-EVO;\n * 22.4 versions earlier than 22.4R2-EVO, 22.4R3-EVO.\n\n\n\n\n\n\n"
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e"
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-228",
"description": "CWE-228: Improper Handling of Syntactically Invalid Structure",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-29T15:28:06.536Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA75753"
},
{
"tags": [
"technical-description"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue:\u003c/p\u003e\u003cp\u003eJunos OS Evolved: 21.2R3-S7-EVO, 21.3R3-S5-EVO, 21.4R3-S5-EVO, 22.1R3-S4-EVO, 22.2R3-S3-EVO, 22.3R3-EVO, 22.4R2-EVO, 22.4R3-EVO, 23.2R1-EVO, and all subsequent releases.\u003c/p\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS Evolved: 21.2R3-S7-EVO, 21.3R3-S5-EVO, 21.4R3-S5-EVO, 22.1R3-S4-EVO, 22.2R3-S3-EVO, 22.3R3-EVO, 22.4R2-EVO, 22.4R3-EVO, 23.2R1-EVO, and all subsequent releases.\n\n"
}
],
"source": {
"advisory": "JSA75753",
"defect": [
"1714333"
],
"discovery": "USER"
},
"timeline": [
{
"lang": "en",
"time": "2024-01-10T17:00:00.000Z",
"value": "Initial Publication"
},
{
"lang": "en",
"time": "2024-01-26T17:00:00.000Z",
"value": "Added required configuration"
}
],
"title": "Junos OS Evolved: Specific TCP traffic causes OFP core and restart of RE",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eIn order to prevent this issue, following firewall filter needs to be added for each OFP port.\u003c/p\u003e\u003ctt\u003e[ firewall family inet filter mgmt-filter term discard_ofp from protocol tcp ]\u003cbr\u003e[ firewall family inet filter mgmt-filter term discard_ofp from destination-port \u0026lt;ofp_port_1\u0026gt; ]\u003cbr\u003e[ firewall family inet filter mgmt-filter term discard_ofp from destination-port \u0026lt;ofp_port_2\u0026gt; ]\u003cbr\u003e[ firewall family inet filter mgmt-filter term discard_ofp then discard ]\u003cbr\u003e[ firewall family inet filter mgmt-filter term 2 then accept ]\u003cbr\u003e\u003c/tt\u003e\u003cbr\u003e\u003ctt\u003e[ interfaces re0:mgmt-0 unit 0 family inet filter input mgmt-filter ]\u003cbr\u003e[ interfaces re1:mgmt-0 unit 0 family inet filter input mgmt-filter ]\u003c/tt\u003e\u003cbr\u003e\n\n\u003ctt\u003e\u003c/tt\u003e"
}
],
"value": "\nIn order to prevent this issue, following firewall filter needs to be added for each OFP port.\n\n[ firewall family inet filter mgmt-filter term discard_ofp from protocol tcp ]\n[ firewall family inet filter mgmt-filter term discard_ofp from destination-port \u003cofp_port_1\u003e ]\n[ firewall family inet filter mgmt-filter term discard_ofp from destination-port \u003cofp_port_2\u003e ]\n[ firewall family inet filter mgmt-filter term discard_ofp then discard ]\n[ firewall family inet filter mgmt-filter term 2 then accept ]\n\n[ interfaces re0:mgmt-0 unit 0 family inet filter input mgmt-filter ]\n[ interfaces re1:mgmt-0 unit 0 family inet filter input mgmt-filter ]\n\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-av217"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-21612",
"datePublished": "2024-01-12T00:55:37.059Z",
"dateReserved": "2023-12-27T19:38:25.709Z",
"dateUpdated": "2025-06-17T21:09:20.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-0259 (GCVE-0-2021-0259)
Vulnerability from cvelistv5
Published
2021-04-22 19:37
Modified
2024-09-16 17:48
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Due to a vulnerability in DDoS protection in Juniper Networks Junos OS and Junos OS Evolved on QFX5K Series switches in a VXLAN configuration, instability might be experienced in the underlay network as a consequence of exceeding the default ddos-protection aggregate threshold. If an attacker on a client device on the overlay network sends a high volume of specific, legitimate traffic in the overlay network, due to an improperly detected DDoS violation, the leaf might not process certain L2 traffic, sent by spines in the underlay network. Continued receipt and processing of the high volume traffic will sustain the Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS on QFX5K Series: 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R2-S8, 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R1-S8, 18.4R2-S6, 18.4R3-S6; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2; 19.3 versions prior to 19.3R3-S2; 19.4 versions prior to 19.4R2-S4, 19.4R3-S1; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2; 20.3 versions prior to 20.3R1-S2, 20.3R2. Juniper Networks Junos OS Evolved on QFX5220: All versions prior to 20.3R2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA11150 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: 17.3 < 17.3R3-S11 Version: 17.4 < 17.4R3-S5 Version: 18.1 < 18.1R3-S13 Version: 18.2 < 18.2R2-S8, 18.2R3-S8 Version: 18.3 < 18.3R3-S5 Version: 18.4 < 18.4R1-S8, 18.4R2-S6, 18.4R3-S6 Version: 19.1 < 19.1R3-S4 Version: 19.2 < 19.2R1-S6, 19.2R3-S2 Version: 19.3 < 19.3R3-S2 Version: 19.4 < 19.4R2-S4, 19.4R3-S1 Version: 20.1 < 20.1R2 Version: 20.2 < 20.2R2 Version: 20.3 < 20.3R1-S2, 20.3R2 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:10.668Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11150"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"QFX5K Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "17.3R3-S11",
"status": "affected",
"version": "17.3",
"versionType": "custom"
},
{
"lessThan": "17.4R3-S5",
"status": "affected",
"version": "17.4",
"versionType": "custom"
},
{
"lessThan": "18.1R3-S13",
"status": "affected",
"version": "18.1",
"versionType": "custom"
},
{
"lessThan": "18.2R2-S8, 18.2R3-S8",
"status": "affected",
"version": "18.2",
"versionType": "custom"
},
{
"lessThan": "18.3R3-S5",
"status": "affected",
"version": "18.3",
"versionType": "custom"
},
{
"lessThan": "18.4R1-S8, 18.4R2-S6, 18.4R3-S6",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R3-S4",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R1-S6, 19.2R3-S2",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R3-S2",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R2-S4, 19.4R3-S1",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R2",
"status": "affected",
"version": "20.1",
"versionType": "custom"
},
{
"lessThan": "20.2R2",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R1-S2, 20.3R2",
"status": "affected",
"version": "20.3",
"versionType": "custom"
}
]
},
{
"platforms": [
"QFX5220"
],
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.3R2-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "An example of a configuration affected by this issue is shown below:\n\n routing-instance evpn10 {\n vtep-source-interface lo0.0;\n instance-type evpn;\n vlan-id 10;\n interface xe-0/0/2.10;\n vxlan {\n vni 10;\n }\n route-distinguisher 10.255.181.13:10;\n vrf-target target:10:10;\n protocols {\n evpn;\n }\n }"
}
],
"datePublic": "2021-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Due to a vulnerability in DDoS protection in Juniper Networks Junos OS and Junos OS Evolved on QFX5K Series switches in a VXLAN configuration, instability might be experienced in the underlay network as a consequence of exceeding the default ddos-protection aggregate threshold. If an attacker on a client device on the overlay network sends a high volume of specific, legitimate traffic in the overlay network, due to an improperly detected DDoS violation, the leaf might not process certain L2 traffic, sent by spines in the underlay network. Continued receipt and processing of the high volume traffic will sustain the Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS on QFX5K Series: 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R2-S8, 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R1-S8, 18.4R2-S6, 18.4R3-S6; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2; 19.3 versions prior to 19.3R3-S2; 19.4 versions prior to 19.4R2-S4, 19.4R3-S1; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2; 20.3 versions prior to 20.3R1-S2, 20.3R2. Juniper Networks Junos OS Evolved on QFX5220: All versions prior to 20.3R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755 Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T19:37:18",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/JSA11150"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 17.3R3-S11, 17.4R3-S5, 18.1R3-S13, 18.2R2-S8, 18.2R3-S8, 18.3R3-S5, 18.4R1-S8, 18.4R2-S6, 18.4R3-S6, 19.1R3-S4, 19.2R1-S6, 19.2R3-S2, 19.3R3-S2, 19.4R2-S4, 19.4R3-S1, 20.1R2, 20.2R2, 20.3R1-S2, 20.3R2, 20.4R1, and all subsequent releases.\n\nJunos OS Evolved: 20.3R2-EVO, 20.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11150",
"defect": [
"1499681"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: QFX5K Series: Underlay network traffic might not be processed upon receipt of high rate of specific genuine overlay packets in VXLAN scenario",
"workarounds": [
{
"lang": "en",
"value": "There are no available workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-04-14T16:00:00.000Z",
"ID": "CVE-2021-0259",
"STATE": "PUBLIC",
"TITLE": "Junos OS and Junos OS Evolved: QFX5K Series: Underlay network traffic might not be processed upon receipt of high rate of specific genuine overlay packets in VXLAN scenario"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "QFX5K Series",
"version_affected": "\u003c",
"version_name": "17.3",
"version_value": "17.3R3-S11"
},
{
"platform": "QFX5K Series",
"version_affected": "\u003c",
"version_name": "17.4",
"version_value": "17.4R3-S5"
},
{
"platform": "QFX5K Series",
"version_affected": "\u003c",
"version_name": "18.1",
"version_value": "18.1R3-S13"
},
{
"platform": "QFX5K Series",
"version_affected": "\u003c",
"version_name": "18.2",
"version_value": "18.2R2-S8, 18.2R3-S8"
},
{
"platform": "QFX5K Series",
"version_affected": "\u003c",
"version_name": "18.3",
"version_value": "18.3R3-S5"
},
{
"platform": "QFX5K Series",
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R1-S8, 18.4R2-S6, 18.4R3-S6"
},
{
"platform": "QFX5K Series",
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R3-S4"
},
{
"platform": "QFX5K Series",
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R1-S6, 19.2R3-S2"
},
{
"platform": "QFX5K Series",
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R3-S2"
},
{
"platform": "QFX5K Series",
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R2-S4, 19.4R3-S1"
},
{
"platform": "QFX5K Series",
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R2"
},
{
"platform": "QFX5K Series",
"version_affected": "\u003c",
"version_name": "20.2",
"version_value": "20.2R2"
},
{
"platform": "QFX5K Series",
"version_affected": "\u003c",
"version_name": "20.3",
"version_value": "20.3R1-S2, 20.3R2"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"platform": "QFX5220",
"version_affected": "\u003c",
"version_value": "20.3R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "An example of a configuration affected by this issue is shown below:\n\n routing-instance evpn10 {\n vtep-source-interface lo0.0;\n instance-type evpn;\n vlan-id 10;\n interface xe-0/0/2.10;\n vxlan {\n vni 10;\n }\n route-distinguisher 10.255.181.13:10;\n vrf-target target:10:10;\n protocols {\n evpn;\n }\n }"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Due to a vulnerability in DDoS protection in Juniper Networks Junos OS and Junos OS Evolved on QFX5K Series switches in a VXLAN configuration, instability might be experienced in the underlay network as a consequence of exceeding the default ddos-protection aggregate threshold. If an attacker on a client device on the overlay network sends a high volume of specific, legitimate traffic in the overlay network, due to an improperly detected DDoS violation, the leaf might not process certain L2 traffic, sent by spines in the underlay network. Continued receipt and processing of the high volume traffic will sustain the Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS on QFX5K Series: 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R2-S8, 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R1-S8, 18.4R2-S6, 18.4R3-S6; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2; 19.3 versions prior to 19.3R3-S2; 19.4 versions prior to 19.4R2-S4, 19.4R3-S1; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2; 20.3 versions prior to 20.3R1-S2, 20.3R2. Juniper Networks Junos OS Evolved on QFX5220: All versions prior to 20.3R2-EVO."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-755 Improper Handling of Exceptional Conditions"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11150",
"refsource": "MISC",
"url": "https://kb.juniper.net/JSA11150"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 17.3R3-S11, 17.4R3-S5, 18.1R3-S13, 18.2R2-S8, 18.2R3-S8, 18.3R3-S5, 18.4R1-S8, 18.4R2-S6, 18.4R3-S6, 19.1R3-S4, 19.2R1-S6, 19.2R3-S2, 19.3R3-S2, 19.4R2-S4, 19.4R3-S1, 20.1R2, 20.2R2, 20.3R1-S2, 20.3R2, 20.4R1, and all subsequent releases.\n\nJunos OS Evolved: 20.3R2-EVO, 20.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11150",
"defect": [
"1499681"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "There are no available workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0259",
"datePublished": "2021-04-22T19:37:18.777052Z",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-09-16T17:48:16.147Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-44197 (GCVE-0-2023-44197)
Vulnerability from cvelistv5
Published
2023-10-12 23:05
Modified
2024-09-19 13:07
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An Out-of-Bounds Write vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).
On all Junos OS and Junos OS Evolved devices an rpd crash and restart can occur while processing BGP route updates received over an established BGP session. This specific issue is observed for BGP routes learned via a peer which is configured with a BGP import policy that has hundreds of terms matching IPv4 and/or IPv6 prefixes.
This issue affects Juniper Networks Junos OS:
* All versions prior to 20.4R3-S8;
* 21.1 version 21.1R1 and later versions;
* 21.2 versions prior to 21.2R3-S2;
* 21.3 versions prior to 21.3R3-S5;
* 21.4 versions prior to 21.4R2-S1, 21.4R3-S5.
This issue affects Juniper Networks Junos OS Evolved:
* All versions prior to 20.4R3-S8-EVO;
* 21.1-EVO version 21.1R1-EVO and later versions;
* 21.2-EVO versions prior to 21.2R3-S2-EVO;
* 21.3-EVO version 21.3R1-EVO and later versions;
* 21.4-EVO versions prior to 21.4R2-S1-EVO, 21.4R3-S5-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportportal.juniper.net/JSA73163 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: 0 ≤ Version: 21.1R1 ≤ Version: 21.2 ≤ Version: 21.3 ≤ Version: 21.4 ≤ |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:59:51.297Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA73163"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-44197",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T13:07:06.524872Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T13:07:14.586Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.1*",
"status": "affected",
"version": "21.1R1",
"versionType": "semver"
},
{
"lessThan": "21.2R3-S2",
"status": "affected",
"version": "21.2",
"versionType": "semver"
},
{
"lessThan": "21.3R3-S5",
"status": "affected",
"version": "21.3",
"versionType": "semver"
},
{
"lessThan": "21.4R2-S1, 21.4R3-S5",
"status": "affected",
"version": "21.4",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S8-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.1*-EVO",
"status": "affected",
"version": "21.1R1-EVO",
"versionType": "semver"
},
{
"lessThan": "21.2R3-S2-EVO",
"status": "affected",
"version": "21.2-EVO",
"versionType": "semver"
},
{
"lessThan": "21.3*-EVO",
"status": "affected",
"version": "21.3R1-EVO",
"versionType": "semver"
},
{
"lessThan": "21.4R2-S1-EVO, 21.4R3-S5-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eTo be affected a device needs to be configured with at least one BGP peer and an import policy applicable to it which contains the respective match condition:\u003c/p\u003e\u003ccode\u003e[ protocols bgp group \u0026lt;group\u0026gt; neighbor \u0026lt;IP-address\u0026gt; ]\u003c/code\u003e\u003cbr\u003e\u003ccode\u003e[ protocols bgp ... import \u0026lt;policy-name\u0026gt; ]\u003c/code\u003e\u003cbr\u003e\u003ccode\u003e[ policy-options policy-statement \u0026lt;policy-name\u0026gt; term \u0026lt;term-name\u0026gt; from route-filter ...]\u003c/code\u003e\n\n"
}
],
"value": "\nTo be affected a device needs to be configured with at least one BGP peer and an import policy applicable to it which contains the respective match condition:\n\n[ protocols bgp group \u003cgroup\u003e neighbor \u003cIP-address\u003e ]\n[ protocols bgp ... import \u003cpolicy-name\u003e ]\n[ policy-options policy-statement \u003cpolicy-name\u003e term \u003cterm-name\u003e from route-filter ...]\n\n"
}
],
"datePublic": "2023-10-11T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eAn Out-of-Bounds Write vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).\u003c/p\u003e\u003cp\u003eOn all Junos OS and Junos OS Evolved devices an rpd crash and restart can occur while processing BGP route updates received over an established BGP session. This specific issue is observed for BGP routes learned via a peer which is configured with a BGP import policy that has hundreds of terms matching IPv4 and/or IPv6 prefixes.\u003c/p\u003e\u003cp\u003eThis issue affects Juniper Networks Junos OS:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions prior to 20.4R3-S8;\u003c/li\u003e\u003cli\u003e21.1 version 21.1R1 and later versions;\u003c/li\u003e\u003cli\u003e21.2 versions prior to 21.2R3-S2;\u003c/li\u003e\u003cli\u003e21.3 versions prior to 21.3R3-S5;\u003c/li\u003e\u003cli\u003e21.4 versions prior to 21.4R2-S1, 21.4R3-S5.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Juniper Networks Junos OS Evolved:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions prior to 20.4R3-S8-EVO;\u003c/li\u003e\u003cli\u003e21.1-EVO version 21.1R1-EVO and later versions;\u003c/li\u003e\u003cli\u003e21.2-EVO versions prior to 21.2R3-S2-EVO;\u003c/li\u003e\u003cli\u003e21.3-EVO version 21.3R1-EVO and later versions;\u003c/li\u003e\u003cli\u003e21.4-EVO versions prior to 21.4R2-S1-EVO, 21.4R3-S5-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\n\n"
}
],
"value": "\nAn Out-of-Bounds Write vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).\n\nOn all Junos OS and Junos OS Evolved devices an rpd crash and restart can occur while processing BGP route updates received over an established BGP session. This specific issue is observed for BGP routes learned via a peer which is configured with a BGP import policy that has hundreds of terms matching IPv4 and/or IPv6 prefixes.\n\nThis issue affects Juniper Networks Junos OS:\n\n\n\n * All versions prior to 20.4R3-S8;\n * 21.1 version 21.1R1 and later versions;\n * 21.2 versions prior to 21.2R3-S2;\n * 21.3 versions prior to 21.3R3-S5;\n * 21.4 versions prior to 21.4R2-S1, 21.4R3-S5.\n\n\n\n\nThis issue affects Juniper Networks Junos OS Evolved:\n\n\n\n * All versions prior to 20.4R3-S8-EVO;\n * 21.1-EVO version 21.1R1-EVO and later versions;\n * 21.2-EVO versions prior to 21.2R3-S2-EVO;\n * 21.3-EVO version 21.3R1-EVO and later versions;\n * 21.4-EVO versions prior to 21.4R2-S1-EVO, 21.4R3-S5-EVO.\n\n\n\n\n\n\n"
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e"
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-12T23:05:23.526Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA73163"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue:\u003c/p\u003e\u003cp\u003eJunos OS: 20.4R3-S8, 21.2R3-S2, 21.3R3-S5, 21.4R2-S1, 21.4R3-S5, 22.1R1, and all subsequent releases.\u003c/p\u003e\u003cp\u003eJunos OS Evolved: 20.4R3-S8-EVO, 21.2R3-S2-EVO, 21.4R2-S1-EVO, 21.4R3-S5-EVO, 22.1R1-EVO, and all subsequent releases.\u003c/p\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 20.4R3-S8, 21.2R3-S2, 21.3R3-S5, 21.4R2-S1, 21.4R3-S5, 22.1R1, and all subsequent releases.\n\nJunos OS Evolved: 20.4R3-S8-EVO, 21.2R3-S2-EVO, 21.4R2-S1-EVO, 21.4R3-S5-EVO, 22.1R1-EVO, and all subsequent releases.\n\n"
}
],
"source": {
"advisory": "JSA73163",
"defect": [
"1626717"
],
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2023-10-11T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Junos OS and Junos OS Evolved: An rpd crash may occur when BGP is processing newly learned routes",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are no known workarounds for this issue.\u003c/p\u003e"
}
],
"value": "There are no known workarounds for this issue.\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-av217"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2023-44197",
"datePublished": "2023-10-12T23:05:23.526Z",
"dateReserved": "2023-09-26T19:30:32.349Z",
"dateUpdated": "2024-09-19T13:07:14.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-36836 (GCVE-0-2023-36836)
Vulnerability from cvelistv5
Published
2023-07-14 17:33
Modified
2024-10-22 14:19
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A Use of an Uninitialized Resource vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with low privileges to cause a Denial of Service (DoS).
On all Junos OS and Junos OS Evolved platforms, in a Multicast only Fast Reroute (MoFRR) scenario, the rpd process can crash when a a specific low privileged CLI command is executed. The rpd crash will impact all routing protocols until the process has automatically been restarted. As the operational state which makes this issue exploitable is outside the attackers control, this issue is considered difficult to exploit. Continued execution of this command will lead to a sustained DoS.
This issue affects:
Juniper Networks Junos OS
19.4 version 19.4R3-S5 and later versions prior to 19.4R3-S9;
20.1 version 20.1R2 and later versions;
20.2 versions prior to 20.2R3-S7;
20.3 versions prior to 20.3R3-S5;
20.4 versions prior to 20.4R3-S6;
21.1 versions prior to 21.1R3-S4;
21.2 versions prior to 21.2R3-S2;
21.3 versions prior to 21.3R3-S1;
21.4 versions prior to 21.4R3;
22.1 versions prior to 22.1R1-S2, 22.1R2;
22.2 versions prior to 22.2R2.
Juniper Networks Junos OS Evolved
All versions prior to 20.4R3-S6-EVO;
21.1-EVO version 21.1R1-EVO and later versions;
21.2-EVO version 21.2R1-EVO and later versions;
21.3-EVO versions prior to 21.3R3-S1-EVO;
21.4-EVO versions prior to 21.4R3-EVO;
22.1-EVO versions prior to 22.1R1-S2-EVO, 22.1R2-EVO;
22.2-EVO versions prior to 22.2R2-EVO.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: 19.4R3-S4 < 19.4* Version: 20.1R2 < 20.1* Version: 20.2 < 20.2R3-S7 Version: 20.3 < 20.3R3-S5 Version: 20.4 < 20.4R3-S6 Version: 21.1 < 21.1R3-S4 Version: 21.2 < 21.2R3-S2 Version: 21.3 < 21.3R3-S1 Version: 21.4 < 21.4R3 Version: 22.1 < 22.1R1-S2, 22.1R2 Version: 22.2 < 22.2R2 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:01:09.522Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA71643"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36836",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T14:19:17.073252Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T14:19:27.801Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"changes": [
{
"at": "19.4R3-S9",
"status": "unaffected"
}
],
"lessThan": "19.4*",
"status": "affected",
"version": "19.4R3-S4",
"versionType": "custom"
},
{
"lessThan": "20.1*",
"status": "affected",
"version": "20.1R2",
"versionType": "custom"
},
{
"lessThan": "20.2R3-S7",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R3-S5",
"status": "affected",
"version": "20.3",
"versionType": "custom"
},
{
"lessThan": "20.4R3-S6",
"status": "affected",
"version": "20.4",
"versionType": "custom"
},
{
"lessThan": "21.1R3-S4",
"status": "affected",
"version": "21.1",
"versionType": "custom"
},
{
"lessThan": "21.2R3-S2",
"status": "affected",
"version": "21.2",
"versionType": "custom"
},
{
"lessThan": "21.3R3-S1",
"status": "affected",
"version": "21.3",
"versionType": "custom"
},
{
"lessThan": "21.4R3",
"status": "affected",
"version": "21.4",
"versionType": "custom"
},
{
"lessThan": "22.1R1-S2, 22.1R2",
"status": "affected",
"version": "22.1",
"versionType": "custom"
},
{
"lessThan": "22.2R2",
"status": "affected",
"version": "22.2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S6-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"changes": [
{
"at": "21.1R1-EVO",
"status": "affected"
}
],
"lessThan": "21.1*",
"status": "affected",
"version": "21.1",
"versionType": "custom"
},
{
"changes": [
{
"at": "21.2R1-EVO",
"status": "affected"
}
],
"lessThan": "21.2*",
"status": "affected",
"version": "21.2",
"versionType": "custom"
},
{
"lessThan": "21.3R3-S1-EVO",
"status": "affected",
"version": "21.3",
"versionType": "custom"
},
{
"lessThan": "21.4R3-EVO",
"status": "affected",
"version": "21.4",
"versionType": "custom"
},
{
"lessThan": "22.1R1-S2-EVO, 22.1R2-EVO",
"status": "affected",
"version": "22.1",
"versionType": "custom"
},
{
"lessThan": "22.2R2-EVO",
"status": "affected",
"version": "22.2",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "To be exposed to this issue an interface need to be configured as follows:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e\u0026nbsp; [ routing-options multicast stream-protection ]\u003c/tt\u003e"
}
],
"value": "To be exposed to this issue an interface need to be configured as follows:\n\n\u00a0 [ routing-options multicast stream-protection ]"
}
],
"datePublic": "2023-07-12T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Use of an Uninitialized Resource vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with low privileges to cause a Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003eOn all Junos OS and Junos OS Evolved platforms, in a Multicast only Fast Reroute (MoFRR) scenario, the rpd process can crash when a a specific low privileged CLI command is executed. The rpd crash will impact all routing protocols until the process has automatically been restarted. As the operational state which makes this issue exploitable is outside the attackers control, this issue is considered difficult to exploit. Continued execution of this command will lead to a sustained DoS.\u003cbr\u003e\u003cbr\u003eThis issue affects:\u003cbr\u003eJuniper Networks Junos OS\u003cbr\u003e19.4 version 19.4R3-S5 and later versions prior to 19.4R3-S9;\u003cbr\u003e20.1 version 20.1R2 and later versions;\u003cbr\u003e20.2 versions prior to 20.2R3-S7;\u003cbr\u003e20.3 versions prior to 20.3R3-S5;\u003cbr\u003e20.4 versions prior to 20.4R3-S6;\u003cbr\u003e21.1 versions prior to 21.1R3-S4;\u003cbr\u003e21.2 versions prior to 21.2R3-S2;\u003cbr\u003e21.3 versions prior to 21.3R3-S1;\u003cbr\u003e21.4 versions prior to 21.4R3;\u003cbr\u003e22.1 versions prior to 22.1R1-S2, 22.1R2;\u003cbr\u003e22.2 versions prior to 22.2R2.\u003cbr\u003e\u003cbr\u003eJuniper Networks Junos OS Evolved\u003cbr\u003eAll versions prior to 20.4R3-S6-EVO;\u003cbr\u003e21.1-EVO version 21.1R1-EVO and later versions;\u003cbr\u003e21.2-EVO version 21.2R1-EVO and later versions;\u003cbr\u003e21.3-EVO versions prior to 21.3R3-S1-EVO;\u003cbr\u003e21.4-EVO versions prior to 21.4R3-EVO;\u003cbr\u003e22.1-EVO versions prior to 22.1R1-S2-EVO, 22.1R2-EVO;\u003cbr\u003e22.2-EVO versions prior to 22.2R2-EVO.\u003cbr\u003e"
}
],
"value": "A Use of an Uninitialized Resource vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with low privileges to cause a Denial of Service (DoS).\n\nOn all Junos OS and Junos OS Evolved platforms, in a Multicast only Fast Reroute (MoFRR) scenario, the rpd process can crash when a a specific low privileged CLI command is executed. The rpd crash will impact all routing protocols until the process has automatically been restarted. As the operational state which makes this issue exploitable is outside the attackers control, this issue is considered difficult to exploit. Continued execution of this command will lead to a sustained DoS.\n\nThis issue affects:\nJuniper Networks Junos OS\n19.4 version 19.4R3-S5 and later versions prior to 19.4R3-S9;\n20.1 version 20.1R2 and later versions;\n20.2 versions prior to 20.2R3-S7;\n20.3 versions prior to 20.3R3-S5;\n20.4 versions prior to 20.4R3-S6;\n21.1 versions prior to 21.1R3-S4;\n21.2 versions prior to 21.2R3-S2;\n21.3 versions prior to 21.3R3-S1;\n21.4 versions prior to 21.4R3;\n22.1 versions prior to 22.1R1-S2, 22.1R2;\n22.2 versions prior to 22.2R2.\n\nJuniper Networks Junos OS Evolved\nAll versions prior to 20.4R3-S6-EVO;\n21.1-EVO version 21.1R1-EVO and later versions;\n21.2-EVO version 21.2R1-EVO and later versions;\n21.3-EVO versions prior to 21.3R3-S1-EVO;\n21.4-EVO versions prior to 21.4R3-EVO;\n22.1-EVO versions prior to 22.1R1-S2-EVO, 22.1R2-EVO;\n22.2-EVO versions prior to 22.2R2-EVO.\n"
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003cbr\u003e"
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-908",
"description": "CWE-908 Use of Uninitialized Resource",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-14T17:33:18.923Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"url": "https://supportportal.juniper.net/JSA71643"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue:\u003cbr\u003eJunos OS: 19.4R3-S9, 20.2R3-S7, 20.3R3-S5, 20.4R3-S6, 21.1R3-S4, 21.2R3-S2, 21.3R3-S1, 21.4R3, 22.1R1-S2, 22.1R2, 22.2R2, 22.3R1, and all subsequent releases;\u003cbr\u003eJunos OS Evolved: 20.4R3-S6-EVO, 21.3R3-S1-EVO, 21.4R3-EVO, 22.1R1-S2-EVO, 22.1R2-EVO, 22.2R2-EVO, 22.3R1-EVO , and all subsequent releases.\u003cbr\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue:\nJunos OS: 19.4R3-S9, 20.2R3-S7, 20.3R3-S5, 20.4R3-S6, 21.1R3-S4, 21.2R3-S2, 21.3R3-S1, 21.4R3, 22.1R1-S2, 22.1R2, 22.2R2, 22.3R1, and all subsequent releases;\nJunos OS Evolved: 20.4R3-S6-EVO, 21.3R3-S1-EVO, 21.4R3-EVO, 22.1R1-S2-EVO, 22.1R2-EVO, 22.2R2-EVO, 22.3R1-EVO , and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA71643",
"defect": [
"1658458",
"1657491"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: In a MoFRR scenario an rpd core may be observed when a low privileged CLI command is executed",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue.\u003cbr\u003e"
}
],
"value": "There are no known workarounds for this issue.\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2023-36836",
"datePublished": "2023-07-14T17:33:18.923Z",
"dateReserved": "2023-06-27T16:17:25.276Z",
"dateUpdated": "2024-10-22T14:19:27.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39549 (GCVE-0-2024-39549)
Vulnerability from cvelistv5
Published
2024-07-11 16:27
Modified
2025-02-26 18:16
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A Missing Release of Memory after Effective Lifetime vulnerability in the routing process daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a malformed BGP Path attribute update which allocates memory used to log the bad path attribute. This memory is not properly freed in all circumstances, leading to a Denial of Service (DoS).
Consumed memory can be freed by manually restarting Routing Protocol Daemon (rpd).
Memory utilization could be monitored by:
user@host> show system memory or show system monitor memory status
This issue affects:
Junos OS: * All versions before 21.2R3-S8,
* from 21.4 before 21.4R3-S8,
* from 22.2 before 22.2R3-S4,
* from 22.3 before 22.3R3-S3,
* from 22.4 before 22.4R3-S3,
* from 23.2 before 23.2R2-S1,
* from 23.4 before 23.4R1-S2, 23.4R2.
Junos OS Evolved:
* All versions before 21.2R3-S8-EVO,
* from 21.4 before 21.4R3-S8-EVO,
* from 22.2 before 22.2R3-S4-EVO,
* from 22.3 before 22.3R3-S3-EVO,
* from 22.4 before 22.4R3-S3-EVO,
* from 23.2 before 23.2R2-S1-EVO,
* from 23.4 before 23.4R1-S2-EVO, 23.4R2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportportal.juniper.net/JSA83011 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: 0 ≤ Version: 21.4 ≤ Version: 22.2 ≤ Version: 22.3 ≤ Version: 22.4 ≤ Version: 23.2 ≤ Version: 23.4 ≤ |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:juniper:junos_os:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos_os",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.2R3-S8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S8",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S4",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S3",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S1",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R1-S2",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "23.4R2",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "24.2R2",
"status": "affected",
"version": "24.2",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos_os_evolved",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.2R3-S8-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S8-EVO",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S4-EVO",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S3-EVO",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S3-EVO",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S1-EVO",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R1-S2-EVO",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "23.4R2-EVO",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "24.2R2-EVO",
"status": "affected",
"version": "24.2",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39549",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T18:16:20.812180Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T18:16:27.497Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.913Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA83011"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S8",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S4",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S3",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S1",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R1-S2, 23.4R2",
"status": "affected",
"version": "23.4",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S8-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S8-EVO",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S4-EVO",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S3-EVO",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S3-EVO",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S1-EVO",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R1-S2-EVO, 23.4R2-EVO",
"status": "affected",
"version": "23.4",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-07-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Missing Release of Memory after Effective Lifetime vulnerability in the routing process daemon (rpd) of\u0026nbsp;Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a malformed BGP Path attribute update which allocates memory used to log the bad path attribute. This memory is not properly freed in all circumstances, leading to a Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003eConsumed memory can be freed by manually restarting Routing Protocol Daemon (rpd).\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMemory utilization could be monitored by:\u0026nbsp;\u003cbr\u003euser@host\u0026gt; show system memory or show system monitor memory status\u003c/span\u003e\u003cbr\u003e\u003cbr\u003eThis issue affects:\u003cbr\u003e\u003cbr\u003eJunos OS:\u0026nbsp;\u003cul\u003e\u003cli\u003eAll versions before 21.2R3-S8,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 21.4 before 21.4R3-S8,\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S4,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.3 before 22.3R3-S3,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3-S3,\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-S1,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R1-S2, 23.4R2.\u003c/li\u003e\u003c/ul\u003eJunos OS Evolved:\u003cbr\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.2R3-S8-EVO, \u003c/li\u003e\u003cli\u003efrom 21.4 before 21.4R3-S8-EVO,\u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S4-EVO, \u003c/li\u003e\u003cli\u003efrom 22.3 before 22.3R3-S3-EVO, \u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3-S3-EVO,\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-S1-EVO, \u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R1-S2-EVO, 23.4R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
}
],
"value": "A Missing Release of Memory after Effective Lifetime vulnerability in the routing process daemon (rpd) of\u00a0Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a malformed BGP Path attribute update which allocates memory used to log the bad path attribute. This memory is not properly freed in all circumstances, leading to a Denial of Service (DoS).\n\nConsumed memory can be freed by manually restarting Routing Protocol Daemon (rpd).\n\nMemory utilization could be monitored by:\u00a0\nuser@host\u003e show system memory or show system monitor memory status\n\nThis issue affects:\n\nJunos OS:\u00a0 * All versions before 21.2R3-S8,\u00a0\n * from 21.4 before 21.4R3-S8,\n\n * from 22.2 before 22.2R3-S4,\u00a0\n * from 22.3 before 22.3R3-S3,\u00a0\n * from 22.4 before 22.4R3-S3,\n * from 23.2 before 23.2R2-S1,\u00a0\n * from 23.4 before 23.4R1-S2, 23.4R2.\n\n\nJunos OS Evolved:\n * All versions before 21.2R3-S8-EVO, \n * from 21.4 before 21.4R3-S8-EVO,\n * from 22.2 before 22.2R3-S4-EVO, \n * from 22.3 before 22.3R3-S3-EVO, \n * from 22.4 before 22.4R3-S3-EVO,\n\n * from 23.2 before 23.2R2-S1-EVO, \n * from 23.4 before 23.4R1-S2-EVO, 23.4R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/R:U",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401: Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T21:09:45.677Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA83011"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue:\u003cbr\u003e \u003cbr\u003eJunos OS: 21.2R3-S8, 21.4R3-S8, 22.2R3-S4, 22.3R3-S3, \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e22.4R3-S3,\u0026nbsp;\u003c/span\u003e23.2R2-S1, 23.4R1-S2, 23.4R2, 24.2R1, and all subsequent releases.\u003cbr\u003e\u003cbr\u003e\nJunos OS Evolved:\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e21.2R3-S8-EVO, 21.4R3-S8-EVO, 22.2R3-S4-EVO, \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e22.3R3-S3-EVO,\u0026nbsp;\u003c/span\u003e22.4R3-S3-EVO, 23.2R2-S1-EVO, 23.4R1-S2-EVO, 23.4R2-EVO, 24.2R1-EVO and all subsequent releases.\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue:\n \nJunos OS: 21.2R3-S8, 21.4R3-S8, 22.2R3-S4, 22.3R3-S3, 22.4R3-S3,\u00a023.2R2-S1, 23.4R1-S2, 23.4R2, 24.2R1, and all subsequent releases.\n\n\nJunos OS Evolved:\u00a021.2R3-S8-EVO, 21.4R3-S8-EVO, 22.2R3-S4-EVO, 22.3R3-S3-EVO,\u00a022.4R3-S3-EVO, 23.2R2-S1-EVO, 23.4R1-S2-EVO, 23.4R2-EVO, 24.2R1-EVO and all subsequent releases."
}
],
"source": {
"advisory": "JSA83011",
"defect": [
"1778879"
],
"discovery": "INTERNAL"
},
"title": "Junos OS and Junos OS Evolved: Receipt of malformed BGP path attributes leads to a memory leak",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are no known workarounds for this issue.\u003c/p\u003e"
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-39549",
"datePublished": "2024-07-11T16:27:19.238Z",
"dateReserved": "2024-06-25T15:12:53.246Z",
"dateUpdated": "2025-02-26T18:16:27.497Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22230 (GCVE-0-2022-22230)
Vulnerability from cvelistv5
Published
2022-10-18 02:46
Modified
2025-05-12 14:29
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent unauthenticated attacker to cause DoS (Denial of Service). If another router generates more than one specific valid OSPFv3 LSA then rpd will crash while processing these LSAs. This issue only affects systems configured with OSPFv3, while OSPFv2 is not affected. This issue affects: Juniper Networks Junos OS 19.2 versions prior to 19.2R3-S6; 19.3 version 19.3R2 and later versions; 19.4 versions prior to 19.4R2-S8, 19.4R3-S9; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3-S2; 21.4 versions prior to 21.4R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S5-EVO; 21.1-EVO versions prior to 21.1R3-S2-EVO; 21.2-EVO versions prior to 21.2R3-S1-EVO; 21.3-EVO versions prior to 21.3R3-S2-EVO; 21.4-EVO versions prior to 21.4R2-EVO; 22.1-EVO versions prior to 22.1R2-EVO; 22.2-EVO versions prior to 22.2R2-EVO. This issue does not affect Juniper Networks Junos OS 19.2 versions prior to 19.2R2.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA69884 |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: 19.2 < 19.2R3-S6 Version: 19.3R2 < 19.3* Version: 19.4 < 19.4R2-S8, 19.4R3-S9 Version: 20.1R1 < 20.1* Version: 20.2 < 20.2R3-S5 Version: 20.3 < 20.3R3-S5 Version: 20.4 < 20.4R3-S4 Version: 21.1 < 21.1R3-S2 Version: 21.2 < 21.2R3-S1 Version: 21.3 < 21.3R3-S2 Version: 21.4 < 21.4R2 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:07:50.177Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.juniper.net/JSA69884"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-22230",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-12T14:28:54.569138Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-12T14:29:00.641Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"changes": [
{
"at": "19.2R2",
"status": "affected"
}
],
"lessThan": "19.2R3-S6",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3*",
"status": "affected",
"version": "19.3R2",
"versionType": "custom"
},
{
"lessThan": "19.4R2-S8, 19.4R3-S9",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1*",
"status": "affected",
"version": "20.1R1",
"versionType": "custom"
},
{
"lessThan": "20.2R3-S5",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R3-S5",
"status": "affected",
"version": "20.3",
"versionType": "custom"
},
{
"lessThan": "20.4R3-S4",
"status": "affected",
"version": "20.4",
"versionType": "custom"
},
{
"lessThan": "21.1R3-S2",
"status": "affected",
"version": "21.1",
"versionType": "custom"
},
{
"lessThan": "21.2R3-S1",
"status": "affected",
"version": "21.2",
"versionType": "custom"
},
{
"lessThan": "21.3R3-S2",
"status": "affected",
"version": "21.3",
"versionType": "custom"
},
{
"lessThan": "21.4R2",
"status": "affected",
"version": "21.4",
"versionType": "custom"
}
]
},
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S5-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "21.1R3-S2-EVO",
"status": "affected",
"version": "21.1-EVO",
"versionType": "custom"
},
{
"lessThan": "21.2R3-S1-EVO",
"status": "affected",
"version": "21.2-EVO",
"versionType": "custom"
},
{
"lessThan": "21.3R3-S2-EVO",
"status": "affected",
"version": "21.3-EVO",
"versionType": "custom"
},
{
"lessThan": "21.4R2-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "custom"
},
{
"lessThan": "22.1R2-EVO",
"status": "affected",
"version": "22.1-EVO",
"versionType": "custom"
},
{
"lessThan": "22.2R2-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "For a system to be affected the following minimal OSPFv3 configuration needs to be present:\n\n [protocols ospf3 area \u003carea-ID\u003e interface \u003cinterface\u003e]"
}
],
"datePublic": "2022-10-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent unauthenticated attacker to cause DoS (Denial of Service). If another router generates more than one specific valid OSPFv3 LSA then rpd will crash while processing these LSAs. This issue only affects systems configured with OSPFv3, while OSPFv2 is not affected. This issue affects: Juniper Networks Junos OS 19.2 versions prior to 19.2R3-S6; 19.3 version 19.3R2 and later versions; 19.4 versions prior to 19.4R2-S8, 19.4R3-S9; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3-S2; 21.4 versions prior to 21.4R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S5-EVO; 21.1-EVO versions prior to 21.1R3-S2-EVO; 21.2-EVO versions prior to 21.2R3-S1-EVO; 21.3-EVO versions prior to 21.3R3-S2-EVO; 21.4-EVO versions prior to 21.4R2-EVO; 22.1-EVO versions prior to 22.1R2-EVO; 22.2-EVO versions prior to 22.2R2-EVO. This issue does not affect Juniper Networks Junos OS 19.2 versions prior to 19.2R2."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-18T00:00:00.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"url": "https://kb.juniper.net/JSA69884"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: \nJunos OS: 19.2R3-S6, 19.4R2-S8, 19.4R3-S9, 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R3-S2, 21.2R3-S1, 21.3R3-S2, 21.4R2, 22.1R2, 22.3R1 and all subsequent releases.\nJunos OS Evolved: 20.4R3-S5-EVO, 21.1R3-S2-EVO, 21.2R3-S1-EVO, 21.3R3-S2-EVO, 21.4R2-EVO, 22.1R2-EVO, 22.2R2-EVO, 22.3R1-EVO and all subsequent releases."
}
],
"source": {
"advisory": "JSA69884",
"defect": [
"1645221"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: RPD crash upon receipt of specific OSPFv3 LSAs",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2022-22230",
"datePublished": "2022-10-18T02:46:32.057Z",
"dateReserved": "2021-12-21T00:00:00.000Z",
"dateUpdated": "2025-05-12T14:29:00.641Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22401 (GCVE-0-2023-22401)
Vulnerability from cvelistv5
Published
2023-01-12 00:00
Modified
2025-04-07 15:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An Improper Validation of Array Index vulnerability in the Advanced Forwarding Toolkit Manager daemon (aftmand) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On the PTX10008 and PTX10016 platforms running Junos OS or Junos OS Evolved, when a specific SNMP MIB is queried this will cause a PFE crash and the FPC will go offline and not automatically recover. A system restart is required to get the affected FPC in an operational state again. This issue affects: Juniper Networks Junos OS 22.1 version 22.1R2 and later versions; 22.1 versions prior to 22.1R3; 22.2 versions prior to 22.2R2. Juniper Networks Junos OS Evolved 21.3-EVO version 21.3R3-EVO and later versions; 21.4-EVO version 21.4R1-S2-EVO, 21.4R2-EVO and later versions prior to 21.4R2-S1-EVO; 22.1-EVO version 22.1R2-EVO and later versions prior to 22.1R3-EVO; 22.2-EVO versions prior to 22.2R1-S1-EVO, 22.2R2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA70197 |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: 22.1R2 < 22.1* Version: 22.2 < 22.2R2 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.660Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.juniper.net/JSA70197"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22401",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T15:07:09.356052Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T15:39:07.634Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"changes": [
{
"at": "22.1R3",
"status": "unaffected"
}
],
"lessThan": "22.1*",
"status": "affected",
"version": "22.1R2",
"versionType": "custom"
},
{
"lessThan": "22.2R2",
"status": "affected",
"version": "22.2",
"versionType": "custom"
}
]
},
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.3-EVO*",
"status": "affected",
"version": "21.3R3-EVO",
"versionType": "custom"
},
{
"changes": [
{
"at": "21.4R2-S1-EVO",
"status": "unaffected"
}
],
"lessThan": "21.4-EVO*",
"status": "affected",
"version": "21.4R1-S2-EVO, 21.4R2-EVO",
"versionType": "custom"
},
{
"changes": [
{
"at": "22.1R3-EVO",
"status": "unaffected"
}
],
"lessThan": "22.1-EVO*",
"status": "affected",
"version": "22.1R2-EVO",
"versionType": "custom"
},
{
"lessThan": "22.2R1-S1-EVO, 22.2R2-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-01-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Improper Validation of Array Index vulnerability in the Advanced Forwarding Toolkit Manager daemon (aftmand) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On the PTX10008 and PTX10016 platforms running Junos OS or Junos OS Evolved, when a specific SNMP MIB is queried this will cause a PFE crash and the FPC will go offline and not automatically recover. A system restart is required to get the affected FPC in an operational state again. This issue affects: Juniper Networks Junos OS 22.1 version 22.1R2 and later versions; 22.1 versions prior to 22.1R3; 22.2 versions prior to 22.2R2. Juniper Networks Junos OS Evolved 21.3-EVO version 21.3R3-EVO and later versions; 21.4-EVO version 21.4R1-S2-EVO, 21.4R2-EVO and later versions prior to 21.4R2-S1-EVO; 22.1-EVO version 22.1R2-EVO and later versions prior to 22.1R3-EVO; 22.2-EVO versions prior to 22.2R1-S1-EVO, 22.2R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-129",
"description": "CWE-129 Improper Validation of Array Index",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-12T00:00:00.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"url": "https://kb.juniper.net/JSA70197"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: \nJunos OS: 22.1R3, 22.2R2, and all subsequent releases.\nJunos OS Evolved: 21.4R2-S1-EVO, 22.1R3-EVO, 22.2R1-S1-EVO, 22.2R2-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA70197",
"defect": [
"1668861"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: PTX10008, PTX10016: When a specific SNMP MIB is queried the FPC will crash",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue. To reduce the risk of exploitation use access lists or firewall filters to limit access to the device only from trusted, administrative networks or hosts."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2023-22401",
"datePublished": "2023-01-12T00:00:00.000Z",
"dateReserved": "2022-12-27T00:00:00.000Z",
"dateUpdated": "2025-04-07T15:39:07.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22169 (GCVE-0-2022-22169)
Vulnerability from cvelistv5
Published
2022-01-19 00:21
Modified
2024-09-17 00:35
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An Improper Initialization vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker who sends specific packets in certain orders and at specific timings to force OSPFv3 to unexpectedly enter graceful-restart (GR helper mode) even though there is not any Grace-LSA received in OSPFv3 causing a Denial of Service (DoS). Unexpectedly entering GR helper mode might cause the OSPFv3 neighbor adjacency formed on this interface to be stuck in the "INIT" state which can be observed by issuing the following command: user@device> show ospf3 neighbor ID Interface State xx.xx.xx.xx ae100.0 Init <<<<<<<<<< An indicator of compromise can be seen in log files when traceoptions for OSPFv3 are enabled before the issue occurs. These logfile messages are as follows: OSPF restart signaling: Received hello with LR bit set from nbr ip=xx::xx id=xx.xx.xx.xx. Set oob-resync capabilty 1. OSPF Restart Signaling: Start helper mode for nbr ip xx::xx id xx.xx.xx.xx OSPF restart signaling: abort helper mode for nbr ip=xx::xx id=xx.xx.xx.xx OSPF neighbor xx::xx (realm ipv6-unicast <interface.unit> area xx.xx.xx.xx) state changed from Full to Init due to 1WayRcvd (event reason: neighbor is in one-way mode) (nbr helped: 0) This issue affects: Juniper Networks Junos OS. 15.1 versions prior to 15.1R7-S11; 18.3 versions prior to 18.3R3-S6; 18.4 versions prior to 18.4R2-S9, 18.4R3-S10; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S7, 19.2R3-S4; 19.3 versions prior to 19.3R2-S7, 19.3R3-S4; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R3-S1; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R2-S2, 20.4R3; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R1-S1, 21.2R2. This issue does not affect any version of Juniper Networks Junos OS 12.3. This issue affects Juniper Networks Junos OS Evolved all versions prior to 21.2R2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA11276 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: 15.1 < 15.1R7-S11 Version: 18.3 < 18.3R3-S6 Version: 18.4 < 18.4R2-S9, 18.4R3-S10 Version: 19.1 < 19.1R2-S3, 19.1R3-S7 Version: 19.2 < 19.2R1-S7, 19.2R3-S4 Version: 19.3 < 19.3R2-S7, 19.3R3-S4 Version: 19.4 < 19.4R3-S6 Version: 20.1 < 20.1R3-S1 Version: 20.2 < 20.2R3-S3 Version: 20.3 < 20.3R3-S1 Version: 20.4 < 20.4R2-S2, 20.4R3 Version: 21.1 < 21.1R3 Version: 21.2 < 21.2R1-S1, 21.2R2 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:07:49.696Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11276"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"status": "unaffected",
"version": "12.3 Any"
},
{
"lessThan": "15.1R7-S11",
"status": "affected",
"version": "15.1",
"versionType": "custom"
},
{
"lessThan": "18.3R3-S6",
"status": "affected",
"version": "18.3",
"versionType": "custom"
},
{
"lessThan": "18.4R2-S9, 18.4R3-S10",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R2-S3, 19.1R3-S7",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R1-S7, 19.2R3-S4",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R2-S7, 19.3R3-S4",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R3-S6",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R3-S1",
"status": "affected",
"version": "20.1",
"versionType": "custom"
},
{
"lessThan": "20.2R3-S3",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R3-S1",
"status": "affected",
"version": "20.3",
"versionType": "custom"
},
{
"lessThan": "20.4R2-S2, 20.4R3",
"status": "affected",
"version": "20.4",
"versionType": "custom"
},
{
"lessThan": "21.1R3",
"status": "affected",
"version": "21.1",
"versionType": "custom"
},
{
"lessThan": "21.2R1-S1, 21.2R2",
"status": "affected",
"version": "21.2",
"versionType": "custom"
}
]
},
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R2-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "The following minimal configuration is required: \n\nYou must activate both OSPF and OSPF3 on one or more of the same interfaces concurrently on a device with an established peer with both OSPF and OSPF3 also activated, and sessions established. \n\nAn example of minimal details are: \n [protocols ospf]\n [protocols ospf3]"
}
],
"datePublic": "2022-01-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Improper Initialization vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker who sends specific packets in certain orders and at specific timings to force OSPFv3 to unexpectedly enter graceful-restart (GR helper mode) even though there is not any Grace-LSA received in OSPFv3 causing a Denial of Service (DoS). Unexpectedly entering GR helper mode might cause the OSPFv3 neighbor adjacency formed on this interface to be stuck in the \"INIT\" state which can be observed by issuing the following command: user@device\u003e show ospf3 neighbor ID Interface State xx.xx.xx.xx ae100.0 Init \u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c An indicator of compromise can be seen in log files when traceoptions for OSPFv3 are enabled before the issue occurs. These logfile messages are as follows: OSPF restart signaling: Received hello with LR bit set from nbr ip=xx::xx id=xx.xx.xx.xx. Set oob-resync capabilty 1. OSPF Restart Signaling: Start helper mode for nbr ip xx::xx id xx.xx.xx.xx OSPF restart signaling: abort helper mode for nbr ip=xx::xx id=xx.xx.xx.xx OSPF neighbor xx::xx (realm ipv6-unicast \u003cinterface.unit\u003e area xx.xx.xx.xx) state changed from Full to Init due to 1WayRcvd (event reason: neighbor is in one-way mode) (nbr helped: 0) This issue affects: Juniper Networks Junos OS. 15.1 versions prior to 15.1R7-S11; 18.3 versions prior to 18.3R3-S6; 18.4 versions prior to 18.4R2-S9, 18.4R3-S10; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S7, 19.2R3-S4; 19.3 versions prior to 19.3R2-S7, 19.3R3-S4; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R3-S1; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R2-S2, 20.4R3; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R1-S1, 21.2R2. This issue does not affect any version of Juniper Networks Junos OS 12.3. This issue affects Juniper Networks Junos OS Evolved all versions prior to 21.2R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-665",
"description": "CWE-665 Improper Initialization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-19T00:21:15",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11276"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue:\nJunos OS: 15.1R7-S11, 18.3R3-S6, 18.4R2-S9, 18.4R3-S10, 19.1R2-S3, 19.1R3-S7, 19.2R1-S7, 19.2R3-S4, 19.3R2-S7, 19.3R3-S4, 19.4R3-S6, 20.1R3-S1, 20.2R3-S3, 20.3R3-S1, 20.4R2-S2, 20.4R3, 21.1R3, 21.2R1-S1, 21.2R2, 21.3R1, and all subsequent releases.\n\nJunos OS Evolved: 21.2R2-EVO, 21.3R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11276",
"defect": [
"1599491"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: OSPFv3 session might go into INIT state upon receipt of multiple crafted packets from a trusted neighbor device.",
"workarounds": [
{
"lang": "en",
"value": "To work around this issue, disable the OSPF GR helper mode for OSPFv3:\n\n [protocols ospf3 graceful-restart helper-disable]\n\nThere are no other workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2022-01-12T17:00:00.000Z",
"ID": "CVE-2022-22169",
"STATE": "PUBLIC",
"TITLE": "Junos OS and Junos OS Evolved: OSPFv3 session might go into INIT state upon receipt of multiple crafted packets from a trusted neighbor device."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "!",
"version_name": "12.3",
"version_value": "Any"
},
{
"version_affected": "\u003c",
"version_name": "15.1",
"version_value": "15.1R7-S11"
},
{
"version_affected": "\u003c",
"version_name": "18.3",
"version_value": "18.3R3-S6"
},
{
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R2-S9, 18.4R3-S10"
},
{
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R2-S3, 19.1R3-S7"
},
{
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R1-S7, 19.2R3-S4"
},
{
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R2-S7, 19.3R3-S4"
},
{
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R3-S6"
},
{
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R3-S1"
},
{
"version_affected": "\u003c",
"version_name": "20.2",
"version_value": "20.2R3-S3"
},
{
"version_affected": "\u003c",
"version_name": "20.3",
"version_value": "20.3R3-S1"
},
{
"version_affected": "\u003c",
"version_name": "20.4",
"version_value": "20.4R2-S2, 20.4R3"
},
{
"version_affected": "\u003c",
"version_name": "21.1",
"version_value": "21.1R3"
},
{
"version_affected": "\u003c",
"version_name": "21.2",
"version_value": "21.2R1-S1, 21.2R2"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "21.2R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "The following minimal configuration is required: \n\nYou must activate both OSPF and OSPF3 on one or more of the same interfaces concurrently on a device with an established peer with both OSPF and OSPF3 also activated, and sessions established. \n\nAn example of minimal details are: \n [protocols ospf]\n [protocols ospf3]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Improper Initialization vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker who sends specific packets in certain orders and at specific timings to force OSPFv3 to unexpectedly enter graceful-restart (GR helper mode) even though there is not any Grace-LSA received in OSPFv3 causing a Denial of Service (DoS). Unexpectedly entering GR helper mode might cause the OSPFv3 neighbor adjacency formed on this interface to be stuck in the \"INIT\" state which can be observed by issuing the following command: user@device\u003e show ospf3 neighbor ID Interface State xx.xx.xx.xx ae100.0 Init \u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c An indicator of compromise can be seen in log files when traceoptions for OSPFv3 are enabled before the issue occurs. These logfile messages are as follows: OSPF restart signaling: Received hello with LR bit set from nbr ip=xx::xx id=xx.xx.xx.xx. Set oob-resync capabilty 1. OSPF Restart Signaling: Start helper mode for nbr ip xx::xx id xx.xx.xx.xx OSPF restart signaling: abort helper mode for nbr ip=xx::xx id=xx.xx.xx.xx OSPF neighbor xx::xx (realm ipv6-unicast \u003cinterface.unit\u003e area xx.xx.xx.xx) state changed from Full to Init due to 1WayRcvd (event reason: neighbor is in one-way mode) (nbr helped: 0) This issue affects: Juniper Networks Junos OS. 15.1 versions prior to 15.1R7-S11; 18.3 versions prior to 18.3R3-S6; 18.4 versions prior to 18.4R2-S9, 18.4R3-S10; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S7, 19.2R3-S4; 19.3 versions prior to 19.3R2-S7, 19.3R3-S4; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R3-S1; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R2-S2, 20.4R3; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R1-S1, 21.2R2. This issue does not affect any version of Juniper Networks Junos OS 12.3. This issue affects Juniper Networks Junos OS Evolved all versions prior to 21.2R2-EVO."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-665 Improper Initialization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11276",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11276"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue:\nJunos OS: 15.1R7-S11, 18.3R3-S6, 18.4R2-S9, 18.4R3-S10, 19.1R2-S3, 19.1R3-S7, 19.2R1-S7, 19.2R3-S4, 19.3R2-S7, 19.3R3-S4, 19.4R3-S6, 20.1R3-S1, 20.2R3-S3, 20.3R3-S1, 20.4R2-S2, 20.4R3, 21.1R3, 21.2R1-S1, 21.2R2, 21.3R1, and all subsequent releases.\n\nJunos OS Evolved: 21.2R2-EVO, 21.3R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11276",
"defect": [
"1599491"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "To work around this issue, disable the OSPF GR helper mode for OSPFv3:\n\n [protocols ospf3 graceful-restart helper-disable]\n\nThere are no other workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2022-22169",
"datePublished": "2022-01-19T00:21:15.827562Z",
"dateReserved": "2021-12-21T00:00:00",
"dateUpdated": "2024-09-17T00:35:44.752Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39513 (GCVE-0-2024-39513)
Vulnerability from cvelistv5
Published
2024-07-10 23:03
Modified
2024-08-02 04:26
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/R:A
6.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/R:A
VLAI Severity ?
EPSS score ?
Summary
An Improper Input Validation vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved allows a local, low-privileged attacker to cause a Denial of Service (DoS).
When a specific "clear" command is run, the Advanced Forwarding Toolkit manager (evo-aftmand-bt or evo-aftmand-zx) crashes and restarts.
The crash impacts all traffic going through the FPCs, causing a DoS. Running the command repeatedly leads to a sustained DoS condition.
This issue affects Junos OS Evolved:
* All versions before 20.4R3-S9-EVO,
* from 21.2-EVO before 21.2R3-S7-EVO,
* from 21.3-EVO before 21.3R3-S5-EVO,
* from 21.4-EVO before 21.4R3-S6-EVO,
* from 22.1-EVO before 22.1R3-S4-EVO,
* from 22.2-EVO before 22.2R3-S3-EVO,
* from 22.3-EVO before 22.3R3-S3-EVO,
* from 22.4-EVO before 22.4R3-EVO,
* from 23.2-EVO before 23.2R2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportportal.juniper.net/JSA82978 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Version: 0 ≤ Version: 21.2-EVO ≤ Version: 21.3-EVO ≤ Version: 21.4-EVO ≤ Version: 22.1-EVO ≤ Version: 22.2-EVO ≤ Version: 22.3-EVO ≤ Version: 22.4-EVO ≤ Version: 23.2-EVO ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39513",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T15:04:14.115957Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T15:04:21.285Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.477Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA82978"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S9-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.2R3-S7-EVO",
"status": "affected",
"version": "21.2-EVO",
"versionType": "semver"
},
{
"lessThan": "21.3R3-S5-EVO",
"status": "affected",
"version": "21.3-EVO",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S6-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S4-EVO",
"status": "affected",
"version": "22.1-EVO",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S3-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S3-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R3-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
},
{
"lessThan": "23.2R2-EVO",
"status": "affected",
"version": "23.2-EVO",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-07-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Input Validation vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved allows a local, low-privileged attacker to cause a Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003eWhen a specific \"clear\" command is run, the\u0026nbsp;\u003cspan style=\"background-color: rgb(251, 251, 251);\"\u003eAdvanced Forwarding Toolkit manager (evo-aftmand-bt or evo-aftmand-zx) crashes and restarts.\u003cbr\u003e\u003c/span\u003e\u003cbr\u003eThe crash\u0026nbsp;\u003cspan style=\"background-color: rgb(251, 251, 251);\"\u003eimpacts all traffic going through the FPCs, causing a DoS. Running the command repeatedly leads to a sustained DoS condition.\u003cbr\u003e\u003c/span\u003e\u003cp\u003eThis issue affects Junos OS Evolved:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 20.4R3-S9-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 21.2-EVO before 21.2R3-S7-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 21.3-EVO before 21.3R3-S5-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 21.4-EVO before 21.4R3-S6-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.1-EVO before 22.1R3-S4-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.2-EVO before 22.2R3-S3-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.3-EVO before 22.3R3-S3-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.4-EVO before 22.4R3-EVO,\u003c/li\u003e\u003cli\u003efrom 23.2-EVO before 23.2R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "An Improper Input Validation vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved allows a local, low-privileged attacker to cause a Denial of Service (DoS).\n\nWhen a specific \"clear\" command is run, the\u00a0Advanced Forwarding Toolkit manager (evo-aftmand-bt or evo-aftmand-zx) crashes and restarts.\n\nThe crash\u00a0impacts all traffic going through the FPCs, causing a DoS. Running the command repeatedly leads to a sustained DoS condition.\nThis issue affects Junos OS Evolved:\u00a0\n\n\n\n * All versions before 20.4R3-S9-EVO,\u00a0\n * from 21.2-EVO before 21.2R3-S7-EVO,\u00a0\n * from 21.3-EVO before 21.3R3-S5-EVO,\u00a0\n * from 21.4-EVO before 21.4R3-S6-EVO,\u00a0\n * from 22.1-EVO before 22.1R3-S4-EVO,\u00a0\n * from 22.2-EVO before 22.2R3-S3-EVO,\u00a0\n * from 22.3-EVO before 22.3R3-S3-EVO,\u00a0\n * from 22.4-EVO before 22.4R3-EVO,\n * from 23.2-EVO before 23.2R2-EVO."
}
],
"exploits": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/R:A",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T23:03:46.446Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA82978"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: 20.4R3-S9-EVO, 21.2R3-S7-EVO, 21.3R3-S5-EVO, 21.4R3-S6-EVO, 22.1R3-S4-EVO, 22.2R3-S3-EVO, 22.3R3-S3-EVO, 22.4R3-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue: 20.4R3-S9-EVO, 21.2R3-S7-EVO, 21.3R3-S5-EVO, 21.4R3-S6-EVO, 22.1R3-S4-EVO, 22.2R3-S3-EVO, 22.3R3-S3-EVO, 22.4R3-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA82978",
"defect": [
"1760052"
],
"discovery": "USER"
},
"title": "Junos OS Evolved: Execution of a specific CLI command will cause a crash in the AFT manager",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-39513",
"datePublished": "2024-07-10T23:03:46.446Z",
"dateReserved": "2024-06-25T15:12:53.237Z",
"dateUpdated": "2024-08-02T04:26:15.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1644 (GCVE-0-2020-1644)
Vulnerability from cvelistv5
Published
2020-07-17 18:40
Modified
2024-09-16 23:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
On Juniper Networks Junos OS and Junos OS Evolved devices, the receipt of a specific BGP UPDATE packet causes an internal counter to be incremented incorrectly, which over time can lead to the routing protocols process (RPD) crash and restart. This issue affects both IBGP and EBGP multihop deployment in IPv4 or IPv6 network. This issue affects: Juniper Networks Junos OS: 17.2X75 versions prior to 17.2X75-D105.19; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S10, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S4; 18.2X75 versions prior to 18.2X75-D13, 18.2X75-D411.1, 18.2X75-D420.18, 18.2X75-D52.3, 18.2X75-D60; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3-S2; 19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S2, 19.3R3; 19.4 versions prior to 19.4R1-S2, 19.4R2. Juniper Networks Junos OS Evolved: any releases prior to 20.1R2-EVO. This issue does not affect Juniper Networks Junos OS releases prior to 17.3R1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA11032 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Patch: unspecified Version: 17.2X75 < 17.2X75-D105.19 Version: 17.3 < 17.3R3-S8 Version: 17.4 < 17.4R2-S10, 17.4R3-S2 Version: 18.1 < 18.1R3-S10 Version: 18.2 < 18.2R2-S7, 18.2R3-S4 Version: 18.2X75 < 18.2X75-D13, 18.2X75-D411.1, 18.2X75-D420.18, 18.2X75-D52.3, 18.2X75-D60 Version: 18.3 < 18.3R2-S4, 18.3R3-S2 Version: 18.4 < 18.4R1-S7, 18.4R2-S4, 18.4R3-S2 Version: 19.1 < 19.1R1-S5, 19.1R2-S1, 19.1R3 Version: 19.2 < 19.2R1-S5, 19.2R2 Version: 19.3 < 19.3R2-S2, 19.3R3 Version: 19.4 < 19.4R1-S2, 19.4R2 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:30.115Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11032"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThanOrEqual": "17.3R1",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "17.2X75-D105.19",
"status": "affected",
"version": "17.2X75",
"versionType": "custom"
},
{
"lessThan": "17.3R3-S8",
"status": "affected",
"version": "17.3",
"versionType": "custom"
},
{
"lessThan": "17.4R2-S10, 17.4R3-S2",
"status": "affected",
"version": "17.4",
"versionType": "custom"
},
{
"lessThan": "18.1R3-S10",
"status": "affected",
"version": "18.1",
"versionType": "custom"
},
{
"lessThan": "18.2R2-S7, 18.2R3-S4",
"status": "affected",
"version": "18.2",
"versionType": "custom"
},
{
"lessThan": "18.2X75-D13, 18.2X75-D411.1, 18.2X75-D420.18, 18.2X75-D52.3, 18.2X75-D60",
"status": "affected",
"version": "18.2X75",
"versionType": "custom"
},
{
"lessThan": "18.3R2-S4, 18.3R3-S2",
"status": "affected",
"version": "18.3",
"versionType": "custom"
},
{
"lessThan": "18.4R1-S7, 18.4R2-S4, 18.4R3-S2",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R1-S5, 19.1R2-S1, 19.1R3",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R1-S5, 19.2R2",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R2-S2, 19.3R3",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R1-S2, 19.4R2",
"status": "affected",
"version": "19.4",
"versionType": "custom"
}
]
},
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"status": "affected",
"version": "19.2-EVO"
},
{
"status": "affected",
"version": "19.3-EVO"
},
{
"status": "affected",
"version": "19.4-EVO"
},
{
"lessThan": "20.1R2-EVO",
"status": "affected",
"version": "20.1-EVO",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-07-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "On Juniper Networks Junos OS and Junos OS Evolved devices, the receipt of a specific BGP UPDATE packet causes an internal counter to be incremented incorrectly, which over time can lead to the routing protocols process (RPD) crash and restart. This issue affects both IBGP and EBGP multihop deployment in IPv4 or IPv6 network. This issue affects: Juniper Networks Junos OS: 17.2X75 versions prior to 17.2X75-D105.19; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S10, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S4; 18.2X75 versions prior to 18.2X75-D13, 18.2X75-D411.1, 18.2X75-D420.18, 18.2X75-D52.3, 18.2X75-D60; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3-S2; 19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S2, 19.3R3; 19.4 versions prior to 19.4R1-S2, 19.4R2. Juniper Networks Junos OS Evolved: any releases prior to 20.1R2-EVO. This issue does not affect Juniper Networks Junos OS releases prior to 17.3R1."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703 Improper Check or Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-17T18:40:40",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11032"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 17.2X75-D105.19, 17.3R3-S8, 17.4R2-S10, 17.4R3-S2, 18.1R3-S10, 18.2R2-S7, 18.2R3-S4, 18.2X75-D13, 18.2X75-D411.1, 18.2X75-D420.18, 18.2X75-D52.3, 18.2X75-D60, 18.3R2-S4, 18.3R3-S2, 18.4R1-S7, 18.4R2-S4, 18.4R3-S2, 19.1R1-S5, 19.1R2-S1, 19.1R3, 19.2R1-S5, 19.2R2, 19.3R2-S2, 19.3R3, 19.4R1-S2, 19.4R2, 20.1R1 and all subsequent releases.\n\nJunos OS Evolved: 20.1R2-EVO, 20.2R1-EVO and all subsequent releases."
}
],
"source": {
"advisory": "JSA11032",
"defect": [
"1481641"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: RPD crash due to specific BGP UPDATE packets",
"workarounds": [
{
"lang": "en",
"value": "There are no available workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-07-08T07:00:00.000Z",
"ID": "CVE-2020-1644",
"STATE": "PUBLIC",
"TITLE": "Junos OS and Junos OS Evolved: RPD crash due to specific BGP UPDATE packets"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "17.2X75",
"version_value": "17.2X75-D105.19"
},
{
"version_affected": "\u003c",
"version_name": "17.3",
"version_value": "17.3R3-S8"
},
{
"version_affected": "\u003c",
"version_name": "17.4",
"version_value": "17.4R2-S10, 17.4R3-S2"
},
{
"version_affected": "\u003c",
"version_name": "18.1",
"version_value": "18.1R3-S10"
},
{
"version_affected": "\u003c",
"version_name": "18.2",
"version_value": "18.2R2-S7, 18.2R3-S4"
},
{
"version_affected": "\u003c",
"version_name": "18.2X75",
"version_value": "18.2X75-D13, 18.2X75-D411.1, 18.2X75-D420.18, 18.2X75-D52.3, 18.2X75-D60"
},
{
"version_affected": "\u003c",
"version_name": "18.3",
"version_value": "18.3R2-S4, 18.3R3-S2"
},
{
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R1-S7, 18.4R2-S4, 18.4R3-S2"
},
{
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R1-S5, 19.1R2-S1, 19.1R3"
},
{
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R1-S5, 19.2R2"
},
{
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R2-S2, 19.3R3"
},
{
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R1-S2, 19.4R2"
},
{
"version_affected": "!\u003c=",
"version_value": "17.3R1"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "19.2-EVO",
"version_value": "19.2-EVO"
},
{
"version_affected": "=",
"version_name": "19.3-EVO",
"version_value": "19.3-EVO"
},
{
"version_affected": "=",
"version_name": "19.4-EVO",
"version_value": "19.4-EVO"
},
{
"version_affected": "\u003c",
"version_name": "20.1-EVO",
"version_value": "20.1R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Juniper Networks Junos OS and Junos OS Evolved devices, the receipt of a specific BGP UPDATE packet causes an internal counter to be incremented incorrectly, which over time can lead to the routing protocols process (RPD) crash and restart. This issue affects both IBGP and EBGP multihop deployment in IPv4 or IPv6 network. This issue affects: Juniper Networks Junos OS: 17.2X75 versions prior to 17.2X75-D105.19; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S10, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S4; 18.2X75 versions prior to 18.2X75-D13, 18.2X75-D411.1, 18.2X75-D420.18, 18.2X75-D52.3, 18.2X75-D60; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3-S2; 19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S2, 19.3R3; 19.4 versions prior to 19.4R1-S2, 19.4R2. Juniper Networks Junos OS Evolved: any releases prior to 20.1R2-EVO. This issue does not affect Juniper Networks Junos OS releases prior to 17.3R1."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-703 Improper Check or Handling of Exceptional Conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11032",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11032"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 17.2X75-D105.19, 17.3R3-S8, 17.4R2-S10, 17.4R3-S2, 18.1R3-S10, 18.2R2-S7, 18.2R3-S4, 18.2X75-D13, 18.2X75-D411.1, 18.2X75-D420.18, 18.2X75-D52.3, 18.2X75-D60, 18.3R2-S4, 18.3R3-S2, 18.4R1-S7, 18.4R2-S4, 18.4R3-S2, 19.1R1-S5, 19.1R2-S1, 19.1R3, 19.2R1-S5, 19.2R2, 19.3R2-S2, 19.3R3, 19.4R1-S2, 19.4R2, 20.1R1 and all subsequent releases.\n\nJunos OS Evolved: 20.1R2-EVO, 20.2R1-EVO and all subsequent releases."
}
],
"source": {
"advisory": "JSA11032",
"defect": [
"1481641"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "There are no available workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2020-1644",
"datePublished": "2020-07-17T18:40:40.407547Z",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-09-16T23:56:00.254Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-44178 (GCVE-0-2023-44178)
Vulnerability from cvelistv5
Published
2023-10-12 23:01
Modified
2024-09-18 14:42
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos OS allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service.
Repeated actions by the attacker will create a sustained Denial of Service (DoS) condition.
This issue affects Juniper Networks:
Junos OS
* All versions prior to 19.1R3-S10;
* 19.2 versions prior to 19.2R3-S7;
* 19.3 versions prior to 19.3R3-S8;
* 19.4 versions prior to 19.4R3-S12;
* 20.2 versions prior to 20.2R3-S8;
* 20.4 versions prior to 20.4R3-S8;
* 21.2 versions prior to 21.2R3-S6;
* 21.3 versions prior to 21.3R3-S5;
* 21.4 versions prior to 21.4R3-S5;
* 22.1 versions prior to 22.1R3-S3;
* 22.2 versions prior to 22.2R3-S2;
* 22.3 versions prior to 22.3R3-S1;
* 22.4 versions prior to 22.4R2-S1;
* 23.2 versions prior to 23.2R2.
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportportal.juniper.net/JSA73140 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Version: 0 ≤ Version: 19.2 ≤ Version: 19.3 ≤ Version: 19.4 ≤ Version: 20.2 ≤ Version: 20.4 ≤ Version: 21.2 ≤ Version: 21.3 ≤ Version: 21.4 ≤ Version: 22.1 ≤ Version: 22.2 ≤ Version: 22.3 ≤ Version: 22.4 ≤ Version: 23.2 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:59:51.889Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA73140"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-44178",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T14:42:27.029173Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T14:42:48.225Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "19.1R3-S10",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "19.2R3-S7",
"status": "affected",
"version": "19.2",
"versionType": "semver"
},
{
"lessThan": "19.3R3-S8",
"status": "affected",
"version": "19.3",
"versionType": "semver"
},
{
"lessThan": "19.4R3-S12",
"status": "affected",
"version": "19.4",
"versionType": "semver"
},
{
"lessThan": "20.2R3-S8",
"status": "affected",
"version": "20.2",
"versionType": "semver"
},
{
"lessThan": "20.4R3-S8",
"status": "affected",
"version": "20.4",
"versionType": "semver"
},
{
"lessThan": "21.2R3-S6",
"status": "affected",
"version": "21.2",
"versionType": "semver"
},
{
"lessThan": "21.3R3-S5",
"status": "affected",
"version": "21.3",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S5",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S3",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S2",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S1",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R2-S1",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2",
"status": "affected",
"version": "23.2",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-10-11T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eA Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos OS allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service.\u003c/p\u003e\u003cp\u003eRepeated actions by the attacker will create a sustained Denial of Service (DoS) condition.\u003c/p\u003e\u003cp\u003eThis issue affects Juniper Networks:\u003c/p\u003e\u003cp\u003eJunos OS\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions prior to 19.1R3-S10;\u003c/li\u003e\u003cli\u003e19.2 versions prior to 19.2R3-S7;\u003c/li\u003e\u003cli\u003e19.3 versions prior to 19.3R3-S8;\u003c/li\u003e\u003cli\u003e19.4 versions prior to 19.4R3-S12;\u003c/li\u003e\u003cli\u003e20.2 versions prior to 20.2R3-S8;\u003c/li\u003e\u003cli\u003e20.4 versions prior to 20.4R3-S8;\u003c/li\u003e\u003cli\u003e21.2 versions prior to 21.2R3-S6;\u003c/li\u003e\u003cli\u003e21.3 versions prior to 21.3R3-S5;\u003c/li\u003e\u003cli\u003e21.4 versions prior to 21.4R3-S5;\u003c/li\u003e\u003cli\u003e22.1 versions prior to 22.1R3-S3;\u003c/li\u003e\u003cli\u003e22.2 versions prior to 22.2R3-S2;\u003c/li\u003e\u003cli\u003e22.3 versions prior to 22.3R3-S1;\u003c/li\u003e\u003cli\u003e22.4 versions prior to 22.4R2-S1;\u003c/li\u003e\u003cli\u003e23.2 versions prior to 23.2R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\n\n"
}
],
"value": "\nA Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos OS allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service.\n\nRepeated actions by the attacker will create a sustained Denial of Service (DoS) condition.\n\nThis issue affects Juniper Networks:\n\nJunos OS\n\n\n\n * All versions prior to 19.1R3-S10;\n * 19.2 versions prior to 19.2R3-S7;\n * 19.3 versions prior to 19.3R3-S8;\n * 19.4 versions prior to 19.4R3-S12;\n * 20.2 versions prior to 20.2R3-S8;\n * 20.4 versions prior to 20.4R3-S8;\n * 21.2 versions prior to 21.2R3-S6;\n * 21.3 versions prior to 21.3R3-S5;\n * 21.4 versions prior to 21.4R3-S5;\n * 22.1 versions prior to 22.1R3-S3;\n * 22.2 versions prior to 22.2R3-S2;\n * 22.3 versions prior to 22.3R3-S1;\n * 22.4 versions prior to 22.4R2-S1;\n * 23.2 versions prior to 23.2R2.\n\n\n\n\n\n\n"
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e"
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS) ",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-12T23:01:04.910Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA73140"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue: Junos OS 19.1R3-S10, 19.2R3-S7, 19.3R3-S8, 19.4R3-S12, 20.2R3-S8, 20.4R3-S8, 21.2R3-S6, 21.3R3-S5, 21.4R3-S5, 22.1R3-S3, 22.2R3-S2, 22.3R2-S2, 22.3R3-S1, 22.4R2-S1, 22.4R3, 23.2R1, 23.2R2, 23.3R1, and all subsequent releases.\u003c/p\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 19.1R3-S10, 19.2R3-S7, 19.3R3-S8, 19.4R3-S12, 20.2R3-S8, 20.4R3-S8, 21.2R3-S6, 21.3R3-S5, 21.4R3-S5, 22.1R3-S3, 22.2R3-S2, 22.3R2-S2, 22.3R3-S1, 22.4R2-S1, 22.4R3, 23.2R1, 23.2R2, 23.3R1, and all subsequent releases.\n\n"
}
],
"source": {
"advisory": "JSA73140",
"defect": [
"1723674"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2023-10-11T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Junos OS : Stack overflow vulnerability in CLI command processing",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTo reduce the risk of malicious exploitation use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.\u003c/p\u003e\u003cp\u003eThere are no known workarounds for this issue.\u003c/p\u003e"
}
],
"value": "To reduce the risk of malicious exploitation use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.\n\nThere are no known workarounds for this issue.\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-av217"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2023-44178",
"datePublished": "2023-10-12T23:01:04.910Z",
"dateReserved": "2023-09-26T19:30:17.662Z",
"dateUpdated": "2024-09-18T14:42:48.225Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-31354 (GCVE-0-2021-31354)
Vulnerability from cvelistv5
Published
2021-10-19 18:16
Modified
2024-09-17 01:30
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An Out Of Bounds (OOB) access vulnerability in the handling of responses by a Juniper Agile License (JAL) Client in Juniper Networks Junos OS and Junos OS Evolved, configured in Network Mode (to use Juniper Agile License Manager) may allow an attacker to cause a partial Denial of Service (DoS), or lead to remote code execution (RCE). The vulnerability exists in the packet parsing logic on the client that processes the response from the server using a custom protocol. An attacker with control of a JAL License Manager, or with access to the local broadcast domain, may be able to spoof a new JAL License Manager and/or craft a response to the Junos OS License Client, leading to exploitation of this vulnerability. This issue only affects Junos systems configured in Network Mode. Systems that are configured in Standalone Mode (the default mode of operation for all systems) are not vulnerable to this issue. This issue affects: Juniper Networks Junos OS: 19.2 versions prior to 19.2R3-S3; 19.3 versions prior to 19.3R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2. Juniper Networks Junos OS Evolved: version 20.1R1-EVO and later versions, prior to 21.2R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 19.2R1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA11219 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Patch: unspecified Version: 19.2 < 19.2R3-S3 Version: 19.3 < 19.3R3-S3 Version: 20.1 < 20.1R2-S2, 20.1R3-S1 Version: 20.2 < 20.2R3-S2 Version: 20.3 < 20.3R3 Version: 20.4 < 20.4R3 Version: 21.1 < 21.1R2 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:55:53.517Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11219"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "19.2R1",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "19.2R3-S3",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R3-S3",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "20.1R2-S2, 20.1R3-S1",
"status": "affected",
"version": "20.1",
"versionType": "custom"
},
{
"lessThan": "20.2R3-S2",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R3",
"status": "affected",
"version": "20.3",
"versionType": "custom"
},
{
"lessThan": "20.4R3",
"status": "affected",
"version": "20.4",
"versionType": "custom"
},
{
"lessThan": "21.1R2",
"status": "affected",
"version": "21.1",
"versionType": "custom"
}
]
},
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "20.1R1-EVO",
"versionType": "custom"
},
{
"lessThan": "21.2R2-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "Systems vulnerable to this issue will have the Junos License Client set to Network Mode as follows:\n\n [system license network-mode]"
}
],
"credits": [
{
"lang": "en",
"value": "Juniper SIRT would like to acknowledge and thank The UK\u0027s National Cyber Security Centre (NCSC) for responsibly reporting this vulnerability."
}
],
"datePublic": "2021-10-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Out Of Bounds (OOB) access vulnerability in the handling of responses by a Juniper Agile License (JAL) Client in Juniper Networks Junos OS and Junos OS Evolved, configured in Network Mode (to use Juniper Agile License Manager) may allow an attacker to cause a partial Denial of Service (DoS), or lead to remote code execution (RCE). The vulnerability exists in the packet parsing logic on the client that processes the response from the server using a custom protocol. An attacker with control of a JAL License Manager, or with access to the local broadcast domain, may be able to spoof a new JAL License Manager and/or craft a response to the Junos OS License Client, leading to exploitation of this vulnerability. This issue only affects Junos systems configured in Network Mode. Systems that are configured in Standalone Mode (the default mode of operation for all systems) are not vulnerable to this issue. This issue affects: Juniper Networks Junos OS: 19.2 versions prior to 19.2R3-S3; 19.3 versions prior to 19.3R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2. Juniper Networks Junos OS Evolved: version 20.1R1-EVO and later versions, prior to 21.2R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 19.2R1."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-19T18:16:36",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11219"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS 19.3R3-S3, 20.1R2-S2, 20.1R3-S1, 20.2R3-S2, 20.3R3, 20.4R3, 21.1R2, 21.2R1, and all subsequent releases.\nJunos OS Evolved 21.2R2-EVO, 21.3R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11219",
"defect": [
"1582419"
],
"discovery": "EXTERNAL"
},
"title": "Junos OS and Junos OS Evolved: A vulnerability in the Juniper Agile License Client may allow an attacker to perform Remote Code Execution (RCE)",
"workarounds": [
{
"lang": "en",
"value": "Disable Network Mode and configure the Junos License Client to use Standalone Mode:\n\n user@junos# set system license standalone-mode"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-10-13T16:00:00.000Z",
"ID": "CVE-2021-31354",
"STATE": "PUBLIC",
"TITLE": "Junos OS and Junos OS Evolved: A vulnerability in the Juniper Agile License Client may allow an attacker to perform Remote Code Execution (RCE)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "!\u003c",
"version_value": "19.2R1"
},
{
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R3-S3"
},
{
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R3-S3"
},
{
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R2-S2, 20.1R3-S1"
},
{
"version_affected": "\u003c",
"version_name": "20.2",
"version_value": "20.2R3-S2"
},
{
"version_affected": "\u003c",
"version_name": "20.3",
"version_value": "20.3R3"
},
{
"version_affected": "\u003c",
"version_name": "20.4",
"version_value": "20.4R3"
},
{
"version_affected": "\u003c",
"version_name": "21.1",
"version_value": "21.1R2"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "20.1R1-EVO"
},
{
"version_affected": "\u003c",
"version_value": "21.2R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "Systems vulnerable to this issue will have the Junos License Client set to Network Mode as follows:\n\n [system license network-mode]"
}
],
"credit": [
{
"lang": "eng",
"value": "Juniper SIRT would like to acknowledge and thank The UK\u0027s National Cyber Security Centre (NCSC) for responsibly reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Out Of Bounds (OOB) access vulnerability in the handling of responses by a Juniper Agile License (JAL) Client in Juniper Networks Junos OS and Junos OS Evolved, configured in Network Mode (to use Juniper Agile License Manager) may allow an attacker to cause a partial Denial of Service (DoS), or lead to remote code execution (RCE). The vulnerability exists in the packet parsing logic on the client that processes the response from the server using a custom protocol. An attacker with control of a JAL License Manager, or with access to the local broadcast domain, may be able to spoof a new JAL License Manager and/or craft a response to the Junos OS License Client, leading to exploitation of this vulnerability. This issue only affects Junos systems configured in Network Mode. Systems that are configured in Standalone Mode (the default mode of operation for all systems) are not vulnerable to this issue. This issue affects: Juniper Networks Junos OS: 19.2 versions prior to 19.2R3-S3; 19.3 versions prior to 19.3R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2. Juniper Networks Junos OS Evolved: version 20.1R1-EVO and later versions, prior to 21.2R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 19.2R1."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11219",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11219"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS 19.3R3-S3, 20.1R2-S2, 20.1R3-S1, 20.2R3-S2, 20.3R3, 20.4R3, 21.1R2, 21.2R1, and all subsequent releases.\nJunos OS Evolved 21.2R2-EVO, 21.3R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11219",
"defect": [
"1582419"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Disable Network Mode and configure the Junos License Client to use Standalone Mode:\n\n user@junos# set system license standalone-mode"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-31354",
"datePublished": "2021-10-19T18:16:36.502579Z",
"dateReserved": "2021-04-15T00:00:00",
"dateUpdated": "2024-09-17T01:30:53.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21590 (GCVE-0-2024-21590)
Vulnerability from cvelistv5
Published
2024-04-12 14:53
Modified
2024-08-01 22:27
Severity ?
5.3 (Medium) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
7.1 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
7.1 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
Summary
An Improper Input Validation vulnerability in Juniper Tunnel Driver (jtd) and ICMP module of Juniper Networks Junos OS Evolved allows an unauthenticated attacker within the MPLS administrative domain to send specifically crafted packets to the Routing Engine (RE) to cause a Denial of Service (DoS).
When specifically crafted transit MPLS IPv4 packets are received by the Packet Forwarding Engine (PFE), these packets are internally forwarded to the RE. Continued receipt of these packets may create a sustained Denial of Service (DoS) condition.
This issue affects Juniper Networks Junos OS:
* All versions before 21.2R3-S8-EVO;
* from 21.4-EVO before 21.4R3-S6-EVO;
* from 22.2-EVO before 22.2R3-S4-EVO;
* from 22.3-EVO before 22.3R3-S3-EVO;
* from 22.4-EVO before 22.4R3-EVO;
* from 23.2-EVO before 23.2R2-EVO.
* from 23.4-EVO before 23.4R1-S1-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportportal.juniper.net/JSA75728 | vendor-advisory | |
| https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N | technical-description |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Version: 0 ≤ Version: 21.4-EVO ≤ Version: 22.2-EVO ≤ Version: 22.3-EVO ≤ Version: 22.4-EVO ≤ Version: 23.2-EVO ≤ Version: 23.4-EVO ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21590",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-17T13:04:27.027073Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:37:31.458Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:34.794Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA75728"
},
{
"tags": [
"technical-description",
"x_transferred"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S8-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S6-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S4-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S3-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R3-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
},
{
"lessThan": "23.2R2-EVO",
"status": "affected",
"version": "23.2-EVO",
"versionType": "semver"
},
{
"lessThan": "23.4R1-S1-EVO",
"status": "affected",
"version": "23.4-EVO",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-04-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Input Validation vulnerability in Juniper Tunnel Driver (jtd) and ICMP module of Juniper Networks Junos OS Evolved allows an unauthenticated attacker within the MPLS administrative domain to send specifically crafted packets to the Routing Engine (RE) to cause a Denial of Service (DoS).\u0026nbsp;\u003cbr\u003e\u003cbr\u003eWhen specifically crafted transit MPLS IPv4 packets are received by the Packet Forwarding Engine (PFE), these packets are internally forwarded to the RE.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eContinued receipt of these packets may create a sustained Denial of Service (DoS) condition.\u003c/span\u003e\u003cbr\u003e\u003cbr\u003eThis issue affects Juniper Networks Junos OS:\u003cbr\u003e\u003cbr\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.2R3-S8-EVO;\u003c/li\u003e\u003cli\u003efrom 21.4-EVO before 21.4R3-S6-EVO;\u003c/li\u003e\u003cli\u003efrom 22.2-EVO before 22.2R3-S4-EVO;\u003c/li\u003e\u003cli\u003efrom 22.3-EVO before 22.3R3-S3-EVO;\u003c/li\u003e\u003cli\u003efrom 22.4-EVO before 22.4R3-EVO;\u003c/li\u003e\u003cli\u003efrom 23.2-EVO before 23.2R2-EVO.\u003c/li\u003e\u003cli\u003efrom 23.4-EVO before 23.4R1-S1-EVO.\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "An Improper Input Validation vulnerability in Juniper Tunnel Driver (jtd) and ICMP module of Juniper Networks Junos OS Evolved allows an unauthenticated attacker within the MPLS administrative domain to send specifically crafted packets to the Routing Engine (RE) to cause a Denial of Service (DoS).\u00a0\n\nWhen specifically crafted transit MPLS IPv4 packets are received by the Packet Forwarding Engine (PFE), these packets are internally forwarded to the RE.\u00a0Continued receipt of these packets may create a sustained Denial of Service (DoS) condition.\n\nThis issue affects Juniper Networks Junos OS:\n\n * All versions before 21.2R3-S8-EVO;\n * from 21.4-EVO before 21.4R3-S6-EVO;\n * from 22.2-EVO before 22.2R3-S4-EVO;\n * from 22.3-EVO before 22.3R3-S3-EVO;\n * from 22.4-EVO before 22.4R3-EVO;\n * from 23.2-EVO before 23.2R2-EVO.\n * from 23.4-EVO before 23.4R1-S1-EVO."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e"
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:04:36.603Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA75728"
},
{
"tags": [
"technical-description"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue: \u003c/p\u003e\u003cp\u003eJunos OS Evolved:21.2R3-S8-EVO, 21.4R3-S6-EVO, 22.2R3-S4-EVO, \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e22.3R3-S3-EVO,\u0026nbsp;\u003c/span\u003e22.4R3-EVO, 23.2R2-EVO, 23.4R1-EVO, 23.4R1-S1-EVO, 24.1R1-EVO and all subsequent releases.\u003cbr\u003e\u003c/p\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003cbr\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS Evolved:21.2R3-S8-EVO, 21.4R3-S6-EVO, 22.2R3-S4-EVO, 22.3R3-S3-EVO,\u00a022.4R3-EVO, 23.2R2-EVO, 23.4R1-EVO, 23.4R1-S1-EVO, 24.1R1-EVO and all subsequent releases."
}
],
"source": {
"advisory": "JSA75728",
"defect": [
"1731219"
],
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-04-10T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Junos OS Evolved: Packets which are not destined to the device can reach the RE",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are no known workarounds for this issue.\u003c/p\u003e"
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-av217"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-21590",
"datePublished": "2024-04-12T14:53:49.366Z",
"dateReserved": "2023-12-27T19:38:25.704Z",
"dateUpdated": "2024-08-01T22:27:34.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22184 (GCVE-0-2022-22184)
Vulnerability from cvelistv5
Published
2022-12-23 23:03
Modified
2025-04-14 14:28
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to cause a Denial of Service (DoS). If a BGP update message is received over an established BGP session, and that message contains a specific, optional transitive attribute, this session will be torn down with an update message error. This issue cannot propagate beyond an affected system as the processing error occurs as soon as the update is received. This issue is exploitable remotely as the respective attribute will propagate through unaffected systems and intermediate AS (if any). Continuous receipt of a BGP update containing this attribute will create a sustained Denial of Service (DoS) condition. Since this issue only affects 22.3R1, Juniper strongly encourages customers to move to 22.3R1-S1. Juniper SIRT felt that the need to promptly warn customers about this issue affecting the 22.3R1 versions of Junos OS and Junos OS Evolved warranted an Out of Cycle JSA. This issue affects: Juniper Networks Junos OS version 22.3R1. Juniper Networks Junos OS Evolved version 22.3R1-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 22.3R1. Juniper Networks Junos OS Evolved versions prior to 22.3R1-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA70175 |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Patch: unspecified Version: 22.3 < 22.3R1-S1 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:07:49.575Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.juniper.net/JSA70175"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-22184",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T14:25:00.638446Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T14:28:03.238Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "22.3R1",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "22.3R1-S1",
"status": "affected",
"version": "22.3",
"versionType": "custom"
}
]
},
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "22.3R1-EVO",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "22.3R1-S1-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-12-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to cause a Denial of Service (DoS). If a BGP update message is received over an established BGP session, and that message contains a specific, optional transitive attribute, this session will be torn down with an update message error. This issue cannot propagate beyond an affected system as the processing error occurs as soon as the update is received. This issue is exploitable remotely as the respective attribute will propagate through unaffected systems and intermediate AS (if any). Continuous receipt of a BGP update containing this attribute will create a sustained Denial of Service (DoS) condition. Since this issue only affects 22.3R1, Juniper strongly encourages customers to move to 22.3R1-S1. Juniper SIRT felt that the need to promptly warn customers about this issue affecting the 22.3R1 versions of Junos OS and Junos OS Evolved warranted an Out of Cycle JSA. This issue affects: Juniper Networks Junos OS version 22.3R1. Juniper Networks Junos OS Evolved version 22.3R1-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 22.3R1. Juniper Networks Junos OS Evolved versions prior to 22.3R1-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-22T00:00:00.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"url": "https://kb.juniper.net/JSA70175"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue:\nJunos OS: 22.3R1-S1, 22.3R2, 22.4R1, and all subsequent releases;\nJunos OS Evolved: 22.3R1-S1-EVO, 22.3R2-EVO, 22.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA70175",
"defect": [
"1698446"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: A BGP session will flap upon receipt of a specific, optional transitive attribute in version 22.3R1",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2022-22184",
"datePublished": "2022-12-23T23:03:51.372Z",
"dateReserved": "2021-12-21T00:00:00.000Z",
"dateUpdated": "2025-04-14T14:28:03.238Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-0291 (GCVE-0-2021-0291)
Vulnerability from cvelistv5
Published
2021-07-15 20:01
Modified
2024-09-16 23:50
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An Exposure of System Data vulnerability in Juniper Networks Junos OS and Junos OS Evolved, where a sensitive system-level resource is not being sufficiently protected, allows a network-based unauthenticated attacker to send specific traffic which partially reaches this resource. A high rate of specific traffic may lead to a partial Denial of Service (DoS) as the CPU utilization of the RE is significantly increased. The SNMP Agent Extensibility (agentx) process should only be listening to TCP port 705 on the internal routing instance. External connections destined to port 705 should not be allowed. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S9; 17.3 versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R2-S13, 17.4R3-S5; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S8; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2; 20.3 versions prior to 20.3R2. Juniper Networks Junos OS Evolved versions prior to 20.3R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 13.2R1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA11193 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Patch: unspecified Version: 15.1 < 15.1R7-S9 Version: 17.3 < 17.3R3-S12 Version: 17.4 < 17.4R2-S13, 17.4R3-S5 Version: 18.3 < 18.3R3-S5 Version: 18.4 < 18.4R2-S8, 18.4R3-S9 Version: 19.1 < 19.1R3-S5 Version: 19.2 < 19.2R3-S2 Version: 19.3 < 19.3R2-S6, 19.3R3-S2 Version: 19.4 < 19.4R1-S4, 19.4R2-S4, 19.4R3 Version: 20.1 < 20.1R2 Version: 20.2 < 20.2R2 Version: 20.3 < 20.3R2 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:10.566Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11193"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "13.2R1",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "15.1R7-S9",
"status": "affected",
"version": "15.1",
"versionType": "custom"
},
{
"lessThan": "17.3R3-S12",
"status": "affected",
"version": "17.3",
"versionType": "custom"
},
{
"lessThan": "17.4R2-S13, 17.4R3-S5",
"status": "affected",
"version": "17.4",
"versionType": "custom"
},
{
"lessThan": "18.3R3-S5",
"status": "affected",
"version": "18.3",
"versionType": "custom"
},
{
"lessThan": "18.4R2-S8, 18.4R3-S9",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R3-S5",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R3-S2",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R2-S6, 19.3R3-S2",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R1-S4, 19.4R2-S4, 19.4R3",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R2",
"status": "affected",
"version": "20.1",
"versionType": "custom"
},
{
"lessThan": "20.2R2",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R2",
"status": "affected",
"version": "20.3",
"versionType": "custom"
}
]
},
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.3R2-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "SRX and EX platforms are affected by default, whereas all other platforms running Junos OS and Junos OS Evolved are only affected if:\n\n [ snmp subagent tcp ]\n\nis configured."
}
],
"datePublic": "2021-07-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Exposure of System Data vulnerability in Juniper Networks Junos OS and Junos OS Evolved, where a sensitive system-level resource is not being sufficiently protected, allows a network-based unauthenticated attacker to send specific traffic which partially reaches this resource. A high rate of specific traffic may lead to a partial Denial of Service (DoS) as the CPU utilization of the RE is significantly increased. The SNMP Agent Extensibility (agentx) process should only be listening to TCP port 705 on the internal routing instance. External connections destined to port 705 should not be allowed. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S9; 17.3 versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R2-S13, 17.4R3-S5; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S8; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2; 20.3 versions prior to 20.3R2. Juniper Networks Junos OS Evolved versions prior to 20.3R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 13.2R1."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497 Exposure of System Data to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-15T20:01:08",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11193"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue:\nJunos OS: 15.1R7-S9, 17.3R3-S12, 17.4R2-S13, 17.4R3-S5, 18.3R3-S5, 18.4R2-S8, 19.1R3-S5, 19.2R3-S2, 19.3R2-S6, 19.3R3-S2, 19.4R1-S4, 19.4R2-S4, 19.4R3, 20.1R2, 20.2R2, 20.2R3, 20.3R2, 20.4R1, and all subsequent releases.\nJunos OS Evolved: 20.3R2-EVO, 20.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11193",
"defect": [
"1536350"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: A vulnerability allows a network based unauthenticated attacker which sends a high rate of specific traffic to cause a partial Denial of Service",
"workarounds": [
{
"lang": "en",
"value": "Use access lists or firewall filters to deny access to TCP port 705."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-07-14T16:00:00.000Z",
"ID": "CVE-2021-0291",
"STATE": "PUBLIC",
"TITLE": "Junos OS and Junos OS Evolved: A vulnerability allows a network based unauthenticated attacker which sends a high rate of specific traffic to cause a partial Denial of Service"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "15.1",
"version_value": "15.1R7-S9"
},
{
"version_affected": "\u003c",
"version_name": "17.3",
"version_value": "17.3R3-S12"
},
{
"version_affected": "\u003c",
"version_name": "17.4",
"version_value": "17.4R2-S13, 17.4R3-S5"
},
{
"version_affected": "\u003c",
"version_name": "18.3",
"version_value": "18.3R3-S5"
},
{
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R2-S8, 18.4R3-S9"
},
{
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R3-S5"
},
{
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R3-S2"
},
{
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R2-S6, 19.3R3-S2"
},
{
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R1-S4, 19.4R2-S4, 19.4R3"
},
{
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R2"
},
{
"version_affected": "\u003c",
"version_name": "20.2",
"version_value": "20.2R2"
},
{
"version_affected": "\u003c",
"version_name": "20.3",
"version_value": "20.3R2"
},
{
"version_affected": "!\u003c",
"version_value": "13.2R1"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "20.3R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "SRX and EX platforms are affected by default, whereas all other platforms running Junos OS and Junos OS Evolved are only affected if:\n\n [ snmp subagent tcp ]\n\nis configured."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Exposure of System Data vulnerability in Juniper Networks Junos OS and Junos OS Evolved, where a sensitive system-level resource is not being sufficiently protected, allows a network-based unauthenticated attacker to send specific traffic which partially reaches this resource. A high rate of specific traffic may lead to a partial Denial of Service (DoS) as the CPU utilization of the RE is significantly increased. The SNMP Agent Extensibility (agentx) process should only be listening to TCP port 705 on the internal routing instance. External connections destined to port 705 should not be allowed. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S9; 17.3 versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R2-S13, 17.4R3-S5; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S8; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2; 20.3 versions prior to 20.3R2. Juniper Networks Junos OS Evolved versions prior to 20.3R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 13.2R1."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-497 Exposure of System Data to an Unauthorized Control Sphere"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11193",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11193"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue:\nJunos OS: 15.1R7-S9, 17.3R3-S12, 17.4R2-S13, 17.4R3-S5, 18.3R3-S5, 18.4R2-S8, 19.1R3-S5, 19.2R3-S2, 19.3R2-S6, 19.3R3-S2, 19.4R1-S4, 19.4R2-S4, 19.4R3, 20.1R2, 20.2R2, 20.2R3, 20.3R2, 20.4R1, and all subsequent releases.\nJunos OS Evolved: 20.3R2-EVO, 20.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11193",
"defect": [
"1536350"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "Use access lists or firewall filters to deny access to TCP port 705."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0291",
"datePublished": "2021-07-15T20:01:08.777418Z",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-09-16T23:50:31.972Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39514 (GCVE-0-2024-39514)
Vulnerability from cvelistv5
Published
2024-07-10 23:05
Modified
2024-08-02 04:26
Severity ?
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.1 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
7.1 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
VLAI Severity ?
EPSS score ?
Summary
An Improper Check or Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).
An attacker can send specific traffic to the device, which causes the rpd to crash and restart. Continued receipt of this traffic will result in a sustained DoS condition.
This issue only affects devices with an EVPN-VPWS instance with IGMP-snooping enabled.
This issue affects Junos OS:
* All versions before 20.4R3-S10,
* from 21.4 before 21.4R3-S6,
* from 22.1 before 22.1R3-S5,
* from 22.2 before 22.2R3-S3,
* from 22.3 before 22.3R3-S2,
* from 22.4 before 22.4R3,
* from 23.2 before 23.2R2;
Junos OS Evolved:
* All versions before 20.4R3-S10-EVO,
* from 21.4-EVO before 21.4R3-S6-EVO,
* from 22.1-EVO before 22.1R3-S5-EVO,
* from 22.2-EVO before 22.2R3-S3-EVO,
* from 22.3-EVO before 22.3R3-S2-EVO,
* from 22.4-EVO before 22.4R3-EVO,
* from 23.2-EVO before 23.2R2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportportal.juniper.net/JSA82980 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: 0 ≤ Version: 21.4 ≤ Version: 22.1 ≤ Version: 22.2 ≤ Version: 22.3 ≤ Version: 22.4 ≤ Version: 23.2 ≤ |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39514",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T13:56:58.930100Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T18:47:32.484Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.815Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA82980"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S10",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S6",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S5",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S3",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S2",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2",
"status": "affected",
"version": "23.2",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S10-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S6-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S5-EVO",
"status": "affected",
"version": "22.1-EVO",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S3-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S2-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R3-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
},
{
"lessThan": "23.2R2-EVO",
"status": "affected",
"version": "23.2-EVO",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "EVPN-VPWS can be configured with the following:\u0026nbsp; \u0026nbsp;\u003cbr\u003e\u003ctt\u003e\u003ctt\u003e[ routing-instances \u0026lt;instance-name\u0026gt; instance-type evpn-vpws ]\u003cbr\u003e[ routing-instances \u0026lt;instance-name\u0026gt; interface \u0026lt;interface\u0026gt; ]\u003c/tt\u003e\u003c/tt\u003e\u003cbr\u003e\u003cbr\u003eIGMP-snooping can be enabled with the following configuration line:\u003cbr\u003e\u003ctt\u003e[ routing-instances \u0026lt;instance-name\u0026gt; bridge-domains \u0026lt;name\u0026gt; igmp-snooping vlan \u0026lt;vlan\u0026gt; ]\u003c/tt\u003e\u003ctt\u003e\u003c/tt\u003e"
}
],
"value": "EVPN-VPWS can be configured with the following:\u00a0 \u00a0\n[ routing-instances \u003cinstance-name\u003e instance-type evpn-vpws ]\n[ routing-instances \u003cinstance-name\u003e interface \u003cinterface\u003e ]\n\nIGMP-snooping can be enabled with the following configuration line:\n[ routing-instances \u003cinstance-name\u003e bridge-domains \u003cname\u003e igmp-snooping vlan \u003cvlan\u003e ]"
}
],
"datePublic": "2024-07-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Check or Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003eAn attacker can send specific traffic to the device, which causes the rpd to crash and restart. Continued receipt of this traffic will result in a sustained DoS condition.\u003cbr\u003e\u003cbr\u003eThis issue only affects devices with an EVPN-VPWS instance with IGMP-snooping enabled.\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects Junos OS: \u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eAll versions before 20.4R3-S10,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 21.4 before 21.4R3-S6,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 22.1 before 22.1R3-S5,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 22.2 before 22.2R3-S3,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 22.3 before 22.3R3-S2,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 22.4 before 22.4R3,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 23.2 before 23.2R2;\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003eJunos OS Evolved: \u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eAll versions before 20.4R3-S10-EVO,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 21.4-EVO before 21.4R3-S6-EVO,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 22.1-EVO before 22.1R3-S5-EVO,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 22.2-EVO before 22.2R3-S3-EVO,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 22.3-EVO before 22.3R3-S2-EVO,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 22.4-EVO before 22.4R3-EVO,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 23.2-EVO before 23.2R2-EVO.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/span\u003e"
}
],
"value": "An Improper Check or Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).\n\nAn attacker can send specific traffic to the device, which causes the rpd to crash and restart. Continued receipt of this traffic will result in a sustained DoS condition.\n\nThis issue only affects devices with an EVPN-VPWS instance with IGMP-snooping enabled.\n\nThis issue affects Junos OS: \n * All versions before 20.4R3-S10,\u00a0\n * from 21.4 before 21.4R3-S6,\u00a0\n * from 22.1 before 22.1R3-S5,\u00a0\n * from 22.2 before 22.2R3-S3,\u00a0\n * from 22.3 before 22.3R3-S2,\u00a0\n * from 22.4 before 22.4R3,\u00a0\n * from 23.2 before 23.2R2;\n\n\nJunos OS Evolved: \n * All versions before 20.4R3-S10-EVO,\u00a0\n * from 21.4-EVO before 21.4R3-S6-EVO,\u00a0\n * from 22.1-EVO before 22.1R3-S5-EVO,\u00a0\n * from 22.2-EVO before 22.2R3-S3-EVO,\u00a0\n * from 22.3-EVO before 22.3R3-S2-EVO,\u00a0\n * from 22.4-EVO before 22.4R3-EVO,\u00a0\n * from 23.2-EVO before 23.2R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703 Improper Check or Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T23:05:27.050Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA82980"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: \u003cbr\u003eJunos OS: 20.4R3-S10, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3, 23.2R2, 23.4R1, and all subsequent releases.\u003cbr\u003eJunos OS Evolved: 20.4R3-S10-EVO, 21.4R3-S6-EVO, 22.1R3-S5-EVO, 22.2R3-S3-EVO, 22.3R3-S2-EVO, 22.4R3-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases.\n\u003cbr\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue: \nJunos OS: 20.4R3-S10, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3, 23.2R2, 23.4R1, and all subsequent releases.\nJunos OS Evolved: 20.4R3-S10-EVO, 21.4R3-S6-EVO, 22.1R3-S5-EVO, 22.2R3-S3-EVO, 22.3R3-S2-EVO, 22.4R3-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA82980",
"defect": [
"1758171"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: Receiving specific traffic on devices with EVPN-VPWS with IGMP-snooping enabled will cause the rpd to crash",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-39514",
"datePublished": "2024-07-10T23:05:27.050Z",
"dateReserved": "2024-06-25T15:12:53.238Z",
"dateUpdated": "2024-08-02T04:26:15.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-44185 (GCVE-0-2023-44185)
Vulnerability from cvelistv5
Published
2023-10-12 23:02
Modified
2024-09-19 13:09
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An Improper Input Validation vulnerability in the routing protocol daemon (rpd) of Juniper Networks allows an attacker to cause a Denial of Service (DoS )to the device upon receiving and processing a specific malformed ISO VPN BGP UPDATE packet.
Continued receipt of this packet will cause a sustained Denial of Service condition.
This issue affects:
* Juniper Networks Junos OS:
* All versions prior to 20.4R3-S6;
* 21.1 versions prior to 21.1R3-S5;
* 21.2 versions prior to 21.2R3-S4;
* 21.3 versions prior to 21.3R3-S3;
* 21.4 versions prior to 21.4R3-S3;
* 22.1 versions prior to 22.1R2-S2, 22.1R3;
* 22.2 versions prior to 22.2R2-S1, 22.2R3;
* 22.3 versions prior to 22.3R1-S2, 22.3R2.
Juniper Networks Junos OS Evolved:
* All versions prior to 20.4R3-S6-EVO;
* 21.1-EVO version 21.1R1-EVO and later versions prior to 21.2R3-S4-EVO;
* 21.3-EVO versions prior to 21.3R3-S3-EVO;
* 21.4-EVO versions prior to 21.4R3-S3-EVO;
* 22.1-EVO versions prior to 22.1R3-EVO;
* 22.2-EVO versions prior to 22.2R2-S1-EVO, 22.2R3-EVO;
* 22.3-EVO versions prior to 22.3R1-S2-EVO, 22.3R2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportportal.juniper.net/JSA73146 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: 0 ≤ Version: 21.1 ≤ Version: 21.2 ≤ Version: 21.3 ≤ Version: 21.4 ≤ Version: 22.1 ≤ Version: 22.2 ≤ Version: 22.3 ≤ |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:59:51.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA73146"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-44185",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T13:09:20.338217Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T13:09:31.750Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S6",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.1R3-S5",
"status": "affected",
"version": "21.1",
"versionType": "semver"
},
{
"lessThan": "21.2R3-S4",
"status": "affected",
"version": "21.2",
"versionType": "semver"
},
{
"lessThan": "21.3R3-S3",
"status": "affected",
"version": "21.3",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S3",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R2-S2, 22.1R3",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R2-S1, 22.2R3",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R1-S2, 22.3R2",
"status": "affected",
"version": "22.3",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S6-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.1*-EVO",
"status": "affected",
"version": "21.1R1-EVO",
"versionType": "semver"
},
{
"lessThan": "21.2R3-S4-EVO",
"status": "affected",
"version": "21.2-EVO",
"versionType": "semver"
},
{
"lessThan": "21.3R3-S3-EVO",
"status": "affected",
"version": "21.3-EVO",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S3-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "semver"
},
{
"lessThan": "22.1R3-EVO",
"status": "affected",
"version": "22.1-EVO",
"versionType": "semver"
},
{
"lessThan": "22.2R2-S1-EVO, 22.2R3-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R1-S2-EVO, 22.3R2-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following minimal configuration is required:\u003c/p\u003e \u003ctt\u003e[protocols bgp]\u003c/tt\u003e"
}
],
"value": "The following minimal configuration is required:\n\n [protocols bgp]"
}
],
"datePublic": "2023-10-11T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eAn Improper Input Validation vulnerability in the routing protocol daemon (rpd) of Juniper Networks allows an attacker to cause a Denial of Service (DoS )to the device upon receiving and processing a specific malformed ISO VPN BGP UPDATE packet.\u003c/p\u003e\u003cp\u003eContinued receipt of this packet will cause a sustained Denial of Service condition.\u003c/p\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eJuniper Networks Junos OS:\u003c/li\u003e\u003cli\u003eAll versions prior to 20.4R3-S6;\u003c/li\u003e\u003cli\u003e21.1 versions prior to 21.1R3-S5;\u003c/li\u003e\u003cli\u003e21.2 versions prior to 21.2R3-S4;\u003c/li\u003e\u003cli\u003e21.3 versions prior to 21.3R3-S3;\u003c/li\u003e\u003cli\u003e21.4 versions prior to 21.4R3-S3;\u003c/li\u003e\u003cli\u003e22.1 versions prior to 22.1R2-S2, 22.1R3;\u003c/li\u003e\u003cli\u003e22.2 versions prior to 22.2R2-S1, 22.2R3;\u003c/li\u003e\u003cli\u003e22.3 versions prior to 22.3R1-S2, 22.3R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eJuniper Networks Junos OS Evolved:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions prior to 20.4R3-S6-EVO;\u003c/li\u003e\u003cli\u003e21.1-EVO version 21.1R1-EVO and later versions prior to 21.2R3-S4-EVO;\u003c/li\u003e\u003cli\u003e21.3-EVO versions prior to 21.3R3-S3-EVO;\u003c/li\u003e\u003cli\u003e21.4-EVO versions prior to 21.4R3-S3-EVO;\u003c/li\u003e\u003cli\u003e22.1-EVO versions prior to 22.1R3-EVO;\u003c/li\u003e\u003cli\u003e22.2-EVO versions prior to 22.2R2-S1-EVO, 22.2R3-EVO;\u003c/li\u003e\u003cli\u003e22.3-EVO versions prior to 22.3R1-S2-EVO, 22.3R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\n\n"
}
],
"value": "\nAn Improper Input Validation vulnerability in the routing protocol daemon (rpd) of Juniper Networks allows an attacker to cause a Denial of Service (DoS )to the device upon receiving and processing a specific malformed ISO VPN BGP UPDATE packet.\n\nContinued receipt of this packet will cause a sustained Denial of Service condition.\n\nThis issue affects:\n\n\n\n * Juniper Networks Junos OS:\n * All versions prior to 20.4R3-S6;\n * 21.1 versions prior to 21.1R3-S5;\n * 21.2 versions prior to 21.2R3-S4;\n * 21.3 versions prior to 21.3R3-S3;\n * 21.4 versions prior to 21.4R3-S3;\n * 22.1 versions prior to 22.1R2-S2, 22.1R3;\n * 22.2 versions prior to 22.2R2-S1, 22.2R3;\n * 22.3 versions prior to 22.3R1-S2, 22.3R2.\n\n\n\n\nJuniper Networks Junos OS Evolved:\n\n\n\n * All versions prior to 20.4R3-S6-EVO;\n * 21.1-EVO version 21.1R1-EVO and later versions prior to 21.2R3-S4-EVO;\n * 21.3-EVO versions prior to 21.3R3-S3-EVO;\n * 21.4-EVO versions prior to 21.4R3-S3-EVO;\n * 22.1-EVO versions prior to 22.1R3-EVO;\n * 22.2-EVO versions prior to 22.2R2-S1-EVO, 22.2R3-EVO;\n * 22.3-EVO versions prior to 22.3R1-S2-EVO, 22.3R2-EVO.\n\n\n\n\n\n\n"
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e"
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-12T23:02:53.740Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA73146"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue:\u003c/p\u003e\u003cp\u003eJunos OS: 20.4R3-S6, 21.1R3-S5, 21.2R3-S4, 21.3R3-S3, 21.4R3-S3, 22.1R2-S2, 22.1R3, 22.2R2-S1, 22.2R3, 22.3R1-S2, 22.3R2, 22.4R1, and all subsequent releases.\u003c/p\u003e\u003cp\u003eJunos OS Evolved: 20.4R3-S6-EVO, 21.2R3-S4-EVO, 21.3R3-S3-EVO, 21.4R3-S3-EVO, 22.1R3-EVO, 22.2R2-S1-EVO, 22.2R3-EVO, 22.3R1-S2-EVO, 22.3R2-EVO, 22.4R1-EVO, and all subsequent releases.\u003c/p\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 20.4R3-S6, 21.1R3-S5, 21.2R3-S4, 21.3R3-S3, 21.4R3-S3, 22.1R2-S2, 22.1R3, 22.2R2-S1, 22.2R3, 22.3R1-S2, 22.3R2, 22.4R1, and all subsequent releases.\n\nJunos OS Evolved: 20.4R3-S6-EVO, 21.2R3-S4-EVO, 21.3R3-S3-EVO, 21.4R3-S3-EVO, 22.1R3-EVO, 22.2R2-S1-EVO, 22.2R3-EVO, 22.3R1-S2-EVO, 22.3R2-EVO, 22.4R1-EVO, and all subsequent releases.\n\n"
}
],
"source": {
"advisory": "JSA73146",
"defect": [
"1699244"
],
"discovery": "USER"
},
"timeline": [
{
"lang": "en",
"time": "2023-10-11T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Junos OS and Junos OS Evolved: In an BGP scenario RPD crashes upon receiving and processing a specific malformed ISO VPN BGP UPDATE packet",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are no known workarounds for this issue.\u003c/p\u003e"
}
],
"value": "There are no known workarounds for this issue.\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-av217"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2023-44185",
"datePublished": "2023-10-12T23:02:53.740Z",
"dateReserved": "2023-09-26T19:30:27.953Z",
"dateUpdated": "2024-09-19T13:09:31.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1646 (GCVE-0-2020-1646)
Vulnerability from cvelistv5
Published
2020-07-17 18:40
Modified
2024-09-17 03:37
Severity ?
VLAI Severity ?
EPSS score ?
Summary
On Juniper Networks Junos OS and Junos OS Evolved devices, processing a specific UPDATE for an EBGP peer can lead to a routing process daemon (RPD) crash and restart. This issue occurs only when the device is receiving and processing the BGP UPDATE for an EBGP peer. This issue does not occur when the device is receiving and processing the BGP UPDATE for an IBGP peer. However, the offending BGP UPDATE can originally come from an EBGP peer, propagates through the network via IBGP peers without causing crash, then it causes RPD crash when it is processed for a BGP UPDATE towards an EBGP peer. Repeated receipt and processing of the same specific BGP UPDATE can result in an extended Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 17.3R3-S6, 17.4R2-S7, and 18.1R3-S7. Juniper Networks Junos OS Evolved 19.2R2-EVO and later versions, prior to 19.3R1-EVO. Other Junos OS releases are not affected.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA11033 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: 17.3R3-S6 Version: 17.4R2-S7 Version: 18.1R3-S7 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:29.690Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11033"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"status": "affected",
"version": "17.3R3-S6"
},
{
"status": "affected",
"version": "17.4R2-S7"
},
{
"status": "affected",
"version": "18.1R3-S7"
}
]
},
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "19.3R1-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "19.2-EVO*",
"status": "affected",
"version": "19.2R2-EVO",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-07-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "On Juniper Networks Junos OS and Junos OS Evolved devices, processing a specific UPDATE for an EBGP peer can lead to a routing process daemon (RPD) crash and restart. This issue occurs only when the device is receiving and processing the BGP UPDATE for an EBGP peer. This issue does not occur when the device is receiving and processing the BGP UPDATE for an IBGP peer. However, the offending BGP UPDATE can originally come from an EBGP peer, propagates through the network via IBGP peers without causing crash, then it causes RPD crash when it is processed for a BGP UPDATE towards an EBGP peer. Repeated receipt and processing of the same specific BGP UPDATE can result in an extended Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 17.3R3-S6, 17.4R2-S7, and 18.1R3-S7. Juniper Networks Junos OS Evolved 19.2R2-EVO and later versions, prior to 19.3R1-EVO. Other Junos OS releases are not affected."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-159",
"description": "CWE-159 Failure to Sanitize Special Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-17T18:40:41",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11033"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 17.3R3-S7, 17.4R2-S8, 18.1R3-S8, and all subsequent releases.\nThis fix has been proactively committed to other Junos OS releases that are not vulnerable to this issue.\n\nJunos OS Evolved: 19.3R1-EVO and all subsequent releases."
}
],
"source": {
"advisory": "JSA11033",
"defect": [
"1448425"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: RPD crash while processing a specific BGP update information.",
"workarounds": [
{
"lang": "en",
"value": "There are no available workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-07-08T04:00:00.000Z",
"ID": "CVE-2020-1646",
"STATE": "PUBLIC",
"TITLE": "Junos OS and Junos OS Evolved: RPD crash while processing a specific BGP update information."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "17.3",
"version_value": "17.3R3-S6"
},
{
"version_affected": "=",
"version_name": "17.4",
"version_value": "17.4R2-S7"
},
{
"version_affected": "=",
"version_name": "18.1",
"version_value": "18.1R3-S7"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "19.2-EVO",
"version_value": "19.2R2-EVO"
},
{
"version_affected": "\u003c",
"version_value": "19.3R1-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Juniper Networks Junos OS and Junos OS Evolved devices, processing a specific UPDATE for an EBGP peer can lead to a routing process daemon (RPD) crash and restart. This issue occurs only when the device is receiving and processing the BGP UPDATE for an EBGP peer. This issue does not occur when the device is receiving and processing the BGP UPDATE for an IBGP peer. However, the offending BGP UPDATE can originally come from an EBGP peer, propagates through the network via IBGP peers without causing crash, then it causes RPD crash when it is processed for a BGP UPDATE towards an EBGP peer. Repeated receipt and processing of the same specific BGP UPDATE can result in an extended Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 17.3R3-S6, 17.4R2-S7, and 18.1R3-S7. Juniper Networks Junos OS Evolved 19.2R2-EVO and later versions, prior to 19.3R1-EVO. Other Junos OS releases are not affected."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-159 Failure to Sanitize Special Element"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11033",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11033"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 17.3R3-S7, 17.4R2-S8, 18.1R3-S8, and all subsequent releases.\nThis fix has been proactively committed to other Junos OS releases that are not vulnerable to this issue.\n\nJunos OS Evolved: 19.3R1-EVO and all subsequent releases."
}
],
"source": {
"advisory": "JSA11033",
"defect": [
"1448425"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "There are no available workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2020-1646",
"datePublished": "2020-07-17T18:40:41.332990Z",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-09-17T03:37:37.702Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-0297 (GCVE-0-2021-0297)
Vulnerability from cvelistv5
Published
2021-10-19 18:16
Modified
2024-09-17 02:12
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability in the processing of TCP MD5 authentication in Juniper Networks Junos OS Evolved may allow a BGP or LDP session configured with MD5 authentication to succeed, even if the peer does not have TCP MD5 authentication enabled. This could lead to untrusted or unauthorized sessions being established, resulting in an impact on confidentiality or stability of the network. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.3R2-S1-EVO; 20.4 versions prior to 20.4R2-EVO; 21.1 versions prior to 21.1R2-EVO. Juniper Networks Junos OS is not affected by this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA11211 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Version: unspecified < 20.3R2-S1-EVO Version: 20.4 < 20.4R2-EVO Version: 21.1 < 21.1R2-EVO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:10.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11211"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.3R2-S1-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "20.4R2-EVO",
"status": "affected",
"version": "20.4",
"versionType": "custom"
},
{
"lessThan": "21.1R2-EVO",
"status": "affected",
"version": "21.1",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-10-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the processing of TCP MD5 authentication in Juniper Networks Junos OS Evolved may allow a BGP or LDP session configured with MD5 authentication to succeed, even if the peer does not have TCP MD5 authentication enabled. This could lead to untrusted or unauthorized sessions being established, resulting in an impact on confidentiality or stability of the network. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.3R2-S1-EVO; 20.4 versions prior to 20.4R2-EVO; 21.1 versions prior to 21.1R2-EVO. Juniper Networks Junos OS is not affected by this issue."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755 Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-19T18:16:23",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11211"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved 20.3R2-S1-EVO, 20.4R2-EVO, 21.1R2-EVO, 21.2R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11211",
"defect": [
"1569843"
],
"discovery": "INTERNAL"
},
"title": "Junos OS Evolved: BGP and LDP sessions with TCP MD5 authentication established with peers not configured for authentication",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-10-13T16:00:00.000Z",
"ID": "CVE-2021-0297",
"STATE": "PUBLIC",
"TITLE": "Junos OS Evolved: BGP and LDP sessions with TCP MD5 authentication established with peers not configured for authentication"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "20.3R2-S1-EVO"
},
{
"version_affected": "\u003c",
"version_name": "20.4",
"version_value": "20.4R2-EVO"
},
{
"version_affected": "\u003c",
"version_name": "21.1",
"version_value": "21.1R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the processing of TCP MD5 authentication in Juniper Networks Junos OS Evolved may allow a BGP or LDP session configured with MD5 authentication to succeed, even if the peer does not have TCP MD5 authentication enabled. This could lead to untrusted or unauthorized sessions being established, resulting in an impact on confidentiality or stability of the network. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.3R2-S1-EVO; 20.4 versions prior to 20.4R2-EVO; 21.1 versions prior to 21.1R2-EVO. Juniper Networks Junos OS is not affected by this issue."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-755 Improper Handling of Exceptional Conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11211",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11211"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved 20.3R2-S1-EVO, 20.4R2-EVO, 21.1R2-EVO, 21.2R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11211",
"defect": [
"1569843"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0297",
"datePublished": "2021-10-19T18:16:23.693560Z",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-09-17T02:12:14.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-44204 (GCVE-0-2023-44204)
Vulnerability from cvelistv5
Published
2023-10-12 23:06
Modified
2024-09-17 16:09
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An Improper Validation of Syntactic Correctness of Input vulnerability in Routing Protocol Daemon (rpd) Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS).
When a malformed BGP UPDATE packet is received over an established BGP session, the rpd crashes and restarts.
This issue affects both eBGP and iBGP implementations.
This issue affects:
Juniper Networks Junos OS
* 21.4 versions prior to 21.4R3-S4;
* 22.1 versions prior to 22.1R3-S3;
* 22.2 versions prior to 22.2R3-S2;
* 22.3 versions prior to 22.3R2-S2, 22.3R3;
* 22.4 versions prior to 22.4R2-S1, 22.4R3;
* 23.2 versions prior to 23.2R1, 23.2R2;
Juniper Networks Junos OS Evolved
* 21.4 versions prior to 21.4R3-S5-EVO;
* 22.1 versions prior to 22.1R3-S3-EVO;
* 22.2 versions prior to 22.2R3-S3-EVO;
* 22.3 versions prior to 22.3R2-S2-EVO;
* 22.4 versions prior to 22.4R3-EVO;
* 23.2 versions prior to 23.2R2-EVO;
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportportal.juniper.net/JSA73170 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: 21.4 ≤ Version: 22.1 ≤ Version: 22.2 ≤ Version: 22.3 ≤ Version: 22.4 ≤ Version: 23.2 ≤ |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:59:51.506Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA73170"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-44204",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T15:45:30.903588Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T16:09:18.179Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.4R3-S4",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S3",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S2",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R2-S2, 22.3R3",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R2-S1, 22.4R3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R1, 23.2R2",
"status": "affected",
"version": "23.2",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.4R3-S5-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S3-EVO",
"status": "affected",
"version": "22.1-EVO",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S3-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R2-S2-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R3-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
},
{
"lessThan": "23.2R2-EVO",
"status": "affected",
"version": "23.2-EVO",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following minimal configuration is required:\u003c/p\u003e\u003ctt\u003e[protocols bgp]\u003c/tt\u003e"
}
],
"value": "The following minimal configuration is required:\n\n[protocols bgp]"
}
],
"datePublic": "2023-10-11T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eAn Improper Validation of Syntactic Correctness of Input vulnerability in Routing Protocol Daemon (rpd) Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS).\u003c/p\u003e\u003cp\u003eWhen a malformed BGP UPDATE packet is received over an established BGP session, the rpd crashes and restarts.\u003c/p\u003e\u003cp\u003eThis issue affects both eBGP and iBGP implementations.\u003c/p\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJuniper Networks Junos OS\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e21.4 versions prior to 21.4R3-S4;\u003c/li\u003e\u003cli\u003e22.1 versions prior to 22.1R3-S3;\u003c/li\u003e\u003cli\u003e22.2 versions prior to 22.2R3-S2;\u003c/li\u003e\u003cli\u003e22.3 versions prior to 22.3R2-S2, 22.3R3;\u003c/li\u003e\u003cli\u003e22.4 versions prior to 22.4R2-S1, 22.4R3;\u003c/li\u003e\u003cli\u003e23.2 versions prior to 23.2R1, 23.2R2;\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eJuniper Networks Junos OS Evolved\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e21.4 versions prior to 21.4R3-S5-EVO;\u003c/li\u003e\u003cli\u003e22.1 versions prior to 22.1R3-S3-EVO;\u003c/li\u003e\u003cli\u003e22.2 versions prior to 22.2R3-S3-EVO;\u003c/li\u003e\u003cli\u003e22.3 versions prior to 22.3R2-S2-EVO;\u003c/li\u003e\u003cli\u003e22.4 versions prior to 22.4R3-EVO;\u003c/li\u003e\u003cli\u003e23.2 versions prior to 23.2R2-EVO;\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\n\n"
}
],
"value": "\nAn Improper Validation of Syntactic Correctness of Input vulnerability in Routing Protocol Daemon (rpd) Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS).\n\nWhen a malformed BGP UPDATE packet is received over an established BGP session, the rpd crashes and restarts.\n\nThis issue affects both eBGP and iBGP implementations.\n\nThis issue affects:\n\nJuniper Networks Junos OS\n\n\n\n * 21.4 versions prior to 21.4R3-S4;\n * 22.1 versions prior to 22.1R3-S3;\n * 22.2 versions prior to 22.2R3-S2;\n * 22.3 versions prior to 22.3R2-S2, 22.3R3;\n * 22.4 versions prior to 22.4R2-S1, 22.4R3;\n * 23.2 versions prior to 23.2R1, 23.2R2;\n\n\n\n\nJuniper Networks Junos OS Evolved\n\n\n\n * 21.4 versions prior to 21.4R3-S5-EVO;\n * 22.1 versions prior to 22.1R3-S3-EVO;\n * 22.2 versions prior to 22.2R3-S3-EVO;\n * 22.3 versions prior to 22.3R2-S2-EVO;\n * 22.4 versions prior to 22.4R3-EVO;\n * 23.2 versions prior to 23.2R2-EVO;\n\n\n\n\n\n\n"
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e"
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1286",
"description": "CWE-1286: Improper Validation of Syntactic Correctness of Input",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-12T23:06:37.422Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA73170"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue: \u003c/p\u003e\u003cp\u003eJunos OS: 21.4R3-S4, 22.1R3-S3, 22.2R3-S2, 22.3R2-S2, 22.3R3, 22.4R2-S1, 22.4R3, 23.1R2, 23.2R1, 23.2R2, 23.3R1 and all subsequent releases.\u003c/p\u003e\u003cp\u003eJunos OS Evolved: 22.1R3-S3-EVO, 22.3R2-S2-EVO, 22.4R3-EVO, 23.1R2-EVO, 23.2R2-EVO, 23.3R1-EVO and all subsequent releases.\u003c/p\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS: 21.4R3-S4, 22.1R3-S3, 22.2R3-S2, 22.3R2-S2, 22.3R3, 22.4R2-S1, 22.4R3, 23.1R2, 23.2R1, 23.2R2, 23.3R1 and all subsequent releases.\n\nJunos OS Evolved: 22.1R3-S3-EVO, 22.3R2-S2-EVO, 22.4R3-EVO, 23.1R2-EVO, 23.2R2-EVO, 23.3R1-EVO and all subsequent releases.\n\n"
}
],
"source": {
"advisory": "JSA73170",
"defect": [
"1731803"
],
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2023-10-11T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Junos OS and Junos OS Evolved: The rpd will crash upon receiving a malformed BGP UPDATE message",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are no known workarounds for this issue.\u003c/p\u003e"
}
],
"value": "There are no known workarounds for this issue.\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-av217"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2023-44204",
"datePublished": "2023-10-12T23:06:37.422Z",
"dateReserved": "2023-09-26T19:30:32.350Z",
"dateUpdated": "2024-09-17T16:09:18.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1648 (GCVE-0-2020-1648)
Vulnerability from cvelistv5
Published
2020-07-17 18:40
Modified
2024-09-16 19:40
Severity ?
VLAI Severity ?
EPSS score ?
Summary
On Juniper Networks Junos OS and Junos OS Evolved devices, processing a specific BGP packet can lead to a routing process daemon (RPD) crash and restart. This issue can occur even before the BGP session with the peer is established. Repeated receipt of this specific BGP packet can result in an extended Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 18.2X75 versions starting from 18.2X75-D50.8, 18.2X75-D60 and later versions, prior to 18.2X75-D52.8, 18.2X75-D53, 18.2X75-D60.2, 18.2X75-D65.1, 18.2X75-D70; 19.4 versions 19.4R1 and 19.4R1-S1; 20.1 versions prior to 20.1R1-S2, 20.1R2. Juniper Networks Junos OS Evolved: 19.4-EVO versions prior to 19.4R2-S2-EVO; 20.1-EVO versions prior to 20.1R2-EVO. This issue does not affect: Juniper Networks Junos OS releases prior to 19.4R1. Juniper Networks Junos OS Evolved releases prior to 19.4R1-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA11035 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: 18.2X75-D50.8 18.2X75-D60 < 18.2X75* Patch: 19.4 Version: 20.1 < 20.1R1-S2, 20.1R2 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:29.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11035"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"changes": [
{
"at": "18.2X75-D52.8, 18.2X75-D53, 18.2X75-D60.2, 18.2X75-D65.1, 18.2X75-D70",
"status": "unaffected"
}
],
"lessThan": "18.2X75*",
"status": "affected",
"version": "18.2X75-D50.8 18.2X75-D60",
"versionType": "custom"
},
{
"changes": [
{
"at": "19.4R1",
"status": "affected"
},
{
"at": "19.4R1-S2, 19.4R2",
"status": "unaffected"
}
],
"lessThan": "19.4R1",
"status": "unaffected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R1-S2, 20.1R2",
"status": "affected",
"version": "20.1",
"versionType": "custom"
}
]
},
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"changes": [
{
"at": "19.4R2-S2-EVO",
"status": "unaffected"
}
],
"lessThan": "19.4R1-EVO",
"status": "unaffected",
"version": "19.4-EVO",
"versionType": "custom"
},
{
"lessThan": "20.1R2-EVO",
"status": "affected",
"version": "20.1-EVO",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-07-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "On Juniper Networks Junos OS and Junos OS Evolved devices, processing a specific BGP packet can lead to a routing process daemon (RPD) crash and restart. This issue can occur even before the BGP session with the peer is established. Repeated receipt of this specific BGP packet can result in an extended Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 18.2X75 versions starting from 18.2X75-D50.8, 18.2X75-D60 and later versions, prior to 18.2X75-D52.8, 18.2X75-D53, 18.2X75-D60.2, 18.2X75-D65.1, 18.2X75-D70; 19.4 versions 19.4R1 and 19.4R1-S1; 20.1 versions prior to 20.1R1-S2, 20.1R2. Juniper Networks Junos OS Evolved: 19.4-EVO versions prior to 19.4R2-S2-EVO; 20.1-EVO versions prior to 20.1R2-EVO. This issue does not affect: Juniper Networks Junos OS releases prior to 19.4R1. Juniper Networks Junos OS Evolved releases prior to 19.4R1-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-159",
"description": "CWE-159 Failure to Sanitize Special Element",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-690",
"description": "CWE-690 Unchecked Return Value to NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-17T18:40:42",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11035"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 18.2X75-D52.8, 18.2X75-D53, 18.2X75-D60.2, 18.2X75-D65.1, 18.2X75-D70, 19.4R1-S2, 19.4R2, 20.1R1-S2, 20.1R2, 20.2R1, and all subsequent releases.\n\nJunos OS Evolved: 19.4R2-S2-EVO, 20.1R2-EVO, 20.2R1-EVO and all subsequent releases."
}
],
"source": {
"advisory": "JSA11035",
"defect": [
"1502327"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: RPD crash when processing a specific BGP packet",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-07-08T07:00:00.000Z",
"ID": "CVE-2020-1648",
"STATE": "PUBLIC",
"TITLE": "Junos OS and Junos OS Evolved: RPD crash when processing a specific BGP packet"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "18.2X75",
"version_value": "18.2X75-D50.8 18.2X75-D60"
},
{
"version_affected": "\u003c",
"version_name": "18.2X75",
"version_value": "18.2X75-D52.8, 18.2X75-D53, 18.2X75-D60.2, 18.2X75-D65.1, 18.2X75-D70"
},
{
"version_affected": "!\u003c",
"version_name": "19.4",
"version_value": "19.4R1"
},
{
"version_affected": "\u003e=",
"version_name": "19.4",
"version_value": "19.4R1"
},
{
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R1-S2, 19.4R2"
},
{
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R1-S2, 20.1R2"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "!\u003c",
"version_name": "19.4-EVO",
"version_value": "19.4R1-EVO"
},
{
"version_affected": "\u003c",
"version_name": "19.4-EVO",
"version_value": "19.4R2-S2-EVO"
},
{
"version_affected": "\u003c",
"version_name": "20.1-EVO",
"version_value": "20.1R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Juniper Networks Junos OS and Junos OS Evolved devices, processing a specific BGP packet can lead to a routing process daemon (RPD) crash and restart. This issue can occur even before the BGP session with the peer is established. Repeated receipt of this specific BGP packet can result in an extended Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 18.2X75 versions starting from 18.2X75-D50.8, 18.2X75-D60 and later versions, prior to 18.2X75-D52.8, 18.2X75-D53, 18.2X75-D60.2, 18.2X75-D65.1, 18.2X75-D70; 19.4 versions 19.4R1 and 19.4R1-S1; 20.1 versions prior to 20.1R1-S2, 20.1R2. Juniper Networks Junos OS Evolved: 19.4-EVO versions prior to 19.4R2-S2-EVO; 20.1-EVO versions prior to 20.1R2-EVO. This issue does not affect: Juniper Networks Junos OS releases prior to 19.4R1. Juniper Networks Junos OS Evolved releases prior to 19.4R1-EVO."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-159 Failure to Sanitize Special Element"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-690 Unchecked Return Value to NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11035",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11035"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 18.2X75-D52.8, 18.2X75-D53, 18.2X75-D60.2, 18.2X75-D65.1, 18.2X75-D70, 19.4R1-S2, 19.4R2, 20.1R1-S2, 20.1R2, 20.2R1, and all subsequent releases.\n\nJunos OS Evolved: 19.4R2-S2-EVO, 20.1R2-EVO, 20.2R1-EVO and all subsequent releases."
}
],
"source": {
"advisory": "JSA11035",
"defect": [
"1502327"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2020-1648",
"datePublished": "2020-07-17T18:40:42.272117Z",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-09-16T19:40:10.805Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28980 (GCVE-0-2023-28980)
Vulnerability from cvelistv5
Published
2023-04-17 00:00
Modified
2025-02-05 21:41
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A Use After Free vulnerability in the routing protocol daemon of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause Denial of Service (DoS). In a rib sharding scenario the rpd process will crash shortly after specific CLI command is issued. This issue is more likely to occur in a scenario with high route scale (>1M routes).
This issue affects:
Juniper Networks Junos OS
* 20.2 version 20.2R3-S5 and later versions prior to 20.2R3-S6;
* 20.3 version 20.3R3-S2 and later versions prior to 20.3R3-S5;
* 20.4 version 20.4R3-S1 and later versions prior to 20.4R3-S4
* 21.1 version 21.1R3 and later versions prior to 21.1R3-S3;
* 21.2 version 21.2R1-S2, 21.2R2-S1 and later versions prior to 21.2R3-S2;
* 21.3 version 21.3R2 and later versions prior to 21.3R3;
* 21.4 versions prior to 21.4R2-S1, 21.4R3;
* 22.1 versions prior to 22.1R2.
Juniper Networks Junos OS Evolved
* 20.4-EVO version 20.4R3-S1-EVO and later versions prior to 20.4R3-S6-EVO;
* 21.2-EVO version 21.2R1-S2-EVO and later versions prior to 21.2R3-S4-EVO;
* 21.3-EVO version 21.3R2-EVO and later versions prior to 21.3R3-S1-EVO;
* 21.4-EVO versions prior to 21.4R2-S1-EVO, 21.4R3-EVO;
* 22.1-EVO versions prior to 22.1R2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportportal.juniper.net/JSA70606 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: 20.2R3-S5 ≤ Version: 20.3R3-S2 ≤ Version: 20.4R3-S1 ≤ Version: 21.1R3 ≤ Version: 21.2R1-S2, 21.2R2-S1 ≤ Version: 21.3R2 ≤ Version: 21.4R1 ≤ Version: 22.1R1 ≤ |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:51:38.985Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA70606"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28980",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T21:40:59.816327Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T21:41:05.635Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.2R3-S6",
"status": "affected",
"version": "20.2R3-S5",
"versionType": "semver"
},
{
"lessThan": "20.3R3-S5",
"status": "affected",
"version": "20.3R3-S2",
"versionType": "semver"
},
{
"lessThan": "20.4R3-S4",
"status": "affected",
"version": "20.4R3-S1",
"versionType": "semver"
},
{
"lessThan": "21.1R3-S3",
"status": "affected",
"version": "21.1R3",
"versionType": "semver"
},
{
"lessThan": "21.2R3-S2",
"status": "affected",
"version": "21.2R1-S2, 21.2R2-S1",
"versionType": "semver"
},
{
"lessThan": "21.3R3",
"status": "affected",
"version": "21.3R2",
"versionType": "semver"
},
{
"lessThan": "21.4R2-S1, 21.4R3",
"status": "affected",
"version": "21.4R1",
"versionType": "semver"
},
{
"lessThan": "22.1R2",
"status": "affected",
"version": "22.1R1",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S6-EVO",
"status": "affected",
"version": "20.4R3-S1-EVO",
"versionType": "semver"
},
{
"lessThan": "21.2R3-S4-EVO",
"status": "affected",
"version": "21.2R1-S2-EVO",
"versionType": "semver"
},
{
"lessThan": "21.3R3-S1-EVO",
"status": "affected",
"version": "21.3R2-EVO",
"versionType": "semver"
},
{
"lessThan": "21.4R2-S1-EVO, 21.4R3-EVO",
"status": "affected",
"version": "21.4R1-EVO",
"versionType": "semver"
},
{
"lessThan": "22.1R2-EVO",
"status": "affected",
"version": "22.1R1-EVO",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTo be exposed to this issue the system needs to be configured with rib sharding as follows:\u003c/p\u003e\u003ccode\u003e [system processes routing bgp rib-sharding]\u003c/code\u003e\u003cbr/\u003e"
}
],
"value": "To be exposed to this issue the system needs to be configured with rib sharding as follows:\n\n [system processes routing bgp rib-sharding]\n"
}
],
"datePublic": "2023-04-12T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA Use After Free vulnerability in the routing protocol daemon of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause Denial of Service (DoS). In a rib sharding scenario the rpd process will crash shortly after specific CLI command is issued. This issue is more likely to occur in a scenario with high route scale (\u0026gt;1M routes).\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects:\u003cbr\u003eJuniper Networks Junos OS\u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e20.2 version 20.2R3-S5 and later versions prior to 20.2R3-S6;\u003c/li\u003e\u003cli\u003e20.3 version 20.3R3-S2 and later versions prior to 20.3R3-S5;\u003c/li\u003e\u003cli\u003e20.4 version 20.4R3-S1 and later versions prior to 20.4R3-S4\u003c/li\u003e\u003cli\u003e21.1 version 21.1R3 and later versions prior to 21.1R3-S3;\u003c/li\u003e\u003cli\u003e21.2 version 21.2R1-S2, 21.2R2-S1 and later versions prior to 21.2R3-S2;\u003c/li\u003e\u003cli\u003e21.3 version 21.3R2 and later versions prior to 21.3R3;\u003c/li\u003e\u003cli\u003e21.4 versions prior to 21.4R2-S1, 21.4R3;\u003c/li\u003e\u003cli\u003e22.1 versions prior to 22.1R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eJuniper Networks Junos OS Evolved\u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e20.4-EVO version 20.4R3-S1-EVO and later versions prior to 20.4R3-S6-EVO;\u003c/li\u003e\u003cli\u003e21.2-EVO version 21.2R1-S2-EVO and later versions prior to 21.2R3-S4-EVO;\u003c/li\u003e\u003cli\u003e21.3-EVO version 21.3R2-EVO and later versions prior to 21.3R3-S1-EVO;\u003c/li\u003e\u003cli\u003e21.4-EVO versions prior to 21.4R2-S1-EVO, 21.4R3-EVO;\u003c/li\u003e\u003cli\u003e22.1-EVO versions prior to 22.1R2-EVO.\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "A Use After Free vulnerability in the routing protocol daemon of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause Denial of Service (DoS). In a rib sharding scenario the rpd process will crash shortly after specific CLI command is issued. This issue is more likely to occur in a scenario with high route scale (\u003e1M routes).\n\n\nThis issue affects:\nJuniper Networks Junos OS\n\n\n * 20.2 version 20.2R3-S5 and later versions prior to 20.2R3-S6;\n * 20.3 version 20.3R3-S2 and later versions prior to 20.3R3-S5;\n * 20.4 version 20.4R3-S1 and later versions prior to 20.4R3-S4\n * 21.1 version 21.1R3 and later versions prior to 21.1R3-S3;\n * 21.2 version 21.2R1-S2, 21.2R2-S1 and later versions prior to 21.2R3-S2;\n * 21.3 version 21.3R2 and later versions prior to 21.3R3;\n * 21.4 versions prior to 21.4R2-S1, 21.4R3;\n * 22.1 versions prior to 22.1R2.\n\n\n\n\nJuniper Networks Junos OS Evolved\n\n\n * 20.4-EVO version 20.4R3-S1-EVO and later versions prior to 20.4R3-S6-EVO;\n * 21.2-EVO version 21.2R1-S2-EVO and later versions prior to 21.2R3-S4-EVO;\n * 21.3-EVO version 21.3R2-EVO and later versions prior to 21.3R3-S1-EVO;\n * 21.4-EVO versions prior to 21.4R2-S1-EVO, 21.4R3-EVO;\n * 22.1-EVO versions prior to 22.1R2-EVO.\n\n\n"
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e"
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-28T23:49:43.170Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA70606"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue:\u003c/p\u003e\u003cp\u003eJunos OS Evolved: 20.4R3-S6-EVO, 21.2R3-S4-EVO, 21.3R3-S1-EVO, 21.4R2-S1-EVO, 21.4R3-EVO, 22.1R2-EVO, 22.2R1-EVO, and all subsequent releases.\u003c/p\u003e\u003cp\u003eJunos OS: 20.2R3-S6, 20.3R3-S5, 20.4R3-S4, 21.1R3-S3, 21.2R3-S2, 21.3R3, 21.4R2-S1, 21.4R3, 22.1R2, 22.2R1, and all subsequent releases.\u003c/p\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS Evolved: 20.4R3-S6-EVO, 21.2R3-S4-EVO, 21.3R3-S1-EVO, 21.4R2-S1-EVO, 21.4R3-EVO, 22.1R2-EVO, 22.2R1-EVO, and all subsequent releases.\n\nJunos OS: 20.2R3-S6, 20.3R3-S5, 20.4R3-S4, 21.1R3-S3, 21.2R3-S2, 21.3R3, 21.4R2-S1, 21.4R3, 22.1R2, 22.2R1, and all subsequent releases.\n\n"
}
],
"source": {
"advisory": "JSA70606",
"defect": [
"1658834"
],
"discovery": "USER"
},
"timeline": [
{
"lang": "en",
"time": "2023-04-12T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Junos OS and Junos OS Evolved: In a BGP rib sharding scenario an rpd crash will happen shortly after a specific CLI command is issued",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are no known workarounds for this issue.\u003c/p\u003e\u003cp\u003eTo reduce the risk of exploitation use access controls to limit CLI access to the device only from trusted networks, hosts and users.\u003c/p\u003e"
}
],
"value": "There are no known workarounds for this issue.\n\nTo reduce the risk of exploitation use access controls to limit CLI access to the device only from trusted networks, hosts and users.\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2023-28980",
"datePublished": "2023-04-17T00:00:00.000Z",
"dateReserved": "2023-03-29T00:00:00.000Z",
"dateUpdated": "2025-02-05T21:41:05.635Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-44201 (GCVE-0-2023-44201)
Vulnerability from cvelistv5
Published
2023-10-12 23:06
Modified
2024-09-17 16:09
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An Incorrect Permission Assignment for Critical Resource vulnerability in a specific file of Juniper Networks Junos OS and Junos OS Evolved allows a local authenticated attacker to read configuration changes without having the permissions.
When a user with the respective permissions commits a configuration change, a specific file is created. That file is readable even by users with no permissions to access the configuration. This can lead to privilege escalation as the user can read the password hash when a password change is being committed.
This issue affects:
Juniper Networks Junos OS
* All versions prior to 20.4R3-S4;
* 21.1 versions prior to 21.1R3-S4;
* 21.2 versions prior to 21.2R3-S2;
* 21.3 versions prior to 21.3R2-S2, 21.3R3-S1;
* 21.4 versions prior to 21.4R2-S1, 21.4R3.
Juniper Networks Junos OS Evolved
* All versions prior to 20.4R3-S4-EVO;
* 21.1 versions prior to 21.1R3-S2-EVO;
* 21.2 versions prior to 21.2R3-S2-EVO;
* 21.3 versions prior to 21.3R3-S1-EVO;
* 21.4 versions prior to 21.4R2-S2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://supprtportal.juniper.net/JSA73167 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: 0 ≤ Version: 21.1 ≤ Version: 21.2 ≤ Version: 21.3 ≤ Version: 21.4 ≤ |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:59:51.570Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supprtportal.juniper.net/JSA73167"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-44201",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T15:52:24.810849Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T16:09:58.894Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S4",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.1R3-S4",
"status": "affected",
"version": "21.1",
"versionType": "semver"
},
{
"lessThan": "21.2R3-S2",
"status": "affected",
"version": "21.2",
"versionType": "semver"
},
{
"lessThan": "21.3R2-S2, 21.3R3-S1",
"status": "affected",
"version": "21.3",
"versionType": "semver"
},
{
"lessThan": "21.4R2-S1, 21.4R3",
"status": "affected",
"version": "21.4",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S4-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.1R3-S2-EVO",
"status": "affected",
"version": "21.1-EVO",
"versionType": "semver"
},
{
"lessThan": "21.2R3-S2-EVO",
"status": "affected",
"version": "21.2-EVO",
"versionType": "semver"
},
{
"lessThan": "21.3R3-S1-EVO",
"status": "affected",
"version": "21.3-EVO",
"versionType": "semver"
},
{
"lessThan": "21.4R2-S2-EVO, 21.4R3-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-10-11T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eAn Incorrect Permission Assignment for Critical Resource vulnerability in a specific file of Juniper Networks Junos OS and Junos OS Evolved allows a local authenticated attacker to read configuration changes without having the permissions.\u003c/p\u003e\u003cp\u003eWhen a user with the respective permissions commits a configuration change, a specific file is created. That file is readable even by users with no permissions to access the configuration. This can lead to privilege escalation as the user can read the password hash when a password change is being committed.\u003c/p\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJuniper Networks Junos OS\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions prior to 20.4R3-S4;\u003c/li\u003e\u003cli\u003e21.1 versions prior to 21.1R3-S4;\u003c/li\u003e\u003cli\u003e21.2 versions prior to 21.2R3-S2;\u003c/li\u003e\u003cli\u003e21.3 versions prior to 21.3R2-S2, 21.3R3-S1;\u003c/li\u003e\u003cli\u003e21.4 versions prior to 21.4R2-S1, 21.4R3.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eJuniper Networks Junos OS Evolved\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions prior to 20.4R3-S4-EVO;\u003c/li\u003e\u003cli\u003e21.1 versions prior to 21.1R3-S2-EVO;\u003c/li\u003e\u003cli\u003e21.2 versions prior to 21.2R3-S2-EVO;\u003c/li\u003e\u003cli\u003e21.3 versions prior to 21.3R3-S1-EVO;\u003c/li\u003e\u003cli\u003e21.4 versions prior to 21.4R2-S2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\n\n"
}
],
"value": "\nAn Incorrect Permission Assignment for Critical Resource vulnerability in a specific file of Juniper Networks Junos OS and Junos OS Evolved allows a local authenticated attacker to read configuration changes without having the permissions.\n\nWhen a user with the respective permissions commits a configuration change, a specific file is created. That file is readable even by users with no permissions to access the configuration. This can lead to privilege escalation as the user can read the password hash when a password change is being committed.\n\nThis issue affects:\n\nJuniper Networks Junos OS\n\n\n\n * All versions prior to 20.4R3-S4;\n * 21.1 versions prior to 21.1R3-S4;\n * 21.2 versions prior to 21.2R3-S2;\n * 21.3 versions prior to 21.3R2-S2, 21.3R3-S1;\n * 21.4 versions prior to 21.4R2-S1, 21.4R3.\n\n\n\n\nJuniper Networks Junos OS Evolved\n\n\n\n * All versions prior to 20.4R3-S4-EVO;\n * 21.1 versions prior to 21.1R3-S2-EVO;\n * 21.2 versions prior to 21.2R3-S2-EVO;\n * 21.3 versions prior to 21.3R3-S1-EVO;\n * 21.4 versions prior to 21.4R2-S2-EVO.\n\n\n\n\n\n\n"
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e"
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-12T23:06:03.943Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supprtportal.juniper.net/JSA73167"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue:\u003c/p\u003e\u003cp\u003eJunos OS: 20.4R3-S4, 21.1R3-S4, 21.2R3-S2, 21.3R2-S2, 21.3R3-S1, 21.4R2-S1, 21.4R3, 22.1R1, and all subsequent releases.\u003c/p\u003e\u003cp\u003eJunos OS Evolved: 20.4R3-S4-EVO, 21.1R3-S2-EVO, 21.2R3-S2-EVO, 21.4R2-S2-EVO, 21.4R3-EVO, 22.1R1-EVO, and all subsequent releases.\u003c/p\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 20.4R3-S4, 21.1R3-S4, 21.2R3-S2, 21.3R2-S2, 21.3R3-S1, 21.4R2-S1, 21.4R3, 22.1R1, and all subsequent releases.\n\nJunos OS Evolved: 20.4R3-S4-EVO, 21.1R3-S2-EVO, 21.2R3-S2-EVO, 21.4R2-S2-EVO, 21.4R3-EVO, 22.1R1-EVO, and all subsequent releases.\n\n"
}
],
"source": {
"advisory": "JSA73167",
"defect": [
"1621563"
],
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2023-10-11T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Junos OS and Junos OS Evolved: A local attacker can retrieve sensitive information and elevate privileges on the device to an authorized user. ",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are no known workarounds for this issue.\u003c/p\u003e"
}
],
"value": "There are no known workarounds for this issue.\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-av217"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2023-44201",
"datePublished": "2023-10-12T23:06:03.943Z",
"dateReserved": "2023-09-26T19:30:32.350Z",
"dateUpdated": "2024-09-17T16:09:58.894Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-31374 (GCVE-0-2021-31374)
Vulnerability from cvelistv5
Published
2021-10-19 18:17
Modified
2024-09-16 22:20
Severity ?
VLAI Severity ?
EPSS score ?
Summary
On Juniper Networks Junos OS and Junos OS Evolved devices processing a specially crafted BGP UPDATE or KEEPALIVE message can lead to a routing process daemon (RPD) crash and restart, causing a Denial of Service (DoS). Continued receipt and processing of this message will create a sustained Denial of Service (DoS) condition. This issue affects both IBGP and EBGP deployments over IPv4 or IPv6. This issue affects: Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S13, 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R2-S8, 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R1-S8, 18.4R2-S7, 18.4R3-S7; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S1; 19.3 versions prior to 19.3R2-S5, 19.3R3-S1; 19.4 versions prior to 19.4R1-S4, 19.4R1-S4, 19.4R2-S3, 19.4R3-S1; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2; 20.3 versions prior to 20.3R1-S1, 20.3R2. Juniper Networks Junos OS Evolved: 20.3 versions prior to 20.3R2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA11239 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: 17.3 < 17.3R3-S11 Version: 17.4 < 17.4R2-S13, 17.4R3-S4 Version: 18.1 < 18.1R3-S12 Version: 18.2 < 18.2R2-S8, 18.2R3-S7 Version: 18.3 < 18.3R3-S4 Version: 18.4 < 18.4R1-S8, 18.4R2-S7, 18.4R3-S7 Version: 19.1 < 19.1R1-S6, 19.1R2-S2, 19.1R3-S4 Version: 19.2 < 19.2R1-S6, 19.2R3-S1 Version: 19.3 < 19.3R2-S5, 19.3R3-S1 Version: 19.4 < 19.4R1-S4, 19.4R2-S3, 19.4R3-S1 Version: 20.1 < 20.1R2 Version: 20.2 < 20.2R2 Version: 20.3 < 20.3R1-S1, 20.3R2 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:55:53.789Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11239"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "17.3R3-S11",
"status": "affected",
"version": "17.3",
"versionType": "custom"
},
{
"lessThan": "17.4R2-S13, 17.4R3-S4",
"status": "affected",
"version": "17.4",
"versionType": "custom"
},
{
"lessThan": "18.1R3-S12",
"status": "affected",
"version": "18.1",
"versionType": "custom"
},
{
"lessThan": "18.2R2-S8, 18.2R3-S7",
"status": "affected",
"version": "18.2",
"versionType": "custom"
},
{
"lessThan": "18.3R3-S4",
"status": "affected",
"version": "18.3",
"versionType": "custom"
},
{
"lessThan": "18.4R1-S8, 18.4R2-S7, 18.4R3-S7",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R1-S6, 19.1R2-S2, 19.1R3-S4",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R1-S6, 19.2R3-S1",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R2-S5, 19.3R3-S1",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R1-S4, 19.4R2-S3, 19.4R3-S1",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R2",
"status": "affected",
"version": "20.1",
"versionType": "custom"
},
{
"lessThan": "20.2R2",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R1-S1, 20.3R2",
"status": "affected",
"version": "20.3",
"versionType": "custom"
}
]
},
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.3R2-EVO",
"status": "affected",
"version": "20.3",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "The following minimal configuration is necessary:\n\n* Must be running Junos OS or Junos OS Evolved.\n* A BGP peering session is established."
}
],
"datePublic": "2021-10-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "On Juniper Networks Junos OS and Junos OS Evolved devices processing a specially crafted BGP UPDATE or KEEPALIVE message can lead to a routing process daemon (RPD) crash and restart, causing a Denial of Service (DoS). Continued receipt and processing of this message will create a sustained Denial of Service (DoS) condition. This issue affects both IBGP and EBGP deployments over IPv4 or IPv6. This issue affects: Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S13, 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R2-S8, 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R1-S8, 18.4R2-S7, 18.4R3-S7; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S1; 19.3 versions prior to 19.3R2-S5, 19.3R3-S1; 19.4 versions prior to 19.4R1-S4, 19.4R1-S4, 19.4R2-S3, 19.4R3-S1; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2; 20.3 versions prior to 20.3R1-S1, 20.3R2. Juniper Networks Junos OS Evolved: 20.3 versions prior to 20.3R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-19T18:17:11",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11239"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: \nJunos OS: 17.3R3-S11, 17.4R2-S13, 17.4R3-S4, 18.1R3-S12, 18.2R2-S8, 18.3R3-S4, 18.4R1-S8, 18.4R2-S7, 18.4R3-S7, 19.1R1-S6, 19.1R2-S2, 19.1R3-S4, 19.2R1-S6, 19.2R3-S1, 19.3R2-S5, 19.3R3-S1, 19.4R1-S4, 19.4R2-S3, 19.4R3-S1, 20.1R2, 20.1R3, 20.2R2, 20.2R3, 20.3R1-S1, 20.3R2, 20.4R1, and all subsequent releases.\n\nJunos OS Evolved: 20.3R2-EVO and all subsequent releases."
}
],
"source": {
"advisory": "JSA11239",
"defect": [
"1543234"
],
"discovery": "INTERNAL"
},
"title": "Junos OS and Junos OS Evolved: RPD crash while processing a specially crafted BGP UPDATE or KEEPALIVE message.",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-10-13T16:00:00.000Z",
"ID": "CVE-2021-31374",
"STATE": "PUBLIC",
"TITLE": "Junos OS and Junos OS Evolved: RPD crash while processing a specially crafted BGP UPDATE or KEEPALIVE message."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "17.3",
"version_value": "17.3R3-S11"
},
{
"version_affected": "\u003c",
"version_name": "17.4",
"version_value": "17.4R2-S13, 17.4R3-S4"
},
{
"version_affected": "\u003c",
"version_name": "18.1",
"version_value": "18.1R3-S12"
},
{
"version_affected": "\u003c",
"version_name": "18.2",
"version_value": "18.2R2-S8, 18.2R3-S7"
},
{
"version_affected": "\u003c",
"version_name": "18.3",
"version_value": "18.3R3-S4"
},
{
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R1-S8, 18.4R2-S7, 18.4R3-S7"
},
{
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R1-S6, 19.1R2-S2, 19.1R3-S4"
},
{
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R1-S6, 19.2R3-S1"
},
{
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R2-S5, 19.3R3-S1"
},
{
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R1-S4, 19.4R2-S3, 19.4R3-S1"
},
{
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R2"
},
{
"version_affected": "\u003c",
"version_name": "20.2",
"version_value": "20.2R2"
},
{
"version_affected": "\u003c",
"version_name": "20.3",
"version_value": "20.3R1-S1, 20.3R2"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "20.3",
"version_value": "20.3R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "The following minimal configuration is necessary:\n\n* Must be running Junos OS or Junos OS Evolved.\n* A BGP peering session is established."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Juniper Networks Junos OS and Junos OS Evolved devices processing a specially crafted BGP UPDATE or KEEPALIVE message can lead to a routing process daemon (RPD) crash and restart, causing a Denial of Service (DoS). Continued receipt and processing of this message will create a sustained Denial of Service (DoS) condition. This issue affects both IBGP and EBGP deployments over IPv4 or IPv6. This issue affects: Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S13, 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R2-S8, 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R1-S8, 18.4R2-S7, 18.4R3-S7; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S1; 19.3 versions prior to 19.3R2-S5, 19.3R3-S1; 19.4 versions prior to 19.4R1-S4, 19.4R1-S4, 19.4R2-S3, 19.4R3-S1; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2; 20.3 versions prior to 20.3R1-S1, 20.3R2. Juniper Networks Junos OS Evolved: 20.3 versions prior to 20.3R2-EVO."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11239",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11239"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: \nJunos OS: 17.3R3-S11, 17.4R2-S13, 17.4R3-S4, 18.1R3-S12, 18.2R2-S8, 18.3R3-S4, 18.4R1-S8, 18.4R2-S7, 18.4R3-S7, 19.1R1-S6, 19.1R2-S2, 19.1R3-S4, 19.2R1-S6, 19.2R3-S1, 19.3R2-S5, 19.3R3-S1, 19.4R1-S4, 19.4R2-S3, 19.4R3-S1, 20.1R2, 20.1R3, 20.2R2, 20.2R3, 20.3R1-S1, 20.3R2, 20.4R1, and all subsequent releases.\n\nJunos OS Evolved: 20.3R2-EVO and all subsequent releases."
}
],
"source": {
"advisory": "JSA11239",
"defect": [
"1543234"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-31374",
"datePublished": "2021-10-19T18:17:11.146517Z",
"dateReserved": "2021-04-15T00:00:00",
"dateUpdated": "2024-09-16T22:20:53.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28983 (GCVE-0-2023-28983)
Vulnerability from cvelistv5
Published
2023-04-17 00:00
Modified
2025-02-05 21:37
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An OS Command Injection vulnerability in gRPC Network Operations Interface (gNOI) server module of Juniper Networks Junos OS Evolved allows an authenticated, low privileged, network based attacker to inject shell commands and execute code. This issue affects Juniper Networks Junos OS Evolved 21.4 version 21.4R1-EVO and later versions prior to 22.1R1-EVO.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Version: 21.4R1-EVO < 21.4* Version: 22.1 < 22.1R1-EVO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:51:39.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA70609"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28983",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T21:37:10.224896Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T21:37:46.448Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.4*",
"status": "affected",
"version": "21.4R1-EVO",
"versionType": "custom"
},
{
"lessThan": "22.1R1-EVO",
"status": "affected",
"version": "22.1",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-04-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An OS Command Injection vulnerability in gRPC Network Operations Interface (gNOI) server module of Juniper Networks Junos OS Evolved allows an authenticated, low privileged, network based attacker to inject shell commands and execute code. This issue affects Juniper Networks Junos OS Evolved 21.4 version 21.4R1-EVO and later versions prior to 22.1R1-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-17T00:00:00.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"url": "https://supportportal.juniper.net/JSA70609"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 22.2R1-EVO, 22.3R1-EVO, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA70609",
"defect": [
"1662750"
],
"discovery": "INTERNAL"
},
"title": "Junos OS Evolved: Shell Injection vulnerability in the gNOI server",
"workarounds": [
{
"lang": "en",
"value": "To reduce the risk of exploitation of this issue, use access lists or firewall filters to limit access to only trusted administrative networks, hosts and users.\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2023-28983",
"datePublished": "2023-04-17T00:00:00.000Z",
"dateReserved": "2023-03-29T00:00:00.000Z",
"dateUpdated": "2025-02-05T21:37:46.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22194 (GCVE-0-2022-22194)
Vulnerability from cvelistv5
Published
2022-04-14 15:50
Modified
2024-09-17 04:20
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An Improper Check for Unusual or Exceptional Conditions vulnerability in the packetIO daemon of Juniper Networks Junos OS Evolved on PTX10003, PTX10004, and PTX10008 allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). Continued receipt of these crafted packets will cause a sustained Denial of Service condition. This issue affects Juniper Networks Junos OS Evolved all versions prior to 20.4R2-S3-EVO on PTX10003, PTX10004, and PTX10008. This issue does not affect: Juniper Networks Junos OS Evolved versions 21.1R1-EVO and above; Juniper Networks Junos OS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA69505 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS Evolved |
Version: unspecified < 20.4R2-S3-EVO, 20.4R3-EVO |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:07:49.881Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA69505"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"PTX10003, PTX10004, PTX10008"
],
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R2-S3-EVO, 20.4R3-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.1*",
"status": "unaffected",
"version": "21.1R1-EVO",
"versionType": "custom"
}
]
},
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"status": "unaffected",
"version": "any"
}
]
}
],
"datePublic": "2022-04-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the packetIO daemon of Juniper Networks Junos OS Evolved on PTX10003, PTX10004, and PTX10008 allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). Continued receipt of these crafted packets will cause a sustained Denial of Service condition. This issue affects Juniper Networks Junos OS Evolved all versions prior to 20.4R2-S3-EVO on PTX10003, PTX10004, and PTX10008. This issue does not affect: Juniper Networks Junos OS Evolved versions 21.1R1-EVO and above; Juniper Networks Junos OS."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-14T15:50:55",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA69505"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 20.4R2-S3-EVO, 20.4R3-EVO."
}
],
"source": {
"advisory": "JSA69505",
"defect": [
"1614171"
],
"discovery": "USER"
},
"title": "Junos OS Evolved: PTX series: An attacker sending a crafted GRE packet will cause the PFE to restart",
"workarounds": [
{
"lang": "en",
"value": "One characteristic of this vulnerability is that an FPC restart will only be triggered by a crafted GRE packet which has its\u0027 TTL set to 0 or 1 so as a workaround a filter can be implemented that drops such packets:\n\n set firewall family inet filter GREfilter term 1 from protocol gre\n set firewall family inet filter GREfilter term 1 from ttl 0\n set firewall family inet filter GREfilter term 1 then count gre-ttl-0\n set firewall family inet filter GREfilter term 1 then discard\n set firewall family inet filter GREfilter term 2 from protocol gre\n set firewall family inet filter GREfilter term 2 from ttl 1\n set firewall family inet filter GREfilter term 2 then count gre-ttl-1\n set firewall family inet filter GREfilter term 2 then discard\n set firewall family inet filter GREfilter term default then accept\n\nAn equivalent filter for family inet6 is required if IPv6 is configured on at least one interface."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2022-04-13T07:00:00.000Z",
"ID": "CVE-2022-22194",
"STATE": "PUBLIC",
"TITLE": "Junos OS Evolved: PTX series: An attacker sending a crafted GRE packet will cause the PFE to restart"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"platform": "PTX10003, PTX10004, PTX10008",
"version_affected": "\u003c",
"version_value": "20.4R2-S3-EVO, 20.4R3-EVO"
},
{
"version_affected": "!\u003e",
"version_name": "21.1",
"version_value": "21.1R1-EVO"
}
]
}
},
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "!",
"version_value": "any"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the packetIO daemon of Juniper Networks Junos OS Evolved on PTX10003, PTX10004, and PTX10008 allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). Continued receipt of these crafted packets will cause a sustained Denial of Service condition. This issue affects Juniper Networks Junos OS Evolved all versions prior to 20.4R2-S3-EVO on PTX10003, PTX10004, and PTX10008. This issue does not affect: Juniper Networks Junos OS Evolved versions 21.1R1-EVO and above; Juniper Networks Junos OS."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-754 Improper Check for Unusual or Exceptional Conditions"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA69505",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA69505"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 20.4R2-S3-EVO, 20.4R3-EVO."
}
],
"source": {
"advisory": "JSA69505",
"defect": [
"1614171"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "One characteristic of this vulnerability is that an FPC restart will only be triggered by a crafted GRE packet which has its\u0027 TTL set to 0 or 1 so as a workaround a filter can be implemented that drops such packets:\n\n set firewall family inet filter GREfilter term 1 from protocol gre\n set firewall family inet filter GREfilter term 1 from ttl 0\n set firewall family inet filter GREfilter term 1 then count gre-ttl-0\n set firewall family inet filter GREfilter term 1 then discard\n set firewall family inet filter GREfilter term 2 from protocol gre\n set firewall family inet filter GREfilter term 2 from ttl 1\n set firewall family inet filter GREfilter term 2 then count gre-ttl-1\n set firewall family inet filter GREfilter term 2 then discard\n set firewall family inet filter GREfilter term default then accept\n\nAn equivalent filter for family inet6 is required if IPv6 is configured on at least one interface."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2022-22194",
"datePublished": "2022-04-14T15:50:55.258749Z",
"dateReserved": "2021-12-21T00:00:00",
"dateUpdated": "2024-09-17T04:20:48.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22215 (GCVE-0-2022-22215)
Vulnerability from cvelistv5
Published
2022-07-20 14:15
Modified
2024-09-17 01:11
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A Missing Release of File Descriptor or Handle after Effective Lifetime vulnerability in plugable authentication module (PAM) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). It is possible that after the termination of a gRPC connection the respective/var/run/<pid>.env file is not getting deleted which if occurring repeatedly can cause inode exhaustion. Inode exhaustion can present itself in two different ways: 1. The following log message can be observed: host kernel: pid <pid> (<process>), uid <uid> inumber <number> on /.mount/var: out of inodes which by itself is a clear indication. 2. The following log message can be observed: host <process>[<pid>]: ... : No space left on device which is not deterministic and just a representation of a write error which could have several reasons. So the following check needs to be done: user@host> show system storage no-forwarding Filesystem Size Used Avail Capacity Mounted on /dev/ada1p1 475M 300M 137M 69% /.mount/var which indicates that the write error is not actually due to a lack of disk space. If either 1. or 2. has been confirmed, then the output of: user@host> file list /var/run/*.env | count need to be checked and if it indicates a high (>10000) number of files the system has been affected by this issue. This issue affects: Juniper Networks Junos OS All versions prior to 19.1R3-S8; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R2-S6, 19.4R3-S7; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S4; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-EVO; 21.1 versions prior to 21.1R3-S1-EVO; 21.2 versions prior to 21.2R1-S1-EVO, 21.2R2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA69719 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: unspecified < 19.1R3-S8 Version: 19.2 < 19.2R3-S6 Version: 19.3 < 19.3R3-S5 Version: 19.4 < 19.4R2-S6, 19.4R3-S7 Version: 20.1R1 < 20.1* Version: 20.2 < 20.2R3-S5 Version: 20.3 < 20.3R3-S4 Version: 20.4 < 20.4R3 Version: 21.1 < 21.1R3 Version: 21.2 < 21.2R2 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:07:49.902Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA69719"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "19.1R3-S8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "19.2R3-S6",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R3-S5",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R2-S6, 19.4R3-S7",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1*",
"status": "affected",
"version": "20.1R1",
"versionType": "custom"
},
{
"lessThan": "20.2R3-S5",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R3-S4",
"status": "affected",
"version": "20.3",
"versionType": "custom"
},
{
"lessThan": "20.4R3",
"status": "affected",
"version": "20.4",
"versionType": "custom"
},
{
"lessThan": "21.1R3",
"status": "affected",
"version": "21.1",
"versionType": "custom"
},
{
"lessThan": "21.2R2",
"status": "affected",
"version": "21.2",
"versionType": "custom"
}
]
},
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "21.1R3-S1-EVO",
"status": "affected",
"version": "21.1",
"versionType": "custom"
},
{
"lessThan": "21.2R1-S1-EVO, 21.2R2-EVO",
"status": "affected",
"version": "21.2",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "To be affected by this issue the system needs to be configured for gRPC:\n\n [ system services extension-service request-response grpc ]"
}
],
"datePublic": "2022-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Missing Release of File Descriptor or Handle after Effective Lifetime vulnerability in plugable authentication module (PAM) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). It is possible that after the termination of a gRPC connection the respective/var/run/\u003cpid\u003e.env file is not getting deleted which if occurring repeatedly can cause inode exhaustion. Inode exhaustion can present itself in two different ways: 1. The following log message can be observed: host kernel: pid \u003cpid\u003e (\u003cprocess\u003e), uid \u003cuid\u003e inumber \u003cnumber\u003e on /.mount/var: out of inodes which by itself is a clear indication. 2. The following log message can be observed: host \u003cprocess\u003e[\u003cpid\u003e]: ... : No space left on device which is not deterministic and just a representation of a write error which could have several reasons. So the following check needs to be done: user@host\u003e show system storage no-forwarding Filesystem Size Used Avail Capacity Mounted on /dev/ada1p1 475M 300M 137M 69% /.mount/var which indicates that the write error is not actually due to a lack of disk space. If either 1. or 2. has been confirmed, then the output of: user@host\u003e file list /var/run/*.env | count need to be checked and if it indicates a high (\u003e10000) number of files the system has been affected by this issue. This issue affects: Juniper Networks Junos OS All versions prior to 19.1R3-S8; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R2-S6, 19.4R3-S7; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S4; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-EVO; 21.1 versions prior to 21.1R3-S1-EVO; 21.2 versions prior to 21.2R1-S1-EVO, 21.2R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "775",
"lang": "en",
"type": "text"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-20T14:15:37",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA69719"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: \nJunos OS: 19.1R3-S8, 19.2R3-S6, 19.3R3-S5, 19.4R2-S6, 19.4R3-S7, 20.2R3-S5, 20.3R3-S4, 20.4R3, 21.1R3, 21.2R2, 21.3R1, and all subsequent releases;\nJunos OS Evolved: 20.4R3-EVO, 21.1R3-S1-EVO, 21.2R1-S1-EVO, 21.2R2-EVO, 21.3R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA69719",
"defect": [
"1604157"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: /var/run/\u003cpid\u003e.env files are potentially not deleted during termination of a gRPC connection causing inode exhaustion",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue.\nTo reduce the risk of exploitation use access lists or firewall filters to the device only from trusted, administrative networks or hosts."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2022-07-13T16:00:00.000Z",
"ID": "CVE-2022-22215",
"STATE": "PUBLIC",
"TITLE": "Junos OS and Junos OS Evolved: /var/run/\u003cpid\u003e.env files are potentially not deleted during termination of a gRPC connection causing inode exhaustion"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "19.1R3-S8"
},
{
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R3-S6"
},
{
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R3-S5"
},
{
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R2-S6, 19.4R3-S7"
},
{
"version_affected": "\u003e=",
"version_name": "20.1",
"version_value": "20.1R1"
},
{
"version_affected": "\u003c",
"version_name": "20.2",
"version_value": "20.2R3-S5"
},
{
"version_affected": "\u003c",
"version_name": "20.3",
"version_value": "20.3R3-S4"
},
{
"version_affected": "\u003c",
"version_name": "20.4",
"version_value": "20.4R3"
},
{
"version_affected": "\u003c",
"version_name": "21.1",
"version_value": "21.1R3"
},
{
"version_affected": "\u003c",
"version_name": "21.2",
"version_value": "21.2R2"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "20.4R3-EVO"
},
{
"version_affected": "\u003c",
"version_name": "21.1",
"version_value": "21.1R3-S1-EVO"
},
{
"version_affected": "\u003c",
"version_name": "21.2",
"version_value": "21.2R1-S1-EVO, 21.2R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "To be affected by this issue the system needs to be configured for gRPC:\n\n [ system services extension-service request-response grpc ]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Missing Release of File Descriptor or Handle after Effective Lifetime vulnerability in plugable authentication module (PAM) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). It is possible that after the termination of a gRPC connection the respective/var/run/\u003cpid\u003e.env file is not getting deleted which if occurring repeatedly can cause inode exhaustion. Inode exhaustion can present itself in two different ways: 1. The following log message can be observed: host kernel: pid \u003cpid\u003e (\u003cprocess\u003e), uid \u003cuid\u003e inumber \u003cnumber\u003e on /.mount/var: out of inodes which by itself is a clear indication. 2. The following log message can be observed: host \u003cprocess\u003e[\u003cpid\u003e]: ... : No space left on device which is not deterministic and just a representation of a write error which could have several reasons. So the following check needs to be done: user@host\u003e show system storage no-forwarding Filesystem Size Used Avail Capacity Mounted on /dev/ada1p1 475M 300M 137M 69% /.mount/var which indicates that the write error is not actually due to a lack of disk space. If either 1. or 2. has been confirmed, then the output of: user@host\u003e file list /var/run/*.env | count need to be checked and if it indicates a high (\u003e10000) number of files the system has been affected by this issue. This issue affects: Juniper Networks Junos OS All versions prior to 19.1R3-S8; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R2-S6, 19.4R3-S7; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S4; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-EVO; 21.1 versions prior to 21.1R3-S1-EVO; 21.2 versions prior to 21.2R1-S1-EVO, 21.2R2-EVO."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "775"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA69719",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA69719"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: \nJunos OS: 19.1R3-S8, 19.2R3-S6, 19.3R3-S5, 19.4R2-S6, 19.4R3-S7, 20.2R3-S5, 20.3R3-S4, 20.4R3, 21.1R3, 21.2R2, 21.3R1, and all subsequent releases;\nJunos OS Evolved: 20.4R3-EVO, 21.1R3-S1-EVO, 21.2R1-S1-EVO, 21.2R2-EVO, 21.3R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA69719",
"defect": [
"1604157"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue.\nTo reduce the risk of exploitation use access lists or firewall filters to the device only from trusted, administrative networks or hosts."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2022-22215",
"datePublished": "2022-07-20T14:15:37.769762Z",
"dateReserved": "2021-12-21T00:00:00",
"dateUpdated": "2024-09-17T01:11:06.894Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22195 (GCVE-0-2022-22195)
Vulnerability from cvelistv5
Published
2022-04-14 15:50
Modified
2024-09-16 23:11
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An Improper Update of Reference Count vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to trigger a counter overflow, eventually causing a Denial of Service (DoS). This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S1-EVO; 21.1 versions prior to 21.1R3-EVO; 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO. This issue does not affect Juniper Networks Junos OS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA69508 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS Evolved |
Version: unspecified < 20.4R3-S1-EVO Version: 21.1 < 21.1R3-EVO Version: 21.2 < 21.2R3-EVO Version: 21.3 < 21.3R2-EVO |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:07:49.890Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA69508"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S1-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "21.1R3-EVO",
"status": "affected",
"version": "21.1",
"versionType": "custom"
},
{
"lessThan": "21.2R3-EVO",
"status": "affected",
"version": "21.2",
"versionType": "custom"
},
{
"lessThan": "21.3R2-EVO",
"status": "affected",
"version": "21.3",
"versionType": "custom"
}
]
},
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"status": "unaffected",
"version": "any"
}
]
}
],
"datePublic": "2022-04-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Improper Update of Reference Count vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to trigger a counter overflow, eventually causing a Denial of Service (DoS). This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S1-EVO; 21.1 versions prior to 21.1R3-EVO; 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO. This issue does not affect Juniper Networks Junos OS."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-911",
"description": "CWE-911 Improper Update of Reference Count",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-14T15:50:56",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA69508"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 20.4R3-S1-EVO, 21.1R3-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA69508",
"defect": [
"1607769"
],
"discovery": "USER"
},
"title": "Junos OS Evolved: Specific packets reaching the RE lead to a counter overflow and eventually a crash",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue.\n\nTo reduce the risk of exploitation of this issue, use access lists or firewall filters to limit access to only trusted networks, hosts and users."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2022-04-13T16:00:00.000Z",
"ID": "CVE-2022-22195",
"STATE": "PUBLIC",
"TITLE": "Junos OS Evolved: Specific packets reaching the RE lead to a counter overflow and eventually a crash"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "20.4R3-S1-EVO"
},
{
"version_affected": "\u003c",
"version_name": "21.1",
"version_value": "21.1R3-EVO"
},
{
"version_affected": "\u003c",
"version_name": "21.2",
"version_value": "21.2R3-EVO"
},
{
"version_affected": "\u003c",
"version_name": "21.3",
"version_value": "21.3R2-EVO"
}
]
}
},
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "!",
"version_value": "any"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Improper Update of Reference Count vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to trigger a counter overflow, eventually causing a Denial of Service (DoS). This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S1-EVO; 21.1 versions prior to 21.1R3-EVO; 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO. This issue does not affect Juniper Networks Junos OS."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-911 Improper Update of Reference Count"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA69508",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA69508"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 20.4R3-S1-EVO, 21.1R3-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA69508",
"defect": [
"1607769"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue.\n\nTo reduce the risk of exploitation of this issue, use access lists or firewall filters to limit access to only trusted networks, hosts and users."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2022-22195",
"datePublished": "2022-04-14T15:50:56.689607Z",
"dateReserved": "2021-12-21T00:00:00",
"dateUpdated": "2024-09-16T23:11:31.592Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4481 (GCVE-0-2023-4481)
Vulnerability from cvelistv5
Published
2023-08-31 23:46
Modified
2024-10-02 15:09
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).
When certain specific crafted BGP UPDATE messages are received over an established BGP session, one BGP session may be torn down with an UPDATE message error, or the issue may propagate beyond the local system which will remain non-impacted, but may affect one or more remote systems. This issue is exploitable remotely as the crafted UPDATE message can propagate through unaffected systems and intermediate BGP speakers.
Continuous receipt of the crafted BGP UPDATE messages will create a sustained Denial of Service (DoS) condition for impacted devices.
This issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations. This issue requires a remote attacker to have at least one established BGP session.
Improper Input Validation, Denial of Service vulnerability in Juniper Networks, Inc. Junos OS (BGP, rpd modules), Juniper Networks, Inc. Junos OS Evolved (BGP, rpd modules) allows Fuzzing.This issue affects
Junos OS:
* All versions before 20.4R3-S10,
* from 21.1R1 through 21.*,
* from 21.2 before 21.2R3-S5,
* from 21.3 before 21.3R3-S5,
* from 21.4 before 21.4R3-S7 (unaffected from 21.4R3-S5, affected from 21.4R3-S6)
* from 22.1 before 22.1R3-S4,
* from 22.2 before 22.2R3-S3,
* from 22.3 before 22.3R3-S1,
* from 22.4 before 22.4R3,
* from 23.2 before 23.2R2.
Junos OS Evolved:
* All versions before 20.4R3-S10-EVO,
* from 21.2-EVO before 21.2R3-S7-EVO,
* from 21.3-EVO before 21.3R3-S5-EVO,
* from 21.4-EVO before 21.4R3-S5-EVO,
* from 22.1-EVO before 22.1R3-S4-EVO,
* from 22.2-EVO before 22.2R3-S3-EVO,
* from 22.3-EVO before 22.3R3-S1-EVO,
* from 22.4-EVO before 22.4R3-EVO,
* from 23.2-EVO before 23.2R2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA72510 | vendor-advisory | |
| https://www.rfc-editor.org/rfc/rfc7606 | technical-description | |
| https://www.rfc-editor.org/rfc/rfc4271 | technical-description | |
| https://www.juniper.net/documentation/us/en/software/junos/bgp/topics/topic-map/bgp-error-messages.html | technical-description |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks, Inc. | Junos OS |
Version: 0 ≤ Version: 21.2 ≤ Version: 21.3 ≤ Version: 21.4 ≤ Version: 22.1 ≤ Version: 22.2 Version: 22.3 ≤ Version: 22.4 ≤ Version: 23.2 ≤ Version: 21.1R1 ≤ 21.* |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:06.348Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA72510"
},
{
"tags": [
"technical-description",
"x_transferred"
],
"url": "https://www.rfc-editor.org/rfc/rfc7606"
},
{
"tags": [
"technical-description",
"x_transferred"
],
"url": "https://www.rfc-editor.org/rfc/rfc4271"
},
{
"tags": [
"technical-description",
"x_transferred"
],
"url": "https://www.juniper.net/documentation/us/en/software/junos/bgp/topics/topic-map/bgp-error-messages.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:juniper_networks:junos_os:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "junos_os",
"vendor": "juniper_networks",
"versions": [
{
"lessThan": "20.4R3-S10",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.2R3-S5",
"status": "affected",
"version": "21.2",
"versionType": "semver"
},
{
"lessThan": "21.3R3-S5",
"status": "affected",
"version": "21.3",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S7",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S4",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S3",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S1",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "21.*",
"status": "affected",
"version": "21.1R1",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:juniper_networks:junos_os_evolved:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "junos_os_evolved",
"vendor": "juniper_networks",
"versions": [
{
"lessThan": "20.4R3-S10-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.2R3-S7-EVO",
"status": "affected",
"version": "21.2-EVO",
"versionType": "semver"
},
{
"lessThan": "21.3R3-S5-EVO",
"status": "affected",
"version": "21.3-EVO",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S5-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S4-EVO",
"status": "affected",
"version": "22.1-EVO",
"versionType": "custom"
},
{
"lessThan": "22.2R3-S3-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S1-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R3-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
},
{
"lessThan": "23.2R2-EVO",
"status": "affected",
"version": "23.2-EVO",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4481",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T14:52:11.830739Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T15:09:38.010Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"modules": [
"BGP",
"rpd"
],
"product": "Junos OS",
"vendor": "Juniper Networks, Inc.",
"versions": [
{
"lessThan": "20.4R3-S10",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.2R3-S5",
"status": "affected",
"version": "21.2",
"versionType": "semver"
},
{
"lessThan": "21.3R3-S5",
"status": "affected",
"version": "21.3",
"versionType": "semver"
},
{
"changes": [
{
"at": "21.4R3-S5",
"status": "unaffected"
},
{
"at": "21.4R3-S6",
"status": "affected"
}
],
"lessThan": "21.4R3-S7",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S4",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S3",
"status": "affected",
"version": "22.2",
"versionType": "se"
},
{
"lessThan": "22.3R3-S1",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "21.*",
"status": "affected",
"version": "21.1R1",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"modules": [
"BGP",
"rpd"
],
"product": "Junos OS Evolved",
"vendor": "Juniper Networks, Inc.",
"versions": [
{
"lessThan": "20.4R3-S10-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.2R3-S7-EVO",
"status": "affected",
"version": "21.2-EVO",
"versionType": "semver"
},
{
"lessThan": "21.3R3-S5-EVO",
"status": "affected",
"version": "21.3-EVO",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S5-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S4-EVO",
"status": "affected",
"version": "22.1-EVO",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S3-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S1-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R3-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
},
{
"lessThan": "23.2R2-EVO",
"status": "affected",
"version": "23.2-EVO",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following minimal configuration is required:\u003cbr\u003e\u003cbr\u003e\u0026nbsp; [protocols bgp]"
}
],
"value": "The following minimal configuration is required:\n\n\u00a0 [protocols bgp]"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ben Cartwright-Cox / bgp.tools"
}
],
"datePublic": "2023-08-29T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWhen certain specific crafted BGP UPDATE messages are received over an established BGP session, one BGP session may be torn down with an UPDATE message error, or the issue may propagate beyond the local system which will remain non-impacted, but may affect one or more remote systems. This issue is exploitable remotely as the crafted UPDATE message can propagate through unaffected systems and intermediate BGP speakers.\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eContinuous receipt of the crafted BGP UPDATE messages will create a sustained Denial of Service (DoS) condition for impacted devices.\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations. This issue requires a remote attacker to have at least one established BGP session.\u003c/span\u003e\u003cbr\u003e Improper Input Validation, Denial of Service vulnerability in Juniper Networks, Inc. Junos OS (BGP, rpd modules), Juniper Networks, Inc. Junos OS Evolved (BGP, rpd modules) allows Fuzzing.\u003cp\u003eThis issue affects\u0026nbsp;\u003c/p\u003e\u003cp\u003eJunos OS:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 20.4R3-S10,\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003efrom 21.1R1 through 21.*,\u003c/span\u003e\u003c/li\u003e\u003cli\u003efrom 21.2 before 21.2R3-S5,\u003c/li\u003e\u003cli\u003efrom 21.3 before 21.3R3-S5,\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003efrom 21.4 before 21.4R3-S7 (unaffected from 21.4R3-S5, affected from 21.4R3-S6)\u003c/span\u003e\u003c/li\u003e\u003cli\u003efrom 22.1 before 22.1R3-S4,\u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S3,\u003c/li\u003e\u003cli\u003efrom 22.3 before 22.3R3-S1,\u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3,\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2.\u003c/li\u003e\u003c/ul\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eJunos OS Evolved:\u003c/span\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eAll versions before 20.4R3-S10-EVO,\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 21.2-EVO before 21.2R3-S7-EVO,\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 21.3-EVO before 21.3R3-S5-EVO,\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 21.4-EVO before 21.4R3-S5-EVO,\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 22.1-EVO before 22.1R3-S4-EVO,\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 22.2-EVO before 22.2R3-S3-EVO,\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 22.3-EVO before 22.3R3-S1-EVO,\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 22.4-EVO before 22.4R3-EVO,\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003efrom 23.2-EVO before 23.2R2-EVO.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).\n\nWhen certain specific crafted BGP UPDATE messages are received over an established BGP session, one BGP session may be torn down with an UPDATE message error, or the issue may propagate beyond the local system which will remain non-impacted, but may affect one or more remote systems. This issue is exploitable remotely as the crafted UPDATE message can propagate through unaffected systems and intermediate BGP speakers.\nContinuous receipt of the crafted BGP UPDATE messages will create a sustained Denial of Service (DoS) condition for impacted devices.\n\nThis issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations. This issue requires a remote attacker to have at least one established BGP session.\n Improper Input Validation, Denial of Service vulnerability in Juniper Networks, Inc. Junos OS (BGP, rpd modules), Juniper Networks, Inc. Junos OS Evolved (BGP, rpd modules) allows Fuzzing.This issue affects\u00a0\n\nJunos OS:\u00a0\n\n\n\n * All versions before 20.4R3-S10,\n * from 21.1R1 through 21.*,\n * from 21.2 before 21.2R3-S5,\n * from 21.3 before 21.3R3-S5,\n * from 21.4 before 21.4R3-S7 (unaffected from 21.4R3-S5, affected from 21.4R3-S6)\n * from 22.1 before 22.1R3-S4,\n * from 22.2 before 22.2R3-S3,\n * from 22.3 before 22.3R3-S1,\n * from 22.4 before 22.4R3,\n * from 23.2 before 23.2R2.\n\n\nJunos OS Evolved:\n\n\n\n * All versions before 20.4R3-S10-EVO,\n * from 21.2-EVO before 21.2R3-S7-EVO,\n * from 21.3-EVO before 21.3R3-S5-EVO,\n * from 21.4-EVO before 21.4R3-S5-EVO,\n * from 22.1-EVO before 22.1R3-S4-EVO,\n * from 22.2-EVO before 22.2R3-S3-EVO,\n * from 22.3-EVO before 22.3R3-S1-EVO,\n * from 22.4-EVO before 22.4R3-EVO,\n * from 23.2-EVO before 23.2R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impacts": [
{
"capecId": "CAPEC-28",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-28 Fuzzing"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T17:47:11.855Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://kb.juniper.net/JSA72510"
},
{
"tags": [
"technical-description"
],
"url": "https://www.rfc-editor.org/rfc/rfc7606"
},
{
"tags": [
"technical-description"
],
"url": "https://www.rfc-editor.org/rfc/rfc4271"
},
{
"tags": [
"technical-description"
],
"url": "https://www.juniper.net/documentation/us/en/software/junos/bgp/topics/topic-map/bgp-error-messages.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue:\u003cbr\u003e\u003c/p\u003e\u003cp\u003eJunos OS: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e20.4R3-S10,\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e21.2R3-S7,\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e21.3R3-S5,\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e21.4R3-S5 or \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e21.4R3-S7\u003c/span\u003e,\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e22.1R3-S4,\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e22.2R3-S3,\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e22.3R3-S1,\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e22.4R3,\u003c/span\u003e\u0026nbsp;23.2R2, 23.3R2, 23.4R1, and all subsequent releases\u003cbr\u003e\u003c/p\u003e\u003cp\u003eNote: except for Junos OS 21.4R3-S6 which is affected and unfixed.\u003cbr\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eJunos OS Evolved: 20.4R3-S10-EVO,\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e21.2R3-S7-EVO,\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e21.3R3-S5-EVO,\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e21.4R3-S5-EVO,\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e22.1R3-S4-EVO,\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;22.2R3-S3-EVO,\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e22.3R3-S1-EVO,\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e22.4R3-EVO,\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e23.2R2-EVO,\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e23.4R1-EVO,\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;and all subsequent releases.\u003c/span\u003e\u003c/p\u003e\u003cbr\u003eIt is important that customers implement the workaround in addition to taking any updated software as these crafted UPDATE messages may be propagated to other devices even if non-impacted locally, thereby protecting the network by stopping the propagation of these crafted UPDATE messages.\u003cbr\u003eThe workaround is to configure BGP error tolerance by way of:\u003cbr\u003e\u003cbr\u003e\u0026nbsp; [ protocols bgp bgp-error-tolerance ... ]\u003cbr\u003e\u003cbr\u003eAdditional details can be found at \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.juniper.net/documentation/us/en/software/junos/bgp/topics/topic-map/bgp-error-messages.html\"\u003ehttps://www.juniper.net/documentation/us/en/software/junos/bgp/topics/topic-map/bgp-error-messages.h...\u003c/a\u003e\u003cbr\u003e\u003cbr\u003eJuniper considers configuring this option to be a Best Common Practice (BCP) as it not only prevents this issue from happening, but protects against similar issues as well.\u003cp\u003e\u003c/p\u003e\u003cp\u003eThis issue is being tracked as PR \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://prsearch.juniper.net/problemreport/PR1709837\"\u003e1709837\u003c/a\u003e\u0026nbsp;which is visible on the Customer Support website.\u003c/p\u003e\u003cp\u003eNote: Juniper SIRT\u0027s \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://kb.juniper.net/KB16765\"\u003epolicy\u003c/a\u003e\u0026nbsp;is not to evaluate releases which are beyond End of Engineering (EOE) or End of Life (EOL).\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue:\n\n\nJunos OS: 20.4R3-S10,\u00a021.2R3-S7,\u00a021.3R3-S5,\u00a021.4R3-S5 or 21.4R3-S7,\u00a022.1R3-S4,\u00a022.2R3-S3,\u00a022.3R3-S1,\u00a022.4R3,\u00a023.2R2, 23.3R2, 23.4R1, and all subsequent releases\n\n\nNote: except for Junos OS 21.4R3-S6 which is affected and unfixed.\n\n\n\n\nJunos OS Evolved: 20.4R3-S10-EVO,\u00a021.2R3-S7-EVO,\u00a021.3R3-S5-EVO,\u00a021.4R3-S5-EVO,\u00a022.1R3-S4-EVO,\u00a022.2R3-S3-EVO,\u00a022.3R3-S1-EVO,\u00a022.4R3-EVO,\u00a023.2R2-EVO,\u00a023.4R1-EVO,\u00a0and all subsequent releases.\n\n\nIt is important that customers implement the workaround in addition to taking any updated software as these crafted UPDATE messages may be propagated to other devices even if non-impacted locally, thereby protecting the network by stopping the propagation of these crafted UPDATE messages.\nThe workaround is to configure BGP error tolerance by way of:\n\n\u00a0 [ protocols bgp bgp-error-tolerance ... ]\n\nAdditional details can be found at https://www.juniper.net/documentation/us/en/software/junos/bgp/topics/topic-map/bgp-error-messages.h... https://www.juniper.net/documentation/us/en/software/junos/bgp/topics/topic-map/bgp-error-messages.html \n\nJuniper considers configuring this option to be a Best Common Practice (BCP) as it not only prevents this issue from happening, but protects against similar issues as well.\n\nThis issue is being tracked as PR 1709837 https://prsearch.juniper.net/problemreport/PR1709837 \u00a0which is visible on the Customer Support website.\n\nNote: Juniper SIRT\u0027s policy https://kb.juniper.net/KB16765 \u00a0is not to evaluate releases which are beyond End of Engineering (EOE) or End of Life (EOL)."
}
],
"source": {
"advisory": "JSA72510",
"defect": [
"1709837"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2023-08-29T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Junos OS and Junos OS Evolved: A crafted BGP UPDATE message allows a remote attacker to de-peer (reset) BGP sessions (CVE-2023-4481)",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe workaround is to configure BGP error tolerance by way of:\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp; [ protocols bgp bgp-error-tolerance ... ]\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAdditional details can be found at \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.juniper.net/documentation/us/en/software/junos/bgp/topics/topic-map/bgp-error-messages.html\"\u003ehttps://www.juniper.net/documentation/us/en/software/junos/bgp/topics/topic-map/bgp-error-messages.h...\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eJuniper considers configuring this option to be a Best Common Practice (BCP) as it not only prevents this issue from happening, but protects against similar issues as well.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "The workaround is to configure BGP error tolerance by way of:\n\n\u00a0 [ protocols bgp bgp-error-tolerance ... ]\n\nAdditional details can be found at https://www.juniper.net/documentation/us/en/software/junos/bgp/topics/topic-map/bgp-error-messages.h... https://www.juniper.net/documentation/us/en/software/junos/bgp/topics/topic-map/bgp-error-messages.html \n\nJuniper considers configuring this option to be a Best Common Practice (BCP) as it not only prevents this issue from happening, but protects against similar issues as well."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2023-4481",
"datePublished": "2023-08-31T23:46:18.796Z",
"dateReserved": "2023-08-22T15:37:01.371Z",
"dateUpdated": "2024-10-02T15:09:38.010Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39524 (GCVE-0-2024-39524)
Vulnerability from cvelistv5
Published
2024-07-11 16:01
Modified
2024-08-02 04:26
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.5 (High) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
8.5 (High) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
Summary
An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system.
The Junos OS Evolved CLI doesn't properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level.
This issue affects Junos OS Evolved:
All versions before 20.4R3-S7-EVO,
21.2-EVO versions before 21.2R3-S8-EVO,
21.4-EVO versions before 21.4R3-S7-EVO,
22.2-EVO versions before 22.2R3-EVO,
22.3-EVO versions before 22.3R2-EVO,
22.4-EVO versions before 22.4R2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportportal.juniper.net/JSA82975 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Version: 0 ≤ Version: 21.2-EVO ≤ Version: 21.4-EVO ≤ Version: 22.2-EVO ≤ Version: 22.3-EVO ≤ Version: 22.4-EVO ≤ |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos_os_evolved",
"vendor": "juniper",
"versions": [
{
"lessThan": "20.4r3-s7",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:juniper:junos_os_evolved:21.2:*:*:*:*:*:*:*",
"cpe:2.3:o:juniper:junos_os_evolved:21.4:*:*:*:*:*:*:*",
"cpe:2.3:o:juniper:junos_os_evolved:22.2:*:*:*:*:*:*:*",
"cpe:2.3:o:juniper:junos_os_evolved:22.3:*:*:*:*:*:*:*",
"cpe:2.3:o:juniper:junos_os_evolved:22.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos_os_evolved",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.2r3-8s",
"status": "affected",
"version": "21.2",
"versionType": "semver"
},
{
"lessThan": "21.4r3-s7",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.2r3",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3r2",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4r2",
"status": "affected",
"version": "22.4",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39524",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-13T03:55:26.633432Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-13T11:34:54.102Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.550Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA82975"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S7-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.2R3-S8-EVO",
"status": "affected",
"version": "21.2-EVO",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S7-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "semver"
},
{
"lessThan": "22.2R3-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R2-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R2-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-07-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to \u0027root\u0027 leading to a full compromise of the system.\u003cbr\u003e\u003cbr\u003eThe Junos OS Evolved CLI doesn\u0027t properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level.\n\n\u003cp\u003eThis issue affects Junos OS Evolved:\u003c/p\u003e\u003cp\u003eAll versions before 20.4R3-S7-EVO,\u003c/p\u003e\u003cp\u003e21.2-EVO versions before 21.2R3-S8-EVO,\u003c/p\u003e\u003cp\u003e21.4-EVO versions before 21.4R3-S7-EVO,\u0026nbsp;\u003c/p\u003e\u003cp\u003e22.2-EVO versions before 22.2R3-EVO,\u003c/p\u003e\u003cp\u003e22.3-EVO versions before 22.3R2-EVO,\u003c/p\u003e\u003cp\u003e22.4-EVO versions before 22.4R2-EVO.\u003c/p\u003e"
}
],
"value": "An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to \u0027root\u0027 leading to a full compromise of the system.\n\nThe Junos OS Evolved CLI doesn\u0027t properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level.\n\nThis issue affects Junos OS Evolved:\n\nAll versions before 20.4R3-S7-EVO,\n\n21.2-EVO versions before 21.2R3-S8-EVO,\n\n21.4-EVO versions before 21.4R3-S7-EVO,\u00a0\n\n22.2-EVO versions before 22.2R3-EVO,\n\n22.3-EVO versions before 22.3R2-EVO,\n\n22.4-EVO versions before 22.4R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T16:01:32.850Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA82975"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: 20.4R3-S7-EVO, 21.2R3-S8-EVO, 21.4R3-S7-EVO, 22.2R3-EVO, 22.3R2-EVO, 22.4R2-EVO, 23.2R1-EVO, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue: 20.4R3-S7-EVO, 21.2R3-S8-EVO, 21.4R3-S7-EVO, 22.2R3-EVO, 22.3R2-EVO, 22.4R2-EVO, 23.2R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA82975",
"defect": [
"1696781"
],
"discovery": "INTERNAL"
},
"title": "Junos OS Evolved: CLI parameter processing issue allows privilege escalation",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-39524",
"datePublished": "2024-07-11T16:01:32.850Z",
"dateReserved": "2024-06-25T15:12:53.240Z",
"dateUpdated": "2024-08-02T04:26:15.550Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-0292 (GCVE-0-2021-0292)
Vulnerability from cvelistv5
Published
2021-07-15 20:01
Modified
2024-09-16 17:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An Uncontrolled Resource Consumption vulnerability in the ARP daemon (arpd) and Network Discovery Protocol (ndp) process of Juniper Networks Junos OS Evolved allows a malicious attacker on the local network to consume memory resources, ultimately resulting in a Denial of Service (DoS) condition. Link-layer functions such as IPv4 and/or IPv6 address resolution may be impacted, leading to traffic loss. The processes do not recover on their own and must be manually restarted. Changes in memory usage can be monitored using the following shell commands (header shown for clarity): user@router:/var/log# ps aux | grep arpd USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 31418 59.0 0.7 *5702564* 247952 ? xxx /usr/sbin/arpd --app-name arpd -I object_select --shared-objects-mode 3 user@router:/var/log# ps aux | grep arpd USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 31418 49.1 1.0 *5813156* 351184 ? xxx /usr/sbin/arpd --app-name arpd -I object_select --shared-objects-mode 3 Memory usage can be monitored for the ndp process in a similar fashion: user@router:/var/log# ps aux | grep ndp USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 14935 0.0 0.1 *5614052* 27256 ? Ssl Jun15 0:17 /usr/sbin/ndp -I no_tab_chk,object_select --app-name ndp --shared-obje user@router:/var/log# ps aux | grep ndp USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 14935 0.0 0.1 *5725164* 27256 ? Ssl Jun15 0:17 /usr/sbin/ndp -I no_tab_chk,object_select --app-name ndp --shared-obje This issue affects Juniper Networks Junos OS Evolved: 19.4 versions prior to 19.4R2-S3-EVO; 20.1 versions prior to 20.1R2-S4-EVO; all versions of 20.2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 19.4R2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA11194 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Patch: unspecified Version: 19.4 < 19.4R2-S3-EVO Version: 20.1 < 20.1R2-S4-EVO Version: 20.2R1-EVO < 20.2* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:10.639Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11194"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "19.4R2-EVO",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "19.4R2-S3-EVO",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R2-S4-EVO",
"status": "affected",
"version": "20.1",
"versionType": "custom"
},
{
"lessThan": "20.2*",
"status": "affected",
"version": "20.2R1-EVO",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-07-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Uncontrolled Resource Consumption vulnerability in the ARP daemon (arpd) and Network Discovery Protocol (ndp) process of Juniper Networks Junos OS Evolved allows a malicious attacker on the local network to consume memory resources, ultimately resulting in a Denial of Service (DoS) condition. Link-layer functions such as IPv4 and/or IPv6 address resolution may be impacted, leading to traffic loss. The processes do not recover on their own and must be manually restarted. Changes in memory usage can be monitored using the following shell commands (header shown for clarity): user@router:/var/log# ps aux | grep arpd USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 31418 59.0 0.7 *5702564* 247952 ? xxx /usr/sbin/arpd --app-name arpd -I object_select --shared-objects-mode 3 user@router:/var/log# ps aux | grep arpd USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 31418 49.1 1.0 *5813156* 351184 ? xxx /usr/sbin/arpd --app-name arpd -I object_select --shared-objects-mode 3 Memory usage can be monitored for the ndp process in a similar fashion: user@router:/var/log# ps aux | grep ndp USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 14935 0.0 0.1 *5614052* 27256 ? Ssl Jun15 0:17 /usr/sbin/ndp -I no_tab_chk,object_select --app-name ndp --shared-obje user@router:/var/log# ps aux | grep ndp USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 14935 0.0 0.1 *5725164* 27256 ? Ssl Jun15 0:17 /usr/sbin/ndp -I no_tab_chk,object_select --app-name ndp --shared-obje This issue affects Juniper Networks Junos OS Evolved: 19.4 versions prior to 19.4R2-S3-EVO; 20.1 versions prior to 20.1R2-S4-EVO; all versions of 20.2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 19.4R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-15T20:01:10",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11194"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved 19.4R2-S3-EVO, 20.1R2-S4-EVO, 20.3R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11194",
"defect": [
"1531154"
],
"discovery": "USER"
},
"title": "Junos OS Evolved: Memory leak in arpd or ndp processes can lead to Denial of Service (DoS)",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-07-14T16:00:00.000Z",
"ID": "CVE-2021-0292",
"STATE": "PUBLIC",
"TITLE": "Junos OS Evolved: Memory leak in arpd or ndp processes can lead to Denial of Service (DoS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "!\u003c",
"version_value": "19.4R2-EVO"
},
{
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R2-S3-EVO"
},
{
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R2-S4-EVO"
},
{
"version_affected": "\u003e=",
"version_name": "20.2",
"version_value": "20.2R1-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Uncontrolled Resource Consumption vulnerability in the ARP daemon (arpd) and Network Discovery Protocol (ndp) process of Juniper Networks Junos OS Evolved allows a malicious attacker on the local network to consume memory resources, ultimately resulting in a Denial of Service (DoS) condition. Link-layer functions such as IPv4 and/or IPv6 address resolution may be impacted, leading to traffic loss. The processes do not recover on their own and must be manually restarted. Changes in memory usage can be monitored using the following shell commands (header shown for clarity): user@router:/var/log# ps aux | grep arpd USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 31418 59.0 0.7 *5702564* 247952 ? xxx /usr/sbin/arpd --app-name arpd -I object_select --shared-objects-mode 3 user@router:/var/log# ps aux | grep arpd USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 31418 49.1 1.0 *5813156* 351184 ? xxx /usr/sbin/arpd --app-name arpd -I object_select --shared-objects-mode 3 Memory usage can be monitored for the ndp process in a similar fashion: user@router:/var/log# ps aux | grep ndp USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 14935 0.0 0.1 *5614052* 27256 ? Ssl Jun15 0:17 /usr/sbin/ndp -I no_tab_chk,object_select --app-name ndp --shared-obje user@router:/var/log# ps aux | grep ndp USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 14935 0.0 0.1 *5725164* 27256 ? Ssl Jun15 0:17 /usr/sbin/ndp -I no_tab_chk,object_select --app-name ndp --shared-obje This issue affects Juniper Networks Junos OS Evolved: 19.4 versions prior to 19.4R2-S3-EVO; 20.1 versions prior to 20.1R2-S4-EVO; all versions of 20.2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 19.4R2-EVO."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11194",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11194"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved 19.4R2-S3-EVO, 20.1R2-S4-EVO, 20.3R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11194",
"defect": [
"1531154"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0292",
"datePublished": "2021-07-15T20:01:10.403068Z",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-09-16T17:57:46.772Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28981 (GCVE-0-2023-28981)
Vulnerability from cvelistv5
Published
2023-04-17 00:00
Modified
2025-02-05 21:40
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An Improper Input Validation vulnerability in the kernel of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). If the receipt of router advertisements is enabled on an interface and a specifically malformed RA packet is received, memory corruption will happen which leads to an rpd crash. This issue affects: Juniper Networks Junos OS 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S3; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2; 22.1 versions prior to 22.1R2. Juniper Networks Junos OS Evolved 20.3-EVO version 20.3R1-EVO and later versions; 20.4-EVO versions prior to 20.4R3-S6-EVO; 21.3-EVO versions prior to 21.3R3-EVO; 21.4-EVO versions prior to 21.4R2-EVO; 22.1-EVO versions prior to 22.1R2-EVO.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: 20.3 < 20.3R3-S5 Version: 20.4 < 20.4R3-S3, 20.4R3-S6 Version: 21.1 < 21.1R3-S4 Version: 21.2 < 21.2R3 Version: 21.3 < 21.3R3 Version: 21.4 < 21.4R2 Version: 22.1 < 22.1R2 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:51:39.003Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA70607"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28981",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T21:40:16.335429Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T21:40:20.322Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.3R3-S5",
"status": "affected",
"version": "20.3",
"versionType": "custom"
},
{
"lessThan": "20.4R3-S3, 20.4R3-S6",
"status": "affected",
"version": "20.4",
"versionType": "custom"
},
{
"lessThan": "21.1R3-S4",
"status": "affected",
"version": "21.1",
"versionType": "custom"
},
{
"lessThan": "21.2R3",
"status": "affected",
"version": "21.2",
"versionType": "custom"
},
{
"lessThan": "21.3R3",
"status": "affected",
"version": "21.3",
"versionType": "custom"
},
{
"lessThan": "21.4R2",
"status": "affected",
"version": "21.4",
"versionType": "custom"
},
{
"lessThan": "22.1R2",
"status": "affected",
"version": "22.1",
"versionType": "custom"
}
]
},
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.3-EVO*",
"status": "affected",
"version": "20.3R1-EVO",
"versionType": "custom"
},
{
"lessThan": "20.4R3-S6-EVO",
"status": "affected",
"version": "20.4-EVO",
"versionType": "custom"
},
{
"lessThan": "21.3R3-EVO",
"status": "affected",
"version": "21.3-EVO",
"versionType": "custom"
},
{
"lessThan": "21.4R2-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "custom"
},
{
"lessThan": "22.1R2-EVO",
"status": "affected",
"version": "22.1-EVO",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "To be affected by this vulnerability router advertisements need to be enabled on the interface:\n\n [protocols router-advertisement interface \u003cinterface-name\u003e]"
}
],
"datePublic": "2023-04-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Improper Input Validation vulnerability in the kernel of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). If the receipt of router advertisements is enabled on an interface and a specifically malformed RA packet is received, memory corruption will happen which leads to an rpd crash. This issue affects: Juniper Networks Junos OS 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S3; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2; 22.1 versions prior to 22.1R2. Juniper Networks Junos OS Evolved 20.3-EVO version 20.3R1-EVO and later versions; 20.4-EVO versions prior to 20.4R3-S6-EVO; 21.3-EVO versions prior to 21.3R3-EVO; 21.4-EVO versions prior to 21.4R2-EVO; 22.1-EVO versions prior to 22.1R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-17T00:00:00.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"url": "https://supportportal.juniper.net/JSA70607"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue:\nJunos OS Evolved: 20.4R3-S6-EVO, 21.3R3-EVO, 21.4R2-EVO, 22.1R2-EVO, 22.2R1-EVO, and all subsequent releases.\nJunos OS: 20.3R3-S5, 20.4R3-S3, 21.1R3-S4, 21.2R3, 21.3R3, 21.4R2, 22.1R2, 22.2R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA70607",
"defect": [
"1645928"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: If malformed IPv6 router advertisements are received, memory corruption will occur which causes an rpd crash",
"workarounds": [
{
"lang": "en",
"value": "If the receipt of router advertisements is not necessary (but just the solicited or unsolicited sending of RAs) then incoming RAs can be filtered and dropped by applying a firewall filter like the following:\n\nset firewall family inet6 filter test term 1 from next-header icmp6\nset firewall family inet6 filter test term 1 from icmp-type 134\nset firewall family inet6 filter test term 1 then discard\nset firewall family inet6 filter test term 2 then accept"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2023-28981",
"datePublished": "2023-04-17T00:00:00.000Z",
"dateReserved": "2023-03-29T00:00:00.000Z",
"dateUpdated": "2025-02-05T21:40:20.322Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39555 (GCVE-0-2024-39555)
Vulnerability from cvelistv5
Published
2024-07-10 22:36
Modified
2024-08-02 04:26
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker sending a specific malformed BGP update message to cause the session to reset, resulting in a Denial of Service (DoS). Continued receipt and processing of these malformed BGP update messages will create a sustained Denial of Service (DoS) condition.
Upon receipt of a BGP update message over an established BGP session containing a specifically malformed tunnel encapsulation attribute, when segment routing is enabled, internal processing of the malformed attributes within the update results in improper parsing of remaining attributes, leading to session reset:
BGP SEND Notification code 3 (Update Message Error) subcode 1 (invalid attribute list)
Only systems with segment routing enabled are vulnerable to this issue.
This issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations, and requires a remote attacker to have at least one established BGP session.
This issue affects:
Junos OS:
* All versions before 21.4R3-S8,
* from 22.2 before 22.2R3-S4,
* from 22.3 before 22.3R3-S3,
* from 22.4 before 22.4R3-S3,
* from 23.2 before 23.2R2-S1,
* from 23.4 before 23.4R1-S2, 23.4R2.
Junos OS Evolved:
* All versions before 21.4R3-S8-EVO,
* from 22.2-EVO before 22.2R3-S4-EVO,
* from 22.3-EVO before 22.3R3-S3-EVO,
* from 22.4-EVO before 22.4R3-S3-EVO,
* from 23.2-EVO before 23.2R2-S1-EVO,
* from 23.4-EVO before 23.4R1-S2-EVO, 23.4R2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportportal.juniper.net/JSA83015 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: 0 ≤ Version: 22.2 ≤ Version: 22.3 ≤ Version: 22.4 ≤ Version: 23.2 ≤ Version: 23.4 ≤ |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:juniper:junos_os:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "junos_os",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.4R3-S8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S4",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S3",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S1",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R1-S2",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "23.4R2",
"status": "affected",
"version": "23.4",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "junos_os_evolved",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.4R3-S8-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S4-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S3-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S3-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S1-EVO",
"status": "affected",
"version": "23.2-EVO",
"versionType": "semver"
},
{
"lessThan": "23.4R1-S2-EVO",
"status": "affected",
"version": "23.4-EVO",
"versionType": "semver"
},
{
"lessThan": "23.4R2-EVO",
"status": "affected",
"version": "23.4-EVO",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39555",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T14:13:23.572231Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T16:41:46.291Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.946Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA83015"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.4R3-S8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S4",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S3",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S1",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R1-S2, 23.4R2",
"status": "affected",
"version": "23.4",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.4R3-S8-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S4-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S3-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S3-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S1-EVO",
"status": "affected",
"version": "23.2-EVO",
"versionType": "semver"
},
{
"lessThan": "23.4R1-S2-EVO, 23.4R2-EVO",
"status": "affected",
"version": "23.4-EVO",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A sample BGP segment routing configuration is shown below:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ protocols bgp group \u0026lt;name\u0026gt; family inet segment-routing-te ] (IPv4)\u003cbr\u003e\n\n[ protocols bgp group \u0026lt;name\u0026gt; family inet6 segment-routing-te ] (IPv6)\u003cbr\u003e\u003c/tt\u003e"
}
],
"value": "A sample BGP segment routing configuration is shown below:\n\n[ protocols bgp group \u003cname\u003e family inet segment-routing-te ] (IPv4)\n\n\n[ protocols bgp group \u003cname\u003e family inet6 segment-routing-te ] (IPv6)"
}
],
"datePublic": "2024-07-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker sending a specific malformed BGP update message to cause the session to reset, resulting in a Denial of Service (DoS). Continued receipt and processing of these malformed BGP update messages will create a sustained Denial of Service (DoS) condition.\u003cbr\u003e\u003cbr\u003eUpon receipt of a BGP update message over an established BGP session containing a specifically malformed tunnel encapsulation attribute, when segment routing is enabled, internal processing of the malformed attributes within the update results in improper parsing of remaining attributes, leading to session reset:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003eBGP SEND Notification code 3 (Update Message Error) subcode 1 (invalid attribute list)\u003c/tt\u003e\u003cbr\u003e\u003cbr\u003eOnly systems with segment routing enabled are vulnerable to this issue.\u003cbr\u003e\u003cbr\u003eThis issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations, and requires a remote attacker to have at least one established BGP session.\u003cbr\u003e\u003cbr\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJunos OS: \u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.4R3-S8, \u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S4, \u003c/li\u003e\u003cli\u003efrom 22.3 before 22.3R3-S3, \u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3-S3, \u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-S1, \u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R1-S2, 23.4R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eJunos OS Evolved:\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.4R3-S8-EVO, \u003c/li\u003e\u003cli\u003efrom 22.2-EVO before 22.2R3-S4-EVO, \u003c/li\u003e\u003cli\u003efrom 22.3-EVO before 22.3R3-S3-EVO, \u003c/li\u003e\u003cli\u003efrom 22.4-EVO before 22.4R3-S3-EVO, \u003c/li\u003e\u003cli\u003efrom 23.2-EVO before 23.2R2-S1-EVO, \u003c/li\u003e\u003cli\u003efrom 23.4-EVO before 23.4R1-S2-EVO, 23.4R2-EVO.\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker sending a specific malformed BGP update message to cause the session to reset, resulting in a Denial of Service (DoS). Continued receipt and processing of these malformed BGP update messages will create a sustained Denial of Service (DoS) condition.\n\nUpon receipt of a BGP update message over an established BGP session containing a specifically malformed tunnel encapsulation attribute, when segment routing is enabled, internal processing of the malformed attributes within the update results in improper parsing of remaining attributes, leading to session reset:\n\nBGP SEND Notification code 3 (Update Message Error) subcode 1 (invalid attribute list)\n\nOnly systems with segment routing enabled are vulnerable to this issue.\n\nThis issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations, and requires a remote attacker to have at least one established BGP session.\n\nThis issue affects:\n\nJunos OS: \n\n\n * All versions before 21.4R3-S8, \n * from 22.2 before 22.2R3-S4, \n * from 22.3 before 22.3R3-S3, \n * from 22.4 before 22.4R3-S3, \n * from 23.2 before 23.2R2-S1, \n * from 23.4 before 23.4R1-S2, 23.4R2.\n\n\nJunos OS Evolved:\u00a0\n\n * All versions before 21.4R3-S8-EVO, \n * from 22.2-EVO before 22.2R3-S4-EVO, \n * from 22.3-EVO before 22.3R3-S3-EVO, \n * from 22.4-EVO before 22.4R3-S3-EVO, \n * from 23.2-EVO before 23.2R2-S1-EVO, \n * from 23.4-EVO before 23.4R1-S2-EVO, 23.4R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/R:A",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755 Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T22:37:53.351Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA83015"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue:\u003cbr\u003e \n\u003cbr\u003eJunos OS: 21.4R3-S8, 22.2R3-S4, 22.3R3-S3, 22.4R3-S3, 23.2R2-S1, 23.4R1-S2, 23.4R2, 24.2R1, and all subsequent releases.\u003cbr\u003eJunos OS Evolved: 21.4R3-S8-EVO, 22.2R3-S4-EVO, 22.3R3-S3-EVO, 22.4R3-S3-EVO, 23.2R2-S1-EVO, 23.4R1-S2-EVO, 23.4R2-EVO, 24.2R1-EVO, and all subsequent releases.\u003cbr\u003e\n\n\n\n\u003cbr\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue:\n \n\nJunos OS: 21.4R3-S8, 22.2R3-S4, 22.3R3-S3, 22.4R3-S3, 23.2R2-S1, 23.4R1-S2, 23.4R2, 24.2R1, and all subsequent releases.\nJunos OS Evolved: 21.4R3-S8-EVO, 22.2R3-S4-EVO, 22.3R3-S3-EVO, 22.4R3-S3-EVO, 23.2R2-S1-EVO, 23.4R1-S2-EVO, 23.4R2-EVO, 24.2R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA83015",
"defect": [
"1787290"
],
"discovery": "INTERNAL"
},
"title": "Junos OS and Junos OS Evolved: Receipt of a specific malformed BGP update causes the session to reset",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-39555",
"datePublished": "2024-07-10T22:36:48.706Z",
"dateReserved": "2024-06-25T15:12:53.247Z",
"dateUpdated": "2024-08-02T04:26:15.946Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21613 (GCVE-0-2024-21613)
Vulnerability from cvelistv5
Published
2024-01-12 00:55
Modified
2025-06-17 21:09
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A Missing Release of Memory after Effective Lifetime vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause an rpd crash, leading to Denial of Service (DoS).
On all Junos OS and Junos OS Evolved platforms, when traffic engineering is enabled for OSPF or ISIS, and a link flaps, a patroot memory leak is observed. This memory leak, over time, will lead to an rpd crash and restart.
The memory usage can be monitored using the below command.
user@host> show task memory detail | match patroot
This issue affects:
Juniper Networks Junos OS
* All versions earlier than 21.2R3-S3;
* 21.3 versions earlier than 21.3R3-S5;
* 21.4 versions earlier than 21.4R3-S3;
* 22.1 versions earlier than 22.1R3;
* 22.2 versions earlier than 22.2R3.
Juniper Networks Junos OS Evolved
* All versions earlier than 21.3R3-S5-EVO;
* 21.4 versions earlier than 21.4R3-EVO;
* 22.1 versions earlier than 22.1R3-EVO;
* 22.2 versions earlier than 22.2R3-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportportal.juniper.net/JSA75754 | vendor-advisory | |
| https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N | technical-description |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: 0 ≤ Version: 21.3 ≤ Version: 21.4 ≤ Version: 22.1 ≤ Version: 22.2 ≤ |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:35.807Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA75754"
},
{
"tags": [
"technical-description",
"x_transferred"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21613",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-12T15:44:14.489748Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T21:09:20.684Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S3",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.3R3-S5",
"status": "affected",
"version": "21.3",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S3",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3",
"status": "affected",
"version": "22.2",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.3R3-S5-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-EVO",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-EVO",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-EVO",
"status": "affected",
"version": "22.2",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eFor this issue to occur, OSPF or ISIS with traffic engineering needs to be enabled.\u003c/p\u003e \u003ctt\u003e[ protocols ospf traffic-engineering ]\u003cbr\u003e\u003c/tt\u003e\u003ctt\u003e[ protocols isis traffic-engineering ]\u003c/tt\u003e"
}
],
"value": "For this issue to occur, OSPF or ISIS with traffic engineering needs to be enabled.\n\n [ protocols ospf traffic-engineering ]\n[ protocols isis traffic-engineering ]"
}
],
"datePublic": "2024-01-10T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eA Missing Release of Memory after Effective Lifetime vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause an rpd crash, leading to Denial of Service (DoS).\u003c/p\u003e\u003cp\u003eOn all Junos OS and Junos OS Evolved platforms, when traffic engineering is enabled for OSPF or ISIS, and a link flaps, a patroot memory leak is observed. This memory leak, over time, will lead to an rpd crash and restart.\u003c/p\u003e\u003cp\u003eThe memory usage can be monitored using the below command.\u003c/p\u003e\u003ccode\u003euser@host\u0026gt; show task memory detail | match patroot\u003c/code\u003e\u003cbr\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJuniper Networks Junos OS\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions earlier than 21.2R3-S3;\u003c/li\u003e\u003cli\u003e21.3 versions earlier than 21.3R3-S5;\u003c/li\u003e\u003cli\u003e21.4 versions earlier than 21.4R3-S3;\u003c/li\u003e\u003cli\u003e22.1 versions earlier than 22.1R3;\u003c/li\u003e\u003cli\u003e22.2 versions earlier than 22.2R3.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eJuniper Networks Junos OS Evolved\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions earlier than 21.3R3-S5-EVO;\u003c/li\u003e\u003cli\u003e21.4 versions earlier than 21.4R3-EVO;\u003c/li\u003e\u003cli\u003e22.1 versions earlier than 22.1R3-EVO;\u003c/li\u003e\u003cli\u003e22.2 versions earlier than 22.2R3-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\n\n"
}
],
"value": "\nA Missing Release of Memory after Effective Lifetime vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause an rpd crash, leading to Denial of Service (DoS).\n\nOn all Junos OS and Junos OS Evolved platforms, when traffic engineering is enabled for OSPF or ISIS, and a link flaps, a patroot memory leak is observed. This memory leak, over time, will lead to an rpd crash and restart.\n\nThe memory usage can be monitored using the below command.\n\nuser@host\u003e show task memory detail | match patroot\nThis issue affects:\n\nJuniper Networks Junos OS\n\n\n\n * All versions earlier than 21.2R3-S3;\n * 21.3 versions earlier than 21.3R3-S5;\n * 21.4 versions earlier than 21.4R3-S3;\n * 22.1 versions earlier than 22.1R3;\n * 22.2 versions earlier than 22.2R3.\n\n\n\n\nJuniper Networks Junos OS Evolved\n\n\n\n * All versions earlier than 21.3R3-S5-EVO;\n * 21.4 versions earlier than 21.4R3-EVO;\n * 22.1 versions earlier than 22.1R3-EVO;\n * 22.2 versions earlier than 22.2R3-EVO.\n\n\n\n\n\n\n"
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e"
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-12T00:55:51.011Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA75754"
},
{
"tags": [
"technical-description"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue:\u003c/p\u003e\u003cp\u003eJunos OS: 21.2R3-S3, 21.3R3-S5, 21.4R3-S3, 22.1R3, 22.2R3, 22.3R1 and all subsequent releases.\u003c/p\u003e\u003cp\u003eJunos OS Evolved: 21.3R3-S5-EVO, 21.4R3-EVO, 22.1R3-EVO, 22.2R3-EVO, 22.3R1-EVO, and all subsequent releases.\u003c/p\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 21.2R3-S3, 21.3R3-S5, 21.4R3-S3, 22.1R3, 22.2R3, 22.3R1 and all subsequent releases.\n\nJunos OS Evolved: 21.3R3-S5-EVO, 21.4R3-EVO, 22.1R3-EVO, 22.2R3-EVO, 22.3R1-EVO, and all subsequent releases.\n\n"
}
],
"source": {
"advisory": "JSA75754",
"defect": [
"1678431"
],
"discovery": "USER"
},
"timeline": [
{
"lang": "en",
"time": "2024-01-10T17:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Junos OS and Junos OS Evolved: A link flap causes patroot memory leak which leads to rpd crash",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are no known workarounds for this issue.\u003c/p\u003e"
}
],
"value": "There are no known workarounds for this issue.\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-av217"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-21613",
"datePublished": "2024-01-12T00:55:51.011Z",
"dateReserved": "2023-12-27T19:38:25.709Z",
"dateUpdated": "2025-06-17T21:09:20.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-31363 (GCVE-0-2021-31363)
Vulnerability from cvelistv5
Published
2021-10-19 18:16
Modified
2024-09-16 16:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In an MPLS P2MP environment a Loop with Unreachable Exit Condition vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause high load on RPD which in turn may lead to routing protocol flaps. If a system with sensor-based-stats enabled receives a specific LDP FEC this can lead to the above condition. Continued receipted of such an LDP FEC will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS 19.2 version 19.2R2 and later versions prior to 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S2; 20.1 versions prior to 20.1R2-S1, 20.1R3; 20.2 versions prior to 20.2R2-S1, 20.2R3; 20.3 versions prior to 20.3R1-S2, 20.3R2. This issue does not affect Juniper Networks Junos OS versions prior to 19.2R2. Juniper Networks Junos OS Evolved All versions prior to 20.1R2-S3-EVO; 20.3 versions prior to 20.3R1-S2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA11225 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Patch: unspecified Version: 19.2R2 < 19.2* Version: 19.3 < 19.3R2-S6, 19.3R3-S2 Version: 19.4 < 19.4R1-S4, 19.4R2-S4, 19.4R3-S2 Version: 20.1 < 20.1R2-S1, 20.1R3 Version: 20.2 < 20.2R2-S1, 20.2R3 Version: 20.3 < 20.3R1-S2, 20.3R2 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:55:53.632Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11225"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "19.2R2",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
},
{
"changes": [
{
"at": "19.2R3-S3",
"status": "unaffected"
}
],
"lessThan": "19.2*",
"status": "affected",
"version": "19.2R2",
"versionType": "custom"
},
{
"lessThan": "19.3R2-S6, 19.3R3-S2",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R1-S4, 19.4R2-S4, 19.4R3-S2",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R2-S1, 20.1R3",
"status": "affected",
"version": "20.1",
"versionType": "custom"
},
{
"lessThan": "20.2R2-S1, 20.2R3",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R1-S2, 20.3R2",
"status": "affected",
"version": "20.3",
"versionType": "custom"
}
]
},
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.1R2-S3-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "20.3R1-S2-EVO",
"status": "affected",
"version": "20.3",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "A vulnerable Junos OS configuration would need to have:\n [protocols ldp p2mp]\nand\n [protocols ldp traffic-statistics sensor-based-stats]\n\nFor Junos OS Evolved only:\n [protocols ldp p2mp]\nis need as sensor-based-stats is the default setting which can\u0027t be changed."
}
],
"datePublic": "2021-10-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In an MPLS P2MP environment a Loop with Unreachable Exit Condition vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause high load on RPD which in turn may lead to routing protocol flaps. If a system with sensor-based-stats enabled receives a specific LDP FEC this can lead to the above condition. Continued receipted of such an LDP FEC will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS 19.2 version 19.2R2 and later versions prior to 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S2; 20.1 versions prior to 20.1R2-S1, 20.1R3; 20.2 versions prior to 20.2R2-S1, 20.2R3; 20.3 versions prior to 20.3R1-S2, 20.3R2. This issue does not affect Juniper Networks Junos OS versions prior to 19.2R2. Juniper Networks Junos OS Evolved All versions prior to 20.1R2-S3-EVO; 20.3 versions prior to 20.3R1-S2-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-19T18:16:50",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11225"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue in Junos OS: 19.2R3-S3, 19.3R2-S6, 19.3R3-S2, 19.4R1-S4, 19.4R2-S4, 19.4R3-S2, 20.1R2-S1, 20.1R3, 20.2R2-S1, 20.2R3, 20.3R1-S2, 20.3R2, 20.4R1, and all subsequent releases.\n\nThe following software releases have been updated to resolve this specific issue in Junos OS Evolved: 20.1R2-S3-EVO, 20.3R1-S2-EVO, 20.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11225",
"defect": [
"1552041"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: Receipt of a specific LDP message will cause a Denial of Service",
"workarounds": [
{
"lang": "en",
"value": "For Junos OS turn off sensor-based-stats by deleting:\n\n [protocols ldp traffic-statistics sensor-based-stats]\n\nFor Junos OS Evolved mLDP will have to be turned off as sensor-based-stats is the default:\n\n [protocols ldp p2mp]"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-10-13T16:00:00.000Z",
"ID": "CVE-2021-31363",
"STATE": "PUBLIC",
"TITLE": "Junos OS and Junos OS Evolved: Receipt of a specific LDP message will cause a Denial of Service"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "19.2",
"version_value": "19.2R2"
},
{
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R3-S3"
},
{
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R2-S6, 19.3R3-S2"
},
{
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R1-S4, 19.4R2-S4, 19.4R3-S2"
},
{
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R2-S1, 20.1R3"
},
{
"version_affected": "\u003c",
"version_name": "20.2",
"version_value": "20.2R2-S1, 20.2R3"
},
{
"version_affected": "\u003c",
"version_name": "20.3",
"version_value": "20.3R1-S2, 20.3R2"
},
{
"version_affected": "!\u003c",
"version_value": "19.2R2"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "20.1R2-S3-EVO"
},
{
"version_affected": "\u003c",
"version_name": "20.3",
"version_value": "20.3R1-S2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "A vulnerable Junos OS configuration would need to have:\n [protocols ldp p2mp]\nand\n [protocols ldp traffic-statistics sensor-based-stats]\n\nFor Junos OS Evolved only:\n [protocols ldp p2mp]\nis need as sensor-based-stats is the default setting which can\u0027t be changed."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In an MPLS P2MP environment a Loop with Unreachable Exit Condition vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause high load on RPD which in turn may lead to routing protocol flaps. If a system with sensor-based-stats enabled receives a specific LDP FEC this can lead to the above condition. Continued receipted of such an LDP FEC will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS 19.2 version 19.2R2 and later versions prior to 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S2; 20.1 versions prior to 20.1R2-S1, 20.1R3; 20.2 versions prior to 20.2R2-S1, 20.2R3; 20.3 versions prior to 20.3R1-S2, 20.3R2. This issue does not affect Juniper Networks Junos OS versions prior to 19.2R2. Juniper Networks Junos OS Evolved All versions prior to 20.1R2-S3-EVO; 20.3 versions prior to 20.3R1-S2-EVO."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11225",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11225"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue in Junos OS: 19.2R3-S3, 19.3R2-S6, 19.3R3-S2, 19.4R1-S4, 19.4R2-S4, 19.4R3-S2, 20.1R2-S1, 20.1R3, 20.2R2-S1, 20.2R3, 20.3R1-S2, 20.3R2, 20.4R1, and all subsequent releases.\n\nThe following software releases have been updated to resolve this specific issue in Junos OS Evolved: 20.1R2-S3-EVO, 20.3R1-S2-EVO, 20.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11225",
"defect": [
"1552041"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "For Junos OS turn off sensor-based-stats by deleting:\n\n [protocols ldp traffic-statistics sensor-based-stats]\n\nFor Junos OS Evolved mLDP will have to be turned off as sensor-based-stats is the default:\n\n [protocols ldp p2mp]"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-31363",
"datePublished": "2021-10-19T18:16:50.581451Z",
"dateReserved": "2021-04-15T00:00:00",
"dateUpdated": "2024-09-16T16:23:31.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-31353 (GCVE-0-2021-31353)
Vulnerability from cvelistv5
Published
2021-10-19 18:16
Modified
2024-09-16 17:37
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An Improper Handling of Exceptional Conditions vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an attacker to inject a specific BGP update, causing the routing protocol daemon (RPD) to crash and restart, leading to a Denial of Service (DoS). Continued receipt and processing of the BGP update will create a sustained Denial of Service (DoS) condition. This issue affects very specific versions of Juniper Networks Junos OS: 19.3R3-S2; 19.4R3-S3; 20.2 versions 20.2R2-S3 and later, prior to 20.2R3-S2; 20.3 versions 20.3R2 and later, prior to 20.3R3; 20.4 versions 20.4R2 and later, prior to 20.4R3; 21.1 versions prior to 21.1R2. Juniper Networks Junos OS 20.1 is not affected by this issue. This issue also affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-S3-EVO, 20.4R3-EVO; 21.1-EVO versions prior to 21.1R2-EVO; 21.2-EVO versions prior to 21.2R2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA11218 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Patch: unspecified Version: 19.3R3-S2 Version: 19.4R3-S3 Patch: 20.1R1 Patch: 20.2 Patch: 20.3 Patch: 20.4 Version: 21.1 < 21.1R2 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:55:53.456Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11218"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "19.3R3-S2",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "19.3R3-S2"
},
{
"status": "affected",
"version": "19.4R3-S3"
},
{
"lessThan": "20.1*",
"status": "unaffected",
"version": "20.1R1",
"versionType": "custom"
},
{
"changes": [
{
"at": "20.2R3-S2",
"status": "unaffected"
}
],
"lessThan": "20.2R2-S3",
"status": "unaffected",
"version": "20.2",
"versionType": "custom"
},
{
"changes": [
{
"at": "20.3R3",
"status": "unaffected"
}
],
"lessThan": "20.3R2",
"status": "unaffected",
"version": "20.3",
"versionType": "custom"
},
{
"changes": [
{
"at": "20.4R3",
"status": "unaffected"
}
],
"lessThan": "20.4R2",
"status": "unaffected",
"version": "20.4",
"versionType": "custom"
},
{
"lessThan": "21.1R2",
"status": "affected",
"version": "21.1",
"versionType": "custom"
}
]
},
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R2-S3-EVO, 20.4R3-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "21.1R2-EVO",
"status": "affected",
"version": "21.1-EVO",
"versionType": "custom"
},
{
"lessThan": "21.2R2-EVO",
"status": "affected",
"version": "21.2-EVO",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "This issue can occur when multipath is enabled:\n\n routing-instance \u003cvrf\u003e routing-options multipath\n\nand one of the following two TTL propagation options (but not both) are enabled:\n\n protocols mpls no-propagate-ttl\n routing-instance \u003cvrf\u003e no-vrf-propagate-ttl"
}
],
"datePublic": "2021-10-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Improper Handling of Exceptional Conditions vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an attacker to inject a specific BGP update, causing the routing protocol daemon (RPD) to crash and restart, leading to a Denial of Service (DoS). Continued receipt and processing of the BGP update will create a sustained Denial of Service (DoS) condition. This issue affects very specific versions of Juniper Networks Junos OS: 19.3R3-S2; 19.4R3-S3; 20.2 versions 20.2R2-S3 and later, prior to 20.2R3-S2; 20.3 versions 20.3R2 and later, prior to 20.3R3; 20.4 versions 20.4R2 and later, prior to 20.4R3; 21.1 versions prior to 21.1R2. Juniper Networks Junos OS 20.1 is not affected by this issue. This issue also affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-S3-EVO, 20.4R3-EVO; 21.1-EVO versions prior to 21.1R2-EVO; 21.2-EVO versions prior to 21.2R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755 Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-19T18:16:34",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11218"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS 18.4R2-S9, 19.1R3-S7, 19.3R3-S3, 19.4R1-S4, 19.4R3-S4, 20.1R3, 20.2R3-S2, 20.3R3, 20.4R3, 21.1R2, 21.2R1, 21.2R2, 21.3R1, and all subsequent releases.\n\nJunos OS Evolved 20.4R2-S3-EVO, 20.4R3-EVO, 21.1R2-EVO, 21.2R2-EVO, 21.3R1-EVO, and all subsequent releases.\n\nNote: Only those releases listed in the PROBLEM section above are affected. This fix has also been proactively committed into other releases that are not vulnerable to this issue."
}
],
"source": {
"advisory": "JSA11218",
"defect": [
"1595165"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: RPD core upon receipt of specific BGP update",
"workarounds": [
{
"lang": "en",
"value": "This issue can be mitigated in two ways:\n\n1) ensure that TTL propagation is either enabled or disabled in both places below:\n protocols mpls no-propagate-ttl\n routing-instance \u003cvrf\u003e no-vrf-propagate-ttl\n\n2) Disable multipath:\n routing-instance \u003cvrf\u003e routing-options multipath"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-10-13T16:00:00.000Z",
"ID": "CVE-2021-31353",
"STATE": "PUBLIC",
"TITLE": "Junos OS and Junos OS Evolved: RPD core upon receipt of specific BGP update"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "!\u003c",
"version_value": "19.3R3-S2"
},
{
"version_affected": "=",
"version_value": "19.3R3-S2"
},
{
"version_affected": "=",
"version_value": "19.4R3-S3"
},
{
"version_affected": "!\u003e=",
"version_name": "20.1",
"version_value": "20.1R1"
},
{
"version_affected": "!\u003c",
"version_name": "20.2",
"version_value": "20.2R2-S3"
},
{
"version_affected": "\u003c",
"version_name": "20.2",
"version_value": "20.2R3-S2"
},
{
"version_affected": "!\u003c",
"version_name": "20.3",
"version_value": "20.3R2"
},
{
"version_affected": "\u003c",
"version_name": "20.3",
"version_value": "20.3R3"
},
{
"version_affected": "!\u003c",
"version_name": "20.4",
"version_value": "20.4R2"
},
{
"version_affected": "\u003c",
"version_name": "20.4",
"version_value": "20.4R3"
},
{
"version_affected": "\u003c",
"version_name": "21.1",
"version_value": "21.1R2"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "20.4R2-S3-EVO, 20.4R3-EVO"
},
{
"version_affected": "\u003c",
"version_name": "21.1-EVO",
"version_value": "21.1R2-EVO"
},
{
"version_affected": "\u003c",
"version_name": "21.2-EVO",
"version_value": "21.2R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "This issue can occur when multipath is enabled:\n\n routing-instance \u003cvrf\u003e routing-options multipath\n\nand one of the following two TTL propagation options (but not both) are enabled:\n\n protocols mpls no-propagate-ttl\n routing-instance \u003cvrf\u003e no-vrf-propagate-ttl"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Improper Handling of Exceptional Conditions vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an attacker to inject a specific BGP update, causing the routing protocol daemon (RPD) to crash and restart, leading to a Denial of Service (DoS). Continued receipt and processing of the BGP update will create a sustained Denial of Service (DoS) condition. This issue affects very specific versions of Juniper Networks Junos OS: 19.3R3-S2; 19.4R3-S3; 20.2 versions 20.2R2-S3 and later, prior to 20.2R3-S2; 20.3 versions 20.3R2 and later, prior to 20.3R3; 20.4 versions 20.4R2 and later, prior to 20.4R3; 21.1 versions prior to 21.1R2. Juniper Networks Junos OS 20.1 is not affected by this issue. This issue also affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-S3-EVO, 20.4R3-EVO; 21.1-EVO versions prior to 21.1R2-EVO; 21.2-EVO versions prior to 21.2R2-EVO."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-755 Improper Handling of Exceptional Conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11218",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11218"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS 18.4R2-S9, 19.1R3-S7, 19.3R3-S3, 19.4R1-S4, 19.4R3-S4, 20.1R3, 20.2R3-S2, 20.3R3, 20.4R3, 21.1R2, 21.2R1, 21.2R2, 21.3R1, and all subsequent releases.\n\nJunos OS Evolved 20.4R2-S3-EVO, 20.4R3-EVO, 21.1R2-EVO, 21.2R2-EVO, 21.3R1-EVO, and all subsequent releases.\n\nNote: Only those releases listed in the PROBLEM section above are affected. This fix has also been proactively committed into other releases that are not vulnerable to this issue."
}
],
"source": {
"advisory": "JSA11218",
"defect": [
"1595165"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "This issue can be mitigated in two ways:\n\n1) ensure that TTL propagation is either enabled or disabled in both places below:\n protocols mpls no-propagate-ttl\n routing-instance \u003cvrf\u003e no-vrf-propagate-ttl\n\n2) Disable multipath:\n routing-instance \u003cvrf\u003e routing-options multipath"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-31353",
"datePublished": "2021-10-19T18:16:34.884433Z",
"dateReserved": "2021-04-15T00:00:00",
"dateUpdated": "2024-09-16T17:37:46.150Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22224 (GCVE-0-2022-22224)
Vulnerability from cvelistv5
Published
2022-10-18 02:46
Modified
2025-05-12 14:42
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An Improper Check or Handling of Exceptional Conditions vulnerability in the processing of a malformed OSPF TLV in Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause the periodic packet management daemon (PPMD) process to go into an infinite loop, which in turn can cause protocols and functions reliant on PPMD such as OSPF neighbor reachability to be impacted, resulting in a sustained Denial of Service (DoS) condition. The DoS condition persists until the PPMD process is manually restarted. This issue affects: Juniper Networks Junos OS: All versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S5; 19.3 versions prior to 19.3R3-S3; 19.4 versions prior to 19.4R3-S9; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3-S1; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2. Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S3-EVO; 21.1 versions prior to 21.1R2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA69874 |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: unspecified < 19.1R3-S9 Version: 19.2 < 19.2R3-S5 Version: 19.3 < 19.3R3-S3 Version: 19.4 < 19.4R3-S9 Version: 20.1 < 20.1R3 Version: 20.2 < 20.2R3-S1 Version: 20.3 < 20.3R3 Version: 20.4 < 20.4R3 Version: 21.1 < 21.1R2 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:07:49.819Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.juniper.net/JSA69874"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-22224",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-12T14:42:42.726449Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-12T14:42:48.561Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "19.1R3-S9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "19.2R3-S5",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R3-S3",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R3-S9",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R3",
"status": "affected",
"version": "20.1",
"versionType": "custom"
},
{
"lessThan": "20.2R3-S1",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R3",
"status": "affected",
"version": "20.3",
"versionType": "custom"
},
{
"lessThan": "20.4R3",
"status": "affected",
"version": "20.4",
"versionType": "custom"
},
{
"lessThan": "21.1R2",
"status": "affected",
"version": "21.1",
"versionType": "custom"
}
]
},
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S3-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "21.1R2-EVO",
"status": "affected",
"version": "21.1",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "Exploitation of this issue requires OSPF to be enabled. A sample OSPF configuration is shown below.\n\n [protocols ospf area \u003carea\u003e interface \u003cinterface\u003e]"
}
],
"datePublic": "2022-10-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Improper Check or Handling of Exceptional Conditions vulnerability in the processing of a malformed OSPF TLV in Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause the periodic packet management daemon (PPMD) process to go into an infinite loop, which in turn can cause protocols and functions reliant on PPMD such as OSPF neighbor reachability to be impacted, resulting in a sustained Denial of Service (DoS) condition. The DoS condition persists until the PPMD process is manually restarted. This issue affects: Juniper Networks Junos OS: All versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S5; 19.3 versions prior to 19.3R3-S3; 19.4 versions prior to 19.4R3-S9; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3-S1; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2. Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S3-EVO; 21.1 versions prior to 21.1R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703 Improper Check or Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-18T00:00:00.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"url": "https://kb.juniper.net/JSA69874"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: \nJunos OS: 19.1R3-S9, 19.2R3-S5, 19.3R3-S3, 19.4R3-S9, 20.1R3, 20.2R3-S1, 20.3R3, 20.4R3, 21.1R2, 21.2R1, and all subsequent releases.\nJunos OS Evolved: 20.4R3-S3-EVO, 21.1R2-EVO, 21.2R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA69874",
"defect": [
"1582147"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: PPMD goes into infinite loop upon receipt of malformed OSPF TLV",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue. However, service can be restored by restarting the PPMD process from the Junos shell:\n\nFirst, identify the PID for the daemon.\n\n root@Junos:~ # ps -aux | grep \"[p]pm\"\n root 73848 0.0 0.0 740624 14072 - S 29Apr22 20:53.61 /usr/sbin/ppmd -N\n\nSecond, kill the process.\n\n root@Junos:~ # kill -9 73848"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2022-22224",
"datePublished": "2022-10-18T02:46:25.868Z",
"dateReserved": "2021-12-21T00:00:00.000Z",
"dateUpdated": "2025-05-12T14:42:48.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22193 (GCVE-0-2022-22193)
Vulnerability from cvelistv5
Published
2022-04-14 15:50
Modified
2024-09-17 02:06
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An Improper Handling of Unexpected Data Type vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). Continued execution of this command might cause a sustained Denial of Service condition. If BGP rib sharding is configured and a certain CLI command is executed the rpd process can crash. During the rpd crash and restart, the routing protocols might be impacted and traffic disruption might be seen due to the loss of routing information. This issue affects: Juniper Networks Junos OS 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2. Juniper Networks Junos OS Evolved 20.4 versions prior to 20.4R3-EVO; 21.1 versions prior to 21.1R3-EVO; 21.2 versions prior to 21.2R2-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 20.3R1. Juniper Networks Junos OS Evolved versions prior to 20.3R1-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA69503 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Patch: unspecified Version: 20.3 < 20.3R3-S1 Version: 20.4 < 20.4R3 Version: 21.1 < 21.1R3 Version: 21.2 < 21.2R2 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:07:49.838Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA69503"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.3R1",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "20.3R3-S1",
"status": "affected",
"version": "20.3",
"versionType": "custom"
},
{
"lessThan": "20.4R3",
"status": "affected",
"version": "20.4",
"versionType": "custom"
},
{
"lessThan": "21.1R3",
"status": "affected",
"version": "21.1",
"versionType": "custom"
},
{
"lessThan": "21.2R2",
"status": "affected",
"version": "21.2",
"versionType": "custom"
}
]
},
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.3R1-EVO",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "20.4R3-EVO",
"status": "affected",
"version": "20.4",
"versionType": "custom"
},
{
"lessThan": "21.1R3-EVO",
"status": "affected",
"version": "21.1",
"versionType": "custom"
},
{
"lessThan": "21.2R2-EVO",
"status": "affected",
"version": "21.2",
"versionType": "custom"
},
{
"lessThan": "20.3*",
"status": "affected",
"version": "20.3R1-EVO",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "To be affected by this issue BGP rib sharing needs to be configured:\n\n [ system processes routing bgp rib-sharding ]"
}
],
"datePublic": "2022-04-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Improper Handling of Unexpected Data Type vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). Continued execution of this command might cause a sustained Denial of Service condition. If BGP rib sharding is configured and a certain CLI command is executed the rpd process can crash. During the rpd crash and restart, the routing protocols might be impacted and traffic disruption might be seen due to the loss of routing information. This issue affects: Juniper Networks Junos OS 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2. Juniper Networks Junos OS Evolved 20.4 versions prior to 20.4R3-EVO; 21.1 versions prior to 21.1R3-EVO; 21.2 versions prior to 21.2R2-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 20.3R1. Juniper Networks Junos OS Evolved versions prior to 20.3R1-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-241",
"description": "CWE-241 Improper Handling of Unexpected Data Type",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-14T15:50:53",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA69503"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: \nJunos OS Evolved: 20.4R3-EVO, 21.1R3-EVO, 21.2R2-EVO, 21.3R1-EVO, and all subsequent releases;\nJunos OS: 20.3R3-S1, 20.4R3, 21.1R3, 21.2R2, 21.3R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA69503",
"defect": [
"1600866"
],
"discovery": "INTERNAL"
},
"title": "Junos OS and Junos OS Evolved: In a BGP rib-sharding scenario when a certain CLI command is executed the rpd process might crash",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2022-04-13T16:00:00.000Z",
"ID": "CVE-2022-22193",
"STATE": "PUBLIC",
"TITLE": "Junos OS and Junos OS Evolved: In a BGP rib-sharding scenario when a certain CLI command is executed the rpd process might crash"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "20.3",
"version_value": "20.3R3-S1"
},
{
"version_affected": "\u003c",
"version_name": "20.4",
"version_value": "20.4R3"
},
{
"version_affected": "\u003c",
"version_name": "21.1",
"version_value": "21.1R3"
},
{
"version_affected": "\u003c",
"version_name": "21.2",
"version_value": "21.2R2"
},
{
"version_affected": "!\u003c",
"version_value": "20.3R1"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "20.4",
"version_value": "20.4R3-EVO"
},
{
"version_affected": "\u003c",
"version_name": "21.1",
"version_value": "21.1R3-EVO"
},
{
"version_affected": "\u003c",
"version_name": "21.2",
"version_value": "21.2R2-EVO"
},
{
"version_affected": "!\u003c",
"version_value": "20.3R1-EVO"
},
{
"version_affected": "\u003e=",
"version_name": "20.3",
"version_value": "20.3R1-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "To be affected by this issue BGP rib sharing needs to be configured:\n\n [ system processes routing bgp rib-sharding ]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Improper Handling of Unexpected Data Type vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). Continued execution of this command might cause a sustained Denial of Service condition. If BGP rib sharding is configured and a certain CLI command is executed the rpd process can crash. During the rpd crash and restart, the routing protocols might be impacted and traffic disruption might be seen due to the loss of routing information. This issue affects: Juniper Networks Junos OS 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2. Juniper Networks Junos OS Evolved 20.4 versions prior to 20.4R3-EVO; 21.1 versions prior to 21.1R3-EVO; 21.2 versions prior to 21.2R2-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 20.3R1. Juniper Networks Junos OS Evolved versions prior to 20.3R1-EVO."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-241 Improper Handling of Unexpected Data Type"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA69503",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA69503"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: \nJunos OS Evolved: 20.4R3-EVO, 21.1R3-EVO, 21.2R2-EVO, 21.3R1-EVO, and all subsequent releases;\nJunos OS: 20.3R3-S1, 20.4R3, 21.1R3, 21.2R2, 21.3R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA69503",
"defect": [
"1600866"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2022-22193",
"datePublished": "2022-04-14T15:50:53.728016Z",
"dateReserved": "2021-12-21T00:00:00",
"dateUpdated": "2024-09-17T02:06:34.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39517 (GCVE-0-2024-39517)
Vulnerability from cvelistv5
Published
2024-07-10 23:06
Modified
2024-08-02 04:26
Severity ?
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.1 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
7.1 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
VLAI Severity ?
EPSS score ?
Summary
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Layer 2 Address Learning Daemon (l2ald) on Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause Denial of Service (DoS).
In an EVPN/VXLAN scenario, when a high amount specific Layer 2 packets are processed by the device, it can cause the Routing Protocol Daemon (rpd) to utilize all CPU resources which causes the device to hang. A manual restart of the rpd is required to restore services.
This issue affects both IPv4 and IPv6 implementations.
This issue affects
Junos OS:
All versions earlier than 21.4R3-S7;
22.1 versions earlier than 22.1R3-S5;
22.2 versions earlier than 22.2R3-S3;
22.3 versions earlier than 22.3R3-S3;
22.4 versions earlier than 22.4R3-S2;
23.2 versions earlier than 23.2R2;
23.4 versions earlier than 23.4R1-S1.
Junos OS Evolved:
All versions earlier than 21.4R3-S7-EVO;
22.1-EVO versions earlier than 22.1R3-S5-EVO;
22.2-EVO versions earlier than 22.2R3-S3-EVO;
22.3-EVO versions earlier than 22.3R3-S3-EVO;
22.4-EVO versions earlier than 22.4R3-S2-EVO;
23.2-EVO versions earlier than 23.2R2-EVO;
23.4-EVO versions earlier than 23.4R1-S1-EVO, 23.4R2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportportal.juniper.net/JSA79175 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: 0 ≤ Version: 21.4 ≤ Version: 22.1 ≤ Version: 22.2 ≤ Version: 22.3 ≤ Version: 22.4 ≤ Version: 23.2 ≤ Version: 23.4 ≤ |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39517",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T13:08:45.672820Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T13:09:04.536Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.885Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA79175"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S7",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S5",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S3",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S3",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S2",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R1-S1",
"status": "affected",
"version": "23.4",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S8-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S7-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S5-EVO",
"status": "affected",
"version": "22.1-EVO",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S3-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S3-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S2-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
},
{
"lessThan": "23.2R2-EVO",
"status": "affected",
"version": "23.2-EVO",
"versionType": "semver"
},
{
"lessThan": "23.4R1-S1-EVO, 23.4R2-EVO",
"status": "affected",
"version": "23.4-EVO",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eEVPN is configured on the device:\u003cbr\u003e\u003c/p\u003e\u003ctt\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp; \u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e[protocols evpn]\u003c/span\u003e\u003c/tt\u003e\u003cp\u003eTo be exposed to this issue the device needs be configured for VXLAN with either of the following statements:\u003cbr\u003e\u003c/p\u003e\u003ctt\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp; [vlans \u0026lt;vlan\u0026gt; vxlan]\u003cbr\u003e\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp; [routing-instances \u0026lt;routing-instance\u0026gt; vxlan]\u003c/span\u003e\u003c/tt\u003e"
}
],
"value": "EVPN is configured on the device:\n\n\n\u00a0 [protocols evpn]To be exposed to this issue the device needs be configured for VXLAN with either of the following statements:\n\n\n\u00a0 [vlans \u003cvlan\u003e vxlan]\n\u00a0 [routing-instances \u003crouting-instance\u003e vxlan]"
}
],
"datePublic": "2024-07-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the\u0026nbsp;Layer 2 Address Learning Daemon (l2ald) on Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003eIn an \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEVPN/VXLAN\u003c/span\u003e scenario, when a high amount specific Layer 2 packets are processed by the device, it can cause the Routing Protocol Daemon (rpd) to utilize all CPU resources which causes the device to hang. A manual restart of the rpd is required to restore services.\u003cbr\u003e\u003cbr\u003eThis issue affects both IPv4 and IPv6 implementations.\u003cbr\u003e\u003cp\u003eThis issue affects\u003cbr\u003eJunos OS:\u003cbr\u003eAll versions earlier than\u0026nbsp;21.4R3-S7;\u003cbr\u003e22.1\u0026nbsp;versions earlier than 22.1R3-S5;\u003cbr\u003e22.2 versions earlier than\u0026nbsp;22.2R3-S3;\u003cbr\u003e22.3 versions earlier than\u0026nbsp;22.3R3-S3;\u003cbr\u003e22.4 versions earlier than\u0026nbsp;22.4R3-S2;\u003cbr\u003e23.2 versions earlier than\u0026nbsp;23.2R2;\u003cbr\u003e23.4 versions earlier than\u0026nbsp;23.4R1-S1.\u003c/p\u003eJunos OS Evolved:\u003cbr\u003eAll versions earlier than\u0026nbsp;21.4R3-S7-EVO;\u003cbr\u003e22.1-EVO versions earlier than\u0026nbsp;22.1R3-S5-EVO;\u003cbr\u003e22.2-EVO versions earlier than\u0026nbsp;22.2R3-S3-EVO;\u003cbr\u003e22.3-EVO versions earlier than 22.3R3-S3-EVO;\u003cbr\u003e22.4-EVO versions earlier than\u0026nbsp;22.4R3-S2-EVO;\u003cbr\u003e23.2-EVO versions earlier than\u0026nbsp;23.2R2-EVO;\u003cbr\u003e23.4-EVO versions earlier than\u0026nbsp;23.4R1-S1-EVO, 23.4R2-EVO."
}
],
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the\u00a0Layer 2 Address Learning Daemon (l2ald) on Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause Denial of Service (DoS).\n\nIn an EVPN/VXLAN scenario, when a high amount specific Layer 2 packets are processed by the device, it can cause the Routing Protocol Daemon (rpd) to utilize all CPU resources which causes the device to hang. A manual restart of the rpd is required to restore services.\n\nThis issue affects both IPv4 and IPv6 implementations.\nThis issue affects\nJunos OS:\nAll versions earlier than\u00a021.4R3-S7;\n22.1\u00a0versions earlier than 22.1R3-S5;\n22.2 versions earlier than\u00a022.2R3-S3;\n22.3 versions earlier than\u00a022.3R3-S3;\n22.4 versions earlier than\u00a022.4R3-S2;\n23.2 versions earlier than\u00a023.2R2;\n23.4 versions earlier than\u00a023.4R1-S1.\n\nJunos OS Evolved:\nAll versions earlier than\u00a021.4R3-S7-EVO;\n22.1-EVO versions earlier than\u00a022.1R3-S5-EVO;\n22.2-EVO versions earlier than\u00a022.2R3-S3-EVO;\n22.3-EVO versions earlier than 22.3R3-S3-EVO;\n22.4-EVO versions earlier than\u00a022.4R3-S2-EVO;\n23.2-EVO versions earlier than\u00a023.2R2-EVO;\n23.4-EVO versions earlier than\u00a023.4R1-S1-EVO, 23.4R2-EVO."
}
],
"exploits": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T23:06:40.329Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA79175"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue:\u0026nbsp;\u003cbr\u003e\nJunos OS:\u0026nbsp;21.4R3-S7,\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e22.1R3-S5, 22.2R3-S3, 22.3R3-S3, 22.4R3-S2, 23.2R2, 23.4R1-S1, 23.4R2, 24.2R1, and all subsequent releases.\u003cbr\u003e\u003c/span\u003eJunos OS Evolved:\u0026nbsp;21.4R3-S7-EVO,\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e22.1R3-S5-EVO, 22.2R3-S3-EVO, 22.3R3-S3-EVO,\u0026nbsp;22.4R3-S2-EVO,\u0026nbsp;23.2R2-EVO, 23.4R1-S1-EVO, 23.4R2-EVO, 24.2R1-EVO, and all subsequent releases.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue:\u00a0\n\nJunos OS:\u00a021.4R3-S7,\u00a022.1R3-S5, 22.2R3-S3, 22.3R3-S3, 22.4R3-S2, 23.2R2, 23.4R1-S1, 23.4R2, 24.2R1, and all subsequent releases.\nJunos OS Evolved:\u00a021.4R3-S7-EVO,\u00a022.1R3-S5-EVO, 22.2R3-S3-EVO, 22.3R3-S3-EVO,\u00a022.4R3-S2-EVO,\u00a023.2R2-EVO, 23.4R1-S1-EVO, 23.4R2-EVO, 24.2R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA79175",
"defect": [
"1783346"
],
"discovery": "INTERNAL"
},
"title": "Junos OS and Junos OS Evolved: Upon processing specific L2 traffic, rpd can hang in devices with EVPN/VXLAN configured",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-39517",
"datePublished": "2024-07-10T23:06:40.329Z",
"dateReserved": "2024-06-25T15:12:53.239Z",
"dateUpdated": "2024-08-02T04:26:15.885Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-30390 (GCVE-0-2024-30390)
Vulnerability from cvelistv5
Published
2024-04-12 15:24
Modified
2024-08-02 01:32
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
Summary
An Improper Restriction of Excessive Authentication Attempts vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a limited Denial of Service (DoS) to the management plane.
When an incoming connection was blocked because it exceeded the connections-per-second rate-limit, the system doesn't consider existing connections anymore for subsequent connection attempts so that the connection limit can be exceeded.
This issue affects Junos OS Evolved:
* All versions before 21.4R3-S4-EVO,
* 22.1-EVO versions before 22.1R3-S3-EVO,
* 22.2-EVO versions before 22.2R3-S2-EVO,
* 22.3-EVO versions before 22.3R2-S1-EVO, 22.3R3-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| http://supportportal.juniper.net/JSA79183 | vendor-advisory | |
| https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N | technical-description |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Version: 0 ≤ Version: 22.1-EVO ≤ Version: 22.2-EVO ≤ Version: 22.3-EVO ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-30390",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-17T13:03:42.660154Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:39:04.373Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:32:07.113Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://supportportal.juniper.net/JSA79183"
},
{
"tags": [
"technical-description",
"x_transferred"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.4R3-S4-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S3-EVO",
"status": "affected",
"version": "22.1-EVO",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S2-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R2-S1-EVO, 22.3R3-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In order to be impacted by this issue the system needs to be configured with a connection-limit and a rate-limit for at least one of the following protocols / services. This can either be done explicit as shown below, but please note that these options are also in effect by default.\u003cbr\u003e\u003cbr\u003e\u0026nbsp; [ system services ( finger | ftp | netconf | ssh | telnet | xnm-clear-text | xnm-ssl | rest control | tftp-server ) connection-limit \u0026lt;limit\u0026gt; ]\u003cbr\u003e\u0026nbsp; \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e[ system services \n\n( finger | ftp | netconf | ssh | telnet | xnm-clear-text | xnm-ssl | rest control \n\n| tftp-server\n\n)\n\n\u003c/span\u003erate-limit \u0026lt;limit\u0026gt; ]\u003cbr\u003e"
}
],
"value": "In order to be impacted by this issue the system needs to be configured with a connection-limit and a rate-limit for at least one of the following protocols / services. This can either be done explicit as shown below, but please note that these options are also in effect by default.\n\n\u00a0 [ system services ( finger | ftp | netconf | ssh | telnet | xnm-clear-text | xnm-ssl | rest control | tftp-server ) connection-limit \u003climit\u003e ]\n\u00a0 \n\n[ system services \n\n( finger | ftp | netconf | ssh | telnet | xnm-clear-text | xnm-ssl | rest control \n\n| tftp-server\n\n)\n\nrate-limit \u003climit\u003e ]"
}
],
"datePublic": "2024-04-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Restriction of Excessive Authentication Attempts vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a limited\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDenial of Service (DoS) to the management plane.\u003cbr\u003e\u003cbr\u003eWhen an incoming connection was blocked because it exceeded the connections-per-second rate-limit, the system doesn\u0027t consider existing connections anymore for subsequent connection attempts so that the connection\u0026nbsp;limit can be exceeded.\u003cbr\u003e\u003c/span\u003e\u003cp\u003eThis issue affects Junos OS Evolved:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.4R3-S4-EVO,\u003c/li\u003e\u003cli\u003e22.1-EVO versions before 22.1R3-S3-EVO,\u003c/li\u003e\u003cli\u003e22.2-EVO versions before 22.2R3-S2-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003e22.3-EVO versions before 22.3R2-S1-EVO, 22.3R3-EVO\u003cspan style=\"background-color: var(--wht);\"\u003e.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "An Improper Restriction of Excessive Authentication Attempts vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a limited\u00a0Denial of Service (DoS) to the management plane.\n\nWhen an incoming connection was blocked because it exceeded the connections-per-second rate-limit, the system doesn\u0027t consider existing connections anymore for subsequent connection attempts so that the connection\u00a0limit can be exceeded.\nThis issue affects Junos OS Evolved:\n\n\n\n * All versions before 21.4R3-S4-EVO,\n * 22.1-EVO versions before 22.1R3-S3-EVO,\n * 22.2-EVO versions before 22.2R3-S2-EVO,\u00a0\n * 22.3-EVO versions before 22.3R2-S1-EVO, 22.3R3-EVO."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial-of-Service (DoS)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:21:54.917Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "http://supportportal.juniper.net/JSA79183"
},
{
"tags": [
"technical-description"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue:\u003cbr\u003eJunos OS Evolved: 20.4R3-S9-EVO, 21.4R3-S4-EVO, 22.1R3-S3-EVO, 22.2R3-S2-EVO, 22.3R2-S1-EVO, 22.3R3-EVO, 22.4R1-EVO, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue:\nJunos OS Evolved: 20.4R3-S9-EVO, 21.4R3-S4-EVO, 22.1R3-S3-EVO, 22.2R3-S2-EVO, 22.3R2-S1-EVO, 22.3R3-EVO, 22.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA79183",
"defect": [
"1709385"
],
"discovery": "INTERNAL"
},
"title": "Junos OS Evolved: Connection limits is not being enforced while the resp. rate limit is being enforced",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are no known workarounds for this issue.\u003c/p\u003e\u003cp\u003eTo reduce the risk of exploitation use access lists or firewall filters to limit access to the device only from trusted, administrative networks or hosts.\u003c/p\u003e"
}
],
"value": "There are no known workarounds for this issue.\n\nTo reduce the risk of exploitation use access lists or firewall filters to limit access to the device only from trusted, administrative networks or hosts."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-30390",
"datePublished": "2024-04-12T15:24:51.279Z",
"dateReserved": "2024-03-26T23:06:17.994Z",
"dateUpdated": "2024-08-02T01:32:07.113Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-44195 (GCVE-0-2023-44195)
Vulnerability from cvelistv5
Published
2023-10-12 23:04
Modified
2024-09-17 16:10
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the NetworkStack agent daemon (nsagentd) of Juniper Networks Junos OS Evolved allows an unauthenticated network based attacker to cause limited impact to the availability of the system.
If specific packets reach the Routing-Engine (RE) these will be processed normally even if firewall filters are in place which should have prevented this. This can lead to a limited, increased consumption of resources resulting in a Denial-of-Service (DoS), and unauthorized access.
CVE-2023-44196 is a prerequisite for this issue.
This issue affects Juniper Networks Junos OS Evolved:
* 21.3-EVO versions prior to 21.3R3-S5-EVO;
* 21.4-EVO versions prior to 21.4R3-S4-EVO;
* 22.1-EVO version 22.1R1-EVO and later;
* 22.2-EVO version 22.2R1-EVO and later;
* 22.3-EVO versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO;
* 22.4-EVO versions prior to 22.4R3-EVO.
This issue doesn't not affected Junos OS Evolved versions prior to 21.3R1-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportportal.juniper.net/JSA73160 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Version: 21.3-EVO ≤ Version: 21.4-EVO ≤ Version: 22.1R1-EVO ≤ Version: 22.2R1-EVO ≤ Version: 22.3-EVO ≤ Version: 22.4-EVO ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:59:51.561Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA73160"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-44195",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T15:53:20.306753Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T16:10:16.450Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.3R1-EVO",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.3R3-S5-EVO",
"status": "affected",
"version": "21.3-EVO",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S4-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "semver"
},
{
"lessThan": "22.1*-EVO",
"status": "affected",
"version": "22.1R1-EVO",
"versionType": "semver"
},
{
"lessThan": "22.2*-EVO",
"status": "affected",
"version": "22.2R1-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R2-S2-EVO, 22.3R3-S1-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R3-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-10-11T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eAn Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the NetworkStack agent daemon (nsagentd) of Juniper Networks Junos OS Evolved allows an unauthenticated network based attacker to cause limited impact to the availability of the system.\u003c/p\u003e\u003cp\u003eIf specific packets reach the Routing-Engine (RE) these will be processed normally even if firewall filters are in place which should have prevented this. This can lead to a limited, increased consumption of resources resulting in a Denial-of-Service (DoS), and unauthorized access.\u003c/p\u003e\u003cp\u003eCVE-2023-44196 is a prerequisite for this issue.\u003c/p\u003e\u003cp\u003eThis issue affects Juniper Networks Junos OS Evolved:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e21.3-EVO versions prior to 21.3R3-S5-EVO;\u003c/li\u003e\u003cli\u003e21.4-EVO versions prior to 21.4R3-S4-EVO;\u003c/li\u003e\u003cli\u003e22.1-EVO version 22.1R1-EVO and later;\u003c/li\u003e\u003cli\u003e22.2-EVO version 22.2R1-EVO and later;\u003c/li\u003e\u003cli\u003e22.3-EVO versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO;\u003c/li\u003e\u003cli\u003e22.4-EVO versions prior to 22.4R3-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eThis issue doesn\u0027t not affected Junos OS Evolved versions prior to 21.3R1-EVO.\u003c/p\u003e\n\n"
}
],
"value": "\nAn Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the NetworkStack agent daemon (nsagentd) of Juniper Networks Junos OS Evolved allows an unauthenticated network based attacker to cause limited impact to the availability of the system.\n\nIf specific packets reach the Routing-Engine (RE) these will be processed normally even if firewall filters are in place which should have prevented this. This can lead to a limited, increased consumption of resources resulting in a Denial-of-Service (DoS), and unauthorized access.\n\nCVE-2023-44196 is a prerequisite for this issue.\n\nThis issue affects Juniper Networks Junos OS Evolved:\n\n\n\n * 21.3-EVO versions prior to 21.3R3-S5-EVO;\n * 21.4-EVO versions prior to 21.4R3-S4-EVO;\n * 22.1-EVO version 22.1R1-EVO and later;\n * 22.2-EVO version 22.2R1-EVO and later;\n * 22.3-EVO versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO;\n * 22.4-EVO versions prior to 22.4R3-EVO.\n\n\n\n\nThis issue doesn\u0027t not affected Junos OS Evolved versions prior to 21.3R1-EVO.\n\n\n\n"
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e"
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-923",
"description": "CWE-923 Improper Restriction of Communication Channel to Intended Endpoints",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-12T23:04:32.068Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA73160"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue: Junos OS Evolved 21.3R3-S5-EVO, 21.4R3-S4-EVO, 22.3R2-S2-EVO, 22.3R3-S1-EVO, 22.4R3-EVO, 23.2R1-EVO, and all subsequent releases.\u003c/p\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved 21.3R3-S5-EVO, 21.4R3-S4-EVO, 22.3R2-S2-EVO, 22.3R3-S1-EVO, 22.4R3-EVO, 23.2R1-EVO, and all subsequent releases.\n\n"
}
],
"source": {
"advisory": "JSA73160",
"defect": [
"1713989"
],
"discovery": "USER"
},
"timeline": [
{
"lang": "en",
"time": "2023-10-11T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Junos OS Evolved: Packets which are not destined to the router can reach the RE",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are no known workarounds for this issue.\u003c/p\u003e"
}
],
"value": "There are no known workarounds for this issue.\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-av217"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2023-44195",
"datePublished": "2023-10-12T23:04:32.068Z",
"dateReserved": "2023-09-26T19:30:32.349Z",
"dateUpdated": "2024-09-17T16:10:16.450Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0026 (GCVE-0-2023-0026)
Vulnerability from cvelistv5
Published
2023-06-21 00:00
Modified
2024-12-06 19:18
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When a BGP update message is received over an established BGP session, and that message contains a specific, optional transitive attribute, this session will be torn down with an update message error. This issue cannot propagate beyond an affected system as the processing error occurs as soon as the update is received. This issue is exploitable remotely as the respective attribute can propagate through unaffected systems and intermediate AS (if any). Continuous receipt of a BGP update containing this attribute will create a sustained Denial of Service (DoS) condition. Some customers have experienced these BGP session flaps which prompted Juniper SIRT to release this advisory out of cycle before fixed releases are widely available as there is an effective workaround.
This issue affects:
Juniper Networks Junos OS
15.1R1 and later versions prior to 20.4R3-S8;
21.1 version 21.1R1 and later versions prior to 21.2R3-S6;
21.3 versions prior to 21.3R3-S5;
21.4 versions prior to 21.4R3-S4;
22.1 versions prior to 22.1R3-S4;
22.2 versions prior to 22.2R3-S2;
22.3 versions prior to 22.3R2-S2, 22.3R3-S1;
22.4 versions prior to 22.4R2-S1, 22.4R3;
23.1 versions prior to 23.1R1-S1, 23.1R2.
Juniper Networks Junos OS Evolved
All versions prior to 20.4R3-S8-EVO;
21.1 version 21.1R1-EVO and later versions prior to 21.2R3-S6-EVO;
21.3 versions prior to 21.3R3-S5-EVO;
21.4 versions prior to 21.4R3-S4-EVO;
22.1 versions prior to 22.1R3-S4-EVO;
22.2 versions prior to 22.2R3-S2-EVO;
22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO;
22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO;
23.1 versions prior to 23.1R1-S1-EVO, 23.1R2-EVO.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Patch: unspecified Version: unspecified < 20.4R3-S8 Version: 21.1 < 21.1* Version: 21.2 < 21.2R3-S6 Version: 21.3 < 21.3R3-S5 Version: 21.4 < 21.4R3-S4 Version: 22.1 < 22.1R3-S4 Version: 22.2 < 22.3R2-S2, 22.3R3-S1 Version: 22.3 < 22.2R3-S2 Version: 22.4 < 22.4R2-S1, 22.4R3 Version: 23.1 < 23.1R1-S1, 23.1R2 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:32.573Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA71542"
},
{
"tags": [
"product",
"x_transferred"
],
"url": "https://www.juniper.net/documentation/us/en/software/junos/bgp/topics/topic-map/bgp-error-messages.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0026",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-06T19:16:05.401961Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-06T19:18:31.348Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "15.1R1",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "20.4R3-S8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "21.1*",
"status": "affected",
"version": "21.1",
"versionType": "custom"
},
{
"lessThan": "21.2R3-S6",
"status": "affected",
"version": "21.2",
"versionType": "custom"
},
{
"lessThan": "21.3R3-S5",
"status": "affected",
"version": "21.3",
"versionType": "custom"
},
{
"lessThan": "21.4R3-S4",
"status": "affected",
"version": "21.4",
"versionType": "custom"
},
{
"lessThan": "22.1R3-S4",
"status": "affected",
"version": "22.1",
"versionType": "custom"
},
{
"lessThan": "22.3R2-S2, 22.3R3-S1",
"status": "affected",
"version": "22.2",
"versionType": "custom"
},
{
"lessThan": "22.2R3-S2",
"status": "affected",
"version": "22.3",
"versionType": "custom"
},
{
"lessThan": "22.4R2-S1, 22.4R3",
"status": "affected",
"version": "22.4",
"versionType": "custom"
},
{
"lessThan": "23.1R1-S1, 23.1R2",
"status": "affected",
"version": "23.1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S8-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "21.1*",
"status": "affected",
"version": "21.1R1-EVO",
"versionType": "custom"
},
{
"lessThan": "21.2R3-S6-EVO",
"status": "affected",
"version": "21.2",
"versionType": "custom"
},
{
"lessThan": "21.3R3-S5-EVO",
"status": "affected",
"version": "21.3",
"versionType": "custom"
},
{
"lessThan": "21.4R3-S4-EVO",
"status": "affected",
"version": "21.4",
"versionType": "custom"
},
{
"lessThan": "22.1R3-S4-EVO",
"status": "affected",
"version": "22.1",
"versionType": "custom"
},
{
"lessThan": "22.2R3-S2-EVO",
"status": "affected",
"version": "22.2",
"versionType": "custom"
},
{
"lessThan": "22.3R2-S2-EVO, 22.3R3-S1-EVO",
"status": "affected",
"version": "22.3",
"versionType": "custom"
},
{
"lessThan": "22.4R2-S1-EVO, 22.4R3-EVO",
"status": "affected",
"version": "22.4",
"versionType": "custom"
},
{
"lessThan": "23.1R1-S1-EVO, 23.1R2-EVO",
"status": "affected",
"version": "23.1",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-06-21T04:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When a BGP update message is received over an established BGP session, and that message contains a specific, optional transitive attribute, this session will be torn down with an update message error. This issue cannot propagate beyond an affected system as the processing error occurs as soon as the update is received. This issue is exploitable remotely as the respective attribute can propagate through unaffected systems and intermediate AS (if any). Continuous receipt of a BGP update containing this attribute will create a sustained Denial of Service (DoS) condition. Some customers have experienced these BGP session flaps which prompted Juniper SIRT to release this advisory out of cycle before fixed releases are widely available as there is an effective workaround.\u003c/p\u003eThis issue affects:\u003cbr\u003eJuniper Networks Junos OS\u003cbr\u003e15.1R1 and later versions prior to 20.4R3-S8;\u003cbr\u003e21.1 version 21.1R1 and later versions prior to 21.2R3-S6;\u003cbr\u003e21.3 versions prior to 21.3R3-S5;\u003cbr\u003e21.4 versions prior to 21.4R3-S4;\u003cbr\u003e22.1 versions prior to 22.1R3-S4;\u003cbr\u003e22.2 versions prior to 22.2R3-S2;\u003cbr\u003e22.3 versions prior to 22.3R2-S2, 22.3R3-S1;\u003cbr\u003e22.4 versions prior to 22.4R2-S1, 22.4R3;\u003cbr\u003e23.1 versions prior to 23.1R1-S1, 23.1R2.\u003cbr\u003e\u003cbr\u003eJuniper Networks Junos OS Evolved\u003cbr\u003eAll versions prior to 20.4R3-S8-EVO;\u003cbr\u003e21.1 version 21.1R1-EVO and later versions prior to 21.2R3-S6-EVO;\u003cbr\u003e21.3 versions prior to 21.3R3-S5-EVO;\u003cbr\u003e21.4 versions prior to 21.4R3-S4-EVO;\u003cbr\u003e22.1 versions prior to 22.1R3-S4-EVO;\u003cbr\u003e22.2 versions prior to 22.2R3-S2-EVO;\u003cbr\u003e22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO;\u003cbr\u003e22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO;\u003cbr\u003e23.1 versions prior to 23.1R1-S1-EVO, 23.1R2-EVO.\u003cbr\u003e"
}
],
"value": "An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When a BGP update message is received over an established BGP session, and that message contains a specific, optional transitive attribute, this session will be torn down with an update message error. This issue cannot propagate beyond an affected system as the processing error occurs as soon as the update is received. This issue is exploitable remotely as the respective attribute can propagate through unaffected systems and intermediate AS (if any). Continuous receipt of a BGP update containing this attribute will create a sustained Denial of Service (DoS) condition. Some customers have experienced these BGP session flaps which prompted Juniper SIRT to release this advisory out of cycle before fixed releases are widely available as there is an effective workaround.\n\nThis issue affects:\nJuniper Networks Junos OS\n15.1R1 and later versions prior to 20.4R3-S8;\n21.1 version 21.1R1 and later versions prior to 21.2R3-S6;\n21.3 versions prior to 21.3R3-S5;\n21.4 versions prior to 21.4R3-S4;\n22.1 versions prior to 22.1R3-S4;\n22.2 versions prior to 22.2R3-S2;\n22.3 versions prior to 22.3R2-S2, 22.3R3-S1;\n22.4 versions prior to 22.4R2-S1, 22.4R3;\n23.1 versions prior to 23.1R1-S1, 23.1R2.\n\nJuniper Networks Junos OS Evolved\nAll versions prior to 20.4R3-S8-EVO;\n21.1 version 21.1R1-EVO and later versions prior to 21.2R3-S6-EVO;\n21.3 versions prior to 21.3R3-S5-EVO;\n21.4 versions prior to 21.4R3-S4-EVO;\n22.1 versions prior to 22.1R3-S4-EVO;\n22.2 versions prior to 22.2R3-S2-EVO;\n22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO;\n22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO;\n23.1 versions prior to 23.1R1-S1-EVO, 23.1R2-EVO.\n"
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e"
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-17T15:59:01.049Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA71542"
},
{
"tags": [
"product"
],
"url": "https://www.juniper.net/documentation/us/en/software/junos/bgp/topics/topic-map/bgp-error-messages.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue:\u003c/p\u003e\u003cp\u003eJunos OS: 20.4R3-S8*, 21.2R3-S6*, 21.3R3-S5*, 21.4R3-S4, 22.1R3-S4*, 22.2R3-S2*, 22.3R2-S2*, 22.3R3-S1*, 22.4R2-S1*, 22.4R3*, 23.1R1-S1*, 23.1R2*, 23.2R1*, and all subsequent releases;\u003c/p\u003e\u003cp\u003eJunos OS Evolved: 20.4R3-S8-EVO*, 21.2R3-S6-EVO*, 21.3R3-S5-EVO*, 21.4R3-S4-EVO, 22.1R3-S4-EVO*, 22.2R3-S2-EVO*, 22.3R2-S2-EVO*, 22.3R3-S1-EVO*, 22.4R2-S1-EVO*, 22.4R3-EVO*, 23.1R1-S1-EVO*, 23.1R2-EVO*, 23.2R1-EVO*, and all subsequent releases.\u003c/p\u003e\u003cp\u003e*Pending Publication\u003c/p\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 20.4R3-S8*, 21.2R3-S6*, 21.3R3-S5*, 21.4R3-S4, 22.1R3-S4*, 22.2R3-S2*, 22.3R2-S2*, 22.3R3-S1*, 22.4R2-S1*, 22.4R3*, 23.1R1-S1*, 23.1R2*, 23.2R1*, and all subsequent releases;\n\nJunos OS Evolved: 20.4R3-S8-EVO*, 21.2R3-S6-EVO*, 21.3R3-S5-EVO*, 21.4R3-S4-EVO, 22.1R3-S4-EVO*, 22.2R3-S2-EVO*, 22.3R2-S2-EVO*, 22.3R3-S1-EVO*, 22.4R2-S1-EVO*, 22.4R3-EVO*, 23.1R1-S1-EVO*, 23.1R2-EVO*, 23.2R1-EVO*, and all subsequent releases.\n\n*Pending Publication\n\n"
}
],
"source": {
"advisory": "JSA71542",
"defect": [
"1739919"
],
"discovery": "USER"
},
"title": "2023-06: Out-of-Cycle Security Bulletin: Junos OS and Junos OS Evolved: A BGP session will flap upon receipt of a specific, optional transitive attribute",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe workaround is to configure BGP error tolerance by way of:\u003c/p\u003e\u003ccode\u003e [ protocols bgp bgp-error-tolerance ... ]\u003c/code\u003e\u003cbr/\u003e\u003cp\u003ewhich causes malformed BGP routes to be \u0027treated as withdrawal\u0027 instead of bringing down the BGP session. Additional details can be found at https://www.juniper.net/documentation/us/en/software/junos/bgp/topics/topic-map/bgp-error-messages.html\u003c/p\u003e\u003cp\u003eJuniper considers configuring this option to be a Best Common Practice (BCP) as it not only prevents this issue from happening, but protects against similar issues as well.\u003c/p\u003e"
}
],
"value": "The workaround is to configure BGP error tolerance by way of:\n\n [ protocols bgp bgp-error-tolerance ... ]\nwhich causes malformed BGP routes to be \u0027treated as withdrawal\u0027 instead of bringing down the BGP session. Additional details can be found at https://www.juniper.net/documentation/us/en/software/junos/bgp/topics/topic-map/bgp-error-messages.html\n\nJuniper considers configuring this option to be a Best Common Practice (BCP) as it not only prevents this issue from happening, but protects against similar issues as well.\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2023-0026",
"datePublished": "2023-06-21T00:00:00",
"dateReserved": "2022-12-27T00:00:00",
"dateUpdated": "2024-12-06T19:18:31.348Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22164 (GCVE-0-2022-22164)
Vulnerability from cvelistv5
Published
2022-01-19 00:21
Modified
2024-09-16 22:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An Improper Initialization vulnerability in Juniper Networks Junos OS Evolved may cause a commit operation for disabling the telnet service to not take effect as expected, resulting in the telnet service staying enabled. When it is not intended to be operating on the device, an administrator can issue the following command to verify whether telnet is operating in the background: user@device > show system connections | grep :23 tcp 0 0 0.0.0.0:23 0.0.0.0:* LISTEN 20879/xinetd This issue affects: Juniper Networks Junos OS Evolved All versions prior to 20.4R2-S2-EVO; 21.1 version 21.1R1-EVO and later versions; 21.2 versions prior to 21.2R2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA11272 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Version: unspecified < 20.4R2-S2-EVO Version: 21.1R1-EVO < 21.1* Version: 21.2 < 21.2R2-EVO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:07:49.564Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11272"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R2-S2-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "21.1*",
"status": "affected",
"version": "21.1R1-EVO",
"versionType": "custom"
},
{
"lessThan": "21.2R2-EVO",
"status": "affected",
"version": "21.2",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-01-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Improper Initialization vulnerability in Juniper Networks Junos OS Evolved may cause a commit operation for disabling the telnet service to not take effect as expected, resulting in the telnet service staying enabled. When it is not intended to be operating on the device, an administrator can issue the following command to verify whether telnet is operating in the background: user@device \u003e show system connections | grep :23 tcp 0 0 0.0.0.0:23 0.0.0.0:* LISTEN 20879/xinetd This issue affects: Juniper Networks Junos OS Evolved All versions prior to 20.4R2-S2-EVO; 21.1 version 21.1R1-EVO and later versions; 21.2 versions prior to 21.2R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-665",
"description": "CWE-665 Improper Initialization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-19T00:21:10",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11272"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved: 20.4R2-S2-EVO, 21.2R2-EVO, 21.3R1-EVO and all subsequent releases."
}
],
"source": {
"advisory": "JSA11272",
"defect": [
"1596411"
],
"discovery": "USER"
},
"title": "Junos OS Evolved: Telnet service may be enabled when it is expected to be disabled.",
"workarounds": [
{
"lang": "en",
"value": "To work around the issue, the xinetd service can be restarted manually using one of the commands below: \n\n user@device% systemctl restart xinetd\nor\n user@device% systemctl restart services-xinetd\n\nAdditionally, loopback/firewall filters can be applied to disable remote access to the telnet service."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2022-01-12T17:00:00.000Z",
"ID": "CVE-2022-22164",
"STATE": "PUBLIC",
"TITLE": "Junos OS Evolved: Telnet service may be enabled when it is expected to be disabled."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "20.4R2-S2-EVO"
},
{
"version_affected": "\u003e=",
"version_name": "21.1",
"version_value": "21.1R1-EVO"
},
{
"version_affected": "\u003c",
"version_name": "21.2",
"version_value": "21.2R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Improper Initialization vulnerability in Juniper Networks Junos OS Evolved may cause a commit operation for disabling the telnet service to not take effect as expected, resulting in the telnet service staying enabled. When it is not intended to be operating on the device, an administrator can issue the following command to verify whether telnet is operating in the background: user@device \u003e show system connections | grep :23 tcp 0 0 0.0.0.0:23 0.0.0.0:* LISTEN 20879/xinetd This issue affects: Juniper Networks Junos OS Evolved All versions prior to 20.4R2-S2-EVO; 21.1 version 21.1R1-EVO and later versions; 21.2 versions prior to 21.2R2-EVO."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-665 Improper Initialization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11272",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11272"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved: 20.4R2-S2-EVO, 21.2R2-EVO, 21.3R1-EVO and all subsequent releases."
}
],
"source": {
"advisory": "JSA11272",
"defect": [
"1596411"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "To work around the issue, the xinetd service can be restarted manually using one of the commands below: \n\n user@device% systemctl restart xinetd\nor\n user@device% systemctl restart services-xinetd\n\nAdditionally, loopback/firewall filters can be applied to disable remote access to the telnet service."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2022-22164",
"datePublished": "2022-01-19T00:21:10.263727Z",
"dateReserved": "2021-12-21T00:00:00",
"dateUpdated": "2024-09-16T22:46:51.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-0208 (GCVE-0-2021-0208)
Vulnerability from cvelistv5
Published
2021-01-15 17:35
Modified
2024-09-16 18:24
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An improper input validation vulnerability in the Routing Protocol Daemon (RPD) service of Juniper Networks Junos OS allows an attacker to send a malformed RSVP packet when bidirectional LSPs are in use, which when received by an egress router crashes the RPD causing a Denial of Service (DoS) condition. Continued receipt of the packet will sustain the Denial of Service. This issue affects: Juniper Networks Junos OS: All versions prior to 17.3R3-S10 except 15.1X49-D240 for SRX series; 17.4 versions prior to 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S4; 18.3 versions prior to 18.3R3-S2; 18.4 versions prior to 18.4R1-S8, 18.4R2-S6, 18.4R3-S2; 19.1 versions prior to 19.1R1-S5, 19.1R3-S3; 19.2 versions prior to 19.2R3; 19.3 versions prior to 19.3R2-S5, 19.3R3; 19.4 versions prior to 19.4R2-S2, 19.4R3-S1; 20.1 versions prior to 20.1R1-S4, 20.1R2; 15.1X49 versions prior to 15.1X49-D240 on SRX Series. Juniper Networks Junos OS Evolved: 19.3 versions prior to 19.3R2-S5-EVO; 19.4 versions prior to 19.4R2-S2-EVO; 20.1 versions prior to 20.1R1-S4-EVO.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: unspecified < 17.3R3-S10 Version: 17.4 < 17.4R3-S2 Version: 18.1 < 18.1R3-S10 Version: 18.2 < 18.2R2-S7, 18.2R3-S4 Version: 18.3 < 18.3R3-S2 Version: 18.4 < 18.4R1-S8, 18.4R2-S6, 18.4R3-S2 Version: 19.1 < 19.1R1-S5, 19.1R3-S3 Version: 19.2 < 19.2R3 Version: 19.3 < 19.3R2-S5, 19.3R3 Version: 19.4 < 19.4R2-S2, 19.4R3-S1 Version: 20.1 < 20.1R1-S4, 20.1R2 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:10.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11098"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/disable-edit-protocols-rsvp.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/corouted-bidirectional-edit-protocols-mpls.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "17.3R3-S10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "17.4R3-S2",
"status": "affected",
"version": "17.4",
"versionType": "custom"
},
{
"lessThan": "18.1R3-S10",
"status": "affected",
"version": "18.1",
"versionType": "custom"
},
{
"lessThan": "18.2R2-S7, 18.2R3-S4",
"status": "affected",
"version": "18.2",
"versionType": "custom"
},
{
"lessThan": "18.3R3-S2",
"status": "affected",
"version": "18.3",
"versionType": "custom"
},
{
"lessThan": "18.4R1-S8, 18.4R2-S6, 18.4R3-S2",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R1-S5, 19.1R3-S3",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R3",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R2-S5, 19.3R3",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R2-S2, 19.4R3-S1",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R1-S4, 20.1R2",
"status": "affected",
"version": "20.1",
"versionType": "custom"
}
]
},
{
"platforms": [
"SRX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "15.1X49-D240",
"status": "affected",
"version": "15.1X49",
"versionType": "custom"
}
]
},
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "19.3R2-S5-EVO",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R2-S2-EVO",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R1-S4-EVO",
"status": "affected",
"version": "20.1",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "The following are examples of minimal configurations: \n [protocols mpls label-switched-path \u003clsp-name\u003e corouted-bidirectional;]\nor\n [logical-systems \u003clogical-system-name\u003e protocols mpls label-switched-path \u003clsp-name\u003e corouted-bidirectional;]"
}
],
"datePublic": "2021-01-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An improper input validation vulnerability in the Routing Protocol Daemon (RPD) service of Juniper Networks Junos OS allows an attacker to send a malformed RSVP packet when bidirectional LSPs are in use, which when received by an egress router crashes the RPD causing a Denial of Service (DoS) condition. Continued receipt of the packet will sustain the Denial of Service. This issue affects: Juniper Networks Junos OS: All versions prior to 17.3R3-S10 except 15.1X49-D240 for SRX series; 17.4 versions prior to 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S4; 18.3 versions prior to 18.3R3-S2; 18.4 versions prior to 18.4R1-S8, 18.4R2-S6, 18.4R3-S2; 19.1 versions prior to 19.1R1-S5, 19.1R3-S3; 19.2 versions prior to 19.2R3; 19.3 versions prior to 19.3R2-S5, 19.3R3; 19.4 versions prior to 19.4R2-S2, 19.4R3-S1; 20.1 versions prior to 20.1R1-S4, 20.1R2; 15.1X49 versions prior to 15.1X49-D240 on SRX Series. Juniper Networks Junos OS Evolved: 19.3 versions prior to 19.3R2-S5-EVO; 19.4 versions prior to 19.4R2-S2-EVO; 20.1 versions prior to 20.1R1-S4-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-15T17:35:55",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11098"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/disable-edit-protocols-rsvp.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/corouted-bidirectional-edit-protocols-mpls.html"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: \nJunos OS: 15.1X49-D240, 17.3R3-S10, 17.4R3-S2, 18.1R3-S10, 18.2R2-S7, 18.2R3-S4, 18.3R3-S2, 18.4R1-S8, 18.4R2-S6, 18.4R3-S2, 19.1R1-S5, 19.1R3-S3, 19.2R3, 19.3R2-S5, 19.3R3, 19.4R2-S2, 19.4R3-S1, 20.1R1-S4, 20.1R2, 20.2R1, and all subsequent releases.\n\nNote: With the exception of SRX Series products using version 15.1X49-D240, all products using Junos OS prior to 17.3R3-S10 are affected and will not be fixed by Juniper Networks, Inc.\n\nJunos OS Evolved: 19.3R2-S5-EVO, 19.4R2-S2-EVO, 20.1R1-S4-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11098",
"defect": [
"1493718"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: In bidirectional LSP configurations, on MPLS egress router RPD may core upon receipt of specific malformed RSVP packet.",
"workarounds": [
{
"lang": "en",
"value": "If bidirectional LSPs are running in the network, when changing family mpls maximum-labels on an interface, first disable RSVP for this interface.\nYou can include the disable statement at the following hierarchy levels:\n [edit protocols rsvp interface interface-name ]\n [edit logical-systems logical-system-name protocols rsvp interface interface-name ]\n\nSee the MPLS RSVP disable configuration guide for further details."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-01-13T17:00:00.000Z",
"ID": "CVE-2021-0208",
"STATE": "PUBLIC",
"TITLE": "Junos OS and Junos OS Evolved: In bidirectional LSP configurations, on MPLS egress router RPD may core upon receipt of specific malformed RSVP packet."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "17.3R3-S10"
},
{
"version_affected": "\u003c",
"version_name": "17.4",
"version_value": "17.4R3-S2"
},
{
"version_affected": "\u003c",
"version_name": "18.1",
"version_value": "18.1R3-S10"
},
{
"version_affected": "\u003c",
"version_name": "18.2",
"version_value": "18.2R2-S7, 18.2R3-S4"
},
{
"version_affected": "\u003c",
"version_name": "18.3",
"version_value": "18.3R3-S2"
},
{
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R1-S8, 18.4R2-S6, 18.4R3-S2"
},
{
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R1-S5, 19.1R3-S3"
},
{
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R3"
},
{
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R2-S5, 19.3R3"
},
{
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R2-S2, 19.4R3-S1"
},
{
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R1-S4, 20.1R2"
},
{
"platform": "SRX Series",
"version_affected": "\u003c",
"version_name": "15.1X49",
"version_value": "15.1X49-D240"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R2-S5-EVO"
},
{
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R2-S2-EVO"
},
{
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R1-S4-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "The following are examples of minimal configurations: \n [protocols mpls label-switched-path \u003clsp-name\u003e corouted-bidirectional;]\nor\n [logical-systems \u003clogical-system-name\u003e protocols mpls label-switched-path \u003clsp-name\u003e corouted-bidirectional;]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper input validation vulnerability in the Routing Protocol Daemon (RPD) service of Juniper Networks Junos OS allows an attacker to send a malformed RSVP packet when bidirectional LSPs are in use, which when received by an egress router crashes the RPD causing a Denial of Service (DoS) condition. Continued receipt of the packet will sustain the Denial of Service. This issue affects: Juniper Networks Junos OS: All versions prior to 17.3R3-S10 except 15.1X49-D240 for SRX series; 17.4 versions prior to 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S4; 18.3 versions prior to 18.3R3-S2; 18.4 versions prior to 18.4R1-S8, 18.4R2-S6, 18.4R3-S2; 19.1 versions prior to 19.1R1-S5, 19.1R3-S3; 19.2 versions prior to 19.2R3; 19.3 versions prior to 19.3R2-S5, 19.3R3; 19.4 versions prior to 19.4R2-S2, 19.4R3-S1; 20.1 versions prior to 20.1R1-S4, 20.1R2; 15.1X49 versions prior to 15.1X49-D240 on SRX Series. Juniper Networks Junos OS Evolved: 19.3 versions prior to 19.3R2-S5-EVO; 19.4 versions prior to 19.4R2-S2-EVO; 20.1 versions prior to 20.1R1-S4-EVO."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11098",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11098"
},
{
"name": "https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/disable-edit-protocols-rsvp.html",
"refsource": "MISC",
"url": "https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/disable-edit-protocols-rsvp.html"
},
{
"name": "https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/corouted-bidirectional-edit-protocols-mpls.html",
"refsource": "MISC",
"url": "https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/corouted-bidirectional-edit-protocols-mpls.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: \nJunos OS: 15.1X49-D240, 17.3R3-S10, 17.4R3-S2, 18.1R3-S10, 18.2R2-S7, 18.2R3-S4, 18.3R3-S2, 18.4R1-S8, 18.4R2-S6, 18.4R3-S2, 19.1R1-S5, 19.1R3-S3, 19.2R3, 19.3R2-S5, 19.3R3, 19.4R2-S2, 19.4R3-S1, 20.1R1-S4, 20.1R2, 20.2R1, and all subsequent releases.\n\nNote: With the exception of SRX Series products using version 15.1X49-D240, all products using Junos OS prior to 17.3R3-S10 are affected and will not be fixed by Juniper Networks, Inc.\n\nJunos OS Evolved: 19.3R2-S5-EVO, 19.4R2-S2-EVO, 20.1R1-S4-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11098",
"defect": [
"1493718"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "If bidirectional LSPs are running in the network, when changing family mpls maximum-labels on an interface, first disable RSVP for this interface.\nYou can include the disable statement at the following hierarchy levels:\n [edit protocols rsvp interface interface-name ]\n [edit logical-systems logical-system-name protocols rsvp interface interface-name ]\n\nSee the MPLS RSVP disable configuration guide for further details."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0208",
"datePublished": "2021-01-15T17:35:55.492241Z",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-09-16T18:24:25.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22214 (GCVE-0-2022-22214)
Vulnerability from cvelistv5
Published
2022-07-20 14:15
Modified
2024-09-17 02:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An Improper Input Validation vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent attacker to cause a PFE crash and thereby a Denial of Service (DoS). An FPC will crash and reboot after receiving a specific transit IPv6 packet over MPLS. Continued receipt of this packet will create a sustained Denial of Service (DoS) condition. This issue does not affect systems configured for IPv4 only. This issue affects: Juniper Networks Junos OS All versions prior to 12.3R12-S21; 15.1 versions prior to 15.1R7-S10; 17.3 versions prior to 17.3R3-S12; 18.3 versions prior to 18.3R3-S6; 18.4 versions prior to 18.4R2-S9, 18.4R3-S9; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S7, 19.3R3-S4; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S2, 20.4R3; 21.1 versions prior to 21.1R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S3-EVO; 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-S1-EVO, 21.3R3-EVO; 21.4 versions prior to 21.4R2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA69718 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: unspecified < 12.3R12-S21 Version: 15.1 < 15.1R7-S10 Version: 17.3 < 17.3R3-S12 Version: 18.3 < 18.3R3-S6 Version: 18.4 < 18.4R2-S9, 18.4R3-S9 Version: 19.1 < 19.1R2-S3, 19.1R3-S7 Version: 19.2 < 19.2R1-S7, 19.2R3-S3 Version: 19.3 < 19.3R2-S7, 19.3R3-S4 Version: 19.4 < 19.4R3-S5 Version: 20.1 < 20.1R3 Version: 20.2 < 20.2R3-S2 Version: 20.3 < 20.3R3 Version: 20.4 < 20.4R2-S2, 20.4R3 Version: 21.1 < 21.1R2 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:07:50.211Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA69718"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "12.3R12-S21",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "15.1R7-S10",
"status": "affected",
"version": "15.1",
"versionType": "custom"
},
{
"lessThan": "17.3R3-S12",
"status": "affected",
"version": "17.3",
"versionType": "custom"
},
{
"lessThan": "18.3R3-S6",
"status": "affected",
"version": "18.3",
"versionType": "custom"
},
{
"lessThan": "18.4R2-S9, 18.4R3-S9",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R2-S3, 19.1R3-S7",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R1-S7, 19.2R3-S3",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R2-S7, 19.3R3-S4",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R3-S5",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R3",
"status": "affected",
"version": "20.1",
"versionType": "custom"
},
{
"lessThan": "20.2R3-S2",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R3",
"status": "affected",
"version": "20.3",
"versionType": "custom"
},
{
"lessThan": "20.4R2-S2, 20.4R3",
"status": "affected",
"version": "20.4",
"versionType": "custom"
},
{
"lessThan": "21.1R2",
"status": "affected",
"version": "21.1",
"versionType": "custom"
}
]
},
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S3-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "21.2R3-EVO",
"status": "affected",
"version": "21.2",
"versionType": "custom"
},
{
"lessThan": "21.3R2-S1-EVO, 21.3R3-EVO",
"status": "affected",
"version": "21.3",
"versionType": "custom"
},
{
"lessThan": "21.4R2-EVO",
"status": "affected",
"version": "21.4",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "For a device to be affected both of the following two lines of configuration need to be present on at least two revenue interfaces:\n\n [ interfaces \u003cinterface\u003e family mpls ]\n [ interfaces \u003cinterface\u003e family inet6 ]"
}
],
"datePublic": "2022-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Improper Input Validation vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent attacker to cause a PFE crash and thereby a Denial of Service (DoS). An FPC will crash and reboot after receiving a specific transit IPv6 packet over MPLS. Continued receipt of this packet will create a sustained Denial of Service (DoS) condition. This issue does not affect systems configured for IPv4 only. This issue affects: Juniper Networks Junos OS All versions prior to 12.3R12-S21; 15.1 versions prior to 15.1R7-S10; 17.3 versions prior to 17.3R3-S12; 18.3 versions prior to 18.3R3-S6; 18.4 versions prior to 18.4R2-S9, 18.4R3-S9; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S7, 19.3R3-S4; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S2, 20.4R3; 21.1 versions prior to 21.1R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S3-EVO; 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-S1-EVO, 21.3R3-EVO; 21.4 versions prior to 21.4R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-20T14:15:29",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA69718"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 12.3R12-S21, 15.1R7-S10, 17.3R3-S12, 18.3R3-S6, 18.4R2-S9, 18.4R3-S9, 19.1R2-S3, 19.1R3-S7, 19.2R1-S7, 19.2R3-S3, 19.3R2-S7, 19.3R3-S4, 19.4R3-S5, 20.1R3, 20.2R3-S2, 20.3R3, 20.4R2-S2, 20.4R3, 21.1R2, 21.2R1, and all subsequent releases.\nJunos OS Evolved: 20.4R3-S3-EVO, 21.2R3-EVO, 21.3R2-S1-EVO, 21.3R3-EVO, 21.4R2-EVO, 22.1R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA69718",
"defect": [
"1578481",
"1642721"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: In an MPLS scenario upon receipt of a specific IPv6 packet an FPC will crash",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2022-07-13T16:00:00.000Z",
"ID": "CVE-2022-22214",
"STATE": "PUBLIC",
"TITLE": "Junos OS and Junos OS Evolved: In an MPLS scenario upon receipt of a specific IPv6 packet an FPC will crash"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "12.3R12-S21"
},
{
"version_affected": "\u003c",
"version_name": "15.1",
"version_value": "15.1R7-S10"
},
{
"version_affected": "\u003c",
"version_name": "17.3",
"version_value": "17.3R3-S12"
},
{
"version_affected": "\u003c",
"version_name": "18.3",
"version_value": "18.3R3-S6"
},
{
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R2-S9, 18.4R3-S9"
},
{
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R2-S3, 19.1R3-S7"
},
{
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R1-S7, 19.2R3-S3"
},
{
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R2-S7, 19.3R3-S4"
},
{
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R3-S5"
},
{
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R3"
},
{
"version_affected": "\u003c",
"version_name": "20.2",
"version_value": "20.2R3-S2"
},
{
"version_affected": "\u003c",
"version_name": "20.3",
"version_value": "20.3R3"
},
{
"version_affected": "\u003c",
"version_name": "20.4",
"version_value": "20.4R2-S2, 20.4R3"
},
{
"version_affected": "\u003c",
"version_name": "21.1",
"version_value": "21.1R2"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "20.4R3-S3-EVO"
},
{
"version_affected": "\u003c",
"version_name": "21.2",
"version_value": "21.2R3-EVO"
},
{
"version_affected": "\u003c",
"version_name": "21.3",
"version_value": "21.3R2-S1-EVO, 21.3R3-EVO"
},
{
"version_affected": "\u003c",
"version_name": "21.4",
"version_value": "21.4R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "For a device to be affected both of the following two lines of configuration need to be present on at least two revenue interfaces:\n\n [ interfaces \u003cinterface\u003e family mpls ]\n [ interfaces \u003cinterface\u003e family inet6 ]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Improper Input Validation vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent attacker to cause a PFE crash and thereby a Denial of Service (DoS). An FPC will crash and reboot after receiving a specific transit IPv6 packet over MPLS. Continued receipt of this packet will create a sustained Denial of Service (DoS) condition. This issue does not affect systems configured for IPv4 only. This issue affects: Juniper Networks Junos OS All versions prior to 12.3R12-S21; 15.1 versions prior to 15.1R7-S10; 17.3 versions prior to 17.3R3-S12; 18.3 versions prior to 18.3R3-S6; 18.4 versions prior to 18.4R2-S9, 18.4R3-S9; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S7, 19.3R3-S4; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S2, 20.4R3; 21.1 versions prior to 21.1R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S3-EVO; 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-S1-EVO, 21.3R3-EVO; 21.4 versions prior to 21.4R2-EVO."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA69718",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA69718"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 12.3R12-S21, 15.1R7-S10, 17.3R3-S12, 18.3R3-S6, 18.4R2-S9, 18.4R3-S9, 19.1R2-S3, 19.1R3-S7, 19.2R1-S7, 19.2R3-S3, 19.3R2-S7, 19.3R3-S4, 19.4R3-S5, 20.1R3, 20.2R3-S2, 20.3R3, 20.4R2-S2, 20.4R3, 21.1R2, 21.2R1, and all subsequent releases.\nJunos OS Evolved: 20.4R3-S3-EVO, 21.2R3-EVO, 21.3R2-S1-EVO, 21.3R3-EVO, 21.4R2-EVO, 22.1R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA69718",
"defect": [
"1578481",
"1642721"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2022-22214",
"datePublished": "2022-07-20T14:15:29.370417Z",
"dateReserved": "2021-12-21T00:00:00",
"dateUpdated": "2024-09-17T02:36:44.141Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-0225 (GCVE-0-2021-0225)
Vulnerability from cvelistv5
Published
2021-04-22 19:36
Modified
2024-09-16 22:25
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An Improper Check for Unusual or Exceptional Conditions in Juniper Networks Junos OS Evolved may cause the stateless firewall filter configuration which uses the action 'policer' in certain combinations with other options to not take effect. An administrator can use the following CLI command to see the failures with filter configuration: user@device> show log kfirewall-agent.log | match ERROR Jul 23 14:16:03 ERROR: filter not supported This issue affects Juniper Networks Junos OS Evolved: Versions 19.1R1-EVO and above prior to 20.3R1-S2-EVO, 20.3R2-EVO. This issue does not affect Juniper Networks Junos OS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA11120 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Version: 19.1R1-EVO < unspecified Version: 20.3-EVO < 20.3R1-S2-EVO, 20.3R2-EVO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:10.121Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11120"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "19.1R1-EVO",
"versionType": "custom"
},
{
"lessThan": "20.3R1-S2-EVO, 20.3R2-EVO",
"status": "affected",
"version": "20.3-EVO",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "The examples of the config stanza affected by this issue:\n\n [firewall policer]\n [firewall filter]"
}
],
"datePublic": "2021-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Improper Check for Unusual or Exceptional Conditions in Juniper Networks Junos OS Evolved may cause the stateless firewall filter configuration which uses the action \u0027policer\u0027 in certain combinations with other options to not take effect. An administrator can use the following CLI command to see the failures with filter configuration: user@device\u003e show log kfirewall-agent.log | match ERROR Jul 23 14:16:03 ERROR: filter not supported This issue affects Juniper Networks Junos OS Evolved: Versions 19.1R1-EVO and above prior to 20.3R1-S2-EVO, 20.3R2-EVO. This issue does not affect Juniper Networks Junos OS."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T19:36:55",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/JSA11120"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved: 20.3R1-S2-EVO, 20.3R2-EVO, 20.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11120",
"defect": [
"1528091"
],
"discovery": "USER"
},
"title": "Junos OS Evolved: Stateless IP firewall filter does not work as expected",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-04-14T16:00:00.000Z",
"ID": "CVE-2021-0225",
"STATE": "PUBLIC",
"TITLE": "Junos OS Evolved: Stateless IP firewall filter does not work as expected"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "19.1R1-EVO"
},
{
"version_affected": "\u003c",
"version_name": "20.3-EVO",
"version_value": "20.3R1-S2-EVO, 20.3R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "The examples of the config stanza affected by this issue:\n\n [firewall policer]\n [firewall filter]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Improper Check for Unusual or Exceptional Conditions in Juniper Networks Junos OS Evolved may cause the stateless firewall filter configuration which uses the action \u0027policer\u0027 in certain combinations with other options to not take effect. An administrator can use the following CLI command to see the failures with filter configuration: user@device\u003e show log kfirewall-agent.log | match ERROR Jul 23 14:16:03 ERROR: filter not supported This issue affects Juniper Networks Junos OS Evolved: Versions 19.1R1-EVO and above prior to 20.3R1-S2-EVO, 20.3R2-EVO. This issue does not affect Juniper Networks Junos OS."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-754 Improper Check for Unusual or Exceptional Conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11120",
"refsource": "MISC",
"url": "https://kb.juniper.net/JSA11120"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved: 20.3R1-S2-EVO, 20.3R2-EVO, 20.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11120",
"defect": [
"1528091"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0225",
"datePublished": "2021-04-22T19:36:55.884687Z",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-09-16T22:25:00.875Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21611 (GCVE-0-2024-21611)
Vulnerability from cvelistv5
Published
2024-01-12 00:55
Modified
2025-06-17 21:09
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A Missing Release of Memory after Effective Lifetime vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).
In a Juniper Flow Monitoring (jflow) scenario route churn that causes BGP next hops to be updated will cause a slow memory leak and eventually a crash and restart of rpd.
Thread level memory utilization for the areas where the leak occurs can be checked using the below command:
user@host> show task memory detail | match so_in
so_in6 28 32 344450 11022400 344760 11032320
so_in 8 16 1841629 29466064 1841734 29467744
This issue affects:
Junos OS
* 21.4 versions earlier than 21.4R3;
* 22.1 versions earlier than 22.1R3;
* 22.2 versions earlier than 22.2R3.
Junos OS Evolved
* 21.4-EVO versions earlier than 21.4R3-EVO;
* 22.1-EVO versions earlier than 22.1R3-EVO;
* 22.2-EVO versions earlier than 22.2R3-EVO.
This issue does not affect:
Juniper Networks Junos OS versions earlier than 21.4R1.
Juniper Networks Junos OS Evolved versions earlier than 21.4R1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportportal.juniper.net/JSA75752 | vendor-advisory | |
| https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L | technical-description |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: 21.4 ≤ Version: 22.1 ≤ Version: 22.2 ≤ |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:35.691Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA75752"
},
{
"tags": [
"technical-description",
"x_transferred"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21611",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-12T15:45:51.338420Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T21:09:20.069Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.4R3",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3",
"status": "affected",
"version": "22.2",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.4R3-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "semver"
},
{
"lessThan": "22.1R3-EVO",
"status": "affected",
"version": "22.1-EVO",
"versionType": "semver"
},
{
"lessThan": "22.2R3-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThis issue only happens when jflow is configured:\u003c/p\u003e\u003ccode\u003e [ services flow-monitoring (version-ipfix|version9) ] \u003c/code\u003e\u003cbr/\u003e"
}
],
"value": "This issue only happens when jflow is configured:\n\n [ services flow-monitoring (version-ipfix|version9) ] \n"
}
],
"datePublic": "2024-01-10T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eA Missing Release of Memory after Effective Lifetime vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).\u003c/p\u003e\u003cp\u003eIn a Juniper Flow Monitoring (jflow) scenario route churn that causes BGP next hops to be updated will cause a slow memory leak and eventually a crash and restart of rpd.\u003c/p\u003e\u003cp\u003eThread level memory utilization for the areas where the leak occurs can be checked using the below command:\u003c/p\u003e\u003ccode\u003euser@host\u0026gt; show task memory detail | match so_in\u003c/code\u003e\u003cbr\u003e\u003ccode\u003eso_in6 28 32 344450 11022400 344760 11032320\u003c/code\u003e\u003cbr\u003e\u003ccode\u003eso_in 8 16 1841629 29466064 1841734 29467744\u003c/code\u003e\u003cbr\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJunos OS\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e21.4 versions earlier than 21.4R3;\u003c/li\u003e\u003cli\u003e22.1 versions earlier than 22.1R3;\u003c/li\u003e\u003cli\u003e22.2 versions earlier than 22.2R3.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eJunos OS Evolved\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e21.4-EVO versions earlier than 21.4R3-EVO;\u003c/li\u003e\u003cli\u003e22.1-EVO versions earlier than 22.1R3-EVO;\u003c/li\u003e\u003cli\u003e22.2-EVO versions earlier than 22.2R3-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eThis issue does not affect:\u003c/p\u003e\u003cp\u003eJuniper Networks Junos OS versions earlier than 21.4R1.\u003c/p\u003e\u003cp\u003eJuniper Networks Junos OS Evolved versions earlier than 21.4R1.\u003c/p\u003e\n\n"
}
],
"value": "\nA Missing Release of Memory after Effective Lifetime vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).\n\nIn a Juniper Flow Monitoring (jflow) scenario route churn that causes BGP next hops to be updated will cause a slow memory leak and eventually a crash and restart of rpd.\n\nThread level memory utilization for the areas where the leak occurs can be checked using the below command:\n\nuser@host\u003e show task memory detail | match so_in\nso_in6 28 32 344450 11022400 344760 11032320\nso_in 8 16 1841629 29466064 1841734 29467744\nThis issue affects:\n\nJunos OS\n\n\n\n * 21.4 versions earlier than 21.4R3;\n * 22.1 versions earlier than 22.1R3;\n * 22.2 versions earlier than 22.2R3.\n\n\n\n\nJunos OS Evolved\n\n\n\n * 21.4-EVO versions earlier than 21.4R3-EVO;\n * 22.1-EVO versions earlier than 22.1R3-EVO;\n * 22.2-EVO versions earlier than 22.2R3-EVO.\n\n\n\n\nThis issue does not affect:\n\nJuniper Networks Junos OS versions earlier than 21.4R1.\n\nJuniper Networks Junos OS Evolved versions earlier than 21.4R1.\n\n\n\n"
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e"
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-12T00:55:22.381Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA75752"
},
{
"tags": [
"technical-description"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue:\u003c/p\u003e\u003cp\u003eJunos OS: 21.4R3, 22.1R3, 22.2R3, 22.3R1, and all subsequent releases.\u003c/p\u003e\u003cp\u003eJunos OS Evolved: 21.4R3-EVO, 22.1R3-EVO, 22.2R3-EVO, 22.3R1-EVO, and all subsequent releases.\u003c/p\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 21.4R3, 22.1R3, 22.2R3, 22.3R1, and all subsequent releases.\n\nJunos OS Evolved: 21.4R3-EVO, 22.1R3-EVO, 22.2R3-EVO, 22.3R1-EVO, and all subsequent releases.\n\n"
}
],
"source": {
"advisory": "JSA75752",
"defect": [
"1681394"
],
"discovery": "USER"
},
"timeline": [
{
"lang": "en",
"time": "2024-01-10T17:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Junos OS and Junos OS Evolved: In a jflow scenario continuous route churn will cause a memory leak and eventually an rpd crash",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAlthough not a workaround, it is advised to monitor the memory utilization proactively and when it reaches 85% of total RE memory, restart rpd or reboot the system.\u003c/p\u003e"
}
],
"value": "Although not a workaround, it is advised to monitor the memory utilization proactively and when it reaches 85% of total RE memory, restart rpd or reboot the system.\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-av217"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-21611",
"datePublished": "2024-01-12T00:55:22.381Z",
"dateReserved": "2023-12-27T19:38:25.709Z",
"dateUpdated": "2025-06-17T21:09:20.069Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-36849 (GCVE-0-2023-36849)
Vulnerability from cvelistv5
Published
2023-07-14 17:58
Modified
2024-10-22 14:18
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An Improper Check or Handling of Exceptional Conditions vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS).
When a malformed LLDP packet is received, l2cpd will crash and restart. The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP. Also, if any services depend on LLDP state (like PoE or VoIP device recognition), then these will also be affected. Continued receipt of such packets will lead to a sustained Denial of Service.
This issue affects:
Juniper Networks Junos OS
21.4 versions prior to 21.4R3-S3;
22.1 versions prior to 22.1R3-S3;
22.2 versions prior to 22.2R2-S1, 22.2R3;
22.3 versions prior to 22.3R2.
Juniper Networks Junos OS Evolved
21.4-EVO versions prior to 21.4R3-S2-EVO;
22.1-EVO versions prior to 22.1R3-S3-EVO;
22.2-EVO versions prior to 22.2R2-S1-EVO, 22.2R3-EVO;
22.3-EVO versions prior to 22.3R2-EVO.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: 21.4 < 21.4R3-S3 Version: 22.1 < 22.1R3-S3 Version: 22.2 < 22.2R2-S1, 22.2R3 Version: 22.3 < 22.3R2 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:01:09.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA71660"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36849",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T14:05:41.292138Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T14:18:47.090Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.4R3-S3",
"status": "affected",
"version": "21.4",
"versionType": "custom"
},
{
"lessThan": "22.1R3-S3",
"status": "affected",
"version": "22.1",
"versionType": "custom"
},
{
"lessThan": "22.2R2-S1, 22.2R3",
"status": "affected",
"version": "22.2",
"versionType": "custom"
},
{
"lessThan": "22.3R2",
"status": "affected",
"version": "22.3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.4R3-S2-EVO",
"status": "affected",
"version": "21.4",
"versionType": "custom"
},
{
"lessThan": "22.1R3-S3-EVO",
"status": "affected",
"version": "22.1",
"versionType": "custom"
},
{
"lessThan": "22.2R2-S1-EVO, 22.2R3-EVO",
"status": "affected",
"version": "22.2",
"versionType": "custom"
},
{
"lessThan": "22.3R2-EVO",
"status": "affected",
"version": "22.3",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This vulnerability is only exploitable on interfaces with LLDP enabled.\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e\u0026nbsp; [ protocols lldp interface \u0026lt;interface\u0026gt;]\u003c/tt\u003e"
}
],
"value": "This vulnerability is only exploitable on interfaces with LLDP enabled.\n\n\u00a0 [ protocols lldp interface \u003cinterface\u003e]"
}
],
"datePublic": "2023-07-12T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Check or Handling of Exceptional Conditions vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003eWhen a malformed LLDP packet is received, l2cpd will crash and restart. The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP. Also, if any services depend on LLDP state (like PoE or VoIP device recognition), then these will also be affected. Continued receipt of such packets will lead to a sustained Denial of Service.\u003cbr\u003e\u003cbr\u003eThis issue affects:\u003cbr\u003eJuniper Networks Junos OS\u003cbr\u003e21.4 versions prior to 21.4R3-S3;\u003cbr\u003e22.1 versions prior to 22.1R3-S3;\u003cbr\u003e22.2 versions prior to 22.2R2-S1, 22.2R3;\u003cbr\u003e22.3 versions prior to 22.3R2.\u003cbr\u003e\u003cbr\u003eJuniper Networks Junos OS Evolved\u003cbr\u003e21.4-EVO versions prior to 21.4R3-S2-EVO;\u003cbr\u003e22.1-EVO versions prior to 22.1R3-S3-EVO;\u003cbr\u003e22.2-EVO versions prior to 22.2R2-S1-EVO, 22.2R3-EVO;\u003cbr\u003e22.3-EVO versions prior to 22.3R2-EVO.\u003cbr\u003e"
}
],
"value": "An Improper Check or Handling of Exceptional Conditions vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS).\n\nWhen a malformed LLDP packet is received, l2cpd will crash and restart. The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP. Also, if any services depend on LLDP state (like PoE or VoIP device recognition), then these will also be affected. Continued receipt of such packets will lead to a sustained Denial of Service.\n\nThis issue affects:\nJuniper Networks Junos OS\n21.4 versions prior to 21.4R3-S3;\n22.1 versions prior to 22.1R3-S3;\n22.2 versions prior to 22.2R2-S1, 22.2R3;\n22.3 versions prior to 22.3R2.\n\nJuniper Networks Junos OS Evolved\n21.4-EVO versions prior to 21.4R3-S2-EVO;\n22.1-EVO versions prior to 22.1R3-S3-EVO;\n22.2-EVO versions prior to 22.2R2-S1-EVO, 22.2R3-EVO;\n22.3-EVO versions prior to 22.3R2-EVO.\n"
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003cbr\u003e"
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703 Improper Check or Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-14T17:58:25.911Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"url": "https://supportportal.juniper.net/JSA71660"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: \u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eJunos OS: 21.4R3-S3, 22.1R3-S3, 22.2R2-S1, 22.2R3, 22.3R2, 22.4R1, and all subsequent releases.\u003c/span\u003e\u003cbr\u003e\n\nJunos OS Evolved: 21.4R3-S2-EVO, 22.1R3-S3-EVO, 22.2R2-S1-EVO, 22.2R3-EVO, 22.3R2-EVO, 22.4R1-EVO, and all subsequent releases;\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue: \n\n\nJunos OS: 21.4R3-S3, 22.1R3-S3, 22.2R2-S1, 22.2R3, 22.3R2, 22.4R1, and all subsequent releases.\n\n\nJunos OS Evolved: 21.4R3-S2-EVO, 22.1R3-S3-EVO, 22.2R2-S1-EVO, 22.2R3-EVO, 22.3R2-EVO, 22.4R1-EVO, and all subsequent releases;\n\n"
}
],
"source": {
"advisory": "JSA71660",
"defect": [
"1692022"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: The l2cpd will crash when a malformed LLDP packet is received",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no available workarounds for this issue. \u003cbr\u003e\u003cbr\u003eIf LLDP and its services are not required, this issue can be mitigated by disabling LLDP.\u003cbr\u003e"
}
],
"value": "There are no available workarounds for this issue. \n\nIf LLDP and its services are not required, this issue can be mitigated by disabling LLDP.\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2023-36849",
"datePublished": "2023-07-14T17:58:25.911Z",
"dateReserved": "2023-06-27T16:17:25.277Z",
"dateUpdated": "2024-10-22T14:18:47.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-44176 (GCVE-0-2023-44176)
Vulnerability from cvelistv5
Published
2023-10-12 23:00
Modified
2024-09-19 13:09
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos OS allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service.
Repeated actions by the attacker will create a sustained Denial of Service (DoS) condition.
This issue affects Juniper Networks:
Junos OS:
* All versions prior to 20.4R3-S8;
* 21.2 versions prior to 21.2R3-S6;
* 21.3 versions prior to 21.3R3-S5;
* 22.1 versions prior to 22.1R3-S3;
* 22.3 versions prior to 22.3R3;
* 22.4 versions prior to 22.4R3.
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportportal.juniper.net/JSA73140 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Version: 0 ≤ Version: 21.2 ≤ Version: 21.3 ≤ Version: 22.1 ≤ Version: 22.3 ≤ Version: 22.4 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:59:51.413Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA73140"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-44176",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T13:09:49.425899Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T13:09:58.159Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.2R3-S6",
"status": "affected",
"version": "21.2",
"versionType": "semver"
},
{
"lessThan": "21.3R3-S5",
"status": "affected",
"version": "21.3",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S3",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.3R3",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-10-11T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eA Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos OS allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service.\u003c/p\u003e\u003cp\u003eRepeated actions by the attacker will create a sustained Denial of Service (DoS) condition.\u003c/p\u003e\u003cp\u003eThis issue affects Juniper Networks:\u003c/p\u003e\u003cp\u003eJunos OS:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions prior to 20.4R3-S8;\u003c/li\u003e\u003cli\u003e21.2 versions prior to 21.2R3-S6;\u003c/li\u003e\u003cli\u003e21.3 versions prior to 21.3R3-S5;\u003c/li\u003e\u003cli\u003e22.1 versions prior to 22.1R3-S3;\u003c/li\u003e\u003cli\u003e22.3 versions prior to 22.3R3;\u003c/li\u003e\u003cli\u003e22.4 versions prior to 22.4R3.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\n\n"
}
],
"value": "\nA Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos OS allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service.\n\nRepeated actions by the attacker will create a sustained Denial of Service (DoS) condition.\n\nThis issue affects Juniper Networks:\n\nJunos OS:\n\n\n\n * All versions prior to 20.4R3-S8;\n * 21.2 versions prior to 21.2R3-S6;\n * 21.3 versions prior to 21.3R3-S5;\n * 22.1 versions prior to 22.1R3-S3;\n * 22.3 versions prior to 22.3R3;\n * 22.4 versions prior to 22.4R3.\n\n\n\n\n\n\n"
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e"
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS) ",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-12T23:00:51.422Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA73140"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue:\u0026nbsp;\u003cspan style=\"background-color: var(--darkreader-bg--wht);\"\u003eJunos OS: 20.4R3-S8, 21.2R3-S6, 21.3R3-S5, 22.1R3-S3, 22.3R3, 22.4R3, 23.2R1, and all subsequent releases.\u003c/span\u003e\u003c/p\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue:\u00a0Junos OS: 20.4R3-S8, 21.2R3-S6, 21.3R3-S5, 22.1R3-S3, 22.3R3, 22.4R3, 23.2R1, and all subsequent releases.\n\n"
}
],
"source": {
"advisory": "JSA73140",
"defect": [
"1720517"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2023-10-11T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Junos OS : Stack overflow vulnerability in CLI command processing",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTo reduce the risk of malicious exploitation use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "To reduce the risk of malicious exploitation use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.\n\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-av217"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2023-44176",
"datePublished": "2023-10-12T23:00:51.422Z",
"dateReserved": "2023-09-26T19:30:17.662Z",
"dateUpdated": "2024-09-19T13:09:58.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-44187 (GCVE-0-2023-44187)
Vulnerability from cvelistv5
Published
2023-10-11 20:37
Modified
2024-09-18 14:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An Exposure of Sensitive Information vulnerability in the 'file copy' command of Junos OS Evolved allows a local, authenticated attacker with shell access to view passwords supplied on the CLI command-line. These credentials can then be used to provide unauthorized access to the remote system.
This issue affects Juniper Networks Junos OS Evolved:
* All versions prior to 20.4R3-S7-EVO;
* 21.1 versions 21.1R1-EVO and later;
* 21.2 versions prior to 21.2R3-S5-EVO;
* 21.3 versions prior to 21.3R3-S4-EVO;
* 21.4 versions prior to 21.4R3-S4-EVO;
* 22.1 versions prior to 22.1R3-S2-EVO;
* 22.2 versions prior to 22.2R2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportportal.juniper.net/JSA73151 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Version: 0 ≤ Version: 21.1R1 ≤ Version: 21.2 ≤ Version: 21.3 ≤ Version: 21.4 ≤ Version: 22.1 ≤ Version: 22.2 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:59:51.268Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA73151"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-44187",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T14:36:15.878708Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T14:36:44.931Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S7-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.1*",
"status": "affected",
"version": "21.1R1",
"versionType": "semver"
},
{
"lessThan": "21.2R3-S5-EVO",
"status": "affected",
"version": "21.2",
"versionType": "semver"
},
{
"lessThan": "21.3R3-S4-EVO",
"status": "affected",
"version": "21.3",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S4-EVO",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S2-EVO",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R2-EVO",
"status": "affected",
"version": "22.2",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-10-11T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Exposure of Sensitive Information vulnerability in the \u0027file copy\u0027 command of Junos OS Evolved allows a local, authenticated attacker with shell access to view passwords supplied on the CLI command-line. These credentials can then be used to provide unauthorized access to the remote system.\u003cbr\u003e\u003cbr\u003eThis issue affects Juniper Networks Junos OS Evolved:\u003cbr\u003e\u003cul\u003e\u003cli\u003eAll versions prior to 20.4R3-S7-EVO;\u003c/li\u003e\u003cli\u003e21.1 versions 21.1R1-EVO and later;\u003c/li\u003e\u003cli\u003e21.2 versions prior to 21.2R3-S5-EVO;\u003c/li\u003e\u003cli\u003e21.3 versions prior to 21.3R3-S4-EVO;\u003c/li\u003e\u003cli\u003e21.4 versions prior to 21.4R3-S4-EVO;\u003c/li\u003e\u003cli\u003e22.1 versions prior to 22.1R3-S2-EVO;\u003c/li\u003e\u003cli\u003e22.2 versions prior to 22.2R2-EVO.\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "An Exposure of Sensitive Information vulnerability in the \u0027file copy\u0027 command of Junos OS Evolved allows a local, authenticated attacker with shell access to view passwords supplied on the CLI command-line. These credentials can then be used to provide unauthorized access to the remote system.\n\nThis issue affects Juniper Networks Junos OS Evolved:\n * All versions prior to 20.4R3-S7-EVO;\n * 21.1 versions 21.1R1-EVO and later;\n * 21.2 versions prior to 21.2R3-S5-EVO;\n * 21.3 versions prior to 21.3R3-S4-EVO;\n * 21.4 versions prior to 21.4R3-S4-EVO;\n * 22.1 versions prior to 22.1R3-S2-EVO;\n * 22.2 versions prior to 22.2R2-EVO.\n\n\n"
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e"
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-11T21:09:50.294Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA73151"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue: Junos OS Evolved 20.4R3-S7-EVO, 21.2R3-S5-EVO, 21.3R3-S4-EVO, 21.4R3-S4-EVO, 22.1R3-S2-EVO, 22.2R2-EVO, 22.3R1-EVO, and all subsequent releases.\u003c/p\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved 20.4R3-S7-EVO, 21.2R3-S5-EVO, 21.3R3-S4-EVO, 21.4R3-S4-EVO, 22.1R3-S2-EVO, 22.2R2-EVO, 22.3R1-EVO, and all subsequent releases.\n\n"
}
],
"source": {
"advisory": "JSA73151",
"defect": [
"1639609"
],
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2023-10-11T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Junos OS Evolved: \u0027file copy\u0027 CLI command can disclose password to shell users",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRestrict Junos OS Evolved shell access to trusted users only.\u003c/p\u003e\u003cp\u003eAvoid or disallow the use of the \u0027file copy\u0027 command.\u003c/p\u003e"
}
],
"value": "Restrict Junos OS Evolved shell access to trusted users only.\n\nAvoid or disallow the use of the \u0027file copy\u0027 command.\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-av217"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2023-44187",
"datePublished": "2023-10-11T20:37:23.379Z",
"dateReserved": "2023-09-26T19:30:27.953Z",
"dateUpdated": "2024-09-18T14:36:44.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-30409 (GCVE-0-2024-30409)
Vulnerability from cvelistv5
Published
2024-04-12 15:03
Modified
2024-08-02 01:32
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
Summary
An Improper Check for Unusual or Exceptional Conditions vulnerability in telemetry processing of Juniper Networks Junos OS and Junos OS Evolved allows a network-based authenticated attacker to cause the forwarding information base telemetry daemon (fibtd) to crash, leading to a limited Denial of Service.
This issue affects Juniper Networks
Junos OS:
* from 22.1 before 22.1R1-S2, 22.1R2.
Junos OS Evolved:
* from 22.1 before 22.1R1-S2-EVO, 22.1R2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportportal.juniper.net/JSA79099 | vendor-advisory | |
| https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N | technical-description |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: 22.1 ≤ |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:juniper:junos:22.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos",
"vendor": "juniper",
"versions": [
{
"lessThan": "22.1r1-s2",
"status": "affected",
"version": "22.1",
"versionType": "custom"
},
{
"lessThan": "22.1r2",
"status": "affected",
"version": "22.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:juniper:junos_os_evolved:22.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos_os_evolved",
"vendor": "juniper",
"versions": [
{
"lessThan": "22.1r1-s2",
"status": "affected",
"version": "22.1",
"versionType": "custom"
},
{
"lessThan": "22.1r2",
"status": "affected",
"version": "22.1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-30409",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T13:45:37.345803Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T13:59:16.388Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:32:07.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA79099"
},
{
"tags": [
"technical-description",
"x_transferred"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "22.1R1-S2, 22.1R2",
"status": "affected",
"version": "22.1",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "22.1R1-S2-EVO, 22.1R2-EVO",
"status": "affected",
"version": "22.1-EVO",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is seen if the following conditions are met:\u003cul\u003e\u003cli\u003eTelemetry subscription is active and Fib-streaming is enabled.\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "This issue is seen if the following conditions are met: * Telemetry subscription is active and Fib-streaming is enabled."
}
],
"datePublic": "2024-04-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn Improper Check for Unusual or Exceptional Conditions vulnerability in telemetry processing of Juniper Networks Junos OS and Junos OS Evolved allows a network-based authenticated attacker to cause the forwarding information base telemetry daemon (fibtd) to crash, leading to a limited Denial of Service.\u0026nbsp;\u003cbr\u003e\u003c/span\u003e\u003cbr\u003eThis issue affects Juniper Networks\u003cbr\u003e\u003cbr\u003e Junos OS:\u003cbr\u003e\u003cul\u003e\u003cli\u003efrom 22.1 before 22.1R1-S2, 22.1R2.\u003c/li\u003e\u003c/ul\u003eJunos OS Evolved:\u0026nbsp;\u003cbr\u003e\u003cul\u003e\u003cli\u003efrom 22.1 before 22.1R1-S2-EVO, 22.1R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in telemetry processing of Juniper Networks Junos OS and Junos OS Evolved allows a network-based authenticated attacker to cause the forwarding information base telemetry daemon (fibtd) to crash, leading to a limited Denial of Service.\u00a0\n\nThis issue affects Juniper Networks\n\n Junos OS:\n * from 22.1 before 22.1R1-S2, 22.1R2.\n\n\nJunos OS Evolved:\u00a0\n * from 22.1 before 22.1R1-S2-EVO, 22.1R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e"
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service(DoS)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:01:36.530Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA79099"
},
{
"tags": [
"technical-description"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue:\u0026nbsp;\u003c/p\u003eJunos OS:\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e22.1R1-S2, 22.1R2, 22.2R1, 22.2R2, 22.3R1, 22.4R1, and all subsequent releases.\u003c/span\u003e\u003cbr\u003e\u003cp\u003eJunos OS Evolved: 22.1R1-S2-EVO, 22.1R2-EVO, 22.2R1-EVO, 22.2R2-EVO, 22.3R1-EVO, 22.4R1-EVO, and all subsequent releases.\u003c/p\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue:\u00a0\n\nJunos OS:\u00a022.1R1-S2, 22.1R2, 22.2R1, 22.2R2, 22.3R1, 22.4R1, and all subsequent releases.\nJunos OS Evolved: 22.1R1-S2-EVO, 22.1R2-EVO, 22.2R1-EVO, 22.2R2-EVO, 22.3R1-EVO, 22.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA79099",
"defect": [
"1658771"
],
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-04-10T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Junos OS and Junos OS Evolved: Higher CPU consumption on routing engine leads to Denial of Service (DoS).",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are no known workarounds for this issue\u003c/p\u003e"
}
],
"value": "There are no known workarounds for this issue"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-av217"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-30409",
"datePublished": "2024-04-12T15:03:21.656Z",
"dateReserved": "2024-03-26T23:06:21.368Z",
"dateUpdated": "2024-08-02T01:32:07.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-31358 (GCVE-0-2021-31358)
Vulnerability from cvelistv5
Published
2021-10-19 18:16
Modified
2024-09-16 19:50
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A command injection vulnerability in sftp command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to execute arbitrary shell commands within the context of the current user. The vulnerability allows an attacker to bypass command authorization restrictions assigned to their specific user account and execute commands that are available to the privilege level for which the user is assigned. For example, a user that is in the super-user login class, but restricted to executing specific CLI commands could exploit the vulnerability to execute any other command available to an unrestricted admin user. This vulnerability does not increase the privilege level of the user, but rather bypasses any CLI command restrictions by allowing full access to the shell. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-S2-EVO; 21.1 versions prior to 21.1R2-EVO; 21.2 versions prior to 21.2R1-S1-EVO, 21.2R2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA11221 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Version: unspecified < 20.4R2-S2-EVO Version: 21.1 < 21.1R2-EVO Version: 21.2 < 21.2R1-S1-EVO, 21.2R2-EVO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:55:53.724Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11221"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R2-S2-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "21.1R2-EVO",
"status": "affected",
"version": "21.1",
"versionType": "custom"
},
{
"lessThan": "21.2R1-S1-EVO, 21.2R2-EVO",
"status": "affected",
"version": "21.2",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-10-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability in sftp command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to execute arbitrary shell commands within the context of the current user. The vulnerability allows an attacker to bypass command authorization restrictions assigned to their specific user account and execute commands that are available to the privilege level for which the user is assigned. For example, a user that is in the super-user login class, but restricted to executing specific CLI commands could exploit the vulnerability to execute any other command available to an unrestricted admin user. This vulnerability does not increase the privilege level of the user, but rather bypasses any CLI command restrictions by allowing full access to the shell. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-S2-EVO; 21.1 versions prior to 21.1R2-EVO; 21.2 versions prior to 21.2R1-S1-EVO, 21.2R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-19T18:16:42",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11221"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved 20.4R2-S2-EVO, 21.1R2-EVO, 21.2R1-S1-EVO, 21.2R2-EVO, 21.3R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11221",
"defect": [
"1596123"
],
"discovery": "INTERNAL"
},
"title": "Junos OS Evolved: shell-injection vulnerabilities in evo_sftp UI wrapper script",
"workarounds": [
{
"lang": "en",
"value": "Use access lists or firewall filters to limit access to the device via CLI only from trusted hosts and from trusted administrators.\n\nLimit access to the \u0027file copy\u0027 command to authorized administrators."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-10-13T16:00:00.000Z",
"ID": "CVE-2021-31358",
"STATE": "PUBLIC",
"TITLE": "Junos OS Evolved: shell-injection vulnerabilities in evo_sftp UI wrapper script"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "20.4R2-S2-EVO"
},
{
"version_affected": "\u003c",
"version_name": "21.1",
"version_value": "21.1R2-EVO"
},
{
"version_affected": "\u003c",
"version_name": "21.2",
"version_value": "21.2R1-S1-EVO, 21.2R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A command injection vulnerability in sftp command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to execute arbitrary shell commands within the context of the current user. The vulnerability allows an attacker to bypass command authorization restrictions assigned to their specific user account and execute commands that are available to the privilege level for which the user is assigned. For example, a user that is in the super-user login class, but restricted to executing specific CLI commands could exploit the vulnerability to execute any other command available to an unrestricted admin user. This vulnerability does not increase the privilege level of the user, but rather bypasses any CLI command restrictions by allowing full access to the shell. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-S2-EVO; 21.1 versions prior to 21.1R2-EVO; 21.2 versions prior to 21.2R1-S1-EVO, 21.2R2-EVO."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11221",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11221"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved 20.4R2-S2-EVO, 21.1R2-EVO, 21.2R1-S1-EVO, 21.2R2-EVO, 21.3R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11221",
"defect": [
"1596123"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Use access lists or firewall filters to limit access to the device via CLI only from trusted hosts and from trusted administrators.\n\nLimit access to the \u0027file copy\u0027 command to authorized administrators."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-31358",
"datePublished": "2021-10-19T18:16:42.670204Z",
"dateReserved": "2021-04-15T00:00:00",
"dateUpdated": "2024-09-16T19:50:43.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39558 (GCVE-0-2024-39558)
Vulnerability from cvelistv5
Published
2024-07-10 22:40
Modified
2024-08-13 20:36
Severity ?
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.1 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/R:A
7.1 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/R:A
VLAI Severity ?
EPSS score ?
Summary
An Unchecked Return Value vulnerability in the Routing Protocol Daemon (rpd) on Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows a logically adjacent, unauthenticated attacker sending a specific PIM packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS), when PIM is configured with Multicast-only Fast Reroute (MoFRR). Continued receipt and processing of this packet may create a sustained Denial of Service (DoS) condition.
This issue is observed on Junos and Junos Evolved platforms where PIM is configured along with MoFRR. MoFRR tries to select the active path, but due to an internal timing issue, rpd is unable to select the forwarding next-hop towards the source, resulting in an rpd crash.
This issue affects:
Junos OS:
* All versions before 20.4R3-S10,
* from 21.2 before 21.2R3-S7,
* from 21.4 before 21.4R3-S6,
* from 22.1 before 22.1R3-S5,
* from 22.2 before 22.2R3-S3,
* from 22.3 before 22.3R3,
* from 22.4 before 22.4R2;
Junos OS Evolved:
* All versions before 20.4R3-S10 -EVO,
* All versions of 21.2-EVO,
* from 21.4-EVO before 21.4R3-S9-EVO,
* from 22.1-EVO before 22.1R3-S5-EVO,
* from 22.2-EVO before 22.2R3-S3-EVO,
* from 22.3-EVO before 22.3R3-EVO,
* from 22.4-EVO before 22.4R2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportportal.juniper.net/JSA83018 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: 0 ≤ Version: 21.2 ≤ Version: 21.4 ≤ Version: 22.1 ≤ Version: 22.2 ≤ Version: 22.3 ≤ Version: 22.4 ≤ |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:juniper:junos_os:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos_os",
"vendor": "juniper",
"versions": [
{
"lessThan": "20.4R3-S10",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.2R3-S7",
"status": "affected",
"version": "21.2",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S6",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S5",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S3",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R2",
"status": "affected",
"version": "22.4",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos_os_evolved",
"vendor": "juniper",
"versions": [
{
"lessThan": "20.4R3-S10-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.2*-EVO",
"status": "affected",
"version": "21.2R1-EVO",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S9-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S5-EVO",
"status": "affected",
"version": "22.1-EVO",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S3-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R3-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R2-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39558",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T14:25:31.554466Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T20:36:57.726Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.994Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA83018"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S10",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.2R3-S7",
"status": "affected",
"version": "21.2",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S6",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S5",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S3",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R2",
"status": "affected",
"version": "22.4",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S10-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.2*-EVO",
"status": "affected",
"version": "21.2R1-EVO",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S9-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S5-EVO",
"status": "affected",
"version": "22.1-EVO",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S3-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R3-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R2-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue only affects systems with PIM and MoFRR enabled.\u0026nbsp; For example:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ protocols pim ]\u003cbr\u003e[ routing-options multicast stream-protection ]\u003c/tt\u003e"
}
],
"value": "This issue only affects systems with PIM and MoFRR enabled.\u00a0 For example:\n\n[ protocols pim ]\n[ routing-options multicast stream-protection ]"
}
],
"datePublic": "2024-07-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Unchecked Return Value vulnerability in the Routing Protocol Daemon (rpd) on Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows a logically adjacent, unauthenticated attacker sending a specific PIM packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS), when PIM is configured with Multicast-only Fast Reroute (MoFRR). Continued receipt and processing of this packet may create a sustained Denial of Service (DoS) condition.\u003cbr\u003e\u003cbr\u003eThis issue is observed on Junos and Junos Evolved platforms where PIM is configured along with MoFRR. MoFRR tries to select the active path, but due to an internal timing issue, rpd is unable to select the forwarding next-hop towards the source, resulting in an rpd crash.\u003cbr\u003e\u003cbr\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJunos OS: \u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 20.4R3-S10, \u003c/li\u003e\u003cli\u003efrom 21.2 before 21.2R3-S7, \u003c/li\u003e\u003cli\u003efrom 21.4 before 21.4R3-S6, \u003c/li\u003e\u003cli\u003efrom 22.1 before 22.1R3-S5, \u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S3, \u003c/li\u003e\u003cli\u003efrom 22.3 before 22.3R3, \u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R2;\u0026nbsp;\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eJunos OS Evolved: \u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 20.4R3-S10 -EVO,\u003c/li\u003e\u003cli\u003eAll versions of 21.2-EVO,\u003c/li\u003e\u003cli\u003efrom 21.4-EVO before 21.4R3-S9-EVO,\u003c/li\u003e\u003cli\u003efrom 22.1-EVO before 22.1R3-S5-EVO,\u003c/li\u003e\u003cli\u003efrom 22.2-EVO before 22.2R3-S3-EVO,\u003c/li\u003e\u003cli\u003efrom 22.3-EVO before 22.3R3-EVO,\u003c/li\u003e\u003cli\u003efrom 22.4-EVO before 22.4R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "An Unchecked Return Value vulnerability in the Routing Protocol Daemon (rpd) on Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows a logically adjacent, unauthenticated attacker sending a specific PIM packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS), when PIM is configured with Multicast-only Fast Reroute (MoFRR). Continued receipt and processing of this packet may create a sustained Denial of Service (DoS) condition.\n\nThis issue is observed on Junos and Junos Evolved platforms where PIM is configured along with MoFRR. MoFRR tries to select the active path, but due to an internal timing issue, rpd is unable to select the forwarding next-hop towards the source, resulting in an rpd crash.\n\nThis issue affects:\n\nJunos OS: \n\n\n * All versions before 20.4R3-S10, \n * from 21.2 before 21.2R3-S7, \n * from 21.4 before 21.4R3-S6, \n * from 22.1 before 22.1R3-S5, \n * from 22.2 before 22.2R3-S3, \n * from 22.3 before 22.3R3, \n * from 22.4 before 22.4R2;\u00a0\n\n\n\n\nJunos OS Evolved: \n\n\n * All versions before 20.4R3-S10 -EVO,\n * All versions of 21.2-EVO,\n * from 21.4-EVO before 21.4R3-S9-EVO,\n * from 22.1-EVO before 22.1R3-S5-EVO,\n * from 22.2-EVO before 22.2R3-S3-EVO,\n * from 22.3-EVO before 22.3R3-EVO,\n * from 22.4-EVO before 22.4R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/R:A",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-252",
"description": "CWE-252 Unchecked Return Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T20:50:13.375Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA83018"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue:\u003cbr\u003eJunos: 20.4R3-S10, 21.2R3-S7, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3, 22.4R2, 23.2R1, and all subsequent releases.\u003cbr\u003eJunos OS Evolved: 20.4R3-S10-EVO, 21.4R3-S9-EVO, 22.1R3-S5-EVO, 22.2R3-S3-EVO, 22.3R3-EVO, 22.4R2-EVO, 23.2R1-EVO, and all subsequent releases.\u003cbr\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue:\nJunos: 20.4R3-S10, 21.2R3-S7, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3, 22.4R2, 23.2R1, and all subsequent releases.\nJunos OS Evolved: 20.4R3-S10-EVO, 21.4R3-S9-EVO, 22.1R3-S5-EVO, 22.2R3-S3-EVO, 22.3R3-EVO, 22.4R2-EVO, 23.2R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA83018",
"defect": [
"1709038"
],
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-07-10T16:00:00.000Z",
"value": "Initial Publication"
},
{
"lang": "en",
"time": "2024-08-08T21:00:00.000Z",
"value": "Updated list of EVO affected and fixed releases"
}
],
"title": "Junos OS and Junos OS Evolved: Receipt of specific PIM packet causes rpd crash when PIM is configured along with MoFRR",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-39558",
"datePublished": "2024-07-10T22:40:44.365Z",
"dateReserved": "2024-06-25T15:12:53.247Z",
"dateUpdated": "2024-08-13T20:36:57.726Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1620 (GCVE-0-2020-1620)
Vulnerability from cvelistv5
Published
2020-04-08 19:25
Modified
2024-09-17 04:25
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A local, authenticated user with shell can obtain the hashed values of login passwords via configd streamer log. This issue affects all versions of Junos OS Evolved prior to 19.3R1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA11003 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Version: unspecified < 19.3R1-EVO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:29.772Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11003"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "19.3R1-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A local, authenticated user with shell can obtain the hashed values of login passwords via configd streamer log. This issue affects all versions of Junos OS Evolved prior to 19.3R1."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-664",
"description": "CWE-664 Improper Control of a Resource Through its Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-09T23:09:15",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11003"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 19.3R1-EVO and all subsequent releases."
}
],
"source": {
"advisory": "JSA11003",
"defect": [
"1406189"
],
"discovery": "INTERNAL"
},
"title": "Junos OS Evolved: Configd leaks hashes via log file and is world readable",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-04-08T16:00:00.000Z",
"ID": "CVE-2020-1620",
"STATE": "PUBLIC",
"TITLE": "Junos OS Evolved: Configd leaks hashes via log file and is world readable"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "19.3R1-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A local, authenticated user with shell can obtain the hashed values of login passwords via configd streamer log. This issue affects all versions of Junos OS Evolved prior to 19.3R1."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-664 Improper Control of a Resource Through its Lifetime"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11003",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11003"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 19.3R1-EVO and all subsequent releases."
}
],
"source": {
"advisory": "JSA11003",
"defect": [
"1406189"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2020-1620",
"datePublished": "2020-04-08T19:25:55.765863Z",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-09-17T04:25:35.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22219 (GCVE-0-2022-22219)
Vulnerability from cvelistv5
Published
2022-10-18 02:46
Modified
2025-05-12 14:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Due to the Improper Handling of an Unexpected Data Type in the processing of EVPN routes on Juniper Networks Junos OS and Junos OS Evolved, an attacker in direct control of a BGP client connected to a route reflector, or via a machine in the middle (MITM) attack, can send a specific EVPN route contained within a BGP Update, triggering a routing protocol daemon (RPD) crash, leading to a Denial of Service (DoS) condition. Continued receipt and processing of these specific EVPN routes could create a sustained Denial of Service (DoS) condition. This issue only occurs on BGP route reflectors, only within a BGP EVPN multicast environment, and only when one or more BGP clients have 'leave-sync-route-oldstyle' enabled. This issue affects: Juniper Networks Junos OS 21.3 versions prior to 21.3R3-S2; 21.4 versions prior to 21.4R2-S2, 21.4R3; 22.1 versions prior to 22.1R1-S2, 22.1R3; 22.2 versions prior to 22.2R2. Juniper Networks Junos OS Evolved 21.3 version 21.3R1-EVO and later versions prior to 21.4R3-EVO; 22.1 versions prior to 22.1R1-S2-EVO, 22.1R3-EVO; 22.2 versions prior to 22.2R2-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 21.3R1. Juniper Networks Junos OS Evolved versions prior to 21.3R1-EVO.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Patch: unspecified Version: 21.3 < 21.3R3-S2 Version: 21.4 < 21.4R2-S2, 21.4R3 Version: 22.1 < 22.1R1-S2, 22.1R3 Version: 22.2 < 22.2R2 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:07:50.389Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.juniper.net/JSA69898"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.juniper.net/documentation/us/en/software/junos/evpn-vxlan/topics/ref/statement/evpn-edit-routing-instances-protocols.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-22219",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-12T14:43:38.666053Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-12T14:43:47.381Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThanOrEqual": "21.3R1",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "21.3R3-S2",
"status": "affected",
"version": "21.3",
"versionType": "custom"
},
{
"lessThan": "21.4R2-S2, 21.4R3",
"status": "affected",
"version": "21.4",
"versionType": "custom"
},
{
"lessThan": "22.1R1-S2, 22.1R3",
"status": "affected",
"version": "22.1",
"versionType": "custom"
},
{
"lessThan": "22.2R2",
"status": "affected",
"version": "22.2",
"versionType": "custom"
}
]
},
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.3R1-EVO",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "21.3*",
"status": "affected",
"version": "21.3R1-EVO",
"versionType": "custom"
},
{
"lessThan": "21.4R3-EVO",
"status": "affected",
"version": "21.4",
"versionType": "custom"
},
{
"lessThan": "22.1R1-S2-EVO, 22.1R3-EVO",
"status": "affected",
"version": "22.1",
"versionType": "custom"
},
{
"lessThan": "22.2R2-EVO",
"status": "affected",
"version": "22.2",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "This issue can occur when the following configuration is enabled on the route reflector clients:\n\n [protocols evpn leave-sync-route-oldstyle]\n\nand when EVPN is configured on the route reflector: \n\n [protocols evpn]"
}
],
"datePublic": "2022-10-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Due to the Improper Handling of an Unexpected Data Type in the processing of EVPN routes on Juniper Networks Junos OS and Junos OS Evolved, an attacker in direct control of a BGP client connected to a route reflector, or via a machine in the middle (MITM) attack, can send a specific EVPN route contained within a BGP Update, triggering a routing protocol daemon (RPD) crash, leading to a Denial of Service (DoS) condition. Continued receipt and processing of these specific EVPN routes could create a sustained Denial of Service (DoS) condition. This issue only occurs on BGP route reflectors, only within a BGP EVPN multicast environment, and only when one or more BGP clients have \u0027leave-sync-route-oldstyle\u0027 enabled. This issue affects: Juniper Networks Junos OS 21.3 versions prior to 21.3R3-S2; 21.4 versions prior to 21.4R2-S2, 21.4R3; 22.1 versions prior to 22.1R1-S2, 22.1R3; 22.2 versions prior to 22.2R2. Juniper Networks Junos OS Evolved 21.3 version 21.3R1-EVO and later versions prior to 21.4R3-EVO; 22.1 versions prior to 22.1R1-S2-EVO, 22.1R3-EVO; 22.2 versions prior to 22.2R2-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 21.3R1. Juniper Networks Junos OS Evolved versions prior to 21.3R1-EVO."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-241",
"description": "CWE-241 Improper Handling of Unexpected Data Type",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-18T00:00:00.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"url": "https://kb.juniper.net/JSA69898"
},
{
"url": "https://www.juniper.net/documentation/us/en/software/junos/evpn-vxlan/topics/ref/statement/evpn-edit-routing-instances-protocols.html"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue:\nJunos OS 21.3R3-S2, 21.4R2-S2, 21.4R3, 22.1R1-S2, 22.1R3, 22.2R2, 22.3R1, and all subsequent releases.\nJunos OS Evolved 21.4R3-EVO, 22.1R1-S2-EVO, 22.1R3-EVO, 22.2R2-EVO, 22.3R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA69898",
"defect": [
"1675054"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: RPD core upon receipt of a specific EVPN route by a BGP route reflector in an EVPN environment",
"workarounds": [
{
"lang": "en",
"value": "Enabling \u0027leave-sync-route-oldstyle\u0027 on the BGP route reflector will mitigate the RPD crash, but BGP sessions may still be torn down if one or more clients have \u0027leave-sync-route-oldstyle\u0027 enabled."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2022-22219",
"datePublished": "2022-10-18T02:46:22.897Z",
"dateReserved": "2021-12-21T00:00:00.000Z",
"dateUpdated": "2025-05-12T14:43:47.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21618 (GCVE-0-2024-21618)
Vulnerability from cvelistv5
Published
2024-04-12 14:55
Modified
2024-08-01 22:27
Severity ?
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.1 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
7.1 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
VLAI Severity ?
EPSS score ?
Summary
An Access of Memory Location After End of Buffer vulnerability in the Layer-2 Control Protocols Daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause Denial of Service (DoS).
On all Junos OS and Junos OS Evolved platforms, when LLDP is enabled on a specific interface, and a malformed LLDP packet is received, l2cpd crashes and restarts. The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP. Also, if any services depend on LLDP state (like PoE or VoIP device recognition), then these will also be affected.
This issue affects:
Junos OS:
* from 21.4 before 21.4R3-S4,
* from 22.1 before 22.1R3-S4,
* from 22.2 before 22.2R3-S2,
* from 22.3 before 22.3R2-S2, 22.3R3-S1,
* from 22.4 before 22.4R3,
* from 23.2 before 23.2R2.
Junos OS Evolved:
* from 21.4-EVO before 21.4R3-S5-EVO,
* from 22.1-EVO before 22.1R3-S4-EVO,
* from 22.2-EVO before 22.2R3-S2-EVO,
* from 22.3-EVO before 22.3R2-S2-EVO, 22.3R3-S1-EVO,
* from 22.4-EVO before 22.4R3-EVO,
* from 23.2-EVO before 23.2R2-EVO.
This issue does not affect:
* Junos OS versions prior to 21.4R1;
* Junos OS Evolved versions prior to 21.4R1-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportportal.juniper.net/JSA75759 | vendor-advisory | |
| https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L | technical-description |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: 21.4 ≤ Version: 22.1 ≤ Version: 22.2 ≤ Version: 22.3 ≤ Version: 22.4 ≤ Version: 23.2 ≤ |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21618",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T13:59:35.301594Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T13:59:57.501Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:35.779Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA75759"
},
{
"tags": [
"technical-description",
"x_transferred"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.4R3-S4",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S4",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S2",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R2-S2, 22.3R3-S1",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "21.4R1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.4R3-S5-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S4-EVO",
"status": "affected",
"version": "22.1-EVO",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S2-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R2-S2-EVO, 22.3R3-S1-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R3-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
},
{
"lessThan": "23.2R2-EVO",
"status": "affected",
"version": "23.2-EVO",
"versionType": "semver"
},
{
"lessThan": "21.4R1-EVO",
"status": "unaffected",
"version": "0",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThis vulnerability is only exploitable on interfaces with LLDP enabled.\u003c/p\u003e\u003ctt\u003e\u0026nbsp; [protocols lldp interface]\u003c/tt\u003e"
}
],
"value": "This vulnerability is only exploitable on interfaces with LLDP enabled.\n\n\u00a0 [protocols lldp interface]"
}
],
"datePublic": "2024-04-10T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Access of Memory Location After End of Buffer vulnerability in the Layer-2 Control Protocols Daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003eOn all Junos OS and Junos OS Evolved platforms, when LLDP is enabled on a specific interface, and a malformed LLDP packet is received, l2cpd crashes and restarts. The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP. Also, if any services depend on LLDP state (like PoE or VoIP device recognition), then these will also be affected.\u003cbr\u003e\u003cbr\u003eThis issue affects:\u003cbr\u003e\u003cbr\u003eJunos OS:\u003cbr\u003e\u003cul\u003e\u003cli\u003efrom 21.4 before 21.4R3-S4,\u0026nbsp;\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 22.1 before 22.1R3-S4,\u0026nbsp;\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S2,\u0026nbsp;\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 22.3 before 22.3R2-S2, 22.3R3-S1,\u0026nbsp;\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3,\u0026nbsp;\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2.\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e Junos OS Evolved:\u003cbr\u003e\u003cul\u003e\u003cli\u003efrom 21.4-EVO before 21.4R3-S5-EVO,\u0026nbsp;\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 22.1-EVO before 22.1R3-S4-EVO,\u0026nbsp;\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 22.2-EVO before 22.2R3-S2-EVO,\u0026nbsp;\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 22.3-EVO before 22.3R2-S2-EVO, 22.3R3-S1-EVO,\u0026nbsp;\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 22.4-EVO before 22.4R3-EVO,\u0026nbsp;\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 23.2-EVO before 23.2R2-EVO.\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003eThis issue does not affect:\u003cbr\u003e\u003cul\u003e\u003cli\u003eJunos OS versions prior to 21.4R1;\u003cbr\u003e\u003c/li\u003e\u003cli\u003eJunos OS Evolved versions prior to 21.4R1-EVO.\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "An Access of Memory Location After End of Buffer vulnerability in the Layer-2 Control Protocols Daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause Denial of Service (DoS).\n\nOn all Junos OS and Junos OS Evolved platforms, when LLDP is enabled on a specific interface, and a malformed LLDP packet is received, l2cpd crashes and restarts. The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP. Also, if any services depend on LLDP state (like PoE or VoIP device recognition), then these will also be affected.\n\nThis issue affects:\n\nJunos OS:\n * from 21.4 before 21.4R3-S4,\u00a0\n\n * from 22.1 before 22.1R3-S4,\u00a0\n\n * from 22.2 before 22.2R3-S2,\u00a0\n\n * from 22.3 before 22.3R2-S2, 22.3R3-S1,\u00a0\n\n * from 22.4 before 22.4R3,\u00a0\n\n * from 23.2 before 23.2R2.\n\n\n\n\n Junos OS Evolved:\n * from 21.4-EVO before 21.4R3-S5-EVO,\u00a0\n\n * from 22.1-EVO before 22.1R3-S4-EVO,\u00a0\n\n * from 22.2-EVO before 22.2R3-S2-EVO,\u00a0\n\n * from 22.3-EVO before 22.3R2-S2-EVO, 22.3R3-S1-EVO,\u00a0\n\n * from 22.4-EVO before 22.4R3-EVO,\u00a0\n\n * from 23.2-EVO before 23.2R2-EVO.\n\n\n\n\nThis issue does not affect:\n * Junos OS versions prior to 21.4R1;\n\n * Junos OS Evolved versions prior to 21.4R1-EVO."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e"
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-788",
"description": "CWE-788: Access of Memory Location After End of Buffer",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:12:38.203Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA75759"
},
{
"tags": [
"technical-description"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue:\u003c/p\u003e\u003cp\u003eJunos OS: 21.4R3-S4, 22.1R3-S4, 22.2R3-S2, 22.3R2-S2, 22.3R3-S1, 22.4R3, 23.2R2, 23.4R1 and all subsequent releases.\u003c/p\u003e\u003cp\u003eJunos OS Evolved: 21.4R3-S5-EVO, 22.1R3-S4-EVO, 22.2R3-S2-EVO, 22.3R2-S2-EVO, 22.3R3-S1-EVO, 22.4R3-EVO, 23.2R2-EVO, 23.4R1-EVO and all subsequent releases.\u003c/p\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 21.4R3-S4, 22.1R3-S4, 22.2R3-S2, 22.3R2-S2, 22.3R3-S1, 22.4R3, 23.2R2, 23.4R1 and all subsequent releases.\n\nJunos OS Evolved: 21.4R3-S5-EVO, 22.1R3-S4-EVO, 22.2R3-S2-EVO, 22.3R2-S2-EVO, 22.3R3-S1-EVO, 22.4R3-EVO, 23.2R2-EVO, 23.4R1-EVO and all subsequent releases."
}
],
"source": {
"advisory": "JSA75759",
"defect": [
"1747039"
],
"discovery": "USER"
},
"timeline": [
{
"lang": "en",
"time": "2024-04-10T17:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Junos OS and Junos OS Evolved: When LLDP is enabled and a malformed LLDP packet is received, l2cpd crashes",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are no available workarounds for this issue.\u003c/p\u003e\u003cp\u003e\u200b\u200b\u200b\u200b\u200b\u200b\u200b\u003c/p\u003e\u003cp\u003eBut if LLDP and its services are not required, customers can disable LLDP.\u003c/p\u003e"
}
],
"value": "There are no available workarounds for this issue.\n\n\u200b\u200b\u200b\u200b\u200b\u200b\u200b\n\nBut if LLDP and its services are not required, customers can disable LLDP."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-av217"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-21618",
"datePublished": "2024-04-12T14:55:52.241Z",
"dateReserved": "2023-12-27T19:38:25.710Z",
"dateUpdated": "2024-08-01T22:27:35.779Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1681 (GCVE-0-2020-1681)
Vulnerability from cvelistv5
Published
2020-10-16 20:31
Modified
2024-09-16 16:13
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Receipt of a specifically malformed NDP packet sent from the local area network (LAN) to a device running Juniper Networks Junos OS Evolved can cause the ndp process to crash, resulting in a Denial of Service (DoS). The process automatically restarts without intervention, but a continuous receipt of the malformed NDP packets could leaded to an extended Denial of Service condition. During this time, IPv6 neighbor learning will be affected. The issue occurs when parsing the incoming malformed NDP packet. Rather than simply discarding the packet, the process asserts, performing a controlled exit and restart, thereby avoiding any chance of an unhandled exception. Exploitation of this vulnerability is limited to a temporary denial of service, and cannot be leveraged to cause additional impact on the system. This issue is limited to the processing of IPv6 NDP packets. IPv4 packet processing cannot trigger, and is unaffected by this vulnerability. This issue affects all Juniper Networks Junos OS Evolved versions prior to 20.1R2-EVO. Junos OS is unaffected by this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA11078 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Version: all < 20.1R2-EVO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:29.787Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11078"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.1R2-EVO",
"status": "affected",
"version": "all",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-10-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Receipt of a specifically malformed NDP packet sent from the local area network (LAN) to a device running Juniper Networks Junos OS Evolved can cause the ndp process to crash, resulting in a Denial of Service (DoS). The process automatically restarts without intervention, but a continuous receipt of the malformed NDP packets could leaded to an extended Denial of Service condition. During this time, IPv6 neighbor learning will be affected. The issue occurs when parsing the incoming malformed NDP packet. Rather than simply discarding the packet, the process asserts, performing a controlled exit and restart, thereby avoiding any chance of an unhandled exception. Exploitation of this vulnerability is limited to a temporary denial of service, and cannot be leveraged to cause additional impact on the system. This issue is limited to the processing of IPv6 NDP packets. IPv4 packet processing cannot trigger, and is unaffected by this vulnerability. This issue affects all Juniper Networks Junos OS Evolved versions prior to 20.1R2-EVO. Junos OS is unaffected by this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755 Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-16T20:31:34",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11078"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved 20.1R2-EVO, 20.2R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11078",
"defect": [
"1494128"
],
"discovery": "INTERNAL"
},
"title": "Junos OS Evolved: Receipt of a specifically malformed NDP packet could lead to Denial of Service",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-10-14T16:00:00.000Z",
"ID": "CVE-2020-1681",
"STATE": "PUBLIC",
"TITLE": "Junos OS Evolved: Receipt of a specifically malformed NDP packet could lead to Denial of Service"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "all",
"version_value": "20.1R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Receipt of a specifically malformed NDP packet sent from the local area network (LAN) to a device running Juniper Networks Junos OS Evolved can cause the ndp process to crash, resulting in a Denial of Service (DoS). The process automatically restarts without intervention, but a continuous receipt of the malformed NDP packets could leaded to an extended Denial of Service condition. During this time, IPv6 neighbor learning will be affected. The issue occurs when parsing the incoming malformed NDP packet. Rather than simply discarding the packet, the process asserts, performing a controlled exit and restart, thereby avoiding any chance of an unhandled exception. Exploitation of this vulnerability is limited to a temporary denial of service, and cannot be leveraged to cause additional impact on the system. This issue is limited to the processing of IPv6 NDP packets. IPv4 packet processing cannot trigger, and is unaffected by this vulnerability. This issue affects all Juniper Networks Junos OS Evolved versions prior to 20.1R2-EVO. Junos OS is unaffected by this vulnerability."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-755 Improper Handling of Exceptional Conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11078",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11078"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved 20.1R2-EVO, 20.2R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11078",
"defect": [
"1494128"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2020-1681",
"datePublished": "2020-10-16T20:31:34.966071Z",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-09-16T16:13:35.639Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-31360 (GCVE-0-2021-31360)
Vulnerability from cvelistv5
Published
2021-10-19 18:16
Modified
2024-09-17 01:31
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An improper privilege management vulnerability in the Juniper Networks Junos OS and Junos OS Evolved command-line interpreter (CLI) allows a low-privileged user to overwrite local files as root, possibly leading to a system integrity issue or Denial of Service (DoS). Depending on the files overwritten, exploitation of this vulnerability could lead to a sustained Denial of Service (DoS) condition, requiring manual user intervention to recover. Systems are only vulnerable if jdhcpd is running, which can be confirmed via the 'show system processes' command. For example: root@host# run show system processes extensive | match dhcp 26537 root -16 0 97568K 13692K RUN 0 0:01 3.71% jdhcpd This issue affects: Juniper Networks Junos OS: All versions, including the following supported releases: 15.1 versions prior to 15.1R7-S10; 17.4 versions prior to 17.4R3-S5; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-S3-EVO; All versions of 21.1-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA11222 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: 15.1 < 15.1R7-S10 Version: 17.4 < 17.4R3-S5 Version: 18.3 < 18.3R3-S5 Version: 18.4 < 18.4R3-S9 Version: 19.1 < 19.1R3-S6 Version: 19.2 < 19.2R1-S7, 19.2R3-S3 Version: 19.3 < 19.3R2-S6, 19.3R3-S3 Version: 19.4 < 19.4R3-S6 Version: 20.1 < 20.1R2-S2, 20.1R3-S1 Version: 20.2 < 20.2R3-S2 Version: 20.3 < 20.3R3 Version: 20.4 < 20.4R2-S1, 20.4R3 Version: 21.1 < 21.1R1-S1, 21.1R2 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:55:53.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11222"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "15.1R7-S10",
"status": "affected",
"version": "15.1",
"versionType": "custom"
},
{
"lessThan": "17.4R3-S5",
"status": "affected",
"version": "17.4",
"versionType": "custom"
},
{
"lessThan": "18.3R3-S5",
"status": "affected",
"version": "18.3",
"versionType": "custom"
},
{
"lessThan": "18.4R3-S9",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R3-S6",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R1-S7, 19.2R3-S3",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R2-S6, 19.3R3-S3",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R3-S6",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R2-S2, 20.1R3-S1",
"status": "affected",
"version": "20.1",
"versionType": "custom"
},
{
"lessThan": "20.2R3-S2",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R3",
"status": "affected",
"version": "20.3",
"versionType": "custom"
},
{
"lessThan": "20.4R2-S1, 20.4R3",
"status": "affected",
"version": "20.4",
"versionType": "custom"
},
{
"lessThan": "21.1R1-S1, 21.1R2",
"status": "affected",
"version": "21.1",
"versionType": "custom"
}
]
},
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R2-S3-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "21.1*",
"status": "affected",
"version": "21.1R1-EVO",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "There are several configuration options that enable DHCP service. For example:\n\n [edit interfaces ... family inet dhcp]\n\n [edit system processes dhcp-service]\n\n [edit forwarding-options dhcp-relay]"
}
],
"credits": [
{
"lang": "en",
"value": "Juniper SIRT would like to acknowledge and thank awxylitol for responsibly reporting this vulnerability."
}
],
"datePublic": "2021-10-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An improper privilege management vulnerability in the Juniper Networks Junos OS and Junos OS Evolved command-line interpreter (CLI) allows a low-privileged user to overwrite local files as root, possibly leading to a system integrity issue or Denial of Service (DoS). Depending on the files overwritten, exploitation of this vulnerability could lead to a sustained Denial of Service (DoS) condition, requiring manual user intervention to recover. Systems are only vulnerable if jdhcpd is running, which can be confirmed via the \u0027show system processes\u0027 command. For example: root@host# run show system processes extensive | match dhcp 26537 root -16 0 97568K 13692K RUN 0 0:01 3.71% jdhcpd This issue affects: Juniper Networks Junos OS: All versions, including the following supported releases: 15.1 versions prior to 15.1R7-S10; 17.4 versions prior to 17.4R3-S5; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-S3-EVO; All versions of 21.1-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-02T14:08:39",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11222"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS 15.1R7-S10, 17.4R3-S5, 18.3R3-S5, 18.4R3-S9, 19.1R3-S6, 19.2R1-S7, 19.2R3-S3, 19.3R2-S6, 19.3R3-S3, 19.4R3-S6, 20.1R2-S2, 20.1R3-S1, 20.2R3-S2, 20.3R3, 20.4R2-S1, 20.4R3, 21.1R1-S1, 21.1R2, 21.1R3, 21.2R1, and all subsequent releases.\n\nJunos OS Evolved 20.4R2-S3-EVO, 21.2R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11222",
"defect": [
"1568654"
],
"discovery": "EXTERNAL"
},
"title": "Junos OS and Junos OS Evolved: Denial of Service vulnerability in local file processing",
"workarounds": [
{
"lang": "en",
"value": "Use access lists or firewall filters to limit access to the device via CLI only from trusted hosts and from trusted administrators."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-10-13T16:00:00.000Z",
"ID": "CVE-2021-31360",
"STATE": "PUBLIC",
"TITLE": "Junos OS and Junos OS Evolved: Denial of Service vulnerability in local file processing"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "15.1",
"version_value": "15.1R7-S10"
},
{
"version_affected": "\u003c",
"version_name": "17.4",
"version_value": "17.4R3-S5"
},
{
"version_affected": "\u003c",
"version_name": "18.3",
"version_value": "18.3R3-S5"
},
{
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R3-S9"
},
{
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R3-S6"
},
{
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R1-S7, 19.2R3-S3"
},
{
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R2-S6, 19.3R3-S3"
},
{
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R3-S6"
},
{
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R2-S2, 20.1R3-S1"
},
{
"version_affected": "\u003c",
"version_name": "20.2",
"version_value": "20.2R3-S2"
},
{
"version_affected": "\u003c",
"version_name": "20.3",
"version_value": "20.3R3"
},
{
"version_affected": "\u003c",
"version_name": "20.4",
"version_value": "20.4R2-S1, 20.4R3"
},
{
"version_affected": "\u003c",
"version_name": "21.1",
"version_value": "21.1R1-S1, 21.1R2"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "20.4R2-S3-EVO"
},
{
"version_affected": "\u003e=",
"version_name": "21.1",
"version_value": "21.1R1-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "There are several configuration options that enable DHCP service. For example:\n\n [edit interfaces ... family inet dhcp]\n\n [edit system processes dhcp-service]\n\n [edit forwarding-options dhcp-relay]"
}
],
"credit": [
{
"lang": "eng",
"value": "Juniper SIRT would like to acknowledge and thank awxylitol for responsibly reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper privilege management vulnerability in the Juniper Networks Junos OS and Junos OS Evolved command-line interpreter (CLI) allows a low-privileged user to overwrite local files as root, possibly leading to a system integrity issue or Denial of Service (DoS). Depending on the files overwritten, exploitation of this vulnerability could lead to a sustained Denial of Service (DoS) condition, requiring manual user intervention to recover. Systems are only vulnerable if jdhcpd is running, which can be confirmed via the \u0027show system processes\u0027 command. For example: root@host# run show system processes extensive | match dhcp 26537 root -16 0 97568K 13692K RUN 0 0:01 3.71% jdhcpd This issue affects: Juniper Networks Junos OS: All versions, including the following supported releases: 15.1 versions prior to 15.1R7-S10; 17.4 versions prior to 17.4R3-S5; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-S3-EVO; All versions of 21.1-EVO."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11222",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11222"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS 15.1R7-S10, 17.4R3-S5, 18.3R3-S5, 18.4R3-S9, 19.1R3-S6, 19.2R1-S7, 19.2R3-S3, 19.3R2-S6, 19.3R3-S3, 19.4R3-S6, 20.1R2-S2, 20.1R3-S1, 20.2R3-S2, 20.3R3, 20.4R2-S1, 20.4R3, 21.1R1-S1, 21.1R2, 21.1R3, 21.2R1, and all subsequent releases.\n\nJunos OS Evolved 20.4R2-S3-EVO, 21.2R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11222",
"defect": [
"1568654"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Use access lists or firewall filters to limit access to the device via CLI only from trusted hosts and from trusted administrators."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-31360",
"datePublished": "2021-10-19T18:16:45.935917Z",
"dateReserved": "2021-04-15T00:00:00",
"dateUpdated": "2024-09-17T01:31:17.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22407 (GCVE-0-2023-22407)
Vulnerability from cvelistv5
Published
2023-01-12 00:00
Modified
2025-04-07 15:37
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An Incomplete Cleanup vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). An rpd crash can occur when an MPLS TE tunnel configuration change occurs on a directly connected router. This issue affects: Juniper Networks Junos OS All versions prior to 18.4R2-S7; 19.1 versions prior to 19.1R3-S2; 19.2 versions prior to 19.2R3; 19.3 versions prior to 19.3R3; 19.4 versions prior to 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2. Juniper Networks Junos OS Evolved All versions prior to 19.2R3-EVO; 19.3 versions prior to 19.3R3-EVO; 19.4 versions prior to 19.4R3-EVO; 20.1 versions prior to 20.1R3-EVO; 20.2 versions prior to 20.2R2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA70203 |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: unspecified < 18.4R2-S7 Version: 19.1 < 19.1R3-S2 Version: 19.2 < 19.2R3 Version: 19.3 < 19.3R3 Version: 19.4 < 19.4R3 Version: 20.1 < 20.1R2 Version: 20.2 < 20.2R2 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.587Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.juniper.net/JSA70203"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22407",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T14:59:14.075785Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T15:37:32.391Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "18.4R2-S7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "19.1R3-S2",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R3",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R3",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R3",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R2",
"status": "affected",
"version": "20.1",
"versionType": "custom"
},
{
"lessThan": "20.2R2",
"status": "affected",
"version": "20.2",
"versionType": "custom"
}
]
},
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "19.2R3-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "19.3R3-EVO",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R3-EVO",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R3-EVO",
"status": "affected",
"version": "20.1",
"versionType": "custom"
},
{
"lessThan": "20.2R2-EVO",
"status": "affected",
"version": "20.2",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "To be exposed to this issue both the following statements needs to be configured on the device running a vulnerable OS Version:\n\n [protocols rsvp interface \u003cinterface\u003e link-protection max-bypasses]\n [protocols rsvp interface \u003cinterface\u003e link-protection bandwidth]"
}
],
"datePublic": "2023-01-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Incomplete Cleanup vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). An rpd crash can occur when an MPLS TE tunnel configuration change occurs on a directly connected router. This issue affects: Juniper Networks Junos OS All versions prior to 18.4R2-S7; 19.1 versions prior to 19.1R3-S2; 19.2 versions prior to 19.2R3; 19.3 versions prior to 19.3R3; 19.4 versions prior to 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2. Juniper Networks Junos OS Evolved All versions prior to 19.2R3-EVO; 19.3 versions prior to 19.3R3-EVO; 19.4 versions prior to 19.4R3-EVO; 20.1 versions prior to 20.1R3-EVO; 20.2 versions prior to 20.2R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-459",
"description": "CWE-459 Incomplete Cleanup",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-12T00:00:00.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"url": "https://kb.juniper.net/JSA70203"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: \nJunos OS: 18.4R2-S7, 19.1R3-S2, 19.2R3, 19.3R3, 19.4R3, 20.1R2, 20.2R2, 20.3R1, and all subsequent releases.\nJunos OS Evolved: 19.2R3-EVO, 19.3R3-EVO, 19.4R3-EVO, 20.1R3-EVO, 20.2R2-EVO, 20.3R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA70203",
"defect": [
"1487333"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: An RPD crash can happen due to an MPLS TE tunnel configuration change on a directly connected router",
"workarounds": [
{
"lang": "en",
"value": "Remove \u0027protocols rsvp interface \u003cinterface\u003e link-protection max-bypasses\u0027."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2023-22407",
"datePublished": "2023-01-12T00:00:00.000Z",
"dateReserved": "2022-12-27T00:00:00.000Z",
"dateUpdated": "2025-04-07T15:37:32.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39554 (GCVE-0-2024-39554)
Vulnerability from cvelistv5
Published
2024-07-10 22:32
Modified
2024-08-02 04:26
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
8.2 (High) - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
8.2 (High) - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
VLAI Severity ?
EPSS score ?
Summary
A Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability the
Routing Protocol Daemon (rpd)
of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to inject incremental routing updates when BGP multipath is enabled, causing rpd to crash and restart, resulting in a Denial of Service (DoS). Since this is a timing issue (race condition), the successful exploitation of this vulnerability is outside the attacker's control. However, continued receipt and processing of this packet may create a sustained Denial of Service (DoS) condition.
On all Junos OS and Junos OS Evolved platforms with BGP multipath enabled, a specific multipath calculation removes the original next hop from the multipath lead routes nexthop-set. When this change happens, multipath relies on certain internal timing to record the update. Under certain circumstance and with specific timing, this could result in an rpd crash.
This issue only affects systems with BGP multipath enabled.
This issue affects:
Junos OS:
* All versions of 21.1
* from 21.2 before 21.2R3-S7,
* from 21.4 before 21.4R3-S6,
* from 22.1 before 22.1R3-S5,
* from 22.2 before 22.2R3-S3,
* from 22.3 before 22.3R3-S2,
* from 22.4 before 22.4R3,
* from 23.2 before 23.2R2.
Junos OS Evolved:
* All versions of 21.1-EVO,
* All versions of 21.2-EVO,
* from 21.4-EVO before 21.4R3-S6-EVO,
* from 22.1-EVO before 22.1R3-S5-EVO,
* from 22.2-EVO before 22.2R3-S3-EVO,
* from 22.3-EVO before 22.3R3-S2-EVO,
* from 22.4-EVO before 22.4R3-EVO,
* from 23.2-EVO before 23.2R2-EVO.
Versions of Junos OS before 21.1R1 are unaffected by this vulnerability.
Versions of Junos OS Evolved before 21.1R1-EVO are unaffected by this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportportal.juniper.net/JSA83014 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: 21.1 ≤ Version: 21.2 ≤ Version: 21.4 ≤ Version: 22.1 ≤ Version: 22.2 ≤ Version: 22.3 ≤ Version: 22.4 ≤ Version: 23.2 ≤ |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:juniper:junos:21.1:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "junos",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.1*",
"status": "affected",
"version": "21.1",
"versionType": "custom"
},
{
"lessThan": "21.2r3-s7",
"status": "affected",
"version": "21.2",
"versionType": "custom"
},
{
"lessThan": "21.4r3-s6",
"status": "affected",
"version": "21.4",
"versionType": "custom"
},
{
"lessThan": "22.1r3-s5",
"status": "affected",
"version": "22.1",
"versionType": "custom"
},
{
"lessThan": "22.2r3-s3",
"status": "affected",
"version": "22.2",
"versionType": "custom"
},
{
"lessThan": "22.3r3-s2",
"status": "affected",
"version": "22.3",
"versionType": "custom"
},
{
"lessThan": "22.4r3",
"status": "affected",
"version": "22.4",
"versionType": "custom"
},
{
"lessThan": "23.2r2",
"status": "affected",
"version": "23.2",
"versionType": "custom"
},
{
"lessThan": "21.1r1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "junos_os_evolved",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.1r1-evo",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "21.1*-evo",
"status": "affected",
"version": "21.1-evo",
"versionType": "custom"
},
{
"lessThan": "21.2*-evo",
"status": "affected",
"version": "21.2-evo",
"versionType": "custom"
},
{
"lessThan": "21.4r3-s6-evo",
"status": "affected",
"version": "21.4-evo",
"versionType": "custom"
},
{
"lessThan": "22.1r3-s5-evo",
"status": "affected",
"version": "22.1-evo",
"versionType": "custom"
},
{
"lessThan": "22.2r3-s3-evo",
"status": "affected",
"version": "22.2-evo",
"versionType": "custom"
},
{
"lessThan": "22.3r3-s2-evo",
"status": "affected",
"version": "22.3-evo",
"versionType": "custom"
},
{
"lessThan": "22.4r3-evo",
"status": "affected",
"version": "22.4-evo",
"versionType": "custom"
},
{
"lessThan": "23.2r2-evo",
"status": "affected",
"version": "23.2-evo",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39554",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T13:09:55.707497Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T13:40:38.794Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.931Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA83014"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.1*",
"status": "affected",
"version": "21.1",
"versionType": "semver"
},
{
"lessThan": "21.2R3-S7",
"status": "affected",
"version": "21.2",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S6",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S5",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S3",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S2",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "21.1R1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.1*-EVO",
"status": "affected",
"version": "21.1-EVO",
"versionType": "semver"
},
{
"lessThan": "21.2*-EVO",
"status": "affected",
"version": "21.2-EVO",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S6-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S5-EVO",
"status": "affected",
"version": "22.1-EVO",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S3-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S2-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R3-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
},
{
"lessThan": "23.2R2-EVO",
"status": "affected",
"version": "23.2-EVO",
"versionType": "semver"
},
{
"lessThan": "21.1R1-EVO",
"status": "unaffected",
"version": "0",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A sample BGP multipath configuration is shown below:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ protocols bgp group \u0026lt;name\u0026gt; multipath ]\u003c/tt\u003e"
}
],
"value": "A sample BGP multipath configuration is shown below:\n\n[ protocols bgp group \u003cname\u003e multipath ]"
}
],
"datePublic": "2024-07-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027) vulnerability the \n\nRouting Protocol Daemon (rpd)\n\n of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to inject incremental routing updates when BGP multipath is enabled, causing rpd to crash and restart, resulting in a Denial of Service (DoS). Since this is a timing issue (race condition), the successful exploitation of this vulnerability is outside the attacker\u0027s control.\u0026nbsp; However, continued receipt and processing of this packet may create a sustained Denial of Service (DoS) condition.\u003cbr\u003e\u003cbr\u003eOn all Junos OS and Junos OS Evolved platforms with BGP multipath enabled, a specific multipath calculation removes the original next hop from the multipath lead routes nexthop-set. When this change happens, multipath relies on certain internal timing to record the update.\u0026nbsp; Under certain circumstance and with specific timing, this could result in an rpd crash.\u003cbr\u003e\u003cbr\u003eThis issue only affects systems with BGP multipath enabled.\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJunos OS: \u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions of 21.1\u003c/li\u003e\u003cli\u003efrom 21.2 before 21.2R3-S7, \u003c/li\u003e\u003cli\u003efrom 21.4 before 21.4R3-S6, \u003c/li\u003e\u003cli\u003efrom 22.1 before 22.1R3-S5, \u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S3, \u003c/li\u003e\u003cli\u003efrom 22.3 before 22.3R3-S2, \u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3, \u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eJunos OS Evolved: \u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions of 21.1-EVO,\u003c/li\u003e\u003cli\u003eAll versions of 21.2-EVO,\u003c/li\u003e\u003cli\u003efrom 21.4-EVO before 21.4R3-S6-EVO, \u003c/li\u003e\u003cli\u003efrom 22.1-EVO before 22.1R3-S5-EVO, \u003c/li\u003e\u003cli\u003efrom 22.2-EVO before 22.2R3-S3-EVO, \u003c/li\u003e\u003cli\u003efrom 22.3-EVO before 22.3R3-S2-EVO, \u003c/li\u003e\u003cli\u003efrom 22.4-EVO before 22.4R3-EVO, \u003c/li\u003e\u003cli\u003efrom 23.2-EVO before 23.2R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003eVersions of Junos OS before 21.1R1 are unaffected by this vulnerability.\u003cbr\u003eVersions of Junos OS Evolved before 21.1R1-EVO are unaffected by this vulnerability."
}
],
"value": "A Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027) vulnerability the \n\nRouting Protocol Daemon (rpd)\n\n of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to inject incremental routing updates when BGP multipath is enabled, causing rpd to crash and restart, resulting in a Denial of Service (DoS). Since this is a timing issue (race condition), the successful exploitation of this vulnerability is outside the attacker\u0027s control.\u00a0 However, continued receipt and processing of this packet may create a sustained Denial of Service (DoS) condition.\n\nOn all Junos OS and Junos OS Evolved platforms with BGP multipath enabled, a specific multipath calculation removes the original next hop from the multipath lead routes nexthop-set. When this change happens, multipath relies on certain internal timing to record the update.\u00a0 Under certain circumstance and with specific timing, this could result in an rpd crash.\n\nThis issue only affects systems with BGP multipath enabled.\n\n\nThis issue affects:\n\nJunos OS: \n\n\n * All versions of 21.1\n * from 21.2 before 21.2R3-S7, \n * from 21.4 before 21.4R3-S6, \n * from 22.1 before 22.1R3-S5, \n * from 22.2 before 22.2R3-S3, \n * from 22.3 before 22.3R3-S2, \n * from 22.4 before 22.4R3, \n * from 23.2 before 23.2R2.\n\n\n\n\nJunos OS Evolved: \n\n\n * All versions of 21.1-EVO,\n * All versions of 21.2-EVO,\n * from 21.4-EVO before 21.4R3-S6-EVO, \n * from 22.1-EVO before 22.1R3-S5-EVO, \n * from 22.2-EVO before 22.2R3-S3-EVO, \n * from 22.3-EVO before 22.3R3-S2-EVO, \n * from 22.4-EVO before 22.4R3-EVO, \n * from 23.2-EVO before 23.2R2-EVO.\n\n\n\nVersions of Junos OS before 21.1R1 are unaffected by this vulnerability.\nVersions of Junos OS Evolved before 21.1R1-EVO are unaffected by this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T23:23:10.774Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA83014"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue:\u003cbr\u003eJunos OS: 21.2R3-S7, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3, 23.2R2, 23.4R1, and all subsequent releases.\u003cbr\u003eJunos OS Evolved: 21.4R3-S6-EVO, 22.1R3-S5-EVO, 22.2R3-S3-EVO, 22.3R3-S2-EVO, 22.4R3-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases.\u003cbr\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue:\nJunos OS: 21.2R3-S7, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3, 23.2R2, 23.4R1, and all subsequent releases.\nJunos OS Evolved: 21.4R3-S6-EVO, 22.1R3-S5-EVO, 22.2R3-S3-EVO, 22.3R3-S2-EVO, 22.4R3-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA83014",
"defect": [
"1744801"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: BGP multipath incremental calculation is resulting in an rpd crash",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-39554",
"datePublished": "2024-07-10T22:32:34.310Z",
"dateReserved": "2024-06-25T15:12:53.246Z",
"dateUpdated": "2024-08-02T04:26:15.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21615 (GCVE-0-2024-21615)
Vulnerability from cvelistv5
Published
2024-04-12 14:55
Modified
2024-08-01 22:27
Severity ?
5.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
5.1 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N
5.1 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N
VLAI Severity ?
EPSS score ?
Summary
An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to access confidential information on the system.
On all Junos OS and Junos OS Evolved platforms, when NETCONF traceoptions are configured, and a super-user performs specific actions via NETCONF, then a low-privileged user can access sensitive information compromising the confidentiality of the system.
This issue affects:
Junos OS:
* all versions before 21.2R3-S7,
* from 21.4 before 21.4R3-S5,
* from 22.1 before 22.1R3-S5,
* from 22.2 before 22.2R3-S3,
* from 22.3 before 22.3R3-S2,
* from 22.4 before 22.4R3,
* from 23.2 before 23.2R1-S2.
Junos OS Evolved:
* all versions before 21.2R3-S7-EVO,
* from 21.3 before 21.3R3-S5-EVO,
* from 21.4 before 21.4R3-S5-EVO,
* from 22.1 before 22.1R3-S5-EVO,
* from 22.2 before 22.2R3-S3-EVO,
* from 22.3 before 22.3R3-S2-EVO,
* from 22.4 before 22.4R3-EVO,
* from 23.2 before 23.2R1-S2.
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportportal.juniper.net/JSA75756 | vendor-advisory | |
| https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N | technical-description |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: 0 ≤ Version: 21.4 ≤ Version: 22.1 ≤ Version: 22.2 ≤ Version: 22.3 ≤ Version: 22.4 ≤ Version: 23.2 ≤ |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21615",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T18:59:54.512566Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T19:00:00.978Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:35.780Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA75756"
},
{
"tags": [
"technical-description",
"x_transferred"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S7",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S5",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S5",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S3",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S2",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R1-S2",
"status": "affected",
"version": "23.2",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S7-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.3R3-S5-EVO",
"status": "affected",
"version": "21.3-EVO",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S5-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S5-EVO",
"status": "affected",
"version": "22.1-EVO",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S3-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S2-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R3-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
},
{
"lessThan": "23.2R1-S2",
"status": "affected",
"version": "23.2-EVO",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn order for this issue to occur, netconf traceoptions needs to be enabled using the following configuration.\u003c/p\u003e\u003ctt\u003e\u0026nbsp; [system services netconf traceoptions]\u003c/tt\u003e"
}
],
"value": "In order for this issue to occur, netconf traceoptions needs to be enabled using the following configuration.\n\n\u00a0 [system services netconf traceoptions]"
}
],
"datePublic": "2024-04-10T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to access confidential information on the system.\u003cbr\u003e\u003cbr\u003eOn all Junos OS and Junos OS Evolved platforms, when NETCONF traceoptions are configured, and a super-user performs specific actions via NETCONF, then a low-privileged user can access sensitive information compromising the confidentiality of the system.\u003cbr\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJunos OS:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 21.2R3-S7,\u0026nbsp;\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 21.4 before 21.4R3-S5,\u0026nbsp;\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 22.1 before 22.1R3-S5,\u0026nbsp;\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S3,\u0026nbsp;\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 22.3 before 22.3R3-S2,\u0026nbsp;\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3,\u0026nbsp;\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R1-S2.\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eJunos OS Evolved:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 21.2R3-S7-EVO,\u0026nbsp;\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 21.3 before 21.3R3-S5-EVO,\u0026nbsp;\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 21.4 before 21.4R3-S5-EVO,\u0026nbsp;\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 22.1 before 22.1R3-S5-EVO,\u0026nbsp;\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S3-EVO,\u0026nbsp;\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 22.3 before 22.3R3-S2-EVO,\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3-EVO,\u0026nbsp;\u003cbr\u003e\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R1-S2.\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to access confidential information on the system.\n\nOn all Junos OS and Junos OS Evolved platforms, when NETCONF traceoptions are configured, and a super-user performs specific actions via NETCONF, then a low-privileged user can access sensitive information compromising the confidentiality of the system.\nThis issue affects:\n\nJunos OS:\n\n\n\n * all versions before 21.2R3-S7,\u00a0\n\n * from 21.4 before 21.4R3-S5,\u00a0\n\n * from 22.1 before 22.1R3-S5,\u00a0\n\n * from 22.2 before 22.2R3-S3,\u00a0\n\n * from 22.3 before 22.3R3-S2,\u00a0\n\n * from 22.4 before 22.4R3,\u00a0\n\n * from 23.2 before 23.2R1-S2.\n\n\n\n\n\nJunos OS Evolved:\u00a0\n\n\n\n * all versions before 21.2R3-S7-EVO,\u00a0\n\n * from 21.3 before 21.3R3-S5-EVO,\u00a0\n\n * from 21.4 before 21.4R3-S5-EVO,\u00a0\n\n * from 22.1 before 22.1R3-S5-EVO,\u00a0\n\n * from 22.2 before 22.2R3-S3-EVO,\u00a0\n\n * from 22.3 before 22.3R3-S2-EVO,\n\n * from 22.4 before 22.4R3-EVO,\u00a0\n\n * from 23.2 before 23.2R1-S2."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e"
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:11:17.641Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA75756"
},
{
"tags": [
"technical-description"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue:\u003c/p\u003e\u003cp\u003eJunos OS: 21.2R3-S7, 21.4R3-S5, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3, 23.2R1-S2, 23.4R1 and all subsequent releases.\u003c/p\u003e\u003cp\u003eJunos OS Evolved: 21.2R3-S7-EVO, 21.3R3-S5-EVO, 21.4R3-S5-EVO, 22.1R3-S5-EVO, 22.2R3-S3-EVO, 22.3R3-S2-EVO, 22.4R3-EVO, 23.2R1-S2-EVO, 23.4R1-EVO and all subsequent releases.\u003c/p\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 21.2R3-S7, 21.4R3-S5, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R3, 23.2R1-S2, 23.4R1 and all subsequent releases.\n\nJunos OS Evolved: 21.2R3-S7-EVO, 21.3R3-S5-EVO, 21.4R3-S5-EVO, 22.1R3-S5-EVO, 22.2R3-S3-EVO, 22.3R3-S2-EVO, 22.4R3-EVO, 23.2R1-S2-EVO, 23.4R1-EVO and all subsequent releases."
}
],
"source": {
"advisory": "JSA75756",
"defect": [
"1702241"
],
"discovery": "USER"
},
"timeline": [
{
"lang": "en",
"time": "2024-04-10T17:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Junos OS and Junos OS Evolved: A low-privileged user can access confidential information",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTo reduce the risk of exploitation, enable access control lists (ACLs) and other filtering mechanisms to limit access to the device only from trusted hosts and networks to the NETCONF service.\u003c/p\u003e"
}
],
"value": "To reduce the risk of exploitation, enable access control lists (ACLs) and other filtering mechanisms to limit access to the device only from trusted hosts and networks to the NETCONF service."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-av217"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-21615",
"datePublished": "2024-04-12T14:55:36.105Z",
"dateReserved": "2023-12-27T19:38:25.709Z",
"dateUpdated": "2024-08-01T22:27:35.780Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1632 (GCVE-0-2020-1632)
Vulnerability from cvelistv5
Published
2020-04-15 20:20
Modified
2024-09-17 00:40
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In a certain condition, receipt of a specific BGP UPDATE message might cause Juniper Networks Junos OS and Junos OS Evolved devices to advertise an invalid BGP UPDATE message to other peers, causing the other peers to terminate the established BGP session, creating a Denial of Service (DoS) condition. For example, Router A sends a specific BGP UPDATE to Router B, causing Router B to send an invalid BGP UPDATE message to Router C, resulting in termination of the BGP session between Router B and Router C. This issue might occur when there is at least a single BGP session established on the device that does not support 4 Byte AS extension (RFC 4893). Repeated receipt of the same BGP UPDATE can result in an extended DoS condition. This issue affects Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S6; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S2; 17.2 versions prior to 17.2R1-S9, 17.2R2-S8, 17.2R3-S3; 17.2X75 versions prior to 17.2X75-D105, 17.2X75-D110, 17.2X75-D44; 17.3 versions prior to 17.3R2-S5, 17.3R3-S7; 17.4 versions prior to 17.4R2-S8, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R2-S6, 18.2R3-S2; 18.2X75 versions prior to 18.2X75-D12, 18.2X75-D33, 18.2X75-D411, 18.2X75-D420, 18.2X75-D51, 18.2X75-D60; 18.3 versions prior to 18.3R1-S6, 18.3R2-S3, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R3; 18.4 version 18.4R2 and later versions; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S2, 19.2R2. This issue does not affect Juniper Networks Junos OS prior to 16.1R1. This issue affects Juniper Networks Junos OS Evolved prior to 19.2R2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA11013 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: 16.1 < 16.1R7-S6 Version: 16.2 < 16.2R2-S11 Version: 17.1 < 17.1R2-S11, 17.1R3-S2 Version: 17.2 < 17.2R1-S9, 17.2R2-S8, 17.2R3-S3 Version: 17.2X75 < 17.2X75-D105, 17.2X75-D110, 17.2X75-D44 Version: 17.3 < 17.3R2-S5, 17.3R3-S7 Version: 17.4 < 17.4R2-S8, 17.4R3 Version: 18.1 < 18.1R3-S8 Version: 18.2 < 18.2R2-S6, 18.2R3-S2 Version: 18.2X75 < 18.2X75-D12, 18.2X75-D33, 18.2X75-D411, 18.2X75-D420, 18.2X75-D51, 18.2X75-D60 Version: 18.3 < 18.3R1-S6, 18.3R2-S3, 18.3R3 Version: 18.4 < 18.4R1-S5, 18.4R3 Version: 19.1 < 19.1R1-S3, 19.1R2 Version: 19.2 < 19.2R1-S2, 19.2R2 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:29.959Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11013"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "16.1R7-S6",
"status": "affected",
"version": "16.1",
"versionType": "custom"
},
{
"lessThan": "16.2R2-S11",
"status": "affected",
"version": "16.2",
"versionType": "custom"
},
{
"lessThan": "17.1R2-S11, 17.1R3-S2",
"status": "affected",
"version": "17.1",
"versionType": "custom"
},
{
"lessThan": "17.2R1-S9, 17.2R2-S8, 17.2R3-S3",
"status": "affected",
"version": "17.2",
"versionType": "custom"
},
{
"lessThan": "17.2X75-D105, 17.2X75-D110, 17.2X75-D44",
"status": "affected",
"version": "17.2X75",
"versionType": "custom"
},
{
"lessThan": "17.3R2-S5, 17.3R3-S7",
"status": "affected",
"version": "17.3",
"versionType": "custom"
},
{
"lessThan": "17.4R2-S8, 17.4R3",
"status": "affected",
"version": "17.4",
"versionType": "custom"
},
{
"lessThan": "18.1R3-S8",
"status": "affected",
"version": "18.1",
"versionType": "custom"
},
{
"lessThan": "18.2R2-S6, 18.2R3-S2",
"status": "affected",
"version": "18.2",
"versionType": "custom"
},
{
"lessThan": "18.2X75-D12, 18.2X75-D33, 18.2X75-D411, 18.2X75-D420, 18.2X75-D51, 18.2X75-D60",
"status": "affected",
"version": "18.2X75",
"versionType": "custom"
},
{
"lessThan": "18.3R1-S6, 18.3R2-S3, 18.3R3",
"status": "affected",
"version": "18.3",
"versionType": "custom"
},
{
"changes": [
{
"at": "18.4R2",
"status": "affected"
}
],
"lessThan": "18.4R1-S5, 18.4R3",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R1-S3, 19.1R2",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R1-S2, 19.2R2",
"status": "affected",
"version": "19.2",
"versionType": "custom"
}
]
},
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "19.2R2-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "The following command can be used to check if the peer device does not support 4-Byte AS extension:\n user@device\u003e show bgp neighbor\n ...\n Peer does not support 4 byte AS extension\n ..."
}
],
"datePublic": "2020-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In a certain condition, receipt of a specific BGP UPDATE message might cause Juniper Networks Junos OS and Junos OS Evolved devices to advertise an invalid BGP UPDATE message to other peers, causing the other peers to terminate the established BGP session, creating a Denial of Service (DoS) condition. For example, Router A sends a specific BGP UPDATE to Router B, causing Router B to send an invalid BGP UPDATE message to Router C, resulting in termination of the BGP session between Router B and Router C. This issue might occur when there is at least a single BGP session established on the device that does not support 4 Byte AS extension (RFC 4893). Repeated receipt of the same BGP UPDATE can result in an extended DoS condition. This issue affects Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S6; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S2; 17.2 versions prior to 17.2R1-S9, 17.2R2-S8, 17.2R3-S3; 17.2X75 versions prior to 17.2X75-D105, 17.2X75-D110, 17.2X75-D44; 17.3 versions prior to 17.3R2-S5, 17.3R3-S7; 17.4 versions prior to 17.4R2-S8, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R2-S6, 18.2R3-S2; 18.2X75 versions prior to 18.2X75-D12, 18.2X75-D33, 18.2X75-D411, 18.2X75-D420, 18.2X75-D51, 18.2X75-D60; 18.3 versions prior to 18.3R1-S6, 18.3R2-S3, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R3; 18.4 version 18.4R2 and later versions; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S2, 19.2R2. This issue does not affect Juniper Networks Junos OS prior to 16.1R1. This issue affects Juniper Networks Junos OS Evolved prior to 19.2R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755 Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-15T20:20:20",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11013"
}
],
"solutions": [
{
"lang": "en",
"value": "Junos OS: 16.1R7-S6, 16.2R2-S11, 17.1R2-S11, 17.1R3-S2, 17.2R1-S9, 17.2R2-S8, 17.2R3-S3, 17.2X75-D105, 17.2X75-D110, 17.2X75-D44, 17.3R2-S5, 17.3R3-S7, 17.4R2-S8, 17.4R3, 18.1R3-S8, 18.2R2-S6, 18.2R3-S2, 18.2X75-D12, 18.2X75-D33, 18.2X75-D411, 18.2X75-D420, 18.2X75-D51, 18.2X75-D60, 18.3R1-S6, 18.3R2-S3, 18.3R3, 18.4R1-S5, 18.4R3, 19.1R1-S3, 19.1R2, 19.2R1-S2, 19.2R2, 19.3R1, and all subsequent releases.\n\nJunos OS Evolved: 19.2R2-EVO, 19.3R1-EVO and all subsequent releases."
}
],
"source": {
"advisory": "JSA11013",
"defect": [
"1454677"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: Invalid BGP UPDATE sent to peer device may cause BGP session to terminate.",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-04-08T16:00:00.000Z",
"ID": "CVE-2020-1632",
"STATE": "PUBLIC",
"TITLE": "Junos OS and Junos OS Evolved: Invalid BGP UPDATE sent to peer device may cause BGP session to terminate."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "16.1",
"version_value": "16.1R7-S6"
},
{
"version_affected": "\u003c",
"version_name": "16.2",
"version_value": "16.2R2-S11"
},
{
"version_affected": "\u003c",
"version_name": "17.1",
"version_value": "17.1R2-S11, 17.1R3-S2"
},
{
"version_affected": "\u003c",
"version_name": "17.2",
"version_value": "17.2R1-S9, 17.2R2-S8, 17.2R3-S3"
},
{
"version_affected": "\u003c",
"version_name": "17.2X75",
"version_value": "17.2X75-D105, 17.2X75-D110, 17.2X75-D44"
},
{
"version_affected": "\u003c",
"version_name": "17.3",
"version_value": "17.3R2-S5, 17.3R3-S7"
},
{
"version_affected": "\u003c",
"version_name": "17.4",
"version_value": "17.4R2-S8, 17.4R3"
},
{
"version_affected": "\u003c",
"version_name": "18.1",
"version_value": "18.1R3-S8"
},
{
"version_affected": "\u003c",
"version_name": "18.2",
"version_value": "18.2R2-S6, 18.2R3-S2"
},
{
"version_affected": "\u003c",
"version_name": "18.2X75",
"version_value": "18.2X75-D12, 18.2X75-D33, 18.2X75-D411, 18.2X75-D420, 18.2X75-D51, 18.2X75-D60"
},
{
"version_affected": "\u003c",
"version_name": "18.3",
"version_value": "18.3R1-S6, 18.3R2-S3, 18.3R3"
},
{
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R1-S5, 18.4R3"
},
{
"version_affected": "\u003e=",
"version_name": "18.4",
"version_value": "18.4R2"
},
{
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R1-S3, 19.1R2"
},
{
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R1-S2, 19.2R2"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "19.2R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "The following command can be used to check if the peer device does not support 4-Byte AS extension:\n user@device\u003e show bgp neighbor\n ...\n Peer does not support 4 byte AS extension\n ..."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In a certain condition, receipt of a specific BGP UPDATE message might cause Juniper Networks Junos OS and Junos OS Evolved devices to advertise an invalid BGP UPDATE message to other peers, causing the other peers to terminate the established BGP session, creating a Denial of Service (DoS) condition. For example, Router A sends a specific BGP UPDATE to Router B, causing Router B to send an invalid BGP UPDATE message to Router C, resulting in termination of the BGP session between Router B and Router C. This issue might occur when there is at least a single BGP session established on the device that does not support 4 Byte AS extension (RFC 4893). Repeated receipt of the same BGP UPDATE can result in an extended DoS condition. This issue affects Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S6; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S2; 17.2 versions prior to 17.2R1-S9, 17.2R2-S8, 17.2R3-S3; 17.2X75 versions prior to 17.2X75-D105, 17.2X75-D110, 17.2X75-D44; 17.3 versions prior to 17.3R2-S5, 17.3R3-S7; 17.4 versions prior to 17.4R2-S8, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R2-S6, 18.2R3-S2; 18.2X75 versions prior to 18.2X75-D12, 18.2X75-D33, 18.2X75-D411, 18.2X75-D420, 18.2X75-D51, 18.2X75-D60; 18.3 versions prior to 18.3R1-S6, 18.3R2-S3, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R3; 18.4 version 18.4R2 and later versions; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S2, 19.2R2. This issue does not affect Juniper Networks Junos OS prior to 16.1R1. This issue affects Juniper Networks Junos OS Evolved prior to 19.2R2-EVO."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-755 Improper Handling of Exceptional Conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11013",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11013"
}
]
},
"solution": [
{
"lang": "en",
"value": "Junos OS: 16.1R7-S6, 16.2R2-S11, 17.1R2-S11, 17.1R3-S2, 17.2R1-S9, 17.2R2-S8, 17.2R3-S3, 17.2X75-D105, 17.2X75-D110, 17.2X75-D44, 17.3R2-S5, 17.3R3-S7, 17.4R2-S8, 17.4R3, 18.1R3-S8, 18.2R2-S6, 18.2R3-S2, 18.2X75-D12, 18.2X75-D33, 18.2X75-D411, 18.2X75-D420, 18.2X75-D51, 18.2X75-D60, 18.3R1-S6, 18.3R2-S3, 18.3R3, 18.4R1-S5, 18.4R3, 19.1R1-S3, 19.1R2, 19.2R1-S2, 19.2R2, 19.3R1, and all subsequent releases.\n\nJunos OS Evolved: 19.2R2-EVO, 19.3R1-EVO and all subsequent releases."
}
],
"source": {
"advisory": "JSA11013",
"defect": [
"1454677"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2020-1632",
"datePublished": "2020-04-15T20:20:20.697006Z",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-09-17T00:40:58.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28973 (GCVE-0-2023-28973)
Vulnerability from cvelistv5
Published
2023-04-17 00:00
Modified
2025-02-06 14:35
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An Improper Authorization vulnerability in the 'sysmanctl' shell command of Juniper Networks Junos OS Evolved allows a local, authenticated attacker to execute administrative commands that could impact the integrity of the system or system availability. Administrative functions such as daemon restarting, routing engine (RE) switchover, and node shutdown can all be performed through exploitation of the 'sysmanctl' command. Access to the 'sysmanctl' command is only available from the Junos shell. Neither direct nor indirect access to 'sysmanctl' is available from the Junos CLI. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S5-EVO; 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO; 21.4 versions prior to 21.4R1-S2-EVO, 21.4R2-EVO.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Version: unspecified < 20.4R3-S5-EVO Version: 21.2 < 21.2R3-EVO Version: 21.3 < 21.3R2-EVO Version: 21.4 < 21.4R1-S2-EVO, 21.4R2-EVO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:51:39.001Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA70597"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28973",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T14:35:31.614366Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T14:35:35.632Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S5-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "21.2R3-EVO",
"status": "affected",
"version": "21.2",
"versionType": "custom"
},
{
"lessThan": "21.3R2-EVO",
"status": "affected",
"version": "21.3",
"versionType": "custom"
},
{
"lessThan": "21.4R1-S2-EVO, 21.4R2-EVO",
"status": "affected",
"version": "21.4",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-04-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Improper Authorization vulnerability in the \u0027sysmanctl\u0027 shell command of Juniper Networks Junos OS Evolved allows a local, authenticated attacker to execute administrative commands that could impact the integrity of the system or system availability. Administrative functions such as daemon restarting, routing engine (RE) switchover, and node shutdown can all be performed through exploitation of the \u0027sysmanctl\u0027 command. Access to the \u0027sysmanctl\u0027 command is only available from the Junos shell. Neither direct nor indirect access to \u0027sysmanctl\u0027 is available from the Junos CLI. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S5-EVO; 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO; 21.4 versions prior to 21.4R1-S2-EVO, 21.4R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-17T00:00:00.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"url": "https://supportportal.juniper.net/JSA70597"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved 20.4R3-S5-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-S2-EVO, 21.4R2-EVO, 22.1R1-EVO, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA70597",
"defect": [
"1621545"
],
"discovery": "INTERNAL"
},
"title": "Junos OS Evolved: The \u0027sysmanctl\u0027 shell command allows a local user to gain access to some administrative actions ",
"workarounds": [
{
"lang": "en",
"value": "Limit access to the Junos shell through the use of command authorization to only trusted system administrators."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2023-28973",
"datePublished": "2023-04-17T00:00:00.000Z",
"dateReserved": "2023-03-29T00:00:00.000Z",
"dateUpdated": "2025-02-06T14:35:35.632Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22213 (GCVE-0-2022-22213)
Vulnerability from cvelistv5
Published
2022-07-20 14:15
Modified
2024-09-16 16:22
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability in Handling of Undefined Values in the routing protocol daemon (RPD) process of Juniper Networks Junos OS and Junos OS Evolved may allow an unauthenticated network-based attacker to crash the RPD process by sending a specific BGP update while the system is under heavy load, leading to a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. Malicious exploitation of this issue requires a very specific combination of load, timing, and configuration of the vulnerable system which is beyond the direct control of the attacker. Internal reproduction has only been possible through artificially created load and specially instrumented source code. Systems are only vulnerable to this issue if BGP multipath is enabled. Routers not configured for BGP multipath are not vulnerable to this issue. This issue affects: Juniper Networks Junos OS: 21.1 versions prior to 21.1R3-S1; 21.2 versions prior to 21.2R2-S2, 21.2R3; 21.3 versions prior to 21.3R2, 21.3R3; 21.4 versions prior to 21.4R1-S1, 21.4R2. Juniper Networks Junos OS Evolved: 21.1 versions prior to 21.1R3-S1-EVO; 21.2 version 21.2R1-EVO and later versions; 21.3 versions prior to 21.3R3-EVO; 21.4 versions prior to 21.4R1-S1-EVO, 21.4R2-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 21.1. Juniper Networks Junos OS Evolved versions prior to 21.1-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA69717 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Patch: unspecified Version: 21.1 < 21.1R3-S1 Version: 21.2 < 21.2R2-S2, 21.2R3 Version: 21.3 < 21.3R2, 21.3R3 Version: 21.4 < 21.4R1-S1, 21.4R2 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:07:49.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA69717"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.1",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "21.1R3-S1",
"status": "affected",
"version": "21.1",
"versionType": "custom"
},
{
"lessThan": "21.2R2-S2, 21.2R3",
"status": "affected",
"version": "21.2",
"versionType": "custom"
},
{
"lessThan": "21.3R2, 21.3R3",
"status": "affected",
"version": "21.3",
"versionType": "custom"
},
{
"lessThan": "21.4R1-S1, 21.4R2",
"status": "affected",
"version": "21.4",
"versionType": "custom"
}
]
},
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.1-EVO",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "21.1R3-S1-EVO",
"status": "affected",
"version": "21.1",
"versionType": "custom"
},
{
"lessThan": "21.2*",
"status": "affected",
"version": "21.2R1-EVO",
"versionType": "custom"
},
{
"lessThan": "21.3R3-EVO",
"status": "affected",
"version": "21.3",
"versionType": "custom"
},
{
"lessThan": "21.4R1-S1-EVO, 21.4R2-EVO",
"status": "affected",
"version": "21.4",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "A sample configuration of BGP multipath is shown below:\n\n set protocols bgp group external type external\n set protocols bgp group external peer-as 64501\n set protocols bgp group external multipath\n set protocols bgp group external neighbor 10.0.1.1\n set protocols bgp group external neighbor 10.0.0.2\n set policy-options policy-statement loadbal from route-filter 10.0.0.0/16 orlonger\n set policy-options policy-statement loadbal then load-balance per-packet\n set routing-options forwarding-table export loadbal\n set routing-options autonomous-system 64500"
}
],
"datePublic": "2022-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Handling of Undefined Values in the routing protocol daemon (RPD) process of Juniper Networks Junos OS and Junos OS Evolved may allow an unauthenticated network-based attacker to crash the RPD process by sending a specific BGP update while the system is under heavy load, leading to a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. Malicious exploitation of this issue requires a very specific combination of load, timing, and configuration of the vulnerable system which is beyond the direct control of the attacker. Internal reproduction has only been possible through artificially created load and specially instrumented source code. Systems are only vulnerable to this issue if BGP multipath is enabled. Routers not configured for BGP multipath are not vulnerable to this issue. This issue affects: Juniper Networks Junos OS: 21.1 versions prior to 21.1R3-S1; 21.2 versions prior to 21.2R2-S2, 21.2R3; 21.3 versions prior to 21.3R2, 21.3R3; 21.4 versions prior to 21.4R1-S1, 21.4R2. Juniper Networks Junos OS Evolved: 21.1 versions prior to 21.1R3-S1-EVO; 21.2 version 21.2R1-EVO and later versions; 21.3 versions prior to 21.3R3-EVO; 21.4 versions prior to 21.4R1-S1-EVO, 21.4R2-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 21.1. Juniper Networks Junos OS Evolved versions prior to 21.1-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-232",
"description": "CWE-232 Improper Handling of Undefined Values",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-20T14:15:23",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA69717"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS Evolved: 21.1R3-S1-EVO, 21.3R3-EVO, 21.4R1-S1-EVO, 21.4R2-EVO, 22.1R1-EVO\nJunos OS: 21.1R3-S1, 21.2R2-S2, 21.2R3, 21.3R2, 21.4R1-S1, 21.4R2, 22.1R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA69717",
"defect": [
"1642741"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: Denial of Service (DoS) vulnerability in RPD upon receipt of specific BGP update",
"workarounds": [
{
"lang": "en",
"value": "Disable BGP multipath, or configure \u0027set protocols bgp multipath-build deferred\u0027."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2022-07-13T16:00:00.000Z",
"ID": "CVE-2022-22213",
"STATE": "PUBLIC",
"TITLE": "Junos OS and Junos OS Evolved: Denial of Service (DoS) vulnerability in RPD upon receipt of specific BGP update"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "21.1",
"version_value": "21.1R3-S1"
},
{
"version_affected": "\u003c",
"version_name": "21.2",
"version_value": "21.2R2-S2, 21.2R3"
},
{
"version_affected": "\u003c",
"version_name": "21.3",
"version_value": "21.3R2, 21.3R3"
},
{
"version_affected": "\u003c",
"version_name": "21.4",
"version_value": "21.4R1-S1, 21.4R2"
},
{
"version_affected": "!\u003c",
"version_value": "21.1"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "21.1",
"version_value": "21.1R3-S1-EVO"
},
{
"version_affected": "\u003e=",
"version_name": "21.2",
"version_value": "21.2R1-EVO"
},
{
"version_affected": "\u003c",
"version_name": "21.3",
"version_value": "21.3R3-EVO"
},
{
"version_affected": "\u003c",
"version_name": "21.4",
"version_value": "21.4R1-S1-EVO, 21.4R2-EVO"
},
{
"version_affected": "!\u003c",
"version_value": "21.1-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "A sample configuration of BGP multipath is shown below:\n\n set protocols bgp group external type external\n set protocols bgp group external peer-as 64501\n set protocols bgp group external multipath\n set protocols bgp group external neighbor 10.0.1.1\n set protocols bgp group external neighbor 10.0.0.2\n set policy-options policy-statement loadbal from route-filter 10.0.0.0/16 orlonger\n set policy-options policy-statement loadbal then load-balance per-packet\n set routing-options forwarding-table export loadbal\n set routing-options autonomous-system 64500"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Handling of Undefined Values in the routing protocol daemon (RPD) process of Juniper Networks Junos OS and Junos OS Evolved may allow an unauthenticated network-based attacker to crash the RPD process by sending a specific BGP update while the system is under heavy load, leading to a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. Malicious exploitation of this issue requires a very specific combination of load, timing, and configuration of the vulnerable system which is beyond the direct control of the attacker. Internal reproduction has only been possible through artificially created load and specially instrumented source code. Systems are only vulnerable to this issue if BGP multipath is enabled. Routers not configured for BGP multipath are not vulnerable to this issue. This issue affects: Juniper Networks Junos OS: 21.1 versions prior to 21.1R3-S1; 21.2 versions prior to 21.2R2-S2, 21.2R3; 21.3 versions prior to 21.3R2, 21.3R3; 21.4 versions prior to 21.4R1-S1, 21.4R2. Juniper Networks Junos OS Evolved: 21.1 versions prior to 21.1R3-S1-EVO; 21.2 version 21.2R1-EVO and later versions; 21.3 versions prior to 21.3R3-EVO; 21.4 versions prior to 21.4R1-S1-EVO, 21.4R2-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 21.1. Juniper Networks Junos OS Evolved versions prior to 21.1-EVO."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-232 Improper Handling of Undefined Values"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA69717",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA69717"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS Evolved: 21.1R3-S1-EVO, 21.3R3-EVO, 21.4R1-S1-EVO, 21.4R2-EVO, 22.1R1-EVO\nJunos OS: 21.1R3-S1, 21.2R2-S2, 21.2R3, 21.3R2, 21.4R1-S1, 21.4R2, 22.1R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA69717",
"defect": [
"1642741"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "Disable BGP multipath, or configure \u0027set protocols bgp multipath-build deferred\u0027."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2022-22213",
"datePublished": "2022-07-20T14:15:23.806619Z",
"dateReserved": "2021-12-21T00:00:00",
"dateUpdated": "2024-09-16T16:22:28.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39562 (GCVE-0-2024-39562)
Vulnerability from cvelistv5
Published
2024-07-10 22:47
Modified
2024-08-02 04:26
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
Summary
A Missing Release of Resource after Effective Lifetime vulnerability the xinetd process, responsible for spawning SSH daemon (sshd) instances, of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to cause a Denial of Service (DoS) by blocking SSH access for legitimate users. Continued receipt of these connections will create a sustained Denial of Service (DoS) condition.
The issue is triggered when a high rate of concurrent SSH requests are received and terminated in a specific way, causing xinetd to crash, and leaving defunct sshd processes. Successful exploitation of this vulnerability blocks both SSH access as well as services which rely upon SSH, such as SFTP, and Netconf over SSH.
Once the system is in this state, legitimate users will be unable to SSH to the device until service is manually restored. See WORKAROUND section below.
Administrators can monitor an increase in defunct sshd processes by utilizing the CLI command:
> show system processes | match sshd
root 25219 30901 0 Jul16 ? 00:00:00 [sshd] <defunct>
This issue affects Juniper Networks Junos OS Evolved:
* All versions prior to 21.4R3-S7-EVO
* 22.3-EVO versions prior to 22.3R2-S2-EVO, 22.3R3-S2-EVO;
* 22.4-EVO versions prior to 22.4R3-EVO;
* 23.2-EVO versions prior to 23.2R2-EVO.
This issue does not affect Juniper Networks Junos OS Evolved 22.1-EVO nor 22.2-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportportal.juniper.net/JSA75724 | vendor-advisory | |
| https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Version: 0 ≤ Version: 22.3-EVO ≤ Version: 22.4-EVO ≤ Version: 23.2-EVO ≤ |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos_os_evolved",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.4r3-s7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:juniper:junos_os_evolved:22.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos_os_evolved",
"vendor": "juniper",
"versions": [
{
"lessThan": "22.3r2-s2",
"status": "affected",
"version": "22.3",
"versionType": "custom"
},
{
"lessThan": "22.3r3-s2",
"status": "affected",
"version": "22.3",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:juniper:junos_os_evolved:22.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos_os_evolved",
"vendor": "juniper",
"versions": [
{
"lessThan": "22.4r3",
"status": "affected",
"version": "22.4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:juniper:junos_os_evolved:23.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "junos_os_evolved",
"vendor": "juniper",
"versions": [
{
"lessThan": "23.2r2",
"status": "affected",
"version": "23.2",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39562",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T13:09:33.942117Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T13:21:53.817Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.907Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA75724"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.4R3-S7-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "22.3R2-S2-EVO, 22.3R3-S2-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R3-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
},
{
"lessThan": "23.2R2-EVO",
"status": "affected",
"version": "23.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.1*",
"status": "unaffected",
"version": "22.1-EVO",
"versionType": "semver"
},
{
"lessThan": "22.2*",
"status": "unaffected",
"version": "22.2-EVO",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-07-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Missing Release of Resource after Effective Lifetime vulnerability the xinetd process, responsible for spawning SSH daemon (sshd) instances, of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to cause a Denial of Service (DoS) by blocking SSH access for legitimate users. Continued receipt of these connections will create a sustained Denial of Service (DoS) condition.\u003cbr\u003e\u003cbr\u003eThe issue is triggered when a high rate of concurrent SSH requests are received and terminated in a specific way, causing xinetd to crash, and leaving defunct sshd processes. Successful exploitation of this vulnerability blocks both SSH access as well as services which rely upon SSH, such as SFTP, and\u0026nbsp;Netconf over SSH.\u003cbr\u003e\u003cbr\u003eOnce the system is in this state, legitimate users will be unable to SSH to the device until service is manually restored.\u0026nbsp; See WORKAROUND section below.\u003cbr\u003e\u003cbr\u003eAdministrators can monitor an increase in defunct sshd processes by utilizing the CLI command:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e\u0026nbsp; \u0026gt; show system processes | match sshd\u003cbr\u003e\u0026nbsp; root \u0026nbsp; 25219 30901 0 Jul16 ? \u0026nbsp; \u0026nbsp; \u0026nbsp; 00:00:00 [sshd] \u0026lt;defunct\u0026gt;\u003c/tt\u003e\u003cbr\u003e\u003cbr\u003eThis issue affects Juniper Networks Junos OS Evolved:\u003cbr\u003e\u003cul\u003e\u003cli\u003eAll versions prior to 21.4R3-S7-EVO\u003c/li\u003e\u003cli\u003e22.3-EVO versions prior to 22.3R2-S2-EVO, 22.3R3-S2-EVO;\u003c/li\u003e\u003cli\u003e22.4-EVO versions prior to 22.4R3-EVO;\u003c/li\u003e\u003cli\u003e23.2-EVO versions prior to 23.2R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003eThis issue does not affect Juniper Networks Junos OS Evolved 22.1-EVO nor 22.2-EVO.\u003cbr\u003e"
}
],
"value": "A Missing Release of Resource after Effective Lifetime vulnerability the xinetd process, responsible for spawning SSH daemon (sshd) instances, of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to cause a Denial of Service (DoS) by blocking SSH access for legitimate users. Continued receipt of these connections will create a sustained Denial of Service (DoS) condition.\n\nThe issue is triggered when a high rate of concurrent SSH requests are received and terminated in a specific way, causing xinetd to crash, and leaving defunct sshd processes. Successful exploitation of this vulnerability blocks both SSH access as well as services which rely upon SSH, such as SFTP, and\u00a0Netconf over SSH.\n\nOnce the system is in this state, legitimate users will be unable to SSH to the device until service is manually restored.\u00a0 See WORKAROUND section below.\n\nAdministrators can monitor an increase in defunct sshd processes by utilizing the CLI command:\n\n\u00a0 \u003e show system processes | match sshd\n\u00a0 root \u00a0 25219 30901 0 Jul16 ? \u00a0 \u00a0 \u00a0 00:00:00 [sshd] \u003cdefunct\u003e\n\nThis issue affects Juniper Networks Junos OS Evolved:\n * All versions prior to 21.4R3-S7-EVO\n * 22.3-EVO versions prior to 22.3R2-S2-EVO, 22.3R3-S2-EVO;\n * 22.4-EVO versions prior to 22.4R3-EVO;\n * 23.2-EVO versions prior to 23.2R2-EVO.\n\n\n\nThis issue does not affect Juniper Networks Junos OS Evolved 22.1-EVO nor 22.2-EVO."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e"
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-772",
"description": "CWE-772 Missing Release of Resource after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T22:47:22.616Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA75724"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue: Junos OS Evolved 21.4R3-S7-EVO, 22.2R1-EVO, 22.3R2-S2-EVO, 22.3R3-S2-EVO, 22.4R3-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases.\u003c/p\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved 21.4R3-S7-EVO, 22.2R1-EVO, 22.3R2-S2-EVO, 22.3R3-S2-EVO, 22.4R3-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA75724",
"defect": [
"1741624"
],
"discovery": "USER"
},
"timeline": [
{
"lang": "en",
"time": "2024-04-10T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Junos OS Evolved: A high rate of SSH connections causes a Denial of Service",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-av217"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-39562",
"datePublished": "2024-07-10T22:47:22.616Z",
"dateReserved": "2024-06-25T15:12:53.249Z",
"dateUpdated": "2024-08-02T04:26:15.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22248 (GCVE-0-2022-22248)
Vulnerability from cvelistv5
Published
2022-10-18 02:46
Modified
2025-05-09 15:13
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An Incorrect Permission Assignment vulnerability in shell processing of Juniper Networks Junos OS Evolved allows a low-privileged local user to modify the contents of a configuration file which could cause another user to execute arbitrary commands within the context of the follow-on user's session. If the follow-on user is a high-privileged administrator, the attacker could leverage this vulnerability to take complete control of the target system. While this issue is triggered by a user, other than the attacker, accessing the Junos shell, an attacker simply requires Junos CLI access to exploit this vulnerability. This issue affects Juniper Networks Junos OS Evolved: 20.4-EVO versions prior to 20.4R3-S1-EVO; All versions of 21.1-EVO; 21.2-EVO versions prior to 21.2R3-EVO; 21.3-EVO versions prior to 21.3R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 19.2R1-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA69905 |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Patch: unspecified Version: 20.4-EVO < 20.4R3-S1-EVO Version: 21.1R1-EVO < 21.1-EVO* Version: 21.2-EVO < 21.2R3-EVO Version: 21.3-EVO < 21.3R2-EVO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:07:49.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.juniper.net/JSA69905"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-22248",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-09T15:13:49.248328Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-09T15:13:56.127Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "19.2R1-EVO",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "20.4R3-S1-EVO",
"status": "affected",
"version": "20.4-EVO",
"versionType": "custom"
},
{
"lessThan": "21.1-EVO*",
"status": "affected",
"version": "21.1R1-EVO",
"versionType": "custom"
},
{
"lessThan": "21.2R3-EVO",
"status": "affected",
"version": "21.2-EVO",
"versionType": "custom"
},
{
"lessThan": "21.3R2-EVO",
"status": "affected",
"version": "21.3-EVO",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-10-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Incorrect Permission Assignment vulnerability in shell processing of Juniper Networks Junos OS Evolved allows a low-privileged local user to modify the contents of a configuration file which could cause another user to execute arbitrary commands within the context of the follow-on user\u0027s session. If the follow-on user is a high-privileged administrator, the attacker could leverage this vulnerability to take complete control of the target system. While this issue is triggered by a user, other than the attacker, accessing the Junos shell, an attacker simply requires Junos CLI access to exploit this vulnerability. This issue affects Juniper Networks Junos OS Evolved: 20.4-EVO versions prior to 20.4R3-S1-EVO; All versions of 21.1-EVO; 21.2-EVO versions prior to 21.2R3-EVO; 21.3-EVO versions prior to 21.3R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 19.2R1-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-18T00:00:00.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"url": "https://kb.juniper.net/JSA69905"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved 20.4R3-S1-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA69905",
"defect": [
"1621536"
],
"discovery": "INTERNAL"
},
"title": "Junos OS Evolved: Incorrect file permissions can allow low-privileged user to cause another user to execute arbitrary commands",
"workarounds": [
{
"lang": "en",
"value": "Limit access to the Junos shell by system administrators until an upgrade can be performed.\n\nUse access lists or firewall filters to limit access to the Junos CLI only from trusted hosts and administrators."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2022-22248",
"datePublished": "2022-10-18T02:46:50.873Z",
"dateReserved": "2021-12-21T00:00:00.000Z",
"dateUpdated": "2025-05-09T15:13:56.127Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-44184 (GCVE-0-2023-44184)
Vulnerability from cvelistv5
Published
2023-10-12 23:02
Modified
2024-09-17 16:11
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the management daemon (mgd) process of Juniper Networks Junos OS and Junos OS Evolved allows a network-based authenticated low-privileged attacker, by executing a specific command via NETCONF, to cause a CPU Denial of Service to the device's control plane.
This issue affects:
Juniper Networks Junos OS
* All versions prior to 20.4R3-S7;
* 21.2 versions prior to 21.2R3-S5;
* 21.3 versions prior to 21.3R3-S5;
* 21.4 versions prior to 21.4R3-S4;
* 22.1 versions prior to 22.1R3-S2;
* 22.2 versions prior to 22.2R3;
* 22.3 versions prior to 22.3R2-S1, 22.3R3;
* 22.4 versions prior to 22.4R1-S2, 22.4R2.
Juniper Networks Junos OS Evolved
* All versions prior to 21.4R3-S4-EVO;
* 22.1 versions prior to 22.1R3-S2-EVO;
* 22.2 versions prior to 22.2R3-EVO;
* 22.3 versions prior to 22.3R3-EVO;
* 22.4 versions prior to 22.4R2-EVO.
An indicator of compromise can be seen by first determining if the NETCONF client is logged in and fails to log out after a reasonable period of time and secondly reviewing the WCPU percentage for the mgd process by running the following command:
mgd process example:
user@device-re#> show system processes extensive | match "mgd|PID" | except last
PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND
92476 root 100 0 500M 89024K CPU3 3 57.5H 89.60% mgd <<<<<<<<<<< review the high cpu percentage.
Example to check for NETCONF activity:
While there is no specific command that shows a specific session in use for NETCONF, you can review logs for UI_LOG_EVENT with "client-mode 'netconf'"
For example:
mgd[38121]: UI_LOGIN_EVENT: User 'root' login, class 'super-user' [38121], ssh-connection '10.1.1.1 201 55480 10.1.1.2 22', client-mode 'netconf'
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportportal.juniper.net/JSA73147 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Juniper Networks | Junos OS |
Version: 0 ≤ Version: 21.1 ≤ Version: 21.2 ≤ Version: 21.3 ≤ Version: 21.4 ≤ Version: 22.1 ≤ Version: 22.2 ≤ Version: 22.3 ≤ Version: 22.4 ≤ |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:59:51.183Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA73147"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-44184",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T15:54:08.524515Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T16:11:00.874Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S7",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.1R1",
"status": "affected",
"version": "21.1",
"versionType": "semver"
},
{
"lessThan": "21.2R3-S5",
"status": "affected",
"version": "21.2",
"versionType": "semver"
},
{
"lessThan": "21.3R3-S5",
"status": "affected",
"version": "21.3",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S4",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S2",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R2-S1, 22.3R3",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R1-S2, 22.4R2",
"status": "affected",
"version": "22.4",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.4R3-S4-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S2-EVO",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-EVO",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-EVO",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R2-EVO",
"status": "affected",
"version": "22.4",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following minimal configuration must be present: \u003c/p\u003e\u003cp\u003e [system services netconf]\u003c/p\u003e"
}
],
"value": "The following minimal configuration must be present: \n\n [system services netconf]\n\n"
}
],
"datePublic": "2023-10-11T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eAn Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the management daemon (mgd) process of Juniper Networks Junos OS and Junos OS Evolved allows a network-based authenticated low-privileged attacker, by executing a specific command via NETCONF, to cause a CPU Denial of Service to the device\u0027s control plane.\u003c/p\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJuniper Networks Junos OS\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions prior to 20.4R3-S7;\u003c/li\u003e\u003cli\u003e21.2 versions prior to 21.2R3-S5;\u003c/li\u003e\u003cli\u003e21.3 versions prior to 21.3R3-S5;\u003c/li\u003e\u003cli\u003e21.4 versions prior to 21.4R3-S4;\u003c/li\u003e\u003cli\u003e22.1 versions prior to 22.1R3-S2;\u003c/li\u003e\u003cli\u003e22.2 versions prior to 22.2R3;\u003c/li\u003e\u003cli\u003e22.3 versions prior to 22.3R2-S1, 22.3R3;\u003c/li\u003e\u003cli\u003e22.4 versions prior to 22.4R1-S2, 22.4R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eJuniper Networks Junos OS Evolved\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions prior to 21.4R3-S4-EVO;\u003c/li\u003e\u003cli\u003e22.1 versions prior to 22.1R3-S2-EVO;\u003c/li\u003e\u003cli\u003e22.2 versions prior to 22.2R3-EVO;\u003c/li\u003e\u003cli\u003e22.3 versions prior to 22.3R3-EVO;\u003c/li\u003e\u003cli\u003e22.4 versions prior to 22.4R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eAn indicator of compromise can be seen by first determining if the NETCONF client is logged in and fails to log out after a reasonable period of time and secondly reviewing the WCPU percentage for the mgd process by running the following command:\u003c/p\u003e\u003cp\u003emgd process example:\u003c/p\u003e\u003ccode\u003euser@device-re#\u0026gt; show system processes extensive | match \"mgd|PID\" | except last\u003c/code\u003e\u003cbr\u003e\u003ccode\u003ePID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND\u003c/code\u003e\u003cbr\u003e\u003ccode\u003e92476 root 100 0 500M 89024K CPU3 3 57.5H 89.60% mgd \u0026lt;\u0026lt;\u0026lt;\u0026lt;\u0026lt;\u0026lt;\u0026lt;\u0026lt;\u0026lt;\u0026lt;\u0026lt; review the high cpu percentage.\u003c/code\u003e\u003cbr\u003e\u003cp\u003eExample to check for NETCONF activity:\u003c/p\u003e\u003cp\u003eWhile there is no specific command that shows a specific session in use for NETCONF, you can review logs for UI_LOG_EVENT with \"client-mode \u0027netconf\u0027\"\u003c/p\u003e\u003cp\u003eFor example:\u003c/p\u003e\u003ccode\u003emgd[38121]: UI_LOGIN_EVENT: User \u0027root\u0027 login, class \u0027super-user\u0027 [38121], ssh-connection \u002710.1.1.1 201 55480 10.1.1.2 22\u0027, client-mode \u0027netconf\u0027\u003c/code\u003e\n\n"
}
],
"value": "\nAn Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the management daemon (mgd) process of Juniper Networks Junos OS and Junos OS Evolved allows a network-based authenticated low-privileged attacker, by executing a specific command via NETCONF, to cause a CPU Denial of Service to the device\u0027s control plane.\n\nThis issue affects:\n\nJuniper Networks Junos OS\n\n\n\n * All versions prior to 20.4R3-S7;\n * 21.2 versions prior to 21.2R3-S5;\n * 21.3 versions prior to 21.3R3-S5;\n * 21.4 versions prior to 21.4R3-S4;\n * 22.1 versions prior to 22.1R3-S2;\n * 22.2 versions prior to 22.2R3;\n * 22.3 versions prior to 22.3R2-S1, 22.3R3;\n * 22.4 versions prior to 22.4R1-S2, 22.4R2.\n\n\n\n\nJuniper Networks Junos OS Evolved\n\n\n\n * All versions prior to 21.4R3-S4-EVO;\n * 22.1 versions prior to 22.1R3-S2-EVO;\n * 22.2 versions prior to 22.2R3-EVO;\n * 22.3 versions prior to 22.3R3-EVO;\n * 22.4 versions prior to 22.4R2-EVO.\n\n\n\n\nAn indicator of compromise can be seen by first determining if the NETCONF client is logged in and fails to log out after a reasonable period of time and secondly reviewing the WCPU percentage for the mgd process by running the following command:\n\nmgd process example:\n\nuser@device-re#\u003e show system processes extensive | match \"mgd|PID\" | except last\nPID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND\n92476 root 100 0 500M 89024K CPU3 3 57.5H 89.60% mgd \u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c review the high cpu percentage.\nExample to check for NETCONF activity:\n\nWhile there is no specific command that shows a specific session in use for NETCONF, you can review logs for UI_LOG_EVENT with \"client-mode \u0027netconf\u0027\"\n\nFor example:\n\nmgd[38121]: UI_LOGIN_EVENT: User \u0027root\u0027 login, class \u0027super-user\u0027 [38121], ssh-connection \u002710.1.1.1 201 55480 10.1.1.2 22\u0027, client-mode \u0027netconf\u0027\n\n"
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e"
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-13T18:18:27.354Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA73147"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue: \u003c/p\u003e\u003cp\u003eJunos OS: 20.4R3-S7, 21.2R3-S5, 21.3R3-S5, 21.4R3-S4, 22.1R3-S2, 22.2R3, 22.3R2-S1, 22.3R3, 22.4R1-S2, 22.4R2, 23.2R1, and all subsequent releases.\u003c/p\u003e\u003cp\u003eJunos OS Evolved 21.4R3-S4-EVO, 22.1R3-S2-EVO, 22.2R3-EVO, 22.3R3-EVO, 22.4R2-EVO, 23.2R1-EVO, and all subsequent releases.\u003c/p\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS: 20.4R3-S7, 21.2R3-S5, 21.3R3-S5, 21.4R3-S4, 22.1R3-S2, 22.2R3, 22.3R2-S1, 22.3R3, 22.4R1-S2, 22.4R2, 23.2R1, and all subsequent releases.\n\nJunos OS Evolved 21.4R3-S4-EVO, 22.1R3-S2-EVO, 22.2R3-EVO, 22.3R3-EVO, 22.4R2-EVO, 23.2R1-EVO, and all subsequent releases.\n\n"
}
],
"source": {
"advisory": "JSA73147",
"defect": [
"1706285"
],
"discovery": "USER"
},
"timeline": [
{
"lang": "en",
"time": "2023-10-11T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Junos OS and Junos OS Evolved: High CPU load due to specific NETCONF command",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are no known workarounds for this issue.\u003c/p\u003e\u003cp\u003eThe impact of this issue may be temporarily cleared by periodically restarting the management daemon.\u003c/p\u003e"
}
],
"value": "There are no known workarounds for this issue.\n\nThe impact of this issue may be temporarily cleared by periodically restarting the management daemon.\n\n"
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTo reduce the risk of exploitation enable access control lists (ACLs) and other filtering mechanisms to limit access to the device only from trusted hosts and networks to the NETCONF service.\u003c/p\u003e"
}
],
"value": "To reduce the risk of exploitation enable access control lists (ACLs) and other filtering mechanisms to limit access to the device only from trusted hosts and networks to the NETCONF service.\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-av217"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2023-44184",
"datePublished": "2023-10-12T23:02:34.571Z",
"dateReserved": "2023-09-26T19:30:17.664Z",
"dateUpdated": "2024-09-17T16:11:00.874Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22247 (GCVE-0-2022-22247)
Vulnerability from cvelistv5
Published
2022-10-18 02:46
Modified
2025-05-09 15:35
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An Improper Input Validation vulnerability in ingress TCP segment processing of Juniper Networks Junos OS Evolved allows a network-based unauthenticated attacker to send a crafted TCP segment to the device, triggering a kernel panic, leading to a Denial of Service (DoS) condition. Continued receipt and processing of this TCP segment could create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS Evolved: 21.3 versions prior to 21.3R3-EVO; 21.4 versions prior to 21.4R2-EVO; 22.1 versions prior to 22.1R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 21.3R1-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA69904 |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Patch: unspecified Version: 21.3-EVO < 21.3R3-EVO Version: 21.4-EVO < 21.4R2-EVO Version: 22.1-EVO < 22.1R2-EVO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:07:50.064Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.juniper.net/JSA69904"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-22247",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-09T15:34:59.907259Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-09T15:35:08.609Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.3R1-EVO",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "21.3R3-EVO",
"status": "affected",
"version": "21.3-EVO",
"versionType": "custom"
},
{
"lessThan": "21.4R2-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "custom"
},
{
"lessThan": "22.1R2-EVO",
"status": "affected",
"version": "22.1-EVO",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-10-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Improper Input Validation vulnerability in ingress TCP segment processing of Juniper Networks Junos OS Evolved allows a network-based unauthenticated attacker to send a crafted TCP segment to the device, triggering a kernel panic, leading to a Denial of Service (DoS) condition. Continued receipt and processing of this TCP segment could create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS Evolved: 21.3 versions prior to 21.3R3-EVO; 21.4 versions prior to 21.4R2-EVO; 22.1 versions prior to 22.1R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 21.3R1-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-18T00:00:00.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"url": "https://kb.juniper.net/JSA69904"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved 21.3R3-EVO, 21.4R2-EVO, 22.1R2-EVO, 22.2R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA69904",
"defect": [
"1643328",
"1634134"
],
"discovery": "INTERNAL"
},
"title": "Junos OS Evolved: Kernel processing of unvalidated TCP segments could lead to a Denial of Service (DoS)",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2022-22247",
"datePublished": "2022-10-18T02:46:49.858Z",
"dateReserved": "2021-12-21T00:00:00.000Z",
"dateUpdated": "2025-05-09T15:35:08.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-0239 (GCVE-0-2021-0239)
Vulnerability from cvelistv5
Published
2021-04-22 19:37
Modified
2024-09-16 17:49
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In Juniper Networks Junos OS Evolved, receipt of a stream of specific genuine Layer 2 frames may cause the Advanced Forwarding Toolkit (AFT) manager process (Evo-aftmand), responsible for handling Route, Class-of-Service (CoS), Firewall operations within the packet forwarding engine (PFE) to crash and restart, leading to a Denial of Service (DoS) condition. By continuously sending this specific stream of genuine Layer 2 frames, an attacker can repeatedly crash the PFE, causing a sustained Denial of Service (DoS). This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R1-EVO. This issue does not affect Junos OS versions.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA11134 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Version: unspecified < 20.4R1-EVO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:09.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11134"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R1-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Juniper Networks Junos OS Evolved, receipt of a stream of specific genuine Layer 2 frames may cause the Advanced Forwarding Toolkit (AFT) manager process (Evo-aftmand), responsible for handling Route, Class-of-Service (CoS), Firewall operations within the packet forwarding engine (PFE) to crash and restart, leading to a Denial of Service (DoS) condition. By continuously sending this specific stream of genuine Layer 2 frames, an attacker can repeatedly crash the PFE, causing a sustained Denial of Service (DoS). This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R1-EVO. This issue does not affect Junos OS versions."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T19:37:05",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/JSA11134"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved: 20.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11134",
"defect": [
"1548758"
],
"discovery": "INTERNAL"
},
"title": "Junos OS Evolved: Denial of Service due to receipt of specific genuine layer 2 frames.",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-04-14T16:00:00.000Z",
"ID": "CVE-2021-0239",
"STATE": "PUBLIC",
"TITLE": "Junos OS Evolved: Denial of Service due to receipt of specific genuine layer 2 frames."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "20.4R1-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Juniper Networks Junos OS Evolved, receipt of a stream of specific genuine Layer 2 frames may cause the Advanced Forwarding Toolkit (AFT) manager process (Evo-aftmand), responsible for handling Route, Class-of-Service (CoS), Firewall operations within the packet forwarding engine (PFE) to crash and restart, leading to a Denial of Service (DoS) condition. By continuously sending this specific stream of genuine Layer 2 frames, an attacker can repeatedly crash the PFE, causing a sustained Denial of Service (DoS). This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R1-EVO. This issue does not affect Junos OS versions."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-754 Improper Check for Unusual or Exceptional Conditions"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11134",
"refsource": "MISC",
"url": "https://kb.juniper.net/JSA11134"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved: 20.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11134",
"defect": [
"1548758"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0239",
"datePublished": "2021-04-22T19:37:05.415854Z",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-09-16T17:49:30.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1666 (GCVE-0-2020-1666)
Vulnerability from cvelistv5
Published
2020-10-16 20:31
Modified
2024-09-16 23:41
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The system console configuration option 'log-out-on-disconnect' In Juniper Networks Junos OS Evolved fails to log out an active CLI session when the console cable is disconnected. This could allow a malicious attacker with physical access to the console the ability to resume a previous interactive session and possibly gain administrative privileges. This issue affects all Juniper Networks Junos OS Evolved versions after 18.4R1-EVO, prior to 20.2R1-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA11063 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Version: unspecified < 20.2R1-EVO Patch: unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:29.785Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11063"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.2R1-EVO",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "18.4R1-EVO",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "Console log out on disconnect is enabled via the following configuration stanza:\n [system ports console log-out-on-disconnect]"
}
],
"datePublic": "2020-10-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The system console configuration option \u0027log-out-on-disconnect\u0027 In Juniper Networks Junos OS Evolved fails to log out an active CLI session when the console cable is disconnected. This could allow a malicious attacker with physical access to the console the ability to resume a previous interactive session and possibly gain administrative privileges. This issue affects all Juniper Networks Junos OS Evolved versions after 18.4R1-EVO, prior to 20.2R1-EVO."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-16T20:31:28",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11063"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved 20.2R1-EVO and all subsequent releases."
}
],
"source": {
"advisory": "JSA11063",
"defect": [
"1406238"
],
"discovery": "INTERNAL"
},
"title": "Junos OS Evolved: \u0027console log-out-on-disconnect\u0027 fails to terminate session on console cable disconnection",
"workarounds": [
{
"lang": "en",
"value": "Limit access to the physical console to only trusted system administrators."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-10-14T16:00:00.000Z",
"ID": "CVE-2020-1666",
"STATE": "PUBLIC",
"TITLE": "Junos OS Evolved: \u0027console log-out-on-disconnect\u0027 fails to terminate session on console cable disconnection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "20.2R1-EVO"
},
{
"version_affected": "!\u003c",
"version_value": "18.4R1-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "Console log out on disconnect is enabled via the following configuration stanza:\n [system ports console log-out-on-disconnect]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The system console configuration option \u0027log-out-on-disconnect\u0027 In Juniper Networks Junos OS Evolved fails to log out an active CLI session when the console cable is disconnected. This could allow a malicious attacker with physical access to the console the ability to resume a previous interactive session and possibly gain administrative privileges. This issue affects all Juniper Networks Junos OS Evolved versions after 18.4R1-EVO, prior to 20.2R1-EVO."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11063",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11063"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved 20.2R1-EVO and all subsequent releases."
}
],
"source": {
"advisory": "JSA11063",
"defect": [
"1406238"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Limit access to the physical console to only trusted system administrators."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2020-1666",
"datePublished": "2020-10-16T20:31:28.221200Z",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-09-16T23:41:44.097Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2021-10-19 19:15
Modified
2024-11-21 06:05
Severity ?
Summary
An Improper Handling of Exceptional Conditions vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an attacker to inject a specific BGP update, causing the routing protocol daemon (RPD) to crash and restart, leading to a Denial of Service (DoS). Continued receipt and processing of the BGP update will create a sustained Denial of Service (DoS) condition. This issue affects very specific versions of Juniper Networks Junos OS: 19.3R3-S2; 19.4R3-S3; 20.2 versions 20.2R2-S3 and later, prior to 20.2R3-S2; 20.3 versions 20.3R2 and later, prior to 20.3R3; 20.4 versions 20.4R2 and later, prior to 20.4R3; 21.1 versions prior to 21.1R2. Juniper Networks Junos OS 20.1 is not affected by this issue. This issue also affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-S3-EVO, 20.4R3-EVO; 21.1-EVO versions prior to 21.1R2-EVO; 21.2-EVO versions prior to 21.2R2-EVO.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| sirt@juniper.net | https://kb.juniper.net/JSA11218 | Exploit, Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA11218 | Exploit, Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| juniper | junos | 19.3 | |
| juniper | junos | 19.4 | |
| juniper | junos | 20.2 | |
| juniper | junos | 20.2 | |
| juniper | junos | 20.2 | |
| juniper | junos | 20.3 | |
| juniper | junos | 20.3 | |
| juniper | junos | 20.4 | |
| juniper | junos | 20.4 | |
| juniper | junos | 21.1 | |
| juniper | junos | 21.1 | |
| juniper | junos_os_evolved | * | |
| juniper | junos_os_evolved | 20.4 | |
| juniper | junos_os_evolved | 20.4 | |
| juniper | junos_os_evolved | 20.4 | |
| juniper | junos_os_evolved | 20.4 | |
| juniper | junos_os_evolved | 20.4 | |
| juniper | junos_os_evolved | 20.4 | |
| juniper | junos_os_evolved | 21.1 | |
| juniper | junos_os_evolved | 21.1 | |
| juniper | junos_os_evolved | 21.2 | |
| juniper | junos_os_evolved | 21.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos:19.3:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "D3FEA876-302D-4F07-94E6-237C669538F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "0886EFA6-47E3-4C1D-A278-D3891A487FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.2:r2-s3:*:*:*:*:*:*",
"matchCriteriaId": "3A58292B-814C-49E7-8D6D-BE26EFB9ADDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.2:r3:*:*:*:*:*:*",
"matchCriteriaId": "681AE183-7183-46E7-82EA-28C398FA1C3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.2:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "8A6E9627-8BF1-4BE8-844B-EE8F1C9478F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.3:r2:*:*:*:*:*:*",
"matchCriteriaId": "05D8427C-CDDE-4B2F-9CB8-41B9137660E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.3:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "F3DC01F2-6DFE-4A8E-9962-5E59AA965935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "C54B047C-4B38-40C0-9855-067DCF7E48BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "38984199-E332-4A9C-A4C0-78083D052E15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "625BA7E6-D2AD-4A48-9B94-24328BE5B06A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.1:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "F462F4E3-762C-429F-8D25-5521100DD37C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C8EA231-338B-46A2-BE77-3A7AB54BD148",
"versionEndIncluding": "20.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "C9C8866D-162F-4C9B-8167-2FBA25410368",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "F85E5BC7-8607-4330-AA72-2273D32F8604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "878C81C9-A418-4A21-8FDB-2116A992679C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "7451A671-A3CC-4904-8D45-947B1D3783C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "0108AD20-EAE6-41D1-AE48-254C46B5388A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "44FBCA6F-EB05-4EE4-85FD-944BDAF7D81B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "AE674DD3-3590-4434-B144-5AD7EB5F039D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "0099BDA9-9D4B-4D6C-8234-EFD9E8C63476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "3EA3DC63-B290-4D15-BEF9-21DEF36CA2EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "7E1E57AF-979B-4022-8AD6-B3558E06B718",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Handling of Exceptional Conditions vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an attacker to inject a specific BGP update, causing the routing protocol daemon (RPD) to crash and restart, leading to a Denial of Service (DoS). Continued receipt and processing of the BGP update will create a sustained Denial of Service (DoS) condition. This issue affects very specific versions of Juniper Networks Junos OS: 19.3R3-S2; 19.4R3-S3; 20.2 versions 20.2R2-S3 and later, prior to 20.2R3-S2; 20.3 versions 20.3R2 and later, prior to 20.3R3; 20.4 versions 20.4R2 and later, prior to 20.4R3; 21.1 versions prior to 21.1R2. Juniper Networks Junos OS 20.1 is not affected by this issue. This issue also affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-S3-EVO, 20.4R3-EVO; 21.1-EVO versions prior to 21.1R2-EVO; 21.2-EVO versions prior to 21.2R2-EVO."
},
{
"lang": "es",
"value": "Una vulnerabilidad de administraci\u00f3n inapropiada de condiciones excepcionales en Juniper Networks Junos OS y Junos OS Evolved permite a un atacante inyectar una actualizaci\u00f3n BGP espec\u00edfica, causando el bloqueo y el reinicio del demonio del protocolo de enrutamiento (RPD), conllevando a una Denegaci\u00f3n de Servicio (DoS). Si se sigue recibiendo y procesando la actualizaci\u00f3n BGP, ser\u00e1 creada una condici\u00f3n de Denegaci\u00f3n de Servicio (DoS) sostenida. Este problema afecta a versiones muy espec\u00edficas de Juniper Networks Junos OS: 19.3R3-S2; 19.4R3-S3; 20.2 versiones 20.2R2-S3 y posteriores, anteriores a 20.2R3-S2; 20.3 versiones 20.3R2 y posteriores, anteriores a 20.3R3; 20.4 versiones 20.4R2 y posteriores, anteriores a 20.4R3; versiones 21.1 anteriores a 21.1R2. Juniper Networks Junos OS 20.1 no est\u00e1 afectado por este problema. Este problema tambi\u00e9n afecta a Juniper Networks Junos OS Evolved: Todas las versiones anteriores a 20.4R2-S3-EVO, 20.4R3-EVO; 21.1-EVO versiones anteriores a 21.1R2-EVO; 21.2-EVO versiones anteriores a 21.2R2-EVO"
}
],
"id": "CVE-2021-31353",
"lastModified": "2024-11-21T06:05:29.003",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "sirt@juniper.net",
"type": "Secondary"
}
]
},
"published": "2021-10-19T19:15:08.720",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Exploit",
"Mitigation",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA11218"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mitigation",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA11218"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-755"
}
],
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-755"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-22 22:15
Modified
2024-11-21 06:46
Severity ?
Summary
An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to cause a Denial of Service (DoS). If a BGP update message is received over an established BGP session, and that message contains a specific, optional transitive attribute, this session will be torn down with an update message error. This issue cannot propagate beyond an affected system as the processing error occurs as soon as the update is received. This issue is exploitable remotely as the respective attribute will propagate through unaffected systems and intermediate AS (if any). Continuous receipt of a BGP update containing this attribute will create a sustained Denial of Service (DoS) condition. Since this issue only affects 22.3R1, Juniper strongly encourages customers to move to 22.3R1-S1. Juniper SIRT felt that the need to promptly warn customers about this issue affecting the 22.3R1 versions of Junos OS and Junos OS Evolved warranted an Out of Cycle JSA. This issue affects: Juniper Networks Junos OS version 22.3R1. Juniper Networks Junos OS Evolved version 22.3R1-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 22.3R1. Juniper Networks Junos OS Evolved versions prior to 22.3R1-EVO.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| sirt@juniper.net | https://kb.juniper.net/JSA70175 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA70175 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| juniper | junos | 22.3 | |
| juniper | junos_os_evolved | 22.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos:22.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "19519212-51DD-4448-B115-8A20A40192CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "433631CA-3AC4-4D66-9B46-AEA4209347F1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to cause a Denial of Service (DoS). If a BGP update message is received over an established BGP session, and that message contains a specific, optional transitive attribute, this session will be torn down with an update message error. This issue cannot propagate beyond an affected system as the processing error occurs as soon as the update is received. This issue is exploitable remotely as the respective attribute will propagate through unaffected systems and intermediate AS (if any). Continuous receipt of a BGP update containing this attribute will create a sustained Denial of Service (DoS) condition. Since this issue only affects 22.3R1, Juniper strongly encourages customers to move to 22.3R1-S1. Juniper SIRT felt that the need to promptly warn customers about this issue affecting the 22.3R1 versions of Junos OS and Junos OS Evolved warranted an Out of Cycle JSA. This issue affects: Juniper Networks Junos OS version 22.3R1. Juniper Networks Junos OS Evolved version 22.3R1-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 22.3R1. Juniper Networks Junos OS Evolved versions prior to 22.3R1-EVO."
},
{
"lang": "es",
"value": "Una vulnerabilidad de validaci\u00f3n de entrada incorrecta en Routing Protocol Daemon (rpd) de Juniper Networks Junos OS y Junos OS Evolved permite que un atacante basado en red no autenticado provoque una Denegaci\u00f3n de Servicio (DoS). Si se recibe un mensaje de actualizaci\u00f3n de BGP a trav\u00e9s de una sesi\u00f3n BGP establecida y ese mensaje contiene un atributo transitivo opcional espec\u00edfico, esta sesi\u00f3n se cancelar\u00e1 con un error de mensaje de actualizaci\u00f3n. Este problema no puede propagarse m\u00e1s all\u00e1 de un sistema afectado ya que el error de procesamiento ocurre tan pronto como se recibe la actualizaci\u00f3n. Este problema se puede explotar de forma remota, ya que el atributo respectivo se propagar\u00e1 a trav\u00e9s de sistemas no afectados y AS intermedios (si los hay). La recepci\u00f3n continua de una actualizaci\u00f3n de BGP que contiene este atributo crear\u00e1 una condici\u00f3n sostenida de Denegaci\u00f3n de Servicio (DoS). Dado que este problema solo afecta a 22.3R1, Juniper recomienda encarecidamente a los clientes que migren a 22.3R1-S1. Juniper SIRT consider\u00f3 que la necesidad de advertir r\u00e1pidamente a los clientes sobre este problema que afecta a las versiones 22.3R1 de Junos OS y Junos OS Evolved justificaba un JSA fuera de ciclo. Este problema afecta a: Juniper Networks Junos OS versi\u00f3n 22.3R1. Juniper Networks Junos OS versi\u00f3n evolucionada 22.3R1-EVO. Este problema no afecta a: Versiones de Juniper Networks Junos OS anteriores a 22.3R1. Versiones evolucionadas de Juniper Networks Junos OS anteriores a 22.3R1-EVO."
}
],
"id": "CVE-2022-22184",
"lastModified": "2024-11-21T06:46:20.577",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "sirt@juniper.net",
"type": "Primary"
}
]
},
"published": "2022-12-22T22:15:11.627",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA70175"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA70175"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-13 00:15
Modified
2024-11-21 08:25
Severity ?
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
An Improper Check for Unusual or Exceptional Conditions in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS Evolved on PTX10003 Series allows an unauthenticated adjacent attacker to cause an impact to the integrity of the system.
When specific transit MPLS packets are received by the PFE, these packets are internally forwarded to the RE. This issue is a prerequisite for CVE-2023-44195.
This issue affects Juniper Networks Junos OS Evolved:
* All versions prior to 20.4R3-S8-EVO;
* 21.1-EVO version 21.1R1-EVO and later;
* 21.2-EVO versions prior to 21.2R3-S6-EVO;
* 21.3-EVO version 21.3R1-EVO and later;
* 21.4-EVO versions prior to 21.4R3-S3-EVO;
* 22.1-EVO versions prior to 22.1R3-S4-EVO;
* 22.2-EVO versions prior to 22.2R3-S3-EVO;
* 22.3-EVO versions prior to 22.3R2-S2-EVO, 22.3R3-EVO;
* 22.4-EVO versions prior to 22.4R2-EVO.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| sirt@juniper.net | https://supportportal.juniper.net/JSA73162 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://supportportal.juniper.net/JSA73162 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F41A7DF-2B27-4E2E-ABFC-E0510A028199",
"versionEndExcluding": "20.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "C9C8866D-162F-4C9B-8167-2FBA25410368",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "F85E5BC7-8607-4330-AA72-2273D32F8604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "878C81C9-A418-4A21-8FDB-2116A992679C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "7451A671-A3CC-4904-8D45-947B1D3783C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "0108AD20-EAE6-41D1-AE48-254C46B5388A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "44FBCA6F-EB05-4EE4-85FD-944BDAF7D81B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s3:*:*:*:*:*:*",
"matchCriteriaId": "E554FD12-FE69-44D1-B2C9-4382F8CA4456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3:*:*:*:*:*:*",
"matchCriteriaId": "E0C1D53E-70BE-4246-89ED-1074C8C70747",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "B39DDCF8-BB68-49F4-8AAF-AE25C9C13AC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "B38A90A9-B739-49BE-8845-9ABF846CCC5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "AAE56A7C-BA26-405F-A640-C43AF78B0A3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s4:*:*:*:*:*:*",
"matchCriteriaId": "683D8EED-9F26-41E7-B69C-FE198225A8F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s5:*:*:*:*:*:*",
"matchCriteriaId": "8979C85C-87DD-42B1-9CCC-BC3F7007C600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s6:*:*:*:*:*:*",
"matchCriteriaId": "5BDD5111-1BC2-456B-8A31-F2D252DF613C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s7:*:*:*:*:*:*",
"matchCriteriaId": "89B9BF7C-525C-4819-B80D-9B5F240F9878",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "AE674DD3-3590-4434-B144-5AD7EB5F039D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "0099BDA9-9D4B-4D6C-8234-EFD9E8C63476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "D8729BC1-FB09-4E6D-A5D5-8BDC589555B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "9D72C3DF-4513-48AC-AAED-C1AADF0794E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "8C583289-96C4-4451-A320-14CA1C390819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "FA43782E-0719-496E-9237-E1ABD3C4C664",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "78897DD2-E161-4191-94FF-7400FB612DF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:-:*:*:*:*:*:*",
"matchCriteriaId": "620B0CDD-5566-472E-B96A-31D2C12E3120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "3EA3DC63-B290-4D15-BEF9-21DEF36CA2EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "7E1E57AF-979B-4022-8AD6-B3558E06B718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "144730FB-7622-4B3D-9C47-D1B7A7FB7EB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "7BA246F0-154E-4F44-A97B-690D22FA73DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "25D6C07C-F96E-4523-BB54-7FEABFE1D1ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "2B70C784-534B-4FAA-A5ED-3709656E2B97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3:*:*:*:*:*:*",
"matchCriteriaId": "60448FFB-568E-4280-9261-ADD65244F31A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "2B770C52-7E3E-4B92-9138-85DEC56F3B22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "E88AC378-461C-4EFA-A04B-5786FF21FE03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "3B0AFB30-81DC-465C-9F63-D1B15EA4809A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s4:*:*:*:*:*:*",
"matchCriteriaId": "2035F0AC-29E7-478A-A9D0-BAA3A88B3413",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s5:*:*:*:*:*:*",
"matchCriteriaId": "C34ABD4B-B045-4046-9641-66E3B2082A25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "5A4DD04A-DE52-46BE-8C34-8DB47F7500F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "FEE0E145-8E1C-446E-90ED-237E3B9CAF47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r2:*:*:*:*:*:*",
"matchCriteriaId": "0F26369D-21B2-4C6A-98C1-492692A61283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "24003819-1A6B-4BDF-B3DF-34751C137788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "BF8D332E-9133-45B9-BB07-B33C790F737A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r3:*:*:*:*:*:*",
"matchCriteriaId": "3E2A4377-D044-4E43-B6CC-B753D7F6ABD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "8DAEC4F4-5748-4D36-A72B-4C62A0A30E38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "C76DA7A5-9320-4E21-96A2-ACE70803A1CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "703C73EB-2D63-4D4F-8129-239AE1E96B2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r3-s4:*:*:*:*:*:*",
"matchCriteriaId": "8F67CE3C-3A06-487C-90DE-D5B3B1EC08A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:-:*:*:*:*:*:*",
"matchCriteriaId": "2E907193-075E-45BC-9257-9607DB790D71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "8B73A41D-3FF5-4E53-83FF-74DF58E0D6C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "CEDF46A8-FC3A-4779-B695-2CA11D045AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "39809219-9F87-4583-9DAD-9415DD320B36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "DB299492-A919-4EBA-A62A-B3CF02FC0A95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "74ED0939-D5F8-4334-9838-40F29DE3597F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "C6937069-8C19-4B01-8415-ED7E9EAE2CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3:*:*:*:*:*:*",
"matchCriteriaId": "97DB6DD5-F5DD-4AE1-AF2F-8DB9E18FF882",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "21DF05B8-EF7E-422F-8831-06904160714C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "492FCE45-68A1-4378-85D4-C4034FE0D836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "522114CC-1505-4205-B4B8-797DE1BD833B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "750FE748-82E7-4419-A061-2DEA26E35309",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "236E23E5-8B04-4081-9D97-7300DF284000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "5FC96EA7-90A7-4838-B95D-60DBC88C7BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "97541867-C52F-40BB-9AAE-7E87ED23D789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "85CF6664-E35A-4E9B-95C0-CDC91F7F331A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "E048A05D-882F-4B1C-BA32-3BBA3FEA31A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "47E8D51D-1424-4B07-B036-E3E195F21AC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "6F3C82ED-5728-406F-ACF6-D7411B0AB6C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "1475A58F-1515-4492-B5A3-BE40C30E5B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "D77A072D-350A-42F2-8324-7D3AC1711BF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "83AE395C-A651-4568-88E3-3600544BF799",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "B3BE1FD4-DAD9-4357-A2E9-20E5826B0D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "81CC3480-4B65-4588-8D46-FA80A8F6D143",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "F7E76F5F-DB37-4B7F-9247-3CEB4EBD7696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "433631CA-3AC4-4D66-9B46-AEA4209347F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "6E4CD8AD-277A-4FC5-A102-3E151060C216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "4BC09BAC-83E7-48CE-B571-ED49277B2987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r2:*:*:*:*:*:*",
"matchCriteriaId": "FA4481D2-F693-48A5-8DBC-E86430987A25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "136CA584-2475-4A14-9771-F367180201D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "93887799-F62C-4A4A-BCF5-004D0B4D4154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "62C473D2-2612-4480-82D8-8A24D0687BBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "7FB4C5CA-A709-4B13-A9E0-372098A72AD3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:juniper:ptx10003:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5BD05415-9F94-4EB8-805A-C9C0FFA9D0DF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nAn Improper Check for Unusual or Exceptional Conditions in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS Evolved on PTX10003 Series allows an unauthenticated adjacent attacker to cause an impact to the integrity of the system.\n\nWhen specific transit MPLS packets are received by the PFE, these packets are internally forwarded to the RE. This issue is a prerequisite for CVE-2023-44195.\n\nThis issue affects Juniper Networks Junos OS Evolved:\n\n\n\n * All versions prior to 20.4R3-S8-EVO;\n * 21.1-EVO version 21.1R1-EVO and later;\n * 21.2-EVO versions prior to 21.2R3-S6-EVO;\n * 21.3-EVO version 21.3R1-EVO and later;\n * 21.4-EVO versions prior to 21.4R3-S3-EVO;\n * 22.1-EVO versions prior to 22.1R3-S4-EVO;\n * 22.2-EVO versions prior to 22.2R3-S3-EVO;\n * 22.3-EVO versions prior to 22.3R2-S2-EVO, 22.3R3-EVO;\n * 22.4-EVO versions prior to 22.4R2-EVO.\n\n\n\n\n\n\n"
},
{
"lang": "es",
"value": "Una Verificaci\u00f3n Inadecuada de Condiciones Inusuales o Excepcionales en Packet Forwarding Engine (pfe) de Juniper Networks Junos OS Evolved en la serie PTX10003 permite que un atacante adyacente no autenticado cause un impacto en la integridad del sistema. Cuando el PFE recibe paquetes MPLS de tr\u00e1nsito espec\u00edficos, estos paquetes se reenv\u00edan internamente al RE. Este problema es un requisito previo para CVE-2023-44195. Este problema afecta a Juniper Networks Junos OS Evolved: * Todas las versiones anteriores a 20.4R3-S8-EVO; * 21.1-EVO versi\u00f3n 21.1R1-EVO y posteriores; * Versiones 21.2-EVO anteriores a 21.2R3-S6-EVO; * 21.3-EVO versi\u00f3n 21.3R1-EVO y posteriores; * Versiones 21.4-EVO anteriores a 21.4R3-S3-EVO; * Versiones 22.1-EVO anteriores a 22.1R3-S4-EVO; * Versiones 22.2-EVO anteriores a 22.2R3-S3-EVO; * Versiones 22.3-EVO anteriores a 22.3R2-S2-EVO, 22.3R3-EVO; * Versiones 22.4-EVO anteriores a 22.4R2-EVO."
}
],
"id": "CVE-2023-44196",
"lastModified": "2024-11-21T08:25:25.293",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-13T00:15:12.610",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Vendor Advisory"
],
"url": "https://supportportal.juniper.net/JSA73162"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://supportportal.juniper.net/JSA73162"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-754"
}
],
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-754"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-10 23:15
Modified
2025-02-07 20:02
Severity ?
Summary
An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker sending a specific malformed BGP update message to cause the session to reset, resulting in a Denial of Service (DoS). Continued receipt and processing of these malformed BGP update messages will create a sustained Denial of Service (DoS) condition.
Upon receipt of a BGP update message over an established BGP session containing a specifically malformed tunnel encapsulation attribute, when segment routing is enabled, internal processing of the malformed attributes within the update results in improper parsing of remaining attributes, leading to session reset:
BGP SEND Notification code 3 (Update Message Error) subcode 1 (invalid attribute list)
Only systems with segment routing enabled are vulnerable to this issue.
This issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations, and requires a remote attacker to have at least one established BGP session.
This issue affects:
Junos OS:
* All versions before 21.4R3-S8,
* from 22.2 before 22.2R3-S4,
* from 22.3 before 22.3R3-S3,
* from 22.4 before 22.4R3-S3,
* from 23.2 before 23.2R2-S1,
* from 23.4 before 23.4R1-S2, 23.4R2.
Junos OS Evolved:
* All versions before 21.4R3-S8-EVO,
* from 22.2-EVO before 22.2R3-S4-EVO,
* from 22.3-EVO before 22.3R3-S3-EVO,
* from 22.4-EVO before 22.4R3-S3-EVO,
* from 23.2-EVO before 23.2R2-S1-EVO,
* from 23.4-EVO before 23.4R1-S2-EVO, 23.4R2-EVO.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| sirt@juniper.net | https://supportportal.juniper.net/JSA83015 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://supportportal.juniper.net/JSA83015 | Mitigation, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA5E63CF-31E5-4391-896F-148F05DA6BFE",
"versionEndExcluding": "21.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:-:*:*:*:*:*:*",
"matchCriteriaId": "79ED3CE8-CC57-43AB-9A26-BBC87816062D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "4310D2D9-A8A6-48F8-9384-0A0692A1E1C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "9962B01C-C57C-4359-9532-676AB81CE8B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "62178549-B679-4902-BFDB-2993803B7FCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "9AD697DF-9738-4276-94ED-7B9380CD09F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "09FF5818-0803-4646-A386-D7C645EE58A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "2229FA59-EB24-49A2-85CE-F529A8DE6BA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r3:*:*:*:*:*:*",
"matchCriteriaId": "0CB280D8-C5D8-4B51-A879-496ACCDE4538",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "5F3F54F1-75B3-400D-A735-2C27C8CEBE79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "476A49E7-37E9-40F9-BF2D-9BBFFAA1DFFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "0A5B196A-2AF1-4AE5-9148-A75A572807BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s4:*:*:*:*:*:*",
"matchCriteriaId": "3B457616-2D91-4913-9A7D-038BBF8F1F66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s5:*:*:*:*:*:*",
"matchCriteriaId": "C470FB4E-A927-4AF3-ACB0-AD1E264218B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s6:*:*:*:*:*:*",
"matchCriteriaId": "44E98BC3-1D43-481A-AB09-FFA502C36AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s7:*:*:*:*:*:*",
"matchCriteriaId": "1A0DA88F-6C61-4FEA-ABF3-99F7DD43DB0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.2:-:*:*:*:*:*:*",
"matchCriteriaId": "06156CD6-09D3-4A05-9C5E-BC64A70640F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "E949B21B-AD62-4022-9088-06313277479E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.2:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "8D862E6F-0D01-4B25-8340-888C30F75A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.2:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "2F28F73E-8563-41B9-A313-BBAAD5B57A67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "E37D4694-C80B-475E-AB5B-BB431F59C5E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.2:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "5EC0D2D2-4922-4675-8A2C-57A08D7BE334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.2:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "9EC91F9D-DEDA-46B4-A39F-59A2CDB86C2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.2:r3:*:*:*:*:*:*",
"matchCriteriaId": "591AA3E6-62A2-4A1A-A04C-E808F71D8B6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.2:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "786F993E-32CB-492A-A7CC-A7E4F48EA8B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.2:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "60CEA89D-BAC4-41CD-A1D1-AA5EDDEBD54A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.2:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "BC449CC7-B2D6-41CB-8D6C-81DE89E79520",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.3:-:*:*:*:*:*:*",
"matchCriteriaId": "CEB98E3F-B0A9-488F-ACFC-56B9485E7C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "19519212-51DD-4448-B115-8A20A40192CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.3:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "5CC9909E-AE9F-414D-99B1-83AA04D5297B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.3:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "FDE9E767-4713-4EA2-8D00-1382975A4A15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.3:r2:*:*:*:*:*:*",
"matchCriteriaId": "59DDA54E-6845-47EB-AE3C-5EC6BD33DFA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.3:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "574730B0-56C8-4A03-867B-1737148ED9B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.3:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "20EBC676-1B26-4A71-8326-0F892124290A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.3:r3:*:*:*:*:*:*",
"matchCriteriaId": "FB4C0FBF-8813-44E5-B71A-22CBAA603E2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.3:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "8BCDE58C-80CC-4C5A-9667-8A4468D8D76C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.3:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "19326769-2F08-4E61-8246-CCE7AE4483F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:-:*:*:*:*:*:*",
"matchCriteriaId": "1379EF30-AF04-4F98-8328-52A631F24737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "28E42A41-7965-456B-B0AF-9D3229CE4D4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "CB1A77D6-D3AD-481B-979C-8F778530B175",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "3A064B6B-A99B-4D8D-A62D-B00C7870BC30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "40813417-A938-4F74-A419-8C5188A35486",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "7FC1BA1A-DF0E-4B15-86BA-24C60E546732",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "EBB967BF-3495-476D-839A-9DBFCBE69F91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:r3:*:*:*:*:*:*",
"matchCriteriaId": "7E5688D6-DCA4-4550-9CD1-A3D792252129",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "8494546C-00EA-49B6-B6FA-FDE42CA5B1FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "8BB98579-FA33-4E41-A162-A46E9709FBD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:23.2:-:*:*:*:*:*:*",
"matchCriteriaId": "1A78CC80-E8B1-4CDA-BB35-A61833657FA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:23.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "4B3B2FE1-C228-46BE-AC76-70C2687050AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:23.2:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "F1B16FF0-900F-4AEE-B670-A537139F6909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:23.2:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "B227E831-30FF-4BE1-B8B2-31829A5610A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:23.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "1ADA814B-EF98-45B1-AF7A-0C89688F7CA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:23.4:-:*:*:*:*:*:*",
"matchCriteriaId": "78481ABC-3620-410D-BC78-334657E0BB75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:23.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "BE8A5BA3-87BD-473A-B229-2AAB2C797005",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:23.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "8B74AC3E-8FC9-400A-A176-4F7F21F10756",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A51696D6-8503-4CBD-AD19-861E5BE94ED4",
"versionEndExcluding": "21.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:-:*:*:*:*:*:*",
"matchCriteriaId": "2E907193-075E-45BC-9257-9607DB790D71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "8B73A41D-3FF5-4E53-83FF-74DF58E0D6C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "CEDF46A8-FC3A-4779-B695-2CA11D045AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "39809219-9F87-4583-9DAD-9415DD320B36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "DB299492-A919-4EBA-A62A-B3CF02FC0A95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "74ED0939-D5F8-4334-9838-40F29DE3597F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "C6937069-8C19-4B01-8415-ED7E9EAE2CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3:*:*:*:*:*:*",
"matchCriteriaId": "97DB6DD5-F5DD-4AE1-AF2F-8DB9E18FF882",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "21DF05B8-EF7E-422F-8831-06904160714C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "492FCE45-68A1-4378-85D4-C4034FE0D836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "522114CC-1505-4205-B4B8-797DE1BD833B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s4:*:*:*:*:*:*",
"matchCriteriaId": "C9D664AB-0FA7-49C7-B6E1-69C77652FBEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s5:*:*:*:*:*:*",
"matchCriteriaId": "9DB01252-2F11-41DB-9023-C74FD723334E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s6:*:*:*:*:*:*",
"matchCriteriaId": "F91450D5-F8CE-42EA-BB7E-312FCE024CD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s7:*:*:*:*:*:*",
"matchCriteriaId": "4E616550-8711-4282-A8A1-11BD5974E650",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:-:*:*:*:*:*:*",
"matchCriteriaId": "A3CA3365-F9AF-40DF-8700-30AD4BC58E27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "D77A072D-350A-42F2-8324-7D3AC1711BF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "83AE395C-A651-4568-88E3-3600544BF799",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "C7FEFD0A-A969-4F53-8668-1231FD675D6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "B3BE1FD4-DAD9-4357-A2E9-20E5826B0D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "81CC3480-4B65-4588-8D46-FA80A8F6D143",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "F7E76F5F-DB37-4B7F-9247-3CEB4EBD7696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r3:*:*:*:*:*:*",
"matchCriteriaId": "C63DBEE5-B0C2-498F-A672-B6596C89B0A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "9370C46D-3AA1-4562-B67F-DF6EA10F209B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "1FD8C240-A7FE-4FD5-ADCC-289C1BC461BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "2FB9F20B-7683-4B0D-8D2B-5569414EBC29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:-:*:*:*:*:*:*",
"matchCriteriaId": "BE2EF84D-55A9-41DC-A324-69E1DC426D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "433631CA-3AC4-4D66-9B46-AEA4209347F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "6E4CD8AD-277A-4FC5-A102-3E151060C216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "4BC09BAC-83E7-48CE-B571-ED49277B2987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r2:*:*:*:*:*:*",
"matchCriteriaId": "FA4481D2-F693-48A5-8DBC-E86430987A25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "136CA584-2475-4A14-9771-F367180201D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "4546776C-A657-42E3-9A36-47F9F59A88AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r3:*:*:*:*:*:*",
"matchCriteriaId": "156DD8ED-CE6E-48C0-9E67-16B04767D62E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "10F9C2B1-BD81-4EDC-ADF5-4B0F39001C7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "61F649B0-0121-4760-9432-5F57214EFC2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:-:*:*:*:*:*:*",
"matchCriteriaId": "0A33C425-921F-4795-B834-608C8F1597E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "93887799-F62C-4A4A-BCF5-004D0B4D4154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "62C473D2-2612-4480-82D8-8A24D0687BBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "7FB4C5CA-A709-4B13-A9E0-372098A72AD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "04CE952D-E3C1-4B34-9E65-EC52BFE887AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "8AE9D1A7-4721-4E1D-B965-FDC38126B1DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "A8643AA3-29EF-48A7-B033-CB60988E214B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:r3:*:*:*:*:*:*",
"matchCriteriaId": "9800BA03-E6BF-4212-B2E7-69C0FD27D294",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "ACCA655D-C542-44F1-B183-4C864CFF2D4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "6D499B19-A91A-4B76-B1CB-6A07A4CB212B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:23.2:-:*:*:*:*:*:*",
"matchCriteriaId": "6DEAA7FD-385F-4221-907E-65ABC16BE4BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:23.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "DDEC008A-3137-48D1-8ABC-6DB0EFC40E50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:23.2:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "558D234D-BC50-415F-86D6-8E19D6C3ACE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:23.2:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "33F4EEEE-77E9-4973-A770-99E7BA2F05F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:23.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "A4BB6910-B994-45FD-8153-5EC00EE842E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:23.4:-:*:*:*:*:*:*",
"matchCriteriaId": "9D7F0D73-85EE-4A07-B51B-6BF52ECBA75E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:23.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "FE777A1F-9CD9-426E-AF1C-FBE01EB9A4A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:23.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "7147BA60-30A5-4CED-9AAF-F6BEA0528B89",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker sending a specific malformed BGP update message to cause the session to reset, resulting in a Denial of Service (DoS). Continued receipt and processing of these malformed BGP update messages will create a sustained Denial of Service (DoS) condition.\n\nUpon receipt of a BGP update message over an established BGP session containing a specifically malformed tunnel encapsulation attribute, when segment routing is enabled, internal processing of the malformed attributes within the update results in improper parsing of remaining attributes, leading to session reset:\n\nBGP SEND Notification code 3 (Update Message Error) subcode 1 (invalid attribute list)\n\nOnly systems with segment routing enabled are vulnerable to this issue.\n\nThis issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations, and requires a remote attacker to have at least one established BGP session.\n\nThis issue affects:\n\nJunos OS: \n\n\n * All versions before 21.4R3-S8, \n * from 22.2 before 22.2R3-S4, \n * from 22.3 before 22.3R3-S3, \n * from 22.4 before 22.4R3-S3, \n * from 23.2 before 23.2R2-S1, \n * from 23.4 before 23.4R1-S2, 23.4R2.\n\n\nJunos OS Evolved:\u00a0\n\n * All versions before 21.4R3-S8-EVO, \n * from 22.2-EVO before 22.2R3-S4-EVO, \n * from 22.3-EVO before 22.3R3-S3-EVO, \n * from 22.4-EVO before 22.4R3-S3-EVO, \n * from 23.2-EVO before 23.2R2-S1-EVO, \n * from 23.4-EVO before 23.4R1-S2-EVO, 23.4R2-EVO."
},
{
"lang": "es",
"value": "Una vulnerabilidad de manejo inadecuado de condiciones excepcionales en el daemon de protocolo de enrutamiento (RPD) de Juniper Networks Junos OS y Junos OS Evolved permite que un atacante env\u00ede un mensaje espec\u00edfico de actualizaci\u00f3n de BGP con formato incorrecto para provocar que la sesi\u00f3n se reinicie, lo que resulta en una denegaci\u00f3n de servicio (DoS). La recepci\u00f3n y el procesamiento continuos de estos mensajes de actualizaci\u00f3n de BGP con formato incorrecto crear\u00e1n una condici\u00f3n sostenida de denegaci\u00f3n de servicio (DoS). Al recibir un mensaje de actualizaci\u00f3n de BGP a trav\u00e9s de una sesi\u00f3n BGP establecida que contiene un atributo de encapsulaci\u00f3n de t\u00fanel espec\u00edficamente mal formado, cuando el enrutamiento de segmento est\u00e1 habilitado, el procesamiento interno de los atributos mal formados dentro de la actualizaci\u00f3n da como resultado un an\u00e1lisis inadecuado de los atributos restantes, lo que lleva al restablecimiento de la sesi\u00f3n: BGP SEND C\u00f3digo de notificaci\u00f3n 3 (Error de mensaje de actualizaci\u00f3n) subc\u00f3digo 1 (lista de atributos no v\u00e1lidos) Solo los sistemas con enrutamiento de segmentos habilitado son vulnerables a este problema. Este problema afecta a eBGP e iBGP, tanto en implementaciones IPv4 como IPv6, y requiere que un atacante remoto tenga al menos una sesi\u00f3n BGP establecida. Este problema afecta a: Junos OS: * Todas las versiones anteriores a 21.4R3-8, * desde 22.2 anterior a 22.2R3-S4, * desde 22.3 anterior a 22.3R3-S3, * desde 22.4 anterior a 22.4R3-S3, * desde 23.2 anterior a 23.2R2- S1, * de 23.4 antes de 23.4R1-S2, 23.4R2. Junos OS Evolved: * Todas las versiones anteriores a 21.4R3-S8-EVO, * desde 22.2-EVO antes de 22.2R3-S4-EVO, * desde 22.3-EVO antes de 22.3R3-S3-EVO, * desde 22.4-EVO antes de 22.4R3- S3-EVO, *de 23.2-EVO antes de 23.2R2-S1-EVO, *de 23.4-EVO antes de 23.4R1-S2-EVO, 23.4R2-EVO."
}
],
"id": "CVE-2024-39555",
"lastModified": "2025-02-07T20:02:54.603",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "sirt@juniper.net",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:A/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "sirt@juniper.net",
"type": "Primary"
}
]
},
"published": "2024-07-10T23:15:11.863",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://supportportal.juniper.net/JSA83015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://supportportal.juniper.net/JSA83015"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-755"
}
],
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-755"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-06-21 17:15
Modified
2024-11-21 07:36
Severity ?
Summary
An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When a BGP update message is received over an established BGP session, and that message contains a specific, optional transitive attribute, this session will be torn down with an update message error. This issue cannot propagate beyond an affected system as the processing error occurs as soon as the update is received. This issue is exploitable remotely as the respective attribute can propagate through unaffected systems and intermediate AS (if any). Continuous receipt of a BGP update containing this attribute will create a sustained Denial of Service (DoS) condition. Some customers have experienced these BGP session flaps which prompted Juniper SIRT to release this advisory out of cycle before fixed releases are widely available as there is an effective workaround.
This issue affects:
Juniper Networks Junos OS
15.1R1 and later versions prior to 20.4R3-S8;
21.1 version 21.1R1 and later versions prior to 21.2R3-S6;
21.3 versions prior to 21.3R3-S5;
21.4 versions prior to 21.4R3-S4;
22.1 versions prior to 22.1R3-S4;
22.2 versions prior to 22.2R3-S2;
22.3 versions prior to 22.3R2-S2, 22.3R3-S1;
22.4 versions prior to 22.4R2-S1, 22.4R3;
23.1 versions prior to 23.1R1-S1, 23.1R2.
Juniper Networks Junos OS Evolved
All versions prior to 20.4R3-S8-EVO;
21.1 version 21.1R1-EVO and later versions prior to 21.2R3-S6-EVO;
21.3 versions prior to 21.3R3-S5-EVO;
21.4 versions prior to 21.4R3-S4-EVO;
22.1 versions prior to 22.1R3-S4-EVO;
22.2 versions prior to 22.2R3-S2-EVO;
22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO;
22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO;
23.1 versions prior to 23.1R1-S1-EVO, 23.1R2-EVO.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C24BA08-83BC-491A-8D59-860113981748",
"versionEndExcluding": "20.4",
"versionStartIncluding": "15.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:-:*:*:*:*:*:*",
"matchCriteriaId": "3D361B23-A3C2-444B-BEB8-E231DA950567",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "20DDC6B7-BFC4-4F0B-8E68-442C23765BF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "037BA01C-3F5C-4503-A633-71765E9EF774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "C54B047C-4B38-40C0-9855-067DCF7E48BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "38984199-E332-4A9C-A4C0-78083D052E15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "AA6526FB-2941-4D18-9B2E-472AD5A62A53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r3:*:*:*:*:*:*",
"matchCriteriaId": "09876787-A40A-4340-9C12-8628C325353B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "41615104-C17E-44DA-AB0D-6E2053BD4EF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "1981DE38-36B5-469D-917E-92717EE3ED53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "AFA68ACD-AAE5-4577-B734-23AAF77BC85A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s4:*:*:*:*:*:*",
"matchCriteriaId": "65948ABC-22BB-46D5-8545-0806EDB4B86E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s5:*:*:*:*:*:*",
"matchCriteriaId": "283E41CB-9A90-4521-96DC-F31AA592CFD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s6:*:*:*:*:*:*",
"matchCriteriaId": "14EEA504-CBC5-4F6F-889A-D505EC4BB5B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s7:*:*:*:*:*:*",
"matchCriteriaId": "977DEF80-0DB5-4828-97AC-09BB3111D585",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.1:-:*:*:*:*:*:*",
"matchCriteriaId": "6FDB5B7D-FB37-47E3-8678-B9ED578CCA5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "625BA7E6-D2AD-4A48-9B94-24328BE5B06A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.1:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "F462F4E3-762C-429F-8D25-5521100DD37C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "C0BC9DAC-D6B5-4C5E-8C73-6E550D9A30F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.1:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "689FE1AE-7A85-4FB6-AB02-E732F23581B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.1:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "79E56DAC-75AD-4C81-9835-634B40C15DA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "A0040FE2-7ECD-4755-96CE-E899BA298E0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.1:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "076AB086-BB79-4583-AAF7-A5233DFB2F95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.1:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "72E2DDF6-01DF-4880-AB60-B3DA3281E88D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.1:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "54010163-0810-4CF5-95FE-7E62BC6CA4F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.1:r3-s4:*:*:*:*:*:*",
"matchCriteriaId": "5C1C3B09-3800-493E-A319-57648305FE6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.1:r3-s5:*:*:*:*:*:*",
"matchCriteriaId": "4BFDCC2B-FAB5-4164-8D70-28E4DFF052AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*",
"matchCriteriaId": "216E7DDE-453D-481F-92E2-9F8466CDDA3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "A52AF794-B36B-43A6-82E9-628658624B0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "3998DC76-F72F-4452-9150-652140B113EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "36ED4552-2420-45F9-B6E4-6DA2B2B12870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "C28A14E7-7EA0-4757-9764-E39A27CFDFA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "4A43752D-A4AF-4B4E-B95B-192E42883A5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "42986538-E9D0-4C2E-B1C4-A763A4EE451B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:r3:*:*:*:*:*:*",
"matchCriteriaId": "DE22CA01-EA7E-4EE5-B59F-EE100688C1DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "E596ABD9-6ECD-48DC-B770-87B7E62EA345",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "71745D02-D226-44DC-91AD-678C85F5E6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "39E44B09-7310-428C-8144-AE9DB0484D1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s4:*:*:*:*:*:*",
"matchCriteriaId": "53938295-8999-4316-9DED-88E24D037852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s5:*:*:*:*:*:*",
"matchCriteriaId": "2307BF56-640F-49A8-B060-6ACB0F653A61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.3:-:*:*:*:*:*:*",
"matchCriteriaId": "2E7D597D-F6B6-44C3-9EBC-4FA0686ACB5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "CC78A4CB-D617-43FC-BB51-287D2D0C44ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.3:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "30FF67F8-1E3C-47A8-8859-709B3614BA6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.3:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "0C7C507E-C85E-4BC6-A3B0-549516BAB524",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.3:r2:*:*:*:*:*:*",
"matchCriteriaId": "6514CDE8-35DC-469F-89A3-078684D18F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.3:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "4624565D-8F59-44A8-B7A8-01AD579745E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.3:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "4BF8CD82-C338-4D9A-8C98-FCB3CEAA9227",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.3:r3:*:*:*:*:*:*",
"matchCriteriaId": "57E08E70-1AF3-4BA5-9A09-06DFE9663ADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.3:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "255B6F20-D32F-42C1-829C-AE9C7923558A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.3:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "90AE30DB-C448-4FE9-AC11-FF0F27CDA227",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.3:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "93F324AE-65D3-4CFC-AEAB-898CE1BD05CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.3:r3-s4:*:*:*:*:*:*",
"matchCriteriaId": "3CCBB2F4-F05B-4CC5-9B1B-ECCB798D0483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:-:*:*:*:*:*:*",
"matchCriteriaId": "79ED3CE8-CC57-43AB-9A26-BBC87816062D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "4310D2D9-A8A6-48F8-9384-0A0692A1E1C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "9962B01C-C57C-4359-9532-676AB81CE8B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "62178549-B679-4902-BFDB-2993803B7FCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "9AD697DF-9738-4276-94ED-7B9380CD09F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "09FF5818-0803-4646-A386-D7C645EE58A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "2229FA59-EB24-49A2-85CE-F529A8DE6BA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r3:*:*:*:*:*:*",
"matchCriteriaId": "0CB280D8-C5D8-4B51-A879-496ACCDE4538",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "5F3F54F1-75B3-400D-A735-2C27C8CEBE79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "476A49E7-37E9-40F9-BF2D-9BBFFAA1DFFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "0A5B196A-2AF1-4AE5-9148-A75A572807BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "3F96EBE9-2532-4E35-ABA5-CA68830476A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "B4D936AE-FD74-4823-A824-2D9F24C25BFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "E117E493-F4E1-4568-88E3-F243C74A2662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "01E3E308-FD9C-4686-8C35-8472A0E99F0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "3683A8F5-EE0E-4936-A005-DF7F6B75DED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "1B615DBA-8C53-41D4-B264-D3EED8578471",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "B3124DD0-9E42-4896-9060-CB7DD07FC342",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "44F6FD6C-03AF-4D2C-B411-A753DE12A2DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "D49FFB60-BA71-4902-9404-E67162919ADC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "EFF72FCA-C440-4D43-9BDB-F712DB413717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "E949B21B-AD62-4022-9088-06313277479E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.2:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "8D862E6F-0D01-4B25-8340-888C30F75A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.2:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "2F28F73E-8563-41B9-A313-BBAAD5B57A67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "E37D4694-C80B-475E-AB5B-BB431F59C5E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.2:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "5EC0D2D2-4922-4675-8A2C-57A08D7BE334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.2:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "9EC91F9D-DEDA-46B4-A39F-59A2CDB86C2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.2:r3:*:*:*:*:*:*",
"matchCriteriaId": "591AA3E6-62A2-4A1A-A04C-E808F71D8B6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.2:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "786F993E-32CB-492A-A7CC-A7E4F48EA8B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "19519212-51DD-4448-B115-8A20A40192CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.3:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "5CC9909E-AE9F-414D-99B1-83AA04D5297B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.3:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "FDE9E767-4713-4EA2-8D00-1382975A4A15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.3:r2:*:*:*:*:*:*",
"matchCriteriaId": "59DDA54E-6845-47EB-AE3C-5EC6BD33DFA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.3:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "574730B0-56C8-4A03-867B-1737148ED9B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "28E42A41-7965-456B-B0AF-9D3229CE4D4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "CB1A77D6-D3AD-481B-979C-8F778530B175",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "3A064B6B-A99B-4D8D-A62D-B00C7870BC30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "40813417-A938-4F74-A419-8C5188A35486",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F41A7DF-2B27-4E2E-ABFC-E0510A028199",
"versionEndExcluding": "20.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:-:*:*:*:*:*:*",
"matchCriteriaId": "247FB9DF-7EC0-4298-B27C-3235D141C1D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "C9C8866D-162F-4C9B-8167-2FBA25410368",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "F85E5BC7-8607-4330-AA72-2273D32F8604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "878C81C9-A418-4A21-8FDB-2116A992679C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "7451A671-A3CC-4904-8D45-947B1D3783C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "0108AD20-EAE6-41D1-AE48-254C46B5388A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "44FBCA6F-EB05-4EE4-85FD-944BDAF7D81B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s3:*:*:*:*:*:*",
"matchCriteriaId": "E554FD12-FE69-44D1-B2C9-4382F8CA4456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3:*:*:*:*:*:*",
"matchCriteriaId": "E0C1D53E-70BE-4246-89ED-1074C8C70747",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "B39DDCF8-BB68-49F4-8AAF-AE25C9C13AC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "B38A90A9-B739-49BE-8845-9ABF846CCC5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "AAE56A7C-BA26-405F-A640-C43AF78B0A3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s4:*:*:*:*:*:*",
"matchCriteriaId": "683D8EED-9F26-41E7-B69C-FE198225A8F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s5:*:*:*:*:*:*",
"matchCriteriaId": "8979C85C-87DD-42B1-9CCC-BC3F7007C600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s6:*:*:*:*:*:*",
"matchCriteriaId": "5BDD5111-1BC2-456B-8A31-F2D252DF613C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s7:*:*:*:*:*:*",
"matchCriteriaId": "89B9BF7C-525C-4819-B80D-9B5F240F9878",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:-:*:*:*:*:*:*",
"matchCriteriaId": "52C3552E-798F-4719-B38D-F74E34EAAA40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "AE674DD3-3590-4434-B144-5AD7EB5F039D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "0099BDA9-9D4B-4D6C-8234-EFD9E8C63476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "D8729BC1-FB09-4E6D-A5D5-8BDC589555B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "9D72C3DF-4513-48AC-AAED-C1AADF0794E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "8C583289-96C4-4451-A320-14CA1C390819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "FA43782E-0719-496E-9237-E1ABD3C4C664",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "78897DD2-E161-4191-94FF-7400FB612DF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:-:*:*:*:*:*:*",
"matchCriteriaId": "620B0CDD-5566-472E-B96A-31D2C12E3120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "3EA3DC63-B290-4D15-BEF9-21DEF36CA2EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "7E1E57AF-979B-4022-8AD6-B3558E06B718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "144730FB-7622-4B3D-9C47-D1B7A7FB7EB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "7BA246F0-154E-4F44-A97B-690D22FA73DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "25D6C07C-F96E-4523-BB54-7FEABFE1D1ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "2B70C784-534B-4FAA-A5ED-3709656E2B97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3:*:*:*:*:*:*",
"matchCriteriaId": "60448FFB-568E-4280-9261-ADD65244F31A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "2B770C52-7E3E-4B92-9138-85DEC56F3B22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "E88AC378-461C-4EFA-A04B-5786FF21FE03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "3B0AFB30-81DC-465C-9F63-D1B15EA4809A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s4:*:*:*:*:*:*",
"matchCriteriaId": "2035F0AC-29E7-478A-A9D0-BAA3A88B3413",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s5:*:*:*:*:*:*",
"matchCriteriaId": "C34ABD4B-B045-4046-9641-66E3B2082A25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:-:*:*:*:*:*:*",
"matchCriteriaId": "4EC38173-44AB-43D5-8C27-CB43AD5E0B2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "5A4DD04A-DE52-46BE-8C34-8DB47F7500F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "FEE0E145-8E1C-446E-90ED-237E3B9CAF47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r2:*:*:*:*:*:*",
"matchCriteriaId": "0F26369D-21B2-4C6A-98C1-492692A61283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "24003819-1A6B-4BDF-B3DF-34751C137788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "BF8D332E-9133-45B9-BB07-B33C790F737A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r3:*:*:*:*:*:*",
"matchCriteriaId": "3E2A4377-D044-4E43-B6CC-B753D7F6ABD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "8DAEC4F4-5748-4D36-A72B-4C62A0A30E38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "C76DA7A5-9320-4E21-96A2-ACE70803A1CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "703C73EB-2D63-4D4F-8129-239AE1E96B2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r3-s4:*:*:*:*:*:*",
"matchCriteriaId": "8F67CE3C-3A06-487C-90DE-D5B3B1EC08A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:-:*:*:*:*:*:*",
"matchCriteriaId": "2E907193-075E-45BC-9257-9607DB790D71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "8B73A41D-3FF5-4E53-83FF-74DF58E0D6C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "CEDF46A8-FC3A-4779-B695-2CA11D045AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "39809219-9F87-4583-9DAD-9415DD320B36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "DB299492-A919-4EBA-A62A-B3CF02FC0A95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "74ED0939-D5F8-4334-9838-40F29DE3597F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "C6937069-8C19-4B01-8415-ED7E9EAE2CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3:*:*:*:*:*:*",
"matchCriteriaId": "97DB6DD5-F5DD-4AE1-AF2F-8DB9E18FF882",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "21DF05B8-EF7E-422F-8831-06904160714C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "492FCE45-68A1-4378-85D4-C4034FE0D836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "522114CC-1505-4205-B4B8-797DE1BD833B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "750FE748-82E7-4419-A061-2DEA26E35309",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "236E23E5-8B04-4081-9D97-7300DF284000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "5FC96EA7-90A7-4838-B95D-60DBC88C7BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "97541867-C52F-40BB-9AAE-7E87ED23D789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "85CF6664-E35A-4E9B-95C0-CDC91F7F331A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "E048A05D-882F-4B1C-BA32-3BBA3FEA31A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "47E8D51D-1424-4B07-B036-E3E195F21AC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "6F3C82ED-5728-406F-ACF6-D7411B0AB6C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "1475A58F-1515-4492-B5A3-BE40C30E5B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "D77A072D-350A-42F2-8324-7D3AC1711BF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "83AE395C-A651-4568-88E3-3600544BF799",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "B3BE1FD4-DAD9-4357-A2E9-20E5826B0D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "81CC3480-4B65-4588-8D46-FA80A8F6D143",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "F7E76F5F-DB37-4B7F-9247-3CEB4EBD7696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r3:*:*:*:*:*:*",
"matchCriteriaId": "C63DBEE5-B0C2-498F-A672-B6596C89B0A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "9370C46D-3AA1-4562-B67F-DF6EA10F209B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "433631CA-3AC4-4D66-9B46-AEA4209347F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "6E4CD8AD-277A-4FC5-A102-3E151060C216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "4BC09BAC-83E7-48CE-B571-ED49277B2987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r2:*:*:*:*:*:*",
"matchCriteriaId": "FA4481D2-F693-48A5-8DBC-E86430987A25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "136CA584-2475-4A14-9771-F367180201D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "93887799-F62C-4A4A-BCF5-004D0B4D4154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "62C473D2-2612-4480-82D8-8A24D0687BBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "7FB4C5CA-A709-4B13-A9E0-372098A72AD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "04CE952D-E3C1-4B34-9E65-EC52BFE887AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:23.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "82A4E4C8-2D50-4675-8A96-8C9DADCE46CF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When a BGP update message is received over an established BGP session, and that message contains a specific, optional transitive attribute, this session will be torn down with an update message error. This issue cannot propagate beyond an affected system as the processing error occurs as soon as the update is received. This issue is exploitable remotely as the respective attribute can propagate through unaffected systems and intermediate AS (if any). Continuous receipt of a BGP update containing this attribute will create a sustained Denial of Service (DoS) condition. Some customers have experienced these BGP session flaps which prompted Juniper SIRT to release this advisory out of cycle before fixed releases are widely available as there is an effective workaround.\n\nThis issue affects:\nJuniper Networks Junos OS\n15.1R1 and later versions prior to 20.4R3-S8;\n21.1 version 21.1R1 and later versions prior to 21.2R3-S6;\n21.3 versions prior to 21.3R3-S5;\n21.4 versions prior to 21.4R3-S4;\n22.1 versions prior to 22.1R3-S4;\n22.2 versions prior to 22.2R3-S2;\n22.3 versions prior to 22.3R2-S2, 22.3R3-S1;\n22.4 versions prior to 22.4R2-S1, 22.4R3;\n23.1 versions prior to 23.1R1-S1, 23.1R2.\n\nJuniper Networks Junos OS Evolved\nAll versions prior to 20.4R3-S8-EVO;\n21.1 version 21.1R1-EVO and later versions prior to 21.2R3-S6-EVO;\n21.3 versions prior to 21.3R3-S5-EVO;\n21.4 versions prior to 21.4R3-S4-EVO;\n22.1 versions prior to 22.1R3-S4-EVO;\n22.2 versions prior to 22.2R3-S2-EVO;\n22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO;\n22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO;\n23.1 versions prior to 23.1R1-S1-EVO, 23.1R2-EVO.\n"
}
],
"id": "CVE-2023-0026",
"lastModified": "2024-11-21T07:36:25.270",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "sirt@juniper.net",
"type": "Primary"
}
]
},
"published": "2023-06-21T17:15:47.597",
"references": [
{
"source": "sirt@juniper.net",
"url": "https://supportportal.juniper.net/JSA71542"
},
{
"source": "sirt@juniper.net",
"tags": [
"Product"
],
"url": "https://www.juniper.net/documentation/us/en/software/junos/bgp/topics/topic-map/bgp-error-messages.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://supportportal.juniper.net/JSA71542"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.juniper.net/documentation/us/en/software/junos/bgp/topics/topic-map/bgp-error-messages.html"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "sirt@juniper.net",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-13 00:15
Modified
2024-11-21 08:25
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
An Improper Input Validation vulnerability in the routing protocol daemon (rpd) of Juniper Networks allows an attacker to cause a Denial of Service (DoS )to the device upon receiving and processing a specific malformed ISO VPN BGP UPDATE packet.
Continued receipt of this packet will cause a sustained Denial of Service condition.
This issue affects:
* Juniper Networks Junos OS:
* All versions prior to 20.4R3-S6;
* 21.1 versions prior to 21.1R3-S5;
* 21.2 versions prior to 21.2R3-S4;
* 21.3 versions prior to 21.3R3-S3;
* 21.4 versions prior to 21.4R3-S3;
* 22.1 versions prior to 22.1R2-S2, 22.1R3;
* 22.2 versions prior to 22.2R2-S1, 22.2R3;
* 22.3 versions prior to 22.3R1-S2, 22.3R2.
Juniper Networks Junos OS Evolved:
* All versions prior to 20.4R3-S6-EVO;
* 21.1-EVO version 21.1R1-EVO and later versions prior to 21.2R3-S4-EVO;
* 21.3-EVO versions prior to 21.3R3-S3-EVO;
* 21.4-EVO versions prior to 21.4R3-S3-EVO;
* 22.1-EVO versions prior to 22.1R3-EVO;
* 22.2-EVO versions prior to 22.2R2-S1-EVO, 22.2R3-EVO;
* 22.3-EVO versions prior to 22.3R1-S2-EVO, 22.3R2-EVO.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| sirt@juniper.net | https://supportportal.juniper.net/JSA73146 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://supportportal.juniper.net/JSA73146 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A96966-5060-4139-A124-D4E2C879FD6C",
"versionEndExcluding": "20.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:-:*:*:*:*:*:*",
"matchCriteriaId": "3D361B23-A3C2-444B-BEB8-E231DA950567",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "20DDC6B7-BFC4-4F0B-8E68-442C23765BF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "037BA01C-3F5C-4503-A633-71765E9EF774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "C54B047C-4B38-40C0-9855-067DCF7E48BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "38984199-E332-4A9C-A4C0-78083D052E15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "AA6526FB-2941-4D18-9B2E-472AD5A62A53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r3:*:*:*:*:*:*",
"matchCriteriaId": "09876787-A40A-4340-9C12-8628C325353B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "41615104-C17E-44DA-AB0D-6E2053BD4EF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "1981DE38-36B5-469D-917E-92717EE3ED53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "AFA68ACD-AAE5-4577-B734-23AAF77BC85A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s4:*:*:*:*:*:*",
"matchCriteriaId": "65948ABC-22BB-46D5-8545-0806EDB4B86E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s5:*:*:*:*:*:*",
"matchCriteriaId": "283E41CB-9A90-4521-96DC-F31AA592CFD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.1:-:*:*:*:*:*:*",
"matchCriteriaId": "6FDB5B7D-FB37-47E3-8678-B9ED578CCA5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "625BA7E6-D2AD-4A48-9B94-24328BE5B06A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.1:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "F462F4E3-762C-429F-8D25-5521100DD37C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "C0BC9DAC-D6B5-4C5E-8C73-6E550D9A30F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.1:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "689FE1AE-7A85-4FB6-AB02-E732F23581B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.1:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "79E56DAC-75AD-4C81-9835-634B40C15DA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "A0040FE2-7ECD-4755-96CE-E899BA298E0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.1:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "076AB086-BB79-4583-AAF7-A5233DFB2F95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.1:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "72E2DDF6-01DF-4880-AB60-B3DA3281E88D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.1:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "54010163-0810-4CF5-95FE-7E62BC6CA4F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.1:r3-s4:*:*:*:*:*:*",
"matchCriteriaId": "5C1C3B09-3800-493E-A319-57648305FE6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*",
"matchCriteriaId": "216E7DDE-453D-481F-92E2-9F8466CDDA3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "A52AF794-B36B-43A6-82E9-628658624B0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "3998DC76-F72F-4452-9150-652140B113EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "36ED4552-2420-45F9-B6E4-6DA2B2B12870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "C28A14E7-7EA0-4757-9764-E39A27CFDFA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "4A43752D-A4AF-4B4E-B95B-192E42883A5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "42986538-E9D0-4C2E-B1C4-A763A4EE451B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:r3:*:*:*:*:*:*",
"matchCriteriaId": "DE22CA01-EA7E-4EE5-B59F-EE100688C1DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "E596ABD9-6ECD-48DC-B770-87B7E62EA345",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "71745D02-D226-44DC-91AD-678C85F5E6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "39E44B09-7310-428C-8144-AE9DB0484D1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.3:-:*:*:*:*:*:*",
"matchCriteriaId": "2E7D597D-F6B6-44C3-9EBC-4FA0686ACB5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "CC78A4CB-D617-43FC-BB51-287D2D0C44ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.3:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "30FF67F8-1E3C-47A8-8859-709B3614BA6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.3:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "0C7C507E-C85E-4BC6-A3B0-549516BAB524",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.3:r2:*:*:*:*:*:*",
"matchCriteriaId": "6514CDE8-35DC-469F-89A3-078684D18F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.3:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "4624565D-8F59-44A8-B7A8-01AD579745E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.3:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "4BF8CD82-C338-4D9A-8C98-FCB3CEAA9227",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.3:r3:*:*:*:*:*:*",
"matchCriteriaId": "57E08E70-1AF3-4BA5-9A09-06DFE9663ADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.3:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "255B6F20-D32F-42C1-829C-AE9C7923558A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.3:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "90AE30DB-C448-4FE9-AC11-FF0F27CDA227",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:-:*:*:*:*:*:*",
"matchCriteriaId": "79ED3CE8-CC57-43AB-9A26-BBC87816062D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "4310D2D9-A8A6-48F8-9384-0A0692A1E1C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "9962B01C-C57C-4359-9532-676AB81CE8B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "62178549-B679-4902-BFDB-2993803B7FCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "9AD697DF-9738-4276-94ED-7B9380CD09F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "09FF5818-0803-4646-A386-D7C645EE58A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "2229FA59-EB24-49A2-85CE-F529A8DE6BA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r3:*:*:*:*:*:*",
"matchCriteriaId": "0CB280D8-C5D8-4B51-A879-496ACCDE4538",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "5F3F54F1-75B3-400D-A735-2C27C8CEBE79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "476A49E7-37E9-40F9-BF2D-9BBFFAA1DFFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "3F96EBE9-2532-4E35-ABA5-CA68830476A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "B4D936AE-FD74-4823-A824-2D9F24C25BFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "E117E493-F4E1-4568-88E3-F243C74A2662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "01E3E308-FD9C-4686-8C35-8472A0E99F0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "3683A8F5-EE0E-4936-A005-DF7F6B75DED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "E949B21B-AD62-4022-9088-06313277479E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.2:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "8D862E6F-0D01-4B25-8340-888C30F75A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.2:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "2F28F73E-8563-41B9-A313-BBAAD5B57A67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "E37D4694-C80B-475E-AB5B-BB431F59C5E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "19519212-51DD-4448-B115-8A20A40192CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.3:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "5CC9909E-AE9F-414D-99B1-83AA04D5297B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F41A7DF-2B27-4E2E-ABFC-E0510A028199",
"versionEndExcluding": "20.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:-:*:*:*:*:*:*",
"matchCriteriaId": "247FB9DF-7EC0-4298-B27C-3235D141C1D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "C9C8866D-162F-4C9B-8167-2FBA25410368",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "F85E5BC7-8607-4330-AA72-2273D32F8604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "878C81C9-A418-4A21-8FDB-2116A992679C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "7451A671-A3CC-4904-8D45-947B1D3783C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "0108AD20-EAE6-41D1-AE48-254C46B5388A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "44FBCA6F-EB05-4EE4-85FD-944BDAF7D81B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s3:*:*:*:*:*:*",
"matchCriteriaId": "E554FD12-FE69-44D1-B2C9-4382F8CA4456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3:*:*:*:*:*:*",
"matchCriteriaId": "E0C1D53E-70BE-4246-89ED-1074C8C70747",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "B39DDCF8-BB68-49F4-8AAF-AE25C9C13AC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "B38A90A9-B739-49BE-8845-9ABF846CCC5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "AAE56A7C-BA26-405F-A640-C43AF78B0A3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s4:*:*:*:*:*:*",
"matchCriteriaId": "683D8EED-9F26-41E7-B69C-FE198225A8F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s5:*:*:*:*:*:*",
"matchCriteriaId": "8979C85C-87DD-42B1-9CCC-BC3F7007C600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:-:*:*:*:*:*:*",
"matchCriteriaId": "52C3552E-798F-4719-B38D-F74E34EAAA40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "AE674DD3-3590-4434-B144-5AD7EB5F039D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "0099BDA9-9D4B-4D6C-8234-EFD9E8C63476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "D8729BC1-FB09-4E6D-A5D5-8BDC589555B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "9D72C3DF-4513-48AC-AAED-C1AADF0794E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "8C583289-96C4-4451-A320-14CA1C390819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "FA43782E-0719-496E-9237-E1ABD3C4C664",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "78897DD2-E161-4191-94FF-7400FB612DF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:-:*:*:*:*:*:*",
"matchCriteriaId": "620B0CDD-5566-472E-B96A-31D2C12E3120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "3EA3DC63-B290-4D15-BEF9-21DEF36CA2EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "7E1E57AF-979B-4022-8AD6-B3558E06B718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "144730FB-7622-4B3D-9C47-D1B7A7FB7EB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "7BA246F0-154E-4F44-A97B-690D22FA73DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "25D6C07C-F96E-4523-BB54-7FEABFE1D1ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "2B70C784-534B-4FAA-A5ED-3709656E2B97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3:*:*:*:*:*:*",
"matchCriteriaId": "60448FFB-568E-4280-9261-ADD65244F31A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "2B770C52-7E3E-4B92-9138-85DEC56F3B22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "E88AC378-461C-4EFA-A04B-5786FF21FE03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "3B0AFB30-81DC-465C-9F63-D1B15EA4809A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:-:*:*:*:*:*:*",
"matchCriteriaId": "4EC38173-44AB-43D5-8C27-CB43AD5E0B2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "5A4DD04A-DE52-46BE-8C34-8DB47F7500F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "FEE0E145-8E1C-446E-90ED-237E3B9CAF47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r2:*:*:*:*:*:*",
"matchCriteriaId": "0F26369D-21B2-4C6A-98C1-492692A61283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "24003819-1A6B-4BDF-B3DF-34751C137788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "BF8D332E-9133-45B9-BB07-B33C790F737A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r3:*:*:*:*:*:*",
"matchCriteriaId": "3E2A4377-D044-4E43-B6CC-B753D7F6ABD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "8DAEC4F4-5748-4D36-A72B-4C62A0A30E38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "C76DA7A5-9320-4E21-96A2-ACE70803A1CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:-:*:*:*:*:*:*",
"matchCriteriaId": "2E907193-075E-45BC-9257-9607DB790D71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "8B73A41D-3FF5-4E53-83FF-74DF58E0D6C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "CEDF46A8-FC3A-4779-B695-2CA11D045AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "39809219-9F87-4583-9DAD-9415DD320B36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "DB299492-A919-4EBA-A62A-B3CF02FC0A95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "74ED0939-D5F8-4334-9838-40F29DE3597F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "C6937069-8C19-4B01-8415-ED7E9EAE2CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3:*:*:*:*:*:*",
"matchCriteriaId": "97DB6DD5-F5DD-4AE1-AF2F-8DB9E18FF882",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "21DF05B8-EF7E-422F-8831-06904160714C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "492FCE45-68A1-4378-85D4-C4034FE0D836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "750FE748-82E7-4419-A061-2DEA26E35309",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "236E23E5-8B04-4081-9D97-7300DF284000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "5FC96EA7-90A7-4838-B95D-60DBC88C7BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "97541867-C52F-40BB-9AAE-7E87ED23D789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "85CF6664-E35A-4E9B-95C0-CDC91F7F331A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "D77A072D-350A-42F2-8324-7D3AC1711BF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "83AE395C-A651-4568-88E3-3600544BF799",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "B3BE1FD4-DAD9-4357-A2E9-20E5826B0D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "433631CA-3AC4-4D66-9B46-AEA4209347F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "6E4CD8AD-277A-4FC5-A102-3E151060C216",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nAn Improper Input Validation vulnerability in the routing protocol daemon (rpd) of Juniper Networks allows an attacker to cause a Denial of Service (DoS )to the device upon receiving and processing a specific malformed ISO VPN BGP UPDATE packet.\n\nContinued receipt of this packet will cause a sustained Denial of Service condition.\n\nThis issue affects:\n\n\n\n * Juniper Networks Junos OS:\n * All versions prior to 20.4R3-S6;\n * 21.1 versions prior to 21.1R3-S5;\n * 21.2 versions prior to 21.2R3-S4;\n * 21.3 versions prior to 21.3R3-S3;\n * 21.4 versions prior to 21.4R3-S3;\n * 22.1 versions prior to 22.1R2-S2, 22.1R3;\n * 22.2 versions prior to 22.2R2-S1, 22.2R3;\n * 22.3 versions prior to 22.3R1-S2, 22.3R2.\n\n\n\n\nJuniper Networks Junos OS Evolved:\n\n\n\n * All versions prior to 20.4R3-S6-EVO;\n * 21.1-EVO version 21.1R1-EVO and later versions prior to 21.2R3-S4-EVO;\n * 21.3-EVO versions prior to 21.3R3-S3-EVO;\n * 21.4-EVO versions prior to 21.4R3-S3-EVO;\n * 22.1-EVO versions prior to 22.1R3-EVO;\n * 22.2-EVO versions prior to 22.2R2-S1-EVO, 22.2R3-EVO;\n * 22.3-EVO versions prior to 22.3R1-S2-EVO, 22.3R2-EVO.\n\n\n\n\n\n\n"
},
{
"lang": "es",
"value": "Una vulnerabilidad de validaci\u00f3n de entrada incorrecta en el Routing Protocol Daemon (rpd) de Juniper Networks permite a un atacante causar una Denegaci\u00f3n de Servicio (DoS) al dispositivo al recibir y procesar un paquete de ACTUALIZACI\u00d3N BGP de VPN ISO con formato incorrecto espec\u00edfico. La recepci\u00f3n continua de este paquete provocar\u00e1 una condici\u00f3n sostenida de Denegaci\u00f3n de Servicio. Este problema afecta a: * Juniper Networks Junos OS: * Todas las versiones anteriores a 20.4R3-S6; * Versiones 21.1 anteriores a 21.1R3-S5; * Versiones 21.2 anteriores a 21.2R3-S4; * Versiones 21.3 anteriores a 21.3R3-S3; * Versiones 21.4 anteriores a 21.4R3-S3; * Versiones 22.1 anteriores a 22.1R2-S2, 22.1R3; * Versiones 22.2 anteriores a 22.2R2-S1, 22.2R3; * Versiones 22.3 anteriores a 22.3R1-S2, 22.3R2. Juniper Networks Junos OS Evolved: * Todas las versiones anteriores a 20.4R3-S6-EVO; * 21.1-EVO versi\u00f3n 21.1R1-EVO y versiones posteriores anteriores a 21.2R3-S4-EVO; * Versiones 21.3-EVO anteriores a 21.3R3-S3-EVO; * Versiones 21.4-EVO anteriores a 21.4R3-S3-EVO; * Versiones 22.1-EVO anteriores a 22.1R3-EVO; * Versiones 22.2-EVO anteriores a 22.2R2-S1-EVO, 22.2R3-EVO; * Versiones 22.3-EVO anteriores a 22.3R1-S2-EVO, 22.3R2-EVO."
}
],
"id": "CVE-2023-44185",
"lastModified": "2024-11-21T08:25:23.680",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-13T00:15:12.147",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Vendor Advisory"
],
"url": "https://supportportal.juniper.net/JSA73146"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://supportportal.juniper.net/JSA73146"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-15 21:15
Modified
2024-11-21 05:11
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Summary
In a certain condition, receipt of a specific BGP UPDATE message might cause Juniper Networks Junos OS and Junos OS Evolved devices to advertise an invalid BGP UPDATE message to other peers, causing the other peers to terminate the established BGP session, creating a Denial of Service (DoS) condition. For example, Router A sends a specific BGP UPDATE to Router B, causing Router B to send an invalid BGP UPDATE message to Router C, resulting in termination of the BGP session between Router B and Router C. This issue might occur when there is at least a single BGP session established on the device that does not support 4 Byte AS extension (RFC 4893). Repeated receipt of the same BGP UPDATE can result in an extended DoS condition. This issue affects Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S6; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S2; 17.2 versions prior to 17.2R1-S9, 17.2R2-S8, 17.2R3-S3; 17.2X75 versions prior to 17.2X75-D105, 17.2X75-D110, 17.2X75-D44; 17.3 versions prior to 17.3R2-S5, 17.3R3-S7; 17.4 versions prior to 17.4R2-S8, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R2-S6, 18.2R3-S2; 18.2X75 versions prior to 18.2X75-D12, 18.2X75-D33, 18.2X75-D411, 18.2X75-D420, 18.2X75-D51, 18.2X75-D60; 18.3 versions prior to 18.3R1-S6, 18.3R2-S3, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R3; 18.4 version 18.4R2 and later versions; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S2, 19.2R2. This issue does not affect Juniper Networks Junos OS prior to 16.1R1. This issue affects Juniper Networks Junos OS Evolved prior to 19.2R2-EVO.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| sirt@juniper.net | https://kb.juniper.net/JSA11013 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA11013 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:-:*:*:*:*:*:*",
"matchCriteriaId": "258A380C-1EA0-407D-B7E3-4A2E8820119C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "BBE35BDC-7739-4854-8BB8-E8600603DE9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "2DC47132-9EEA-4518-8F86-5CD231FBFB61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "CD5A30CE-9498-4007-8E66-FD0CC6CF1836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r3-s10:*:*:*:*:*:*",
"matchCriteriaId": "07CD1E7C-24EA-46B7-964C-C78FF64AFAE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r3-s11:*:*:*:*:*:*",
"matchCriteriaId": "8A457C57-4A36-433D-9473-5ABC091DF316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r4:*:*:*:*:*:*",
"matchCriteriaId": "6D3E38C1-808C-4BD3-993D-F30855F5390F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r4-s12:*:*:*:*:*:*",
"matchCriteriaId": "C2AF9C4B-23E6-485D-A115-2B728E929C6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r4-s2:*:*:*:*:*:*",
"matchCriteriaId": "1FD11073-DC27-41F8-A6A2-7E22A062D14E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r4-s3:*:*:*:*:*:*",
"matchCriteriaId": "2A78389E-868C-422D-9AA3-8A672DF6C2AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r4-s4:*:*:*:*:*:*",
"matchCriteriaId": "85BFC22F-A6B3-4306-A28B-5D78FFA6402D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r4-s6:*:*:*:*:*:*",
"matchCriteriaId": "99276E50-825C-4BB4-8496-1F81BDA21655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r5:*:*:*:*:*:*",
"matchCriteriaId": "72194CB7-FFDC-4897-9D6E-EA3459DDDEB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r5-s4:*:*:*:*:*:*",
"matchCriteriaId": "C88635DB-09B1-4DA1-8FC3-2F7A7E42819C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r6-s1:*:*:*:*:*:*",
"matchCriteriaId": "DF5A9D31-ED7D-4390-B46D-7E46089DB932",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r6-s6:*:*:*:*:*:*",
"matchCriteriaId": "90B94472-0E32-48AD-A690-AABB2C53CA58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r7:*:*:*:*:*:*",
"matchCriteriaId": "6B4A4960-0241-4BF4-8857-8B7BE33466B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r7-s2:*:*:*:*:*:*",
"matchCriteriaId": "C2DC367C-7F0B-4775-9BE9-464B28543D4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r7-s3:*:*:*:*:*:*",
"matchCriteriaId": "863744A8-8759-4646-9E39-72D511DE4A10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r7-s4:*:*:*:*:*:*",
"matchCriteriaId": "732A499C-9FAC-4307-B090-8971970B3EF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.1:r7-s5:*:*:*:*:*:*",
"matchCriteriaId": "9D3848D1-936D-44BB-B951-E4296F113641",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "3661BC68-6F32-447F-8D20-FD73FBBED9C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "5B6097D4-3856-4696-9A26-5B6C0FD9AD6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.2:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "84DD80BF-BF7E-447B-AA74-00B3D8036E36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.2:r2-s10:*:*:*:*:*:*",
"matchCriteriaId": "D8A72B62-E3B7-42FA-980F-75BDF15236FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.2:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "57B89EEB-222D-46AA-BC8F-4EE7E17BA7B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.2:r2-s5:*:*:*:*:*:*",
"matchCriteriaId": "ECAE613D-1317-4D2E-8A61-980CD5DEAED8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:16.2:r2-s6:*:*:*:*:*:*",
"matchCriteriaId": "BAB2D63C-C966-42CA-85A9-09820D00A2D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.1:-:*:*:*:*:*:*",
"matchCriteriaId": "CC9B5CDE-3A50-4CD3-962A-FA0989939F37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "7572C187-4D58-4E0D-A605-B2B13EFF5C6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "E34A149E-C2ED-4D86-A105-0A2775654AE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "4E0D42C4-9B4D-44F9-BC84-E7994404598B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s10:*:*:*:*:*:*",
"matchCriteriaId": "CC7A70CD-3A5E-4F01-8469-E5CD406BB04F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "DE2C20D8-3C73-4B87-BA41-DBFBCA5FBA58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s3:*:*:*:*:*:*",
"matchCriteriaId": "54D887B4-D2F4-4537-8298-B98D01396F12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s4:*:*:*:*:*:*",
"matchCriteriaId": "1C1B5AE6-A323-4744-BCA1-25E46D2D27BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s5:*:*:*:*:*:*",
"matchCriteriaId": "0AB39E2F-0D67-4FA6-84B8-36684E971002",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s6:*:*:*:*:*:*",
"matchCriteriaId": "A32C3702-48DE-47CF-B0D1-3A629676AD03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s7:*:*:*:*:*:*",
"matchCriteriaId": "B9695B3E-FCDA-4DF0-B714-8B4F87AA647D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s8:*:*:*:*:*:*",
"matchCriteriaId": "36214C23-82C8-4A3E-9FF8-04F85FF8B2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s9:*:*:*:*:*:*",
"matchCriteriaId": "F3778643-1684-4549-A764-A1909C14B4B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.1:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "76105563-4DA1-4A0E-A627-C44BA93F1862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.2:-:*:*:*:*:*:*",
"matchCriteriaId": "BCEE8D9C-6D64-4A9B-A74A-57A0BF4086C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "E889BF9C-BDDF-4A6A-97BB-00A097EF6D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.2:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "8BCF0612-AF16-4925-8E42-77734513F923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.2:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "595987A6-D8CE-41ED-B51C-EF9CD3B47AD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.2:r1-s3:*:*:*:*:*:*",
"matchCriteriaId": "7B5A2205-C40B-4746-9A23-1973433FF065",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.2:r1-s4:*:*:*:*:*:*",
"matchCriteriaId": "CFA3526C-FF53-4823-B6AC-0BA91BFB532D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.2:r1-s5:*:*:*:*:*:*",
"matchCriteriaId": "AA92B7F8-705B-410F-BDA3-7C28FF51967F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.2:r1-s7:*:*:*:*:*:*",
"matchCriteriaId": "9689695F-53EB-4B35-9072-750E7282B011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.2:r1-s8:*:*:*:*:*:*",
"matchCriteriaId": "4F7CE683-5647-455B-936C-DF0D973A180A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "7D45F2C3-20FF-4A91-A440-E109B3CCE7C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.2:r2-s6:*:*:*:*:*:*",
"matchCriteriaId": "B87ECEAD-FD18-4252-8D46-F281DD4125AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.2:r2-s7:*:*:*:*:*:*",
"matchCriteriaId": "C6788EE2-B0DA-470E-B72E-E8D5CCFB5259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.2:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "5FD8A8E1-201B-4E4E-8F69-23856E56AF60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.2:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "897850A3-2A27-483C-8266-E4547F1A4341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.2x75:-:*:*:*:*:*:*",
"matchCriteriaId": "8B809686-D679-483B-9196-510582F07A7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.2x75:d102:*:*:*:*:*:*",
"matchCriteriaId": "81332BD3-99F9-4A7C-A04F-1F3A81CA6941",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.2x75:d50:*:*:*:*:*:*",
"matchCriteriaId": "1C913A29-64F1-4B2C-A4BC-163891E9A43A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.2x75:d70:*:*:*:*:*:*",
"matchCriteriaId": "CD7217ED-631C-4206-9381-18C0BDD69C7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.2x75:d92:*:*:*:*:*:*",
"matchCriteriaId": "D5DCC950-B6D1-4EF2-87EB-7D152CD9D8CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.3:-:*:*:*:*:*:*",
"matchCriteriaId": "A283D32F-1CAF-4A5A-83E1-585F2801771F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.3:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "C52E355B-DA7D-4FDE-B2D7-A3C3C9C99918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.3:r2:*:*:*:*:*:*",
"matchCriteriaId": "69FC46D4-39E2-4E2F-A1D3-1001769A7115",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.3:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "32F83E8B-A816-4F26-95F8-F0DA7F3DF426",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.3:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "2C433359-BC8B-4E69-BE74-A31EB148083A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.3:r2-s3:*:*:*:*:*:*",
"matchCriteriaId": "BCA2976C-C84B-40D9-A806-588629BFFB13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.3:r2-s4:*:*:*:*:*:*",
"matchCriteriaId": "A2C7B980-033E-40AC-98C9-B252733B0F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:-:*:*:*:*:*:*",
"matchCriteriaId": "A00CA6FB-8F28-4171-B510-8DBA351E80C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "988D317A-0646-491F-9B97-853E8E208276",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "605F1AD7-5B09-44F0-9017-15AB3EEE559C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "CEDDCD30-2255-4FA9-B3E2-9E88AB6F8D80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r1-s4:*:*:*:*:*:*",
"matchCriteriaId": "4E4EB6B0-8DB2-4199-96E4-30195D49F756",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r1-s5:*:*:*:*:*:*",
"matchCriteriaId": "204FC7B5-9CF2-4AC2-9B8D-DA48CAEA6496",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r1-s6:*:*:*:*:*:*",
"matchCriteriaId": "9D8A8E33-473A-4A40-A7B7-47086BB9012A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r1-s7:*:*:*:*:*:*",
"matchCriteriaId": "F0F65DCA-34B9-4CE8-91C9-426AAAEB4097",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "0E0CE79A-157D-47DE-BE65-936BC12470EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "05060C06-18C1-40E8-AE01-385B036CC9AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "0C752783-4843-407B-AF33-0E1D36FCAAF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r2-s3:*:*:*:*:*:*",
"matchCriteriaId": "006EE425-A146-4E10-B050-7E754BB8402A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r2-s4:*:*:*:*:*:*",
"matchCriteriaId": "2B482BCC-1F0C-47AA-B63B-1B39CEF7B2C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r2-s5:*:*:*:*:*:*",
"matchCriteriaId": "A636F9F2-2DA7-4A27-AD80-FD1B34DFCA94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r2-s6:*:*:*:*:*:*",
"matchCriteriaId": "4EC7D216-D8F3-4ABD-97C9-4C9FB6DF64FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r2-s7:*:*:*:*:*:*",
"matchCriteriaId": "5E327643-D8D8-4EFA-9F38-BA862A919501",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.1:-:*:*:*:*:*:*",
"matchCriteriaId": "0DFDD907-5305-4602-8A9C-685AA112C342",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "2EF6F4C1-6A7E-474F-89BC-7A3C50FD8CAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.1:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "84F5BCBA-404B-4BC9-B363-CE6D231B0D6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.1:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "18A4CA3E-DA61-49CC-8476-3A476CCB2B83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.1:r2-s4:*:*:*:*:*:*",
"matchCriteriaId": "A7380B3E-09F5-4497-86C6-11EF56BD89F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "658841A9-BEC9-433E-81D0-47DE82887C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.1:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "5AD05209-1274-4F8A-9FA2-A1A8DFCC5755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.1:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "C97683B3-A07B-428F-9535-C49B55305679",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.1:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "A14CE132-C56B-43D8-A248-AB6A2D1A7B6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.1:r3-s4:*:*:*:*:*:*",
"matchCriteriaId": "73978DD8-BD92-4872-8F35-AF2B9BCA1ECB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.1:r3-s6:*:*:*:*:*:*",
"matchCriteriaId": "7988CE92-71D2-4EEC-B596-4A60E2C1136A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.1:r3-s7:*:*:*:*:*:*",
"matchCriteriaId": "330D176F-8DAD-440C-A623-44FA233FAB01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.1x75:-:*:*:*:*:*:*",
"matchCriteriaId": "25D06112-086E-4C26-B2C1-D83F45B5BF10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.3:-:*:*:*:*:*:*",
"matchCriteriaId": "1BB9C2BB-D20B-41E9-B75F-7FAD9ECCDB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "5342C3DC-D640-47AB-BD76-3444852988A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.3:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "8AB8585E-EDC6-4400-BEE3-3A6A7C922C90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.3:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "A2ABC574-B3FC-4025-B50D-7F9EEB28C806",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.3:r1-s3:*:*:*:*:*:*",
"matchCriteriaId": "6F6EAFC3-C3AC-4361-8530-39FCF89702F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.3:r1-s5:*:*:*:*:*:*",
"matchCriteriaId": "6B363298-315C-4FD5-9417-C5B82883A224",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.3:r2:*:*:*:*:*:*",
"matchCriteriaId": "B7A3FBD3-5399-42A9-9BD9-E3C981CBD6DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.3:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "4EBD361C-8B4D-43EF-8B82-9FE165D8206E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.3:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "6E7539C4-6208-43EB-9A0B-4852D0CE0FA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "A38F224C-8E9B-44F3-9D4F-6C9F04F57927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "853F146A-9A0F-49B6-AFD2-9907434212F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "8F73B88B-E66C-4ACD-B38D-9365FB230ABA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "D59D7A31-128B-4034-862B-8EF3CE3EE949",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "0C5E097B-B79E-4E6A-9291-C8CB9674FED5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "819FA3ED-F934-4B20-BC0E-D638ACCB7787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r2-s3:*:*:*:*:*:*",
"matchCriteriaId": "3D7D773A-4988-4D7C-A105-1885EBE14426",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.1:-:*:*:*:*:*:*",
"matchCriteriaId": "768C0EB7-8456-4BF4-8598-3401A54D21DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "5332B70A-F6B0-4C3B-90E2-5CBFB3326126",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.1:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "81439FE8-5405-45C2-BC04-9823D2009A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.1:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "E506138D-043E-485D-B485-94A2AB75F8E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.2:-:*:*:*:*:*:*",
"matchCriteriaId": "0E7545CE-6300-4E81-B5AF-2BE150C1B190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "4CA3060F-1800-4A06-A453-FB8CE4B65312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.2:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "9A5B337A-727C-4767-AD7B-E0F7F99EB46F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:19.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "914D6984-1820-483B-AEB9-2C5257B5E900",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In a certain condition, receipt of a specific BGP UPDATE message might cause Juniper Networks Junos OS and Junos OS Evolved devices to advertise an invalid BGP UPDATE message to other peers, causing the other peers to terminate the established BGP session, creating a Denial of Service (DoS) condition. For example, Router A sends a specific BGP UPDATE to Router B, causing Router B to send an invalid BGP UPDATE message to Router C, resulting in termination of the BGP session between Router B and Router C. This issue might occur when there is at least a single BGP session established on the device that does not support 4 Byte AS extension (RFC 4893). Repeated receipt of the same BGP UPDATE can result in an extended DoS condition. This issue affects Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S6; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S2; 17.2 versions prior to 17.2R1-S9, 17.2R2-S8, 17.2R3-S3; 17.2X75 versions prior to 17.2X75-D105, 17.2X75-D110, 17.2X75-D44; 17.3 versions prior to 17.3R2-S5, 17.3R3-S7; 17.4 versions prior to 17.4R2-S8, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R2-S6, 18.2R3-S2; 18.2X75 versions prior to 18.2X75-D12, 18.2X75-D33, 18.2X75-D411, 18.2X75-D420, 18.2X75-D51, 18.2X75-D60; 18.3 versions prior to 18.3R1-S6, 18.3R2-S3, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R3; 18.4 version 18.4R2 and later versions; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S2, 19.2R2. This issue does not affect Juniper Networks Junos OS prior to 16.1R1. This issue affects Juniper Networks Junos OS Evolved prior to 19.2R2-EVO."
},
{
"lang": "es",
"value": "En determinadas condiciones, la recepci\u00f3n de un mensaje espec\u00edfico de UPDATE de BGP puede causar que los dispositivos Juniper Networks Junos OS y Junos OS Evolved anuncien un mensaje de UPDATE de BGP no v\u00e1lido a otros peers, causando que los otros peers finalicen la sesi\u00f3n de BGP establecida, creando una condici\u00f3n de Denegaci\u00f3n de Servicio (DoS). Por ejemplo, el Enrutador A env\u00eda una UPDATE de BGP espec\u00edfica al Enrutador B, causando que el Enrutador B env\u00ede un mensaje de UPDATE de BGP no v\u00e1lido al Enrutador C, resultando en la terminaci\u00f3n de la sesi\u00f3n BGP entre el Enrutador B y el Enrutador C. Este problema puede ocurrir cuando existe al menos una \u00fanica sesi\u00f3n BGP establecida en el dispositivo que no admite la extensi\u00f3n AS de 4 bytes (RFC 4893). La recepci\u00f3n repetida de la misma UPDATE de BGP puede resultar en una condici\u00f3n DoS extendida. Este problema afecta a Juniper Networks Junos OS: versiones 16.1 anteriores a 16.1R7-S6; versiones 16.2 anteriores a 16.2R2-S11; versiones 17.1 anteriores a 17.1R2-S11, 17.1R3-S2; versiones 17.2 anteriores a 17.2R1-S9, 17.2R2-S8, 17.2R3-S3; versiones 17.2X75 anteriores a 17.2X75-D105, 17.2X75-D110, 17.2X75-D44; versiones 17.3 anteriores a 17.3R2-S5, 17.3R3-S7; versiones 17.4 anteriores a 17.4R2-S8, 17.4R3; versiones 18.1 anteriores a 18.1R3-S8; versiones 18.2 anteriores a 18.2R2-S6, 18.2R3-S2; versiones 18.2X75 anteriores a 18.2X75-D12, 18.2X75-D33, 18.2X75-D411, 18.2X75-D420, 18.2X75-D51, 18.2X75-D60; versiones 18.3 anteriores a 18.3R1-S6, 18.3R2-S3, 18.3R3; versiones 18.4 anteriores a 18.4R1-S5, 18.4R3; 18.4 versi\u00f3n 18.4R2 y versiones posteriores; versiones 19.1 anteriores a 19.1R1-S3, 19.1R2; versiones 19.2 anteriores a 19.2R1-S2, 19.2R2. Este problema no afecta a Juniper Networks Junos OS versiones anterior a 16.1R1. Este problema afecta a Juniper Networks Junos OS Evolved versiones anteriores a 19.2R2-EVO."
}
],
"id": "CVE-2020-1632",
"lastModified": "2024-11-21T05:11:02.687",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-15T21:15:35.043",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA11013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA11013"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-755"
}
],
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-755"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-13 00:15
Modified
2024-11-21 08:25
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
A Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos and Junos EVO allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service.
Repeated actions by the attacker will create a sustained Denial of Service (DoS) condition.
This issue affects Juniper Networks:
Junos OS:
* All versions prior to 19.1R3-S10;
* 19.2 versions prior to 19.2R3-S7;
* 19.3 versions prior to 19.3R3-S8;
* 19.4 versions prior to 19.4R3-S12;
* 20.2 versions prior to 20.2R3-S8;
* 20.4 versions prior to 20.4R3-S8;
* 21.2 versions prior to 21.2R3-S6;
* 21.3 versions prior to 21.3R3-S5;
* 21.4 versions prior to 21.4R3-S4;
* 22.1 versions prior to 22.1R3-S3;
* 22.2 versions prior to 22.2R3-S1;
* 22.3 versions prior to 22.3R3;
* 22.4 versions prior to 22.4R2.
Junos OS Evolved:
* All versions prior to 20.4R3-S8-EVO;
* 21.2 versions prior to 21.2R3-S6-EVO;
* 21.3 versions prior to 21.3R3-S5-EVO;
* 21.4 versions prior to 21.4R3-S4-EVO;
* 22.1 versions prior to 22.1R3-S3-EVO;
* 22.2 versions prior to 22.2R3-S1-EVO;
* 22.3 versions prior to 22.3R3-EVO;
* 22.4 versions prior to 22.4R2-EVO.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| sirt@juniper.net | https://supportportal.juniper.net/JSA73140 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://supportportal.juniper.net/JSA73140 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A96966-5060-4139-A124-D4E2C879FD6C",
"versionEndExcluding": "20.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:-:*:*:*:*:*:*",
"matchCriteriaId": "3D361B23-A3C2-444B-BEB8-E231DA950567",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "20DDC6B7-BFC4-4F0B-8E68-442C23765BF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "037BA01C-3F5C-4503-A633-71765E9EF774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "C54B047C-4B38-40C0-9855-067DCF7E48BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "38984199-E332-4A9C-A4C0-78083D052E15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "AA6526FB-2941-4D18-9B2E-472AD5A62A53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r3:*:*:*:*:*:*",
"matchCriteriaId": "09876787-A40A-4340-9C12-8628C325353B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "41615104-C17E-44DA-AB0D-6E2053BD4EF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "1981DE38-36B5-469D-917E-92717EE3ED53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "AFA68ACD-AAE5-4577-B734-23AAF77BC85A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s4:*:*:*:*:*:*",
"matchCriteriaId": "65948ABC-22BB-46D5-8545-0806EDB4B86E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s5:*:*:*:*:*:*",
"matchCriteriaId": "283E41CB-9A90-4521-96DC-F31AA592CFD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s6:*:*:*:*:*:*",
"matchCriteriaId": "14EEA504-CBC5-4F6F-889A-D505EC4BB5B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s7:*:*:*:*:*:*",
"matchCriteriaId": "977DEF80-0DB5-4828-97AC-09BB3111D585",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*",
"matchCriteriaId": "216E7DDE-453D-481F-92E2-9F8466CDDA3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "A52AF794-B36B-43A6-82E9-628658624B0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "3998DC76-F72F-4452-9150-652140B113EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "36ED4552-2420-45F9-B6E4-6DA2B2B12870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "C28A14E7-7EA0-4757-9764-E39A27CFDFA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "4A43752D-A4AF-4B4E-B95B-192E42883A5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "42986538-E9D0-4C2E-B1C4-A763A4EE451B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:r3:*:*:*:*:*:*",
"matchCriteriaId": "DE22CA01-EA7E-4EE5-B59F-EE100688C1DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "E596ABD9-6ECD-48DC-B770-87B7E62EA345",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "71745D02-D226-44DC-91AD-678C85F5E6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "39E44B09-7310-428C-8144-AE9DB0484D1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s4:*:*:*:*:*:*",
"matchCriteriaId": "53938295-8999-4316-9DED-88E24D037852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s5:*:*:*:*:*:*",
"matchCriteriaId": "2307BF56-640F-49A8-B060-6ACB0F653A61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.3:-:*:*:*:*:*:*",
"matchCriteriaId": "2E7D597D-F6B6-44C3-9EBC-4FA0686ACB5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "CC78A4CB-D617-43FC-BB51-287D2D0C44ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.3:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "30FF67F8-1E3C-47A8-8859-709B3614BA6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.3:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "0C7C507E-C85E-4BC6-A3B0-549516BAB524",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.3:r2:*:*:*:*:*:*",
"matchCriteriaId": "6514CDE8-35DC-469F-89A3-078684D18F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.3:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "4624565D-8F59-44A8-B7A8-01AD579745E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.3:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "4BF8CD82-C338-4D9A-8C98-FCB3CEAA9227",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.3:r3:*:*:*:*:*:*",
"matchCriteriaId": "57E08E70-1AF3-4BA5-9A09-06DFE9663ADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.3:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "255B6F20-D32F-42C1-829C-AE9C7923558A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.3:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "90AE30DB-C448-4FE9-AC11-FF0F27CDA227",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.3:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "93F324AE-65D3-4CFC-AEAB-898CE1BD05CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.3:r3-s4:*:*:*:*:*:*",
"matchCriteriaId": "3CCBB2F4-F05B-4CC5-9B1B-ECCB798D0483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:-:*:*:*:*:*:*",
"matchCriteriaId": "79ED3CE8-CC57-43AB-9A26-BBC87816062D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "4310D2D9-A8A6-48F8-9384-0A0692A1E1C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "9962B01C-C57C-4359-9532-676AB81CE8B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "62178549-B679-4902-BFDB-2993803B7FCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "9AD697DF-9738-4276-94ED-7B9380CD09F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "09FF5818-0803-4646-A386-D7C645EE58A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "2229FA59-EB24-49A2-85CE-F529A8DE6BA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r3:*:*:*:*:*:*",
"matchCriteriaId": "0CB280D8-C5D8-4B51-A879-496ACCDE4538",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "5F3F54F1-75B3-400D-A735-2C27C8CEBE79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "476A49E7-37E9-40F9-BF2D-9BBFFAA1DFFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "0A5B196A-2AF1-4AE5-9148-A75A572807BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "3F96EBE9-2532-4E35-ABA5-CA68830476A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "B4D936AE-FD74-4823-A824-2D9F24C25BFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "E117E493-F4E1-4568-88E3-F243C74A2662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "01E3E308-FD9C-4686-8C35-8472A0E99F0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "3683A8F5-EE0E-4936-A005-DF7F6B75DED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "1B615DBA-8C53-41D4-B264-D3EED8578471",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "B3124DD0-9E42-4896-9060-CB7DD07FC342",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "44F6FD6C-03AF-4D2C-B411-A753DE12A2DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "D49FFB60-BA71-4902-9404-E67162919ADC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "E949B21B-AD62-4022-9088-06313277479E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.2:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "8D862E6F-0D01-4B25-8340-888C30F75A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.2:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "2F28F73E-8563-41B9-A313-BBAAD5B57A67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "E37D4694-C80B-475E-AB5B-BB431F59C5E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.2:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "5EC0D2D2-4922-4675-8A2C-57A08D7BE334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.2:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "9EC91F9D-DEDA-46B4-A39F-59A2CDB86C2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.2:r3:*:*:*:*:*:*",
"matchCriteriaId": "591AA3E6-62A2-4A1A-A04C-E808F71D8B6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "19519212-51DD-4448-B115-8A20A40192CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.3:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "5CC9909E-AE9F-414D-99B1-83AA04D5297B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.3:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "FDE9E767-4713-4EA2-8D00-1382975A4A15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.3:r2:*:*:*:*:*:*",
"matchCriteriaId": "59DDA54E-6845-47EB-AE3C-5EC6BD33DFA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.3:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "574730B0-56C8-4A03-867B-1737148ED9B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.3:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "20EBC676-1B26-4A71-8326-0F892124290A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "28E42A41-7965-456B-B0AF-9D3229CE4D4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "CB1A77D6-D3AD-481B-979C-8F778530B175",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "3A064B6B-A99B-4D8D-A62D-B00C7870BC30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F41A7DF-2B27-4E2E-ABFC-E0510A028199",
"versionEndExcluding": "20.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:-:*:*:*:*:*:*",
"matchCriteriaId": "247FB9DF-7EC0-4298-B27C-3235D141C1D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "C9C8866D-162F-4C9B-8167-2FBA25410368",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "F85E5BC7-8607-4330-AA72-2273D32F8604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "878C81C9-A418-4A21-8FDB-2116A992679C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "7451A671-A3CC-4904-8D45-947B1D3783C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "0108AD20-EAE6-41D1-AE48-254C46B5388A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "44FBCA6F-EB05-4EE4-85FD-944BDAF7D81B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s3:*:*:*:*:*:*",
"matchCriteriaId": "E554FD12-FE69-44D1-B2C9-4382F8CA4456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3:*:*:*:*:*:*",
"matchCriteriaId": "E0C1D53E-70BE-4246-89ED-1074C8C70747",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "B39DDCF8-BB68-49F4-8AAF-AE25C9C13AC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "B38A90A9-B739-49BE-8845-9ABF846CCC5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "AAE56A7C-BA26-405F-A640-C43AF78B0A3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s4:*:*:*:*:*:*",
"matchCriteriaId": "683D8EED-9F26-41E7-B69C-FE198225A8F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s5:*:*:*:*:*:*",
"matchCriteriaId": "8979C85C-87DD-42B1-9CCC-BC3F7007C600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s6:*:*:*:*:*:*",
"matchCriteriaId": "5BDD5111-1BC2-456B-8A31-F2D252DF613C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s7:*:*:*:*:*:*",
"matchCriteriaId": "89B9BF7C-525C-4819-B80D-9B5F240F9878",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:-:*:*:*:*:*:*",
"matchCriteriaId": "620B0CDD-5566-472E-B96A-31D2C12E3120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "3EA3DC63-B290-4D15-BEF9-21DEF36CA2EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "7E1E57AF-979B-4022-8AD6-B3558E06B718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "144730FB-7622-4B3D-9C47-D1B7A7FB7EB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "7BA246F0-154E-4F44-A97B-690D22FA73DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "25D6C07C-F96E-4523-BB54-7FEABFE1D1ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "2B70C784-534B-4FAA-A5ED-3709656E2B97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3:*:*:*:*:*:*",
"matchCriteriaId": "60448FFB-568E-4280-9261-ADD65244F31A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "2B770C52-7E3E-4B92-9138-85DEC56F3B22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "E88AC378-461C-4EFA-A04B-5786FF21FE03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "3B0AFB30-81DC-465C-9F63-D1B15EA4809A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s4:*:*:*:*:*:*",
"matchCriteriaId": "2035F0AC-29E7-478A-A9D0-BAA3A88B3413",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s5:*:*:*:*:*:*",
"matchCriteriaId": "C34ABD4B-B045-4046-9641-66E3B2082A25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:-:*:*:*:*:*:*",
"matchCriteriaId": "4EC38173-44AB-43D5-8C27-CB43AD5E0B2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "5A4DD04A-DE52-46BE-8C34-8DB47F7500F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "FEE0E145-8E1C-446E-90ED-237E3B9CAF47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r2:*:*:*:*:*:*",
"matchCriteriaId": "0F26369D-21B2-4C6A-98C1-492692A61283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "24003819-1A6B-4BDF-B3DF-34751C137788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "BF8D332E-9133-45B9-BB07-B33C790F737A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r3:*:*:*:*:*:*",
"matchCriteriaId": "3E2A4377-D044-4E43-B6CC-B753D7F6ABD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "8DAEC4F4-5748-4D36-A72B-4C62A0A30E38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "C76DA7A5-9320-4E21-96A2-ACE70803A1CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "703C73EB-2D63-4D4F-8129-239AE1E96B2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r3-s4:*:*:*:*:*:*",
"matchCriteriaId": "8F67CE3C-3A06-487C-90DE-D5B3B1EC08A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:-:*:*:*:*:*:*",
"matchCriteriaId": "2E907193-075E-45BC-9257-9607DB790D71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "8B73A41D-3FF5-4E53-83FF-74DF58E0D6C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "CEDF46A8-FC3A-4779-B695-2CA11D045AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "39809219-9F87-4583-9DAD-9415DD320B36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "DB299492-A919-4EBA-A62A-B3CF02FC0A95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "74ED0939-D5F8-4334-9838-40F29DE3597F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "C6937069-8C19-4B01-8415-ED7E9EAE2CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3:*:*:*:*:*:*",
"matchCriteriaId": "97DB6DD5-F5DD-4AE1-AF2F-8DB9E18FF882",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "21DF05B8-EF7E-422F-8831-06904160714C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "492FCE45-68A1-4378-85D4-C4034FE0D836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "522114CC-1505-4205-B4B8-797DE1BD833B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "750FE748-82E7-4419-A061-2DEA26E35309",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "236E23E5-8B04-4081-9D97-7300DF284000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "5FC96EA7-90A7-4838-B95D-60DBC88C7BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "97541867-C52F-40BB-9AAE-7E87ED23D789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "85CF6664-E35A-4E9B-95C0-CDC91F7F331A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "E048A05D-882F-4B1C-BA32-3BBA3FEA31A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "47E8D51D-1424-4B07-B036-E3E195F21AC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "6F3C82ED-5728-406F-ACF6-D7411B0AB6C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "D77A072D-350A-42F2-8324-7D3AC1711BF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "83AE395C-A651-4568-88E3-3600544BF799",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "B3BE1FD4-DAD9-4357-A2E9-20E5826B0D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "81CC3480-4B65-4588-8D46-FA80A8F6D143",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "F7E76F5F-DB37-4B7F-9247-3CEB4EBD7696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r3:*:*:*:*:*:*",
"matchCriteriaId": "C63DBEE5-B0C2-498F-A672-B6596C89B0A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "433631CA-3AC4-4D66-9B46-AEA4209347F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "6E4CD8AD-277A-4FC5-A102-3E151060C216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "4BC09BAC-83E7-48CE-B571-ED49277B2987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r2:*:*:*:*:*:*",
"matchCriteriaId": "FA4481D2-F693-48A5-8DBC-E86430987A25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "136CA584-2475-4A14-9771-F367180201D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "4546776C-A657-42E3-9A36-47F9F59A88AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "93887799-F62C-4A4A-BCF5-004D0B4D4154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "62C473D2-2612-4480-82D8-8A24D0687BBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "7FB4C5CA-A709-4B13-A9E0-372098A72AD3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nA Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos and Junos EVO allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service.\n\nRepeated actions by the attacker will create a sustained Denial of Service (DoS) condition.\n\nThis issue affects Juniper Networks:\n\nJunos OS:\n\n\n\n * All versions prior to 19.1R3-S10;\n * 19.2 versions prior to 19.2R3-S7;\n * 19.3 versions prior to 19.3R3-S8;\n * 19.4 versions prior to 19.4R3-S12;\n * 20.2 versions prior to 20.2R3-S8;\n * 20.4 versions prior to 20.4R3-S8;\n * 21.2 versions prior to 21.2R3-S6;\n * 21.3 versions prior to 21.3R3-S5;\n * 21.4 versions prior to 21.4R3-S4;\n * 22.1 versions prior to 22.1R3-S3;\n * 22.2 versions prior to 22.2R3-S1;\n * 22.3 versions prior to 22.3R3;\n * 22.4 versions prior to 22.4R2.\n\n\n\n\nJunos OS Evolved:\n\n\n\n * All versions prior to 20.4R3-S8-EVO;\n * 21.2 versions prior to 21.2R3-S6-EVO;\n * 21.3 versions prior to 21.3R3-S5-EVO;\n * 21.4 versions prior to 21.4R3-S4-EVO;\n * 22.1 versions prior to 22.1R3-S3-EVO;\n * 22.2 versions prior to 22.2R3-S1-EVO;\n * 22.3 versions prior to 22.3R3-EVO;\n * 22.4 versions prior to 22.4R2-EVO.\n\n\n\n\n\n\n"
},
{
"lang": "es",
"value": "Una vulnerabilidad de desbordamiento de b\u00fafer en el comando CLI de Juniper Networks Junos y Junos EVO permite a un atacante con pocos privilegios ejecutar comandos CLI espec\u00edficos que conducen a una Denegaci\u00f3n de Servicio. Las acciones repetidas del atacante crear\u00e1n una condici\u00f3n sostenida de Denegaci\u00f3n de Servicio (DoS). Este problema afecta a Juniper Networks: Junos OS: * Todas las versiones anteriores a 19.1R3-S10; * Versiones 19.2 anteriores a 19.2R3-S7; * Versiones 19.3 anteriores a 19.3R3-S8; * Versiones 19.4 anteriores a 19.4R3-S12; * Versiones 20.2 anteriores a 20.2R3-S8; * Versiones 20.4 anteriores a 20.4R3-S8; * Versiones 21.2 anteriores a 21.2R3-S6; * Versiones 21.3 anteriores a 21.3R3-S5; * Versiones 21.4 anteriores a 21.4R3-S4; * Versiones 22.1 anteriores a 22.1R3-S3; * Versiones 22.2 anteriores a 22.2R3-S1; * Versiones 22.3 anteriores a 22.3R3; * Versiones 22.4 anteriores a 22.4R2. Junos OS Evolved: * Todas las versiones anteriores a 20.4R3-S8-EVO; * Versiones 21.2 anteriores a 21.2R3-S6-EVO; * Versiones 21.3 anteriores a 21.3R3-S5-EVO; * Versiones 21.4 anteriores a 21.4R3-S4-EVO; * Versiones 22.1 anteriores a 22.1R3-S3-EVO; * Versiones 22.2 anteriores a 22.2R3-S1-EVO; * Versiones 22.3 anteriores a 22.3R3-EVO; * Versiones 22.4 anteriores a 22.4R2-EVO."
}
],
"id": "CVE-2023-44177",
"lastModified": "2024-11-21T08:25:22.690",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-13T00:15:11.680",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Vendor Advisory"
],
"url": "https://supportportal.juniper.net/JSA73140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://supportportal.juniper.net/JSA73140"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
},
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-11 16:15
Modified
2024-11-21 09:27
Severity ?
Summary
An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system.
The Junos OS Evolved CLI doesn't properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level.
This issue affects Junos OS Evolved:
All versions before 20.4R3-S7-EVO,
21.2-EVO versions before 21.2R3-S8-EVO,
21.4-EVO versions before 21.4R3-S7-EVO,
22.2-EVO versions before 22.2R3-EVO,
22.3-EVO versions before 22.3R2-EVO,
22.4-EVO versions before 22.4R2-EVO.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| sirt@juniper.net | https://supportportal.juniper.net/JSA82975 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://supportportal.juniper.net/JSA82975 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F41A7DF-2B27-4E2E-ABFC-E0510A028199",
"versionEndExcluding": "20.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:-:*:*:*:*:*:*",
"matchCriteriaId": "247FB9DF-7EC0-4298-B27C-3235D141C1D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "C9C8866D-162F-4C9B-8167-2FBA25410368",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "F85E5BC7-8607-4330-AA72-2273D32F8604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "878C81C9-A418-4A21-8FDB-2116A992679C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "7451A671-A3CC-4904-8D45-947B1D3783C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "0108AD20-EAE6-41D1-AE48-254C46B5388A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "44FBCA6F-EB05-4EE4-85FD-944BDAF7D81B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s3:*:*:*:*:*:*",
"matchCriteriaId": "E554FD12-FE69-44D1-B2C9-4382F8CA4456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3:*:*:*:*:*:*",
"matchCriteriaId": "E0C1D53E-70BE-4246-89ED-1074C8C70747",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "B39DDCF8-BB68-49F4-8AAF-AE25C9C13AC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "B38A90A9-B739-49BE-8845-9ABF846CCC5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "AAE56A7C-BA26-405F-A640-C43AF78B0A3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s4:*:*:*:*:*:*",
"matchCriteriaId": "683D8EED-9F26-41E7-B69C-FE198225A8F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s5:*:*:*:*:*:*",
"matchCriteriaId": "8979C85C-87DD-42B1-9CCC-BC3F7007C600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s6:*:*:*:*:*:*",
"matchCriteriaId": "5BDD5111-1BC2-456B-8A31-F2D252DF613C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:-:*:*:*:*:*:*",
"matchCriteriaId": "620B0CDD-5566-472E-B96A-31D2C12E3120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "3EA3DC63-B290-4D15-BEF9-21DEF36CA2EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "7E1E57AF-979B-4022-8AD6-B3558E06B718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "144730FB-7622-4B3D-9C47-D1B7A7FB7EB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "7BA246F0-154E-4F44-A97B-690D22FA73DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "25D6C07C-F96E-4523-BB54-7FEABFE1D1ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "2B70C784-534B-4FAA-A5ED-3709656E2B97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3:*:*:*:*:*:*",
"matchCriteriaId": "60448FFB-568E-4280-9261-ADD65244F31A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "2B770C52-7E3E-4B92-9138-85DEC56F3B22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "E88AC378-461C-4EFA-A04B-5786FF21FE03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "3B0AFB30-81DC-465C-9F63-D1B15EA4809A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s4:*:*:*:*:*:*",
"matchCriteriaId": "2035F0AC-29E7-478A-A9D0-BAA3A88B3413",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s5:*:*:*:*:*:*",
"matchCriteriaId": "C34ABD4B-B045-4046-9641-66E3B2082A25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s6:*:*:*:*:*:*",
"matchCriteriaId": "6D5DC04F-18DE-403B-BE93-2251F3332C1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s7:*:*:*:*:*:*",
"matchCriteriaId": "909FC378-EBFE-4BA9-8393-0C8301438020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:-:*:*:*:*:*:*",
"matchCriteriaId": "2E907193-075E-45BC-9257-9607DB790D71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "8B73A41D-3FF5-4E53-83FF-74DF58E0D6C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "CEDF46A8-FC3A-4779-B695-2CA11D045AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "39809219-9F87-4583-9DAD-9415DD320B36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "DB299492-A919-4EBA-A62A-B3CF02FC0A95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "74ED0939-D5F8-4334-9838-40F29DE3597F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "C6937069-8C19-4B01-8415-ED7E9EAE2CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3:*:*:*:*:*:*",
"matchCriteriaId": "97DB6DD5-F5DD-4AE1-AF2F-8DB9E18FF882",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "21DF05B8-EF7E-422F-8831-06904160714C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "492FCE45-68A1-4378-85D4-C4034FE0D836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "522114CC-1505-4205-B4B8-797DE1BD833B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s4:*:*:*:*:*:*",
"matchCriteriaId": "C9D664AB-0FA7-49C7-B6E1-69C77652FBEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s5:*:*:*:*:*:*",
"matchCriteriaId": "9DB01252-2F11-41DB-9023-C74FD723334E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s6:*:*:*:*:*:*",
"matchCriteriaId": "F91450D5-F8CE-42EA-BB7E-312FCE024CD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:-:*:*:*:*:*:*",
"matchCriteriaId": "A3CA3365-F9AF-40DF-8700-30AD4BC58E27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "D77A072D-350A-42F2-8324-7D3AC1711BF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "83AE395C-A651-4568-88E3-3600544BF799",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "B3BE1FD4-DAD9-4357-A2E9-20E5826B0D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "F7E76F5F-DB37-4B7F-9247-3CEB4EBD7696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:-:*:*:*:*:*:*",
"matchCriteriaId": "BE2EF84D-55A9-41DC-A324-69E1DC426D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "433631CA-3AC4-4D66-9B46-AEA4209347F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "6E4CD8AD-277A-4FC5-A102-3E151060C216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "4BC09BAC-83E7-48CE-B571-ED49277B2987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:-:*:*:*:*:*:*",
"matchCriteriaId": "0A33C425-921F-4795-B834-608C8F1597E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "93887799-F62C-4A4A-BCF5-004D0B4D4154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "62C473D2-2612-4480-82D8-8A24D0687BBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "7FB4C5CA-A709-4B13-A9E0-372098A72AD3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to \u0027root\u0027 leading to a full compromise of the system.\n\nThe Junos OS Evolved CLI doesn\u0027t properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level.\n\nThis issue affects Junos OS Evolved:\n\nAll versions before 20.4R3-S7-EVO,\n\n21.2-EVO versions before 21.2R3-S8-EVO,\n\n21.4-EVO versions before 21.4R3-S7-EVO,\u00a0\n\n22.2-EVO versions before 22.2R3-EVO,\n\n22.3-EVO versions before 22.3R2-EVO,\n\n22.4-EVO versions before 22.4R2-EVO."
},
{
"lang": "es",
"value": "Una vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales en los comandos Juniper Networks Junos OS Evolved permite a un atacante local autenticado con privilegios bajos escalar sus privilegios a \u0027root\u0027, lo que lleva a un compromiso total del sistema. La CLI evolucionada de Junos OS no maneja adecuadamente las opciones de comando en algunos casos, lo que permite a los usuarios que ejecutan comandos CLI espec\u00edficos con un conjunto de par\u00e1metros manipulado escalar sus privilegios a root en el nivel de shell. Este problema afecta a Junos OS Evolved: todas las versiones anteriores a 20.4R3-S7-EVO, versiones 21.2-EVO anteriores a 21.2R3-S8-EVO, versiones 21.4-EVO anteriores a 21.4R3-S7-EVO, versiones 22.2-EVO anteriores a 22.2R3-EVO , Versiones 22.3-EVO anteriores a 22.3R2-EVO, Versiones 22.4-EVO anteriores a 22.4R2-EVO."
}
],
"id": "CVE-2024-39524",
"lastModified": "2024-11-21T09:27:55.617",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "sirt@juniper.net",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "sirt@juniper.net",
"type": "Primary"
}
]
},
"published": "2024-07-11T16:15:03.890",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Vendor Advisory"
],
"url": "https://supportportal.juniper.net/JSA82975"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://supportportal.juniper.net/JSA82975"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-18 03:15
Modified
2024-11-21 06:46
Severity ?
Summary
An Incorrect Permission Assignment vulnerability in shell processing of Juniper Networks Junos OS Evolved allows a low-privileged local user to modify the contents of a configuration file which could cause another user to execute arbitrary commands within the context of the follow-on user's session. If the follow-on user is a high-privileged administrator, the attacker could leverage this vulnerability to take complete control of the target system. While this issue is triggered by a user, other than the attacker, accessing the Junos shell, an attacker simply requires Junos CLI access to exploit this vulnerability. This issue affects Juniper Networks Junos OS Evolved: 20.4-EVO versions prior to 20.4R3-S1-EVO; All versions of 21.1-EVO; 21.2-EVO versions prior to 21.2R3-EVO; 21.3-EVO versions prior to 21.3R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 19.2R1-EVO.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| sirt@juniper.net | https://kb.juniper.net/JSA69905 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA69905 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| juniper | junos_os_evolved | 20.4 | |
| juniper | junos_os_evolved | 20.4 | |
| juniper | junos_os_evolved | 20.4 | |
| juniper | junos_os_evolved | 20.4 | |
| juniper | junos_os_evolved | 20.4 | |
| juniper | junos_os_evolved | 20.4 | |
| juniper | junos_os_evolved | 20.4 | |
| juniper | junos_os_evolved | 20.4 | |
| juniper | junos_os_evolved | 20.4 | |
| juniper | junos_os_evolved | 21.1 | |
| juniper | junos_os_evolved | 21.1 | |
| juniper | junos_os_evolved | 21.1 | |
| juniper | junos_os_evolved | 21.1 | |
| juniper | junos_os_evolved | 21.1 | |
| juniper | junos_os_evolved | 21.1 | |
| juniper | junos_os_evolved | 21.2 | |
| juniper | junos_os_evolved | 21.2 | |
| juniper | junos_os_evolved | 21.2 | |
| juniper | junos_os_evolved | 21.2 | |
| juniper | junos_os_evolved | 21.2 | |
| juniper | junos_os_evolved | 21.2 | |
| juniper | junos_os_evolved | 21.2 | |
| juniper | junos_os_evolved | 21.3 | |
| juniper | junos_os_evolved | 21.3 | |
| juniper | junos_os_evolved | 21.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:-:*:*:*:*:*:*",
"matchCriteriaId": "247FB9DF-7EC0-4298-B27C-3235D141C1D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "C9C8866D-162F-4C9B-8167-2FBA25410368",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "F85E5BC7-8607-4330-AA72-2273D32F8604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "878C81C9-A418-4A21-8FDB-2116A992679C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "7451A671-A3CC-4904-8D45-947B1D3783C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "0108AD20-EAE6-41D1-AE48-254C46B5388A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "44FBCA6F-EB05-4EE4-85FD-944BDAF7D81B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s3:*:*:*:*:*:*",
"matchCriteriaId": "E554FD12-FE69-44D1-B2C9-4382F8CA4456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3:*:*:*:*:*:*",
"matchCriteriaId": "E0C1D53E-70BE-4246-89ED-1074C8C70747",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:-:*:*:*:*:*:*",
"matchCriteriaId": "52C3552E-798F-4719-B38D-F74E34EAAA40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "AE674DD3-3590-4434-B144-5AD7EB5F039D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "0099BDA9-9D4B-4D6C-8234-EFD9E8C63476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "D8729BC1-FB09-4E6D-A5D5-8BDC589555B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "9D72C3DF-4513-48AC-AAED-C1AADF0794E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "8C583289-96C4-4451-A320-14CA1C390819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:-:*:*:*:*:*:*",
"matchCriteriaId": "620B0CDD-5566-472E-B96A-31D2C12E3120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "3EA3DC63-B290-4D15-BEF9-21DEF36CA2EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "7E1E57AF-979B-4022-8AD6-B3558E06B718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "144730FB-7622-4B3D-9C47-D1B7A7FB7EB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "7BA246F0-154E-4F44-A97B-690D22FA73DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "25D6C07C-F96E-4523-BB54-7FEABFE1D1ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "2B70C784-534B-4FAA-A5ED-3709656E2B97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:-:*:*:*:*:*:*",
"matchCriteriaId": "4EC38173-44AB-43D5-8C27-CB43AD5E0B2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "5A4DD04A-DE52-46BE-8C34-8DB47F7500F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "FEE0E145-8E1C-446E-90ED-237E3B9CAF47",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Incorrect Permission Assignment vulnerability in shell processing of Juniper Networks Junos OS Evolved allows a low-privileged local user to modify the contents of a configuration file which could cause another user to execute arbitrary commands within the context of the follow-on user\u0027s session. If the follow-on user is a high-privileged administrator, the attacker could leverage this vulnerability to take complete control of the target system. While this issue is triggered by a user, other than the attacker, accessing the Junos shell, an attacker simply requires Junos CLI access to exploit this vulnerability. This issue affects Juniper Networks Junos OS Evolved: 20.4-EVO versions prior to 20.4R3-S1-EVO; All versions of 21.1-EVO; 21.2-EVO versions prior to 21.2R3-EVO; 21.3-EVO versions prior to 21.3R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 19.2R1-EVO."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Asignaci\u00f3n de Permisos Incorrecta en el procesamiento de shell de Juniper Networks Junos OS Evolved permite a un usuario local poco privilegiado modificar el contenido de un archivo de configuraci\u00f3n, lo que podr\u00eda causar que otro usuario ejecutara comandos arbitrarios en el contexto de la sesi\u00f3n del usuario de seguimiento. Si el usuario de seguimiento es un administrador con altos privilegios, el atacante podr\u00eda aprovechar esta vulnerabilidad para tomar el control completo del sistema de destino. Mientras que este problema se desencadena cuando un usuario, que no sea el atacante, accede al shell de Junos, un atacante s\u00f3lo necesita acceder a la CLI de Junos para explotar esta vulnerabilidad. Este problema afecta a Juniper Networks Junos OS Evolved: versiones 20.4-EVO anteriores a 20.4R3-S1-EVO; todas las versiones de 21.1-EVO; versiones 21.2-EVO anteriores a 21.2R3-EVO; versiones 21.3-EVO anteriores a 21.3R2-EVO. Este problema no afecta a las versiones de Junos OS Evolved de Juniper Networks anteriores a 19.2R1-EVO"
}
],
"id": "CVE-2022-22248",
"lastModified": "2024-11-21T06:46:29.137",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9,
"source": "sirt@juniper.net",
"type": "Primary"
}
]
},
"published": "2022-10-18T03:15:11.453",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA69905"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA69905"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-08 20:15
Modified
2024-11-21 05:11
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A local, authenticated user with shell can obtain the hashed values of login passwords and shared secrets via raw objmon configuration files. This issue affects all versions of Junos OS Evolved prior to 19.1R1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| sirt@juniper.net | https://kb.juniper.net/JSA11003 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA11003 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| juniper | junos_os_evolved | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09FA33C7-BE93-4249-8EC0-4B462DED1507",
"versionEndExcluding": "19.1r1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A local, authenticated user with shell can obtain the hashed values of login passwords and shared secrets via raw objmon configuration files. This issue affects all versions of Junos OS Evolved prior to 19.1R1."
},
{
"lang": "es",
"value": "Un usuario local autenticado con shell puede obtener los valores de las contrase\u00f1as de inicio de sesi\u00f3n del hash y los secretos compartidos por medio de archivos de configuraci\u00f3n objmon sin procesar. Este problema afecta a todas las versiones de Junos OS Evolved anteriores a 19.1R1."
}
],
"id": "CVE-2020-1624",
"lastModified": "2024-11-21T05:11:01.417",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-08T20:15:13.840",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA11003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA11003"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-13 00:15
Modified
2024-11-21 07:44
Severity ?
Summary
A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). In a segment-routing scenario with OSPF as IGP, when a peer interface continuously flaps, next-hop churn will happen and a continuous increase in Routing Protocol Daemon (rpd) memory consumption will be observed. This will eventually lead to an rpd crash and restart when the memory is full. The memory consumption can be monitored using the CLI command "show task memory detail" as shown in the following example: user@host> show task memory detail | match "RT_NEXTHOPS_TEMPLATE|RT_TEMPLATE_BOOK_KEE" RT_NEXTHOPS_TEMPLATE 1008 1024 T 50 51200 50 51200 RT_NEXTHOPS_TEMPLATE 688 768 T 50 38400 50 38400 RT_NEXTHOPS_TEMPLATE 368 384 T 412330 158334720 412330 158334720 RT_TEMPLATE_BOOK_KEE 2064 2560 T 33315 85286400 33315 85286400 user@host> show task memory detail | match "RT_NEXTHOPS_TEMPLATE|RT_TEMPLATE_BOOK_KEE" RT_NEXTHOPS_TEMPLATE 1008 1024 T 50 51200 50 51200 RT_NEXTHOPS_TEMPLATE 688 768 T 50 38400 50 38400 RT_NEXTHOPS_TEMPLATE 368 384 T 419005 160897920 419005 160897920 <=== RT_TEMPLATE_BOOK_KEE 2064 2560 T 39975 102336000 39975 10233600 <=== This issue affects: Juniper Networks Junos OS All versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S8, 19.4R3-S9; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S2; 21.3 versions prior to 21.3R3-S1; 21.4 versions prior to 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S4-EVO; 21.4 versions prior to 21.4R2-S1-EVO, 21.4R3-EVO; 22.1 versions prior to 22.1R2-EVO.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| sirt@juniper.net | https://kb.juniper.net/JSA70202 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA70202 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ECFE39BF-15FB-4129-9D8C-4F28DABB5D83",
"versionEndExcluding": "19.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.3:-:*:*:*:*:*:*",
"matchCriteriaId": "59006503-B2CA-4F79-AC13-7C5615A74CE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "B8110DA9-54B1-43CF-AACB-76EABE0C9EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.3:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "11B5CC5A-1959-4113-BFCF-E4BA63D918C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.3:r2:*:*:*:*:*:*",
"matchCriteriaId": "33F08A33-EF80-4D86-9A9A-9DF147B9B6D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.3:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "AF24ACBD-5F84-47B2-BFF3-E9A56666269C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.3:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "3935A586-41BD-4FA5-9596-DED6F0864777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.3:r2-s3:*:*:*:*:*:*",
"matchCriteriaId": "B83FB539-BD7C-4BEE-9022-098F73902F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.3:r2-s4:*:*:*:*:*:*",
"matchCriteriaId": "7659AC36-A5EA-468A-9793-C1EC914D36F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.3:r2-s5:*:*:*:*:*:*",
"matchCriteriaId": "E0E018E1-568E-40F2-ADA5-F71509811879",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.3:r2-s6:*:*:*:*:*:*",
"matchCriteriaId": "122B09A3-299A-421C-9A6B-B3FEED8E19FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.3:r3:*:*:*:*:*:*",
"matchCriteriaId": "B9295AF3-A883-47C3-BAF8-3D82F719733E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.3:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "F09D3262-394A-43D1-A4ED-8887FCB20F87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.3:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "D3FEA876-302D-4F07-94E6-237C669538F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.3:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "B011854A-932C-4D5C-B469-71F72608DFCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.3:r3-s4:*:*:*:*:*:*",
"matchCriteriaId": "94A44054-B47B-453C-BF0F-9E071EFF6542",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.3:r3-s5:*:*:*:*:*:*",
"matchCriteriaId": "CA3A4806-59AB-43D6-BFE3-A6DCE098335C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.3:r3-s6:*:*:*:*:*:*",
"matchCriteriaId": "45DA4D89-1362-421F-8218-585CE5D60E81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:-:*:*:*:*:*:*",
"matchCriteriaId": "9B342307-98CF-45C9-9F08-5EB06C679B79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "DC743EE4-8833-452A-94DB-655BF139F883",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "FE96A8EA-FFE3-4D8F-9266-21899149D634",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "C12A75C6-2D00-4202-B861-00FF71585FA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r1-s3:*:*:*:*:*:*",
"matchCriteriaId": "70FF3DD4-14CB-435D-8529-0480EB853F60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r1-s4:*:*:*:*:*:*",
"matchCriteriaId": "84429093-AB3C-4C05-B8FA-87D94091820F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "4DCFA774-96EF-4018-82CF-95C807025C24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "76022948-4B07-43CB-824C-44E1AB3537CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "25446F60-5CB9-4923-BCE8-609AE3CFDFBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r2-s3:*:*:*:*:*:*",
"matchCriteriaId": "A23E5CEA-EFF5-4641-BC47-BA2D0859F0EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r2-s4:*:*:*:*:*:*",
"matchCriteriaId": "760E2418-B945-4467-BDAC-7702DDF4C4EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r2-s5:*:*:*:*:*:*",
"matchCriteriaId": "98097AB6-56CB-42E4-96B4-ABBD4F36553C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r2-s6:*:*:*:*:*:*",
"matchCriteriaId": "7844B380-7986-4B71-B1AE-22D46E5007D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r2-s7:*:*:*:*:*:*",
"matchCriteriaId": "7EF24AFC-D359-4132-A133-1F6680F7BE46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r3:*:*:*:*:*:*",
"matchCriteriaId": "758275F3-9457-45A2-8F57-65DCD659FC1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "B46CB928-78B5-4D60-B747-9A0988C7060D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "ED73BF1A-96E4-49F1-A6AA-7B29DAA6C112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "0886EFA6-47E3-4C1D-A278-D3891A487FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r3-s4:*:*:*:*:*:*",
"matchCriteriaId": "A209EE6F-E676-4172-8FF3-4E03748DEB13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r3-s5:*:*:*:*:*:*",
"matchCriteriaId": "EC395200-9A69-468A-8461-D2219B34AA0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r3-s6:*:*:*:*:*:*",
"matchCriteriaId": "08584FCD-4593-4590-A988-C862295E618A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r3-s7:*:*:*:*:*:*",
"matchCriteriaId": "1BF7792C-51FF-4C6E-B5E7-F87738FE4B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r3-s8:*:*:*:*:*:*",
"matchCriteriaId": "E69B0ED4-898D-4D7A-9711-8DB00EE3197B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.2:-:*:*:*:*:*:*",
"matchCriteriaId": "D4CF52CF-F911-4615-9171-42F84429149F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "CD07B7E2-F5C2-4610-9133-FDA9E66DFF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.2:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "D3C23AEB-34DE-44FB-8D64-E69D6E8B7401",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.2:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "18DB9401-5A51-4BB3-AC2F-58F58F1C788C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.2:r1-s3:*:*:*:*:*:*",
"matchCriteriaId": "06F53DA5-59AE-403C-9B1E-41CE267D8BB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "3332262F-81DA-4D78-99C9-514CADA46611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.2:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "B46B63A2-1518-4A29-940C-F05624C9658D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.2:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "8E0D4959-3865-42A7-98CD-1103EBD84528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.2:r2-s3:*:*:*:*:*:*",
"matchCriteriaId": "3A58292B-814C-49E7-8D6D-BE26EFB9ADDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.2:r3:*:*:*:*:*:*",
"matchCriteriaId": "681AE183-7183-46E7-82EA-28C398FA1C3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.2:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "8A6E9627-8BF1-4BE8-844B-EE8F1C9478F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.2:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "0A80F23B-CD13-4745-BA92-67C23B297A18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.2:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "67D4004B-1233-4258-9C7A-F05189146B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.2:r3-s4:*:*:*:*:*:*",
"matchCriteriaId": "69E33F24-D480-4B5F-956D-D435A551CBE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.3:-:*:*:*:*:*:*",
"matchCriteriaId": "03009CC1-21AC-4A46-A747-D0C67FCD41DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "5C9BC697-C7C9-447D-9EBD-E9711462583E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.3:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "7B80433B-57B1-49EF-B1A1-83781D6102E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.3:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "A352BB7A-6F17-4E64-BC02-1A7E4CD42653",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.3:r2:*:*:*:*:*:*",
"matchCriteriaId": "05D8427C-CDDE-4B2F-9CB8-41B9137660E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.3:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "F3DC01F2-6DFE-4A8E-9962-5E59AA965935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.3:r3:*:*:*:*:*:*",
"matchCriteriaId": "7DA0E196-925E-4056-B411-E158702D5D4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.3:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "E33A522F-E35C-4473-9CBD-9C6E5A831086",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.3:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "E9AE26EB-699B-4B10-87E2-9E731B820F32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.3:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "A29E0070-47E9-43DD-9303-C732FE8CC851",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.3:r3-s4:*:*:*:*:*:*",
"matchCriteriaId": "A5E7E8D2-5D08-492E-84FC-8803E50F2CA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:-:*:*:*:*:*:*",
"matchCriteriaId": "3D361B23-A3C2-444B-BEB8-E231DA950567",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "20DDC6B7-BFC4-4F0B-8E68-442C23765BF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "037BA01C-3F5C-4503-A633-71765E9EF774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "C54B047C-4B38-40C0-9855-067DCF7E48BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "38984199-E332-4A9C-A4C0-78083D052E15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "AA6526FB-2941-4D18-9B2E-472AD5A62A53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r3:*:*:*:*:*:*",
"matchCriteriaId": "09876787-A40A-4340-9C12-8628C325353B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "41615104-C17E-44DA-AB0D-6E2053BD4EF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "1981DE38-36B5-469D-917E-92717EE3ED53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "AFA68ACD-AAE5-4577-B734-23AAF77BC85A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.1:-:*:*:*:*:*:*",
"matchCriteriaId": "6FDB5B7D-FB37-47E3-8678-B9ED578CCA5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "625BA7E6-D2AD-4A48-9B94-24328BE5B06A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.1:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "F462F4E3-762C-429F-8D25-5521100DD37C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "C0BC9DAC-D6B5-4C5E-8C73-6E550D9A30F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.1:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "689FE1AE-7A85-4FB6-AB02-E732F23581B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.1:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "79E56DAC-75AD-4C81-9835-634B40C15DA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "A0040FE2-7ECD-4755-96CE-E899BA298E0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.1:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "076AB086-BB79-4583-AAF7-A5233DFB2F95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.1:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "72E2DDF6-01DF-4880-AB60-B3DA3281E88D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*",
"matchCriteriaId": "216E7DDE-453D-481F-92E2-9F8466CDDA3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "A52AF794-B36B-43A6-82E9-628658624B0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "3998DC76-F72F-4452-9150-652140B113EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "36ED4552-2420-45F9-B6E4-6DA2B2B12870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "C28A14E7-7EA0-4757-9764-E39A27CFDFA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "4A43752D-A4AF-4B4E-B95B-192E42883A5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "42986538-E9D0-4C2E-B1C4-A763A4EE451B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:r3:*:*:*:*:*:*",
"matchCriteriaId": "DE22CA01-EA7E-4EE5-B59F-EE100688C1DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "E596ABD9-6ECD-48DC-B770-87B7E62EA345",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.3:-:*:*:*:*:*:*",
"matchCriteriaId": "2E7D597D-F6B6-44C3-9EBC-4FA0686ACB5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "CC78A4CB-D617-43FC-BB51-287D2D0C44ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.3:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "30FF67F8-1E3C-47A8-8859-709B3614BA6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.3:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "0C7C507E-C85E-4BC6-A3B0-549516BAB524",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.3:r2:*:*:*:*:*:*",
"matchCriteriaId": "6514CDE8-35DC-469F-89A3-078684D18F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.3:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "4624565D-8F59-44A8-B7A8-01AD579745E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.3:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "4BF8CD82-C338-4D9A-8C98-FCB3CEAA9227",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.3:r3:*:*:*:*:*:*",
"matchCriteriaId": "57E08E70-1AF3-4BA5-9A09-06DFE9663ADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:-:*:*:*:*:*:*",
"matchCriteriaId": "79ED3CE8-CC57-43AB-9A26-BBC87816062D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "4310D2D9-A8A6-48F8-9384-0A0692A1E1C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "9962B01C-C57C-4359-9532-676AB81CE8B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "62178549-B679-4902-BFDB-2993803B7FCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "9AD697DF-9738-4276-94ED-7B9380CD09F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "3F96EBE9-2532-4E35-ABA5-CA68830476A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "B4D936AE-FD74-4823-A824-2D9F24C25BFB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F41A7DF-2B27-4E2E-ABFC-E0510A028199",
"versionEndExcluding": "20.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:-:*:*:*:*:*:*",
"matchCriteriaId": "247FB9DF-7EC0-4298-B27C-3235D141C1D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "C9C8866D-162F-4C9B-8167-2FBA25410368",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "F85E5BC7-8607-4330-AA72-2273D32F8604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "878C81C9-A418-4A21-8FDB-2116A992679C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "7451A671-A3CC-4904-8D45-947B1D3783C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "0108AD20-EAE6-41D1-AE48-254C46B5388A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "44FBCA6F-EB05-4EE4-85FD-944BDAF7D81B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s3:*:*:*:*:*:*",
"matchCriteriaId": "E554FD12-FE69-44D1-B2C9-4382F8CA4456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3:*:*:*:*:*:*",
"matchCriteriaId": "E0C1D53E-70BE-4246-89ED-1074C8C70747",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "B39DDCF8-BB68-49F4-8AAF-AE25C9C13AC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "B38A90A9-B739-49BE-8845-9ABF846CCC5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "AAE56A7C-BA26-405F-A640-C43AF78B0A3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:-:*:*:*:*:*:*",
"matchCriteriaId": "2E907193-075E-45BC-9257-9607DB790D71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "8B73A41D-3FF5-4E53-83FF-74DF58E0D6C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "CEDF46A8-FC3A-4779-B695-2CA11D045AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "39809219-9F87-4583-9DAD-9415DD320B36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "DB299492-A919-4EBA-A62A-B3CF02FC0A95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "750FE748-82E7-4419-A061-2DEA26E35309",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "236E23E5-8B04-4081-9D97-7300DF284000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "5FC96EA7-90A7-4838-B95D-60DBC88C7BC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). In a segment-routing scenario with OSPF as IGP, when a peer interface continuously flaps, next-hop churn will happen and a continuous increase in Routing Protocol Daemon (rpd) memory consumption will be observed. This will eventually lead to an rpd crash and restart when the memory is full. The memory consumption can be monitored using the CLI command \"show task memory detail\" as shown in the following example: user@host\u003e show task memory detail | match \"RT_NEXTHOPS_TEMPLATE|RT_TEMPLATE_BOOK_KEE\" RT_NEXTHOPS_TEMPLATE 1008 1024 T 50 51200 50 51200 RT_NEXTHOPS_TEMPLATE 688 768 T 50 38400 50 38400 RT_NEXTHOPS_TEMPLATE 368 384 T 412330 158334720 412330 158334720 RT_TEMPLATE_BOOK_KEE 2064 2560 T 33315 85286400 33315 85286400 user@host\u003e show task memory detail | match \"RT_NEXTHOPS_TEMPLATE|RT_TEMPLATE_BOOK_KEE\" RT_NEXTHOPS_TEMPLATE 1008 1024 T 50 51200 50 51200 RT_NEXTHOPS_TEMPLATE 688 768 T 50 38400 50 38400 RT_NEXTHOPS_TEMPLATE 368 384 T 419005 160897920 419005 160897920 \u003c=== RT_TEMPLATE_BOOK_KEE 2064 2560 T 39975 102336000 39975 10233600 \u003c=== This issue affects: Juniper Networks Junos OS All versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S8, 19.4R3-S9; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S2; 21.3 versions prior to 21.3R3-S1; 21.4 versions prior to 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S4-EVO; 21.4 versions prior to 21.4R2-S1-EVO, 21.4R3-EVO; 22.1 versions prior to 22.1R2-EVO."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Missing Release of Memory after Effective Lifetime en el kernel de Juniper Networks Junos OS y Junos OS Evolved permite que un atacante adyacente no autenticado provoque una denegaci\u00f3n de servicio (DoS). En un escenario de enrutamiento de segmentos con OSPF como IGP, cuando una interfaz de pares oscila continuamente, se producir\u00e1 una rotaci\u00f3n del siguiente salto y se observar\u00e1 un aumento continuo en el consumo de memoria del demonio de protocolo de enrutamiento (rpd). Esto eventualmente provocar\u00e1 un bloqueo del rpd y se reiniciar\u00e1 cuando la memoria est\u00e9 llena. El consumo de memoria se puede monitorear usando el comando CLI \"mostrar detalles de la memoria de la tarea\" como se muestra en el siguiente ejemplo: usuario@host\u0026gt; mostrar detalle de la memoria de tareas | coincidencia \"RT_NEXTHOPS_TEMPLATE|RT_TEMPLATE_BOOK_KEE\" RT_NEXTHOPS_TEMPLATE 1008 1024 T 50 51200 50 51200 RT_NEXTHOPS_TEMPLATE 688 768 T 50 38400 50 38400 RT_NEXTHOPS_TEMPLATE 368 384 T 4123 30 158334720 412330 158334720 RT_TEMPLATE_BOOK_KEE 2064 2560 T 33315 85286400 33315 85286400 usuario@host\u0026gt; mostrar detalle de la memoria de tareas | coincide con \"RT_NEXTHOPS_TEMPLATE|RT_TEMPLATE_BOOK_KEE\" RT_NEXTHOPS_TEMPLATE 1008 1024 T 50 51200 50 51200 RT_NEXTHOPS_TEMPLATE 688 768 T 50 38400 50 38400 RT_NEXTHOPS_TEMPLATE 368 384 T 4190 05 160897920 419005 160897920 \u0026lt;=== RT_TEMPLATE_BOOK_KEE 2064 2560 T 39975 102336000 39975 10233600 \u0026lt;=== Este n\u00famero afecta a: Juniper Networks Junos OS Todas las versiones anteriores a 19.3R3-S7; Versiones 19.4 anteriores a 19.4R2-S8, 19.4R3-S9; Versiones 20.2 anteriores a 20.2R3-S5; Versiones 20.3 anteriores a 20.3R3-S5; Versiones 20.4 anteriores a 20.4R3-S4; Versiones 21.1 anteriores a 21.1R3-S3; Versiones 21.2 anteriores a 21.2R3-S2; Versiones 21.3 anteriores a 21.3R3-S1; Versiones 21.4 anteriores a 21.4R2-S1, 21.4R3; Versiones 22.1 anteriores a 22.1R2. Juniper Networks Junos OS evolucion\u00f3 Todas las versiones anteriores a 20.4R3-S4-EVO; Versiones 21.4 anteriores a 21.4R2-S1-EVO, 21.4R3-EVO; Versiones 22.1 anteriores a 22.1R2-EVO."
}
],
"id": "CVE-2023-22406",
"lastModified": "2024-11-21T07:44:45.213",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "sirt@juniper.net",
"type": "Primary"
}
]
},
"published": "2023-01-13T00:15:10.990",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA70202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA70202"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-16 21:15
Modified
2024-11-21 05:11
Severity ?
Summary
On Juniper Networks Junos OS and Junos OS Evolved platforms with EVPN configured, receipt of specific BGP packets causes a slow memory leak. If the memory is exhausted the rpd process might crash. If the issue occurs, the memory leak could be seen by executing the "show task memory detail | match policy | match evpn" command multiple times to check if memory (Alloc Blocks value) is increasing. root@device> show task memory detail | match policy | match evpn ------------------------ Allocator Memory Report ------------------------ Name | Size | Alloc DTXP Size | Alloc Blocks | Alloc Bytes | MaxAlloc Blocks | MaxAlloc Bytes Policy EVPN Params 20 24 3330678 79936272 3330678 79936272 root@device> show task memory detail | match policy | match evpn ------------------------ Allocator Memory Report ------------------------ Name | Size | Alloc DTXP Size | Alloc Blocks | Alloc Bytes | MaxAlloc Blocks | MaxAlloc Bytes Policy EVPN Params 20 24 36620255 878886120 36620255 878886120 This issue affects: Juniper Networks Junos OS 19.4 versions prior to 19.4R2; 20.1 versions prior to 20.1R1-S4, 20.1R2; Juniper Networks Junos OS Evolved: 19.4 versions; 20.1 versions prior to 20.1R1-S4-EVO, 20.1R2-EVO; 20.2 versions prior to 20.2R1-EVO; This issue does not affect: Juniper Networks Junos OS releases prior to 19.4R1. Juniper Networks Junos OS Evolved releases prior to 19.4R1-EVO.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| sirt@juniper.net | https://kb.juniper.net/JSA11075 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA11075 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| juniper | junos | 19.4 | |
| juniper | junos | 19.4 | |
| juniper | junos | 19.4 | |
| juniper | junos | 20.1 | |
| juniper | junos | 20.1 | |
| juniper | junos | 20.1 | |
| juniper | junos | 20.1 | |
| juniper | junos_os_evolved | 19.4 | |
| juniper | junos_os_evolved | 19.4 | |
| juniper | junos_os_evolved | 19.4 | |
| juniper | junos_os_evolved | 20.1 | |
| juniper | junos_os_evolved | 20.1 | |
| juniper | junos_os_evolved | 20.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "DC743EE4-8833-452A-94DB-655BF139F883",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "FE96A8EA-FFE3-4D8F-9266-21899149D634",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "C12A75C6-2D00-4202-B861-00FF71585FA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "8328FDE6-9707-4142-B905-3B07C0E28E35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.1:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "41CD982F-E6F2-4951-9F96-A76C142DF08E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.1:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "19FDC05F-5582-4F7E-B628-E58A3C0E7F2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.1:r1-s3:*:*:*:*:*:*",
"matchCriteriaId": "401306D1-E9CE-49C6-8DC9-0E8747B9DC2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:19.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "83447F3F-79A3-41DF-8FD1-31DCFCBE40A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:19.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "2B14CED1-BEAF-4343-A05D-FB1E2B6AC955",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:19.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "ABB91C38-8C70-436A-83DB-42B8DF81D7D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.1:-:*:*:*:*:*:*",
"matchCriteriaId": "AED25FB6-E3FA-4543-90B2-50068D683D50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "F64FBB4B-7CBF-499B-A523-804857DEFAFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.2:-:*:*:*:*:*:*",
"matchCriteriaId": "487A82C9-7B7E-4ACA-BABF-65B8504079AD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "On Juniper Networks Junos OS and Junos OS Evolved platforms with EVPN configured, receipt of specific BGP packets causes a slow memory leak. If the memory is exhausted the rpd process might crash. If the issue occurs, the memory leak could be seen by executing the \"show task memory detail | match policy | match evpn\" command multiple times to check if memory (Alloc Blocks value) is increasing. root@device\u003e show task memory detail | match policy | match evpn ------------------------ Allocator Memory Report ------------------------ Name | Size | Alloc DTXP Size | Alloc Blocks | Alloc Bytes | MaxAlloc Blocks | MaxAlloc Bytes Policy EVPN Params 20 24 3330678 79936272 3330678 79936272 root@device\u003e show task memory detail | match policy | match evpn ------------------------ Allocator Memory Report ------------------------ Name | Size | Alloc DTXP Size | Alloc Blocks | Alloc Bytes | MaxAlloc Blocks | MaxAlloc Bytes Policy EVPN Params 20 24 36620255 878886120 36620255 878886120 This issue affects: Juniper Networks Junos OS 19.4 versions prior to 19.4R2; 20.1 versions prior to 20.1R1-S4, 20.1R2; Juniper Networks Junos OS Evolved: 19.4 versions; 20.1 versions prior to 20.1R1-S4-EVO, 20.1R2-EVO; 20.2 versions prior to 20.2R1-EVO; This issue does not affect: Juniper Networks Junos OS releases prior to 19.4R1. Juniper Networks Junos OS Evolved releases prior to 19.4R1-EVO."
},
{
"lang": "es",
"value": "En las plataformas Juniper Networks Junos OS y Junos OS Evolved con EVPN configurado, la recepci\u00f3n de paquetes BGP espec\u00edficos causa un filtrado de la memoria lento.\u0026#xa0;Si se agota la memoria, el proceso rpd podr\u00eda bloquearse.\u0026#xa0;Si ocurre el problema, el filtrado de la memoria puede ser visualizado ejecutando el comando \"show task memory detail | match policy | match evpn\" varias veces para comprobar si la memoria (valor de Alloc Blocks) est\u00e1 aumentando.\u0026#xa0;root@device) show task memory detail | match policy | match evpn ------------------------ Allocator Memory Report ------------------------ Name | Size | Alloc DTXP Size | Alloc Blocks | Alloc Bytes | MaxAlloc Blocks | MaxAlloc Bytes Policy EVPN Params 20 24 3330678 79936272 3330678 79936272 root@device\u0026gt; show task memory detail | match policy | match evpn ------------------------ Allocator Memory Report ------------------------ Name | Size | Alloc DTXP Size | Alloc Blocks | Alloc Bytes | MaxAlloc Blocks | MaxAlloc Bytes Policy EVPN Params 20 24 36620255 878886120 36620255 878886120. Este problema afecta a: Juniper Networks Junos OS versiones 19.4 anteriores a 19.4R2;\u0026#xa0;versiones 20.1 anteriores a 20.1R1-S4, 20.1R2;\u0026#xa0;Juniper Networks Junos OS Evolved: versiones 19.4;\u0026#xa0;versiones 20.1 anteriores a 20.1R1-S4-EVO, 20.1R2-EVO;\u0026#xa0;versiones 20.2 anteriores a 20.2R1-EVO;\u0026#xa0;Este problema no afecta: Juniper Networks Junos OS versiones anteriores a 19.4R1.\u0026#xa0;Juniper Networks Junos OS Evolved versiones anteriores a 19.4R1-EVO"
}
],
"id": "CVE-2020-1678",
"lastModified": "2024-11-21T05:11:08.630",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "sirt@juniper.net",
"type": "Secondary"
}
]
},
"published": "2020-10-16T21:15:13.630",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA11075"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA11075"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-14 18:15
Modified
2024-11-21 08:10
Severity ?
Summary
An Improper Check or Handling of Exceptional Conditions vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS).
When a malformed LLDP packet is received, l2cpd will crash and restart. The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP. Also, if any services depend on LLDP state (like PoE or VoIP device recognition), then these will also be affected. Continued receipt of such packets will lead to a sustained Denial of Service.
This issue affects:
Juniper Networks Junos OS
21.4 versions prior to 21.4R3-S3;
22.1 versions prior to 22.1R3-S3;
22.2 versions prior to 22.2R2-S1, 22.2R3;
22.3 versions prior to 22.3R2.
Juniper Networks Junos OS Evolved
21.4-EVO versions prior to 21.4R3-S2-EVO;
22.1-EVO versions prior to 22.1R3-S3-EVO;
22.2-EVO versions prior to 22.2R2-S1-EVO, 22.2R3-EVO;
22.3-EVO versions prior to 22.3R2-EVO.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| sirt@juniper.net | https://supportportal.juniper.net/JSA71660 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://supportportal.juniper.net/JSA71660 | Mitigation, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:-:*:*:*:*:*:*",
"matchCriteriaId": "79ED3CE8-CC57-43AB-9A26-BBC87816062D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "4310D2D9-A8A6-48F8-9384-0A0692A1E1C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "9962B01C-C57C-4359-9532-676AB81CE8B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "62178549-B679-4902-BFDB-2993803B7FCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "9AD697DF-9738-4276-94ED-7B9380CD09F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "09FF5818-0803-4646-A386-D7C645EE58A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "2229FA59-EB24-49A2-85CE-F529A8DE6BA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r3:*:*:*:*:*:*",
"matchCriteriaId": "0CB280D8-C5D8-4B51-A879-496ACCDE4538",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "5F3F54F1-75B3-400D-A735-2C27C8CEBE79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "476A49E7-37E9-40F9-BF2D-9BBFFAA1DFFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "3F96EBE9-2532-4E35-ABA5-CA68830476A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "B4D936AE-FD74-4823-A824-2D9F24C25BFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "E117E493-F4E1-4568-88E3-F243C74A2662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "01E3E308-FD9C-4686-8C35-8472A0E99F0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "3683A8F5-EE0E-4936-A005-DF7F6B75DED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "1B615DBA-8C53-41D4-B264-D3EED8578471",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "B3124DD0-9E42-4896-9060-CB7DD07FC342",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "44F6FD6C-03AF-4D2C-B411-A753DE12A2DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "D49FFB60-BA71-4902-9404-E67162919ADC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "E949B21B-AD62-4022-9088-06313277479E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.2:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "8D862E6F-0D01-4B25-8340-888C30F75A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.2:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "2F28F73E-8563-41B9-A313-BBAAD5B57A67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "E37D4694-C80B-475E-AB5B-BB431F59C5E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "19519212-51DD-4448-B115-8A20A40192CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.3:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "5CC9909E-AE9F-414D-99B1-83AA04D5297B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.3:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "FDE9E767-4713-4EA2-8D00-1382975A4A15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:-:*:*:*:*:*:*",
"matchCriteriaId": "2E907193-075E-45BC-9257-9607DB790D71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "8B73A41D-3FF5-4E53-83FF-74DF58E0D6C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "CEDF46A8-FC3A-4779-B695-2CA11D045AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "39809219-9F87-4583-9DAD-9415DD320B36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "DB299492-A919-4EBA-A62A-B3CF02FC0A95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "74ED0939-D5F8-4334-9838-40F29DE3597F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "C6937069-8C19-4B01-8415-ED7E9EAE2CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3:*:*:*:*:*:*",
"matchCriteriaId": "97DB6DD5-F5DD-4AE1-AF2F-8DB9E18FF882",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "21DF05B8-EF7E-422F-8831-06904160714C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "750FE748-82E7-4419-A061-2DEA26E35309",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "236E23E5-8B04-4081-9D97-7300DF284000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "5FC96EA7-90A7-4838-B95D-60DBC88C7BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "97541867-C52F-40BB-9AAE-7E87ED23D789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "85CF6664-E35A-4E9B-95C0-CDC91F7F331A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "E048A05D-882F-4B1C-BA32-3BBA3FEA31A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "47E8D51D-1424-4B07-B036-E3E195F21AC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "6F3C82ED-5728-406F-ACF6-D7411B0AB6C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "D77A072D-350A-42F2-8324-7D3AC1711BF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "83AE395C-A651-4568-88E3-3600544BF799",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "B3BE1FD4-DAD9-4357-A2E9-20E5826B0D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "433631CA-3AC4-4D66-9B46-AEA4209347F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "6E4CD8AD-277A-4FC5-A102-3E151060C216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "4BC09BAC-83E7-48CE-B571-ED49277B2987",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Check or Handling of Exceptional Conditions vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS).\n\nWhen a malformed LLDP packet is received, l2cpd will crash and restart. The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP. Also, if any services depend on LLDP state (like PoE or VoIP device recognition), then these will also be affected. Continued receipt of such packets will lead to a sustained Denial of Service.\n\nThis issue affects:\nJuniper Networks Junos OS\n21.4 versions prior to 21.4R3-S3;\n22.1 versions prior to 22.1R3-S3;\n22.2 versions prior to 22.2R2-S1, 22.2R3;\n22.3 versions prior to 22.3R2.\n\nJuniper Networks Junos OS Evolved\n21.4-EVO versions prior to 21.4R3-S2-EVO;\n22.1-EVO versions prior to 22.1R3-S3-EVO;\n22.2-EVO versions prior to 22.2R2-S1-EVO, 22.2R3-EVO;\n22.3-EVO versions prior to 22.3R2-EVO.\n"
}
],
"id": "CVE-2023-36849",
"lastModified": "2024-11-21T08:10:46.580",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "sirt@juniper.net",
"type": "Primary"
}
]
},
"published": "2023-07-14T18:15:10.503",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://supportportal.juniper.net/JSA71660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://supportportal.juniper.net/JSA71660"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-703"
}
],
"source": "sirt@juniper.net",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-15 20:15
Modified
2024-11-21 05:42
Severity ?
Summary
In a Segment Routing ISIS (SR-ISIS)/MPLS environment, on Juniper Networks Junos OS and Junos OS Evolved devices, configured with ISIS Flexible Algorithm for Segment Routing and sensor-based statistics, a flap of a ISIS link in the network, can lead to a routing process daemon (RPD) crash and restart, causing a Denial of Service (DoS). Continued link flaps will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 19.4 versions prior to 19.4R1-S4, 19.4R3-S2; 20.1 versions prior to 20.1R2-S1, 20.1R3; 20.2 versions prior to 20.2R2-S2, 20.2R3; 20.3 versions prior to 20.3R2; Juniper Networks Junos OS Evolved: 20.3-EVO versions prior to 20.3R2-EVO; 20.4-EVO versions prior to 20.4R2-EVO. This issue does not affect: Juniper Networks Junos OS releases prior to 19.4R1. Juniper Networks Junos OS Evolved releases prior to 19.4R1-EVO.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| sirt@juniper.net | https://kb.juniper.net/JSA11189 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA11189 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| juniper | junos | 19.4 | |
| juniper | junos | 19.4 | |
| juniper | junos | 19.4 | |
| juniper | junos | 19.4 | |
| juniper | junos | 19.4 | |
| juniper | junos | 19.4 | |
| juniper | junos | 19.4 | |
| juniper | junos | 19.4 | |
| juniper | junos | 19.4 | |
| juniper | junos | 19.4 | |
| juniper | junos | 20.1 | |
| juniper | junos | 20.1 | |
| juniper | junos | 20.1 | |
| juniper | junos | 20.1 | |
| juniper | junos | 20.1 | |
| juniper | junos | 20.1 | |
| juniper | junos | 20.2 | |
| juniper | junos | 20.2 | |
| juniper | junos | 20.2 | |
| juniper | junos | 20.2 | |
| juniper | junos | 20.2 | |
| juniper | junos | 20.2 | |
| juniper | junos | 20.3 | |
| juniper | junos | 20.3 | |
| juniper | junos_os_evolved | 20.3 | |
| juniper | junos_os_evolved | 20.3 | |
| juniper | junos_os_evolved | 20.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "DC743EE4-8833-452A-94DB-655BF139F883",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "FE96A8EA-FFE3-4D8F-9266-21899149D634",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "C12A75C6-2D00-4202-B861-00FF71585FA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r1-s3:*:*:*:*:*:*",
"matchCriteriaId": "70FF3DD4-14CB-435D-8529-0480EB853F60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "4DCFA774-96EF-4018-82CF-95C807025C24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "76022948-4B07-43CB-824C-44E1AB3537CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "25446F60-5CB9-4923-BCE8-609AE3CFDFBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r2-s3:*:*:*:*:*:*",
"matchCriteriaId": "A23E5CEA-EFF5-4641-BC47-BA2D0859F0EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r3:*:*:*:*:*:*",
"matchCriteriaId": "758275F3-9457-45A2-8F57-65DCD659FC1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "B46CB928-78B5-4D60-B747-9A0988C7060D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "8328FDE6-9707-4142-B905-3B07C0E28E35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.1:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "41CD982F-E6F2-4951-9F96-A76C142DF08E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.1:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "19FDC05F-5582-4F7E-B628-E58A3C0E7F2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.1:r1-s3:*:*:*:*:*:*",
"matchCriteriaId": "401306D1-E9CE-49C6-8DC9-0E8747B9DC2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.1:r1-s4:*:*:*:*:*:*",
"matchCriteriaId": "615EAF48-AD53-4CC2-B233-5EA5C0F72CB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "DC8E7547-6649-436D-BC45-184417680C72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "CD07B7E2-F5C2-4610-9133-FDA9E66DFF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.2:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "D3C23AEB-34DE-44FB-8D64-E69D6E8B7401",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.2:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "18DB9401-5A51-4BB3-AC2F-58F58F1C788C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.2:r1-s3:*:*:*:*:*:*",
"matchCriteriaId": "06F53DA5-59AE-403C-9B1E-41CE267D8BB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "3332262F-81DA-4D78-99C9-514CADA46611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.2:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "B46B63A2-1518-4A29-940C-F05624C9658D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "5C9BC697-C7C9-447D-9EBD-E9711462583E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.3:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "7B80433B-57B1-49EF-B1A1-83781D6102E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.3:-:*:*:*:*:*:*",
"matchCriteriaId": "37625D47-53C3-43D5-A361-A833EE06C6D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "4AFB91E3-CAAC-429F-A869-DDD40FB0F84D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "F85E5BC7-8607-4330-AA72-2273D32F8604",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In a Segment Routing ISIS (SR-ISIS)/MPLS environment, on Juniper Networks Junos OS and Junos OS Evolved devices, configured with ISIS Flexible Algorithm for Segment Routing and sensor-based statistics, a flap of a ISIS link in the network, can lead to a routing process daemon (RPD) crash and restart, causing a Denial of Service (DoS). Continued link flaps will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 19.4 versions prior to 19.4R1-S4, 19.4R3-S2; 20.1 versions prior to 20.1R2-S1, 20.1R3; 20.2 versions prior to 20.2R2-S2, 20.2R3; 20.3 versions prior to 20.3R2; Juniper Networks Junos OS Evolved: 20.3-EVO versions prior to 20.3R2-EVO; 20.4-EVO versions prior to 20.4R2-EVO. This issue does not affect: Juniper Networks Junos OS releases prior to 19.4R1. Juniper Networks Junos OS Evolved releases prior to 19.4R1-EVO."
},
{
"lang": "es",
"value": "En un entorno de Enrutamiento por Segmentos ISIS (SR-ISIS)/MPLS, en los dispositivos Juniper Networks Junos OS y Junos OS Evolved, configurados con el Algoritmo Flexible ISIS para el Enrutamiento por Segmentos y las estad\u00edsticas basadas en sensores, un flap de un enlace ISIS en la red puede conllevar a el bloqueo y el reinicio de un demonio en el proceso de enrutamiento (RPD), causando una Denegaci\u00f3n de Servicio (DoS). Un continuo enlace en los flaps crear\u00e1 una condici\u00f3n de Denegaci\u00f3n de Servicio (DoS) sostenida. Este problema afecta a: Juniper Networks Junos OS: Versiones 19.4 anteriores a 19.4R1-S4, 19.4R3-S2; versiones 20.1 anteriores a 20.1R2-S1, 20.1R3; versiones 20.2 anteriores a 20.2R2-S2, 20.2R3; versiones 20.3 anteriores a 20.3R2; Juniper Networks Junos OS Evolved: versiones 20.3-EVO anteriores a 20.3R2-EVO; versiones 20.4-EVO anteriores a 20.4R2-EVO. Este problema no afecta a: Las versiones de Juniper Networks Junos OS anteriores a 19.4R1. Las versiones de Juniper Networks Junos OS Evolved anteriores a 19.4R1-EVO"
}
],
"id": "CVE-2021-0287",
"lastModified": "2024-11-21T05:42:24.480",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 5.7,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "sirt@juniper.net",
"type": "Secondary"
}
]
},
"published": "2021-07-15T20:15:10.413",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA11189"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA11189"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-754"
}
],
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-754"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-04-12 15:15
Modified
2025-02-06 18:39
Severity ?
Summary
An Access of Memory Location After End of Buffer vulnerability in the Layer-2 Control Protocols Daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause Denial of Service (DoS).
On all Junos OS and Junos OS Evolved platforms, when LLDP is enabled on a specific interface, and a malformed LLDP packet is received, l2cpd crashes and restarts. The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP. Also, if any services depend on LLDP state (like PoE or VoIP device recognition), then these will also be affected.
This issue affects:
Junos OS:
* from 21.4 before 21.4R3-S4,
* from 22.1 before 22.1R3-S4,
* from 22.2 before 22.2R3-S2,
* from 22.3 before 22.3R2-S2, 22.3R3-S1,
* from 22.4 before 22.4R3,
* from 23.2 before 23.2R2.
Junos OS Evolved:
* from 21.4-EVO before 21.4R3-S5-EVO,
* from 22.1-EVO before 22.1R3-S4-EVO,
* from 22.2-EVO before 22.2R3-S2-EVO,
* from 22.3-EVO before 22.3R2-S2-EVO, 22.3R3-S1-EVO,
* from 22.4-EVO before 22.4R3-EVO,
* from 23.2-EVO before 23.2R2-EVO.
This issue does not affect:
* Junos OS versions prior to 21.4R1;
* Junos OS Evolved versions prior to 21.4R1-EVO.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "4310D2D9-A8A6-48F8-9384-0A0692A1E1C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "9962B01C-C57C-4359-9532-676AB81CE8B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "62178549-B679-4902-BFDB-2993803B7FCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "9AD697DF-9738-4276-94ED-7B9380CD09F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "09FF5818-0803-4646-A386-D7C645EE58A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "2229FA59-EB24-49A2-85CE-F529A8DE6BA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r3:*:*:*:*:*:*",
"matchCriteriaId": "0CB280D8-C5D8-4B51-A879-496ACCDE4538",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "5F3F54F1-75B3-400D-A735-2C27C8CEBE79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "476A49E7-37E9-40F9-BF2D-9BBFFAA1DFFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "0A5B196A-2AF1-4AE5-9148-A75A572807BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:-:*:*:*:*:*:*",
"matchCriteriaId": "9D157211-535E-4B2D-B2FE-F697FAFDF65C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "3F96EBE9-2532-4E35-ABA5-CA68830476A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "B4D936AE-FD74-4823-A824-2D9F24C25BFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "E117E493-F4E1-4568-88E3-F243C74A2662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "01E3E308-FD9C-4686-8C35-8472A0E99F0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "3683A8F5-EE0E-4936-A005-DF7F6B75DED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "1B615DBA-8C53-41D4-B264-D3EED8578471",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "B3124DD0-9E42-4896-9060-CB7DD07FC342",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "44F6FD6C-03AF-4D2C-B411-A753DE12A2DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "D49FFB60-BA71-4902-9404-E67162919ADC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "EFF72FCA-C440-4D43-9BDB-F712DB413717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.2:-:*:*:*:*:*:*",
"matchCriteriaId": "06156CD6-09D3-4A05-9C5E-BC64A70640F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "E949B21B-AD62-4022-9088-06313277479E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.2:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "8D862E6F-0D01-4B25-8340-888C30F75A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.2:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "2F28F73E-8563-41B9-A313-BBAAD5B57A67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "E37D4694-C80B-475E-AB5B-BB431F59C5E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.2:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "5EC0D2D2-4922-4675-8A2C-57A08D7BE334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.2:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "9EC91F9D-DEDA-46B4-A39F-59A2CDB86C2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.2:r3:*:*:*:*:*:*",
"matchCriteriaId": "591AA3E6-62A2-4A1A-A04C-E808F71D8B6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.2:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "786F993E-32CB-492A-A7CC-A7E4F48EA8B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.3:-:*:*:*:*:*:*",
"matchCriteriaId": "CEB98E3F-B0A9-488F-ACFC-56B9485E7C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "19519212-51DD-4448-B115-8A20A40192CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.3:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "5CC9909E-AE9F-414D-99B1-83AA04D5297B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.3:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "FDE9E767-4713-4EA2-8D00-1382975A4A15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.3:r2:*:*:*:*:*:*",
"matchCriteriaId": "59DDA54E-6845-47EB-AE3C-5EC6BD33DFA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.3:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "574730B0-56C8-4A03-867B-1737148ED9B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:-:*:*:*:*:*:*",
"matchCriteriaId": "1379EF30-AF04-4F98-8328-52A631F24737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "28E42A41-7965-456B-B0AF-9D3229CE4D4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "CB1A77D6-D3AD-481B-979C-8F778530B175",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "3A064B6B-A99B-4D8D-A62D-B00C7870BC30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "40813417-A938-4F74-A419-8C5188A35486",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "7FC1BA1A-DF0E-4B15-86BA-24C60E546732",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "EBB967BF-3495-476D-839A-9DBFCBE69F91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:23.2:-:*:*:*:*:*:*",
"matchCriteriaId": "1A78CC80-E8B1-4CDA-BB35-A61833657FA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:23.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "4B3B2FE1-C228-46BE-AC76-70C2687050AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:23.2:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "F1B16FF0-900F-4AEE-B670-A537139F6909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:23.2:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "B227E831-30FF-4BE1-B8B2-31829A5610A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "8B73A41D-3FF5-4E53-83FF-74DF58E0D6C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "CEDF46A8-FC3A-4779-B695-2CA11D045AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "39809219-9F87-4583-9DAD-9415DD320B36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "DB299492-A919-4EBA-A62A-B3CF02FC0A95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "74ED0939-D5F8-4334-9838-40F29DE3597F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "C6937069-8C19-4B01-8415-ED7E9EAE2CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3:*:*:*:*:*:*",
"matchCriteriaId": "97DB6DD5-F5DD-4AE1-AF2F-8DB9E18FF882",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "21DF05B8-EF7E-422F-8831-06904160714C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "492FCE45-68A1-4378-85D4-C4034FE0D836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "522114CC-1505-4205-B4B8-797DE1BD833B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s4:*:*:*:*:*:*",
"matchCriteriaId": "C9D664AB-0FA7-49C7-B6E1-69C77652FBEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:-:*:*:*:*:*:*",
"matchCriteriaId": "C16434C0-21A7-4CE5-92E1-7D60A35EF5D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "750FE748-82E7-4419-A061-2DEA26E35309",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "236E23E5-8B04-4081-9D97-7300DF284000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "5FC96EA7-90A7-4838-B95D-60DBC88C7BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "97541867-C52F-40BB-9AAE-7E87ED23D789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "85CF6664-E35A-4E9B-95C0-CDC91F7F331A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "E048A05D-882F-4B1C-BA32-3BBA3FEA31A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "47E8D51D-1424-4B07-B036-E3E195F21AC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "6F3C82ED-5728-406F-ACF6-D7411B0AB6C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "1475A58F-1515-4492-B5A3-BE40C30E5B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:-:*:*:*:*:*:*",
"matchCriteriaId": "A3CA3365-F9AF-40DF-8700-30AD4BC58E27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "D77A072D-350A-42F2-8324-7D3AC1711BF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "83AE395C-A651-4568-88E3-3600544BF799",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "C7FEFD0A-A969-4F53-8668-1231FD675D6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "B3BE1FD4-DAD9-4357-A2E9-20E5826B0D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "81CC3480-4B65-4588-8D46-FA80A8F6D143",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "F7E76F5F-DB37-4B7F-9247-3CEB4EBD7696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r3:*:*:*:*:*:*",
"matchCriteriaId": "C63DBEE5-B0C2-498F-A672-B6596C89B0A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "9370C46D-3AA1-4562-B67F-DF6EA10F209B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:-:*:*:*:*:*:*",
"matchCriteriaId": "BE2EF84D-55A9-41DC-A324-69E1DC426D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "433631CA-3AC4-4D66-9B46-AEA4209347F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "6E4CD8AD-277A-4FC5-A102-3E151060C216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "4BC09BAC-83E7-48CE-B571-ED49277B2987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r2:*:*:*:*:*:*",
"matchCriteriaId": "FA4481D2-F693-48A5-8DBC-E86430987A25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "136CA584-2475-4A14-9771-F367180201D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:-:*:*:*:*:*:*",
"matchCriteriaId": "0A33C425-921F-4795-B834-608C8F1597E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "93887799-F62C-4A4A-BCF5-004D0B4D4154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "62C473D2-2612-4480-82D8-8A24D0687BBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "7FB4C5CA-A709-4B13-A9E0-372098A72AD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "04CE952D-E3C1-4B34-9E65-EC52BFE887AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "8AE9D1A7-4721-4E1D-B965-FDC38126B1DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "A8643AA3-29EF-48A7-B033-CB60988E214B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:23.2:-:*:*:*:*:*:*",
"matchCriteriaId": "6DEAA7FD-385F-4221-907E-65ABC16BE4BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:23.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "DDEC008A-3137-48D1-8ABC-6DB0EFC40E50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:23.2:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "558D234D-BC50-415F-86D6-8E19D6C3ACE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:23.2:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "33F4EEEE-77E9-4973-A770-99E7BA2F05F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Access of Memory Location After End of Buffer vulnerability in the Layer-2 Control Protocols Daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause Denial of Service (DoS).\n\nOn all Junos OS and Junos OS Evolved platforms, when LLDP is enabled on a specific interface, and a malformed LLDP packet is received, l2cpd crashes and restarts. The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP. Also, if any services depend on LLDP state (like PoE or VoIP device recognition), then these will also be affected.\n\nThis issue affects:\n\nJunos OS:\n * from 21.4 before 21.4R3-S4,\u00a0\n\n * from 22.1 before 22.1R3-S4,\u00a0\n\n * from 22.2 before 22.2R3-S2,\u00a0\n\n * from 22.3 before 22.3R2-S2, 22.3R3-S1,\u00a0\n\n * from 22.4 before 22.4R3,\u00a0\n\n * from 23.2 before 23.2R2.\n\n\n\n\n Junos OS Evolved:\n * from 21.4-EVO before 21.4R3-S5-EVO,\u00a0\n\n * from 22.1-EVO before 22.1R3-S4-EVO,\u00a0\n\n * from 22.2-EVO before 22.2R3-S2-EVO,\u00a0\n\n * from 22.3-EVO before 22.3R2-S2-EVO, 22.3R3-S1-EVO,\u00a0\n\n * from 22.4-EVO before 22.4R3-EVO,\u00a0\n\n * from 23.2-EVO before 23.2R2-EVO.\n\n\n\n\nThis issue does not affect:\n * Junos OS versions prior to 21.4R1;\n\n * Junos OS Evolved versions prior to 21.4R1-EVO."
},
{
"lang": "es",
"value": "Una vulnerabilidad de acceso a la ubicaci\u00f3n de la memoria despu\u00e9s del fin del b\u00fafer en el daemon de protocolos de control de capa 2 (l2cpd) de Juniper Networks Junos OS y Junos OS Evolved permite que un atacante adyacente no autenticado provoque una denegaci\u00f3n de servicio (DoS). En todas las plataformas Junos OS y Junos OS Evolved, cuando LLDP est\u00e1 habilitado en una interfaz espec\u00edfica y se recibe un paquete LLDP con formato incorrecto, l2cpd falla y se reinicia. El impacto del fallo de l2cpd es la reinicializaci\u00f3n de los protocolos STP (RSTP, MSTP o VSTP) y MVRP y ERP. Adem\u00e1s, si alg\u00fan servicio depende del estado de LLDP (como PoE o reconocimiento de dispositivo VoIP), tambi\u00e9n se ver\u00e1 afectado. Este problema afecta a: Junos OS: * desde 21.4 anterior a 21.4R3-S4, * desde 22.1 anterior a 22.1R3-S4, * desde 22.2 anterior a 22.2R3-S2, * desde 22.3 anterior a 22.3R2-S2, 22.3R3-S1, * desde 22.4 antes de 22.4R3, * de 23.2 antes de 23.2R2. Junos OS Evolved: * desde 21.4-EVO antes de 21.4R3-S5-EVO, * desde 22.1-EVO antes de 22.1R3-S4-EVO, * desde 22.2-EVO antes de 22.2R3-S2-EVO, * desde 22.3-EVO antes de 22.3 R2-S2-EVO, 22.3R3-S1-EVO, *de 22.4-EVO antes de 22.4R3-EVO, *de 23.2-EVO antes de 23.2R2-EVO. Este problema no afecta: * Versiones de Junos OS anteriores a 21.4R1; * Versiones de Junos OS Evolved anteriores a 21.4R1-EVO."
}
],
"id": "CVE-2024-21618",
"lastModified": "2025-02-06T18:39:21.123",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "sirt@juniper.net",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "sirt@juniper.net",
"type": "Primary"
}
]
},
"published": "2024-04-12T15:15:24.350",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Issue Tracking"
],
"url": "https://supportportal.juniper.net/JSA75759"
},
{
"source": "sirt@juniper.net",
"tags": [
"Vendor Advisory"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://supportportal.juniper.net/JSA75759"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-788"
}
],
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-04-12 16:15
Modified
2025-02-06 20:35
Severity ?
Summary
A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).
When Layer 2 traffic is sent through a logical interface, MAC learning happens. If during this process, the interface flaps, an Advanced Forwarding Toolkit manager (evo-aftmand-bt) core is observed. This leads to a PFE restart. The crash reoccurs if the same sequence of events happens, which will lead to a sustained DoS condition.
This issue affects Juniper Networks Junos OS Evolved 23.2-EVO versions earlier than 23.2R1-S1-EVO, 23.2R2-EVO.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| juniper | junos_os_evolved | 23.2 | |
| juniper | junos_os_evolved | 23.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:23.2:-:*:*:*:*:*:*",
"matchCriteriaId": "6DEAA7FD-385F-4221-907E-65ABC16BE4BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:23.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "DDEC008A-3137-48D1-8ABC-6DB0EFC40E50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).\n\nWhen Layer 2 traffic is sent through a logical interface, MAC learning happens. If during this process, the interface flaps,\u00a0an\u00a0Advanced Forwarding Toolkit manager (evo-aftmand-bt) core is observed. This leads to a PFE restart. The crash reoccurs if the same sequence of events happens, which will lead to a sustained DoS condition.\n\nThis issue affects Juniper Networks Junos OS Evolved\u00a023.2-EVO versions earlier than 23.2R1-S1-EVO, 23.2R2-EVO."
},
{
"lang": "es",
"value": "Una vulnerabilidad de desreferencia de puntero NULL en el motor de reenv\u00edo de paquetes (PFE) de Juniper Networks Junos OS Evolved permite que un atacante adyacente no autenticado provoque una denegaci\u00f3n de servicio (DoS). Cuando el tr\u00e1fico de Capa 2 se env\u00eda a trav\u00e9s de una interfaz l\u00f3gica, se produce el aprendizaje de MAC. Si durante este proceso, la interfaz parpadea, se observa un n\u00facleo del administrador Advanced Forwarding Toolkit (evo-aftmand-bt). Esto conduce a un reinicio de PFE. El bloqueo vuelve a ocurrir si ocurre la misma secuencia de eventos, lo que conducir\u00e1 a una condici\u00f3n DoS sostenida. Este problema afecta a Juniper Networks Junos OS Evolved: versiones 23.2-EVO anteriores a 23.2R1-S1-EVO, 23.2R2-EVO."
}
],
"id": "CVE-2024-30403",
"lastModified": "2025-02-06T20:35:23.557",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "sirt@juniper.net",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "sirt@juniper.net",
"type": "Primary"
}
]
},
"published": "2024-04-12T16:15:40.123",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Vendor Advisory"
],
"url": "https://supportportal.juniper.net/JSA79181"
},
{
"source": "sirt@juniper.net",
"tags": [
"Issue Tracking"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://supportportal.juniper.net/JSA79181"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-15 20:15
Modified
2024-11-21 05:42
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Summary
An Exposure of System Data vulnerability in Juniper Networks Junos OS and Junos OS Evolved, where a sensitive system-level resource is not being sufficiently protected, allows a network-based unauthenticated attacker to send specific traffic which partially reaches this resource. A high rate of specific traffic may lead to a partial Denial of Service (DoS) as the CPU utilization of the RE is significantly increased. The SNMP Agent Extensibility (agentx) process should only be listening to TCP port 705 on the internal routing instance. External connections destined to port 705 should not be allowed. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S9; 17.3 versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R2-S13, 17.4R3-S5; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S8; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2; 20.3 versions prior to 20.3R2. Juniper Networks Junos OS Evolved versions prior to 20.3R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 13.2R1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| sirt@juniper.net | https://kb.juniper.net/JSA11193 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA11193 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:-:*:*:*:*:*:*",
"matchCriteriaId": "285CD1E5-C6D3-470A-8556-653AFF74D0F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:a1:*:*:*:*:*:*",
"matchCriteriaId": "83AB8877-3DC0-4B8C-B864-1BF18C368337",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f:*:*:*:*:*:*",
"matchCriteriaId": "D80CABB3-9A32-4FBC-AB8E-435BA85CFA70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f1:*:*:*:*:*:*",
"matchCriteriaId": "C56F5C48-BA48-4EE1-88BE-782B3CFB3B90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f2:*:*:*:*:*:*",
"matchCriteriaId": "1C56E6C3-BBB6-4853-91D9-99C7676D0CD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f2-s1:*:*:*:*:*:*",
"matchCriteriaId": "AC196685-3B0C-4754-AE6A-6BE456CC6B52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f2-s2:*:*:*:*:*:*",
"matchCriteriaId": "F0146AA9-C513-4871-A62A-52C9F40EB958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f2-s3:*:*:*:*:*:*",
"matchCriteriaId": "A18672EF-E33D-4ACE-BB0A-561812F502C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f2-s4:*:*:*:*:*:*",
"matchCriteriaId": "CEF0E75F-831E-40B8-926D-B2E92A84E31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f3:*:*:*:*:*:*",
"matchCriteriaId": "0E0ECBD8-3D66-49DA-A557-5695159F0C06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f4:*:*:*:*:*:*",
"matchCriteriaId": "0EAA2998-A0D6-4818-9E7C-25E8099403E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f5:*:*:*:*:*:*",
"matchCriteriaId": "2D4ADFC5-D4B8-4A68-95D8-8ADF92C1CFE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f5-s7:*:*:*:*:*:*",
"matchCriteriaId": "BFF0C559-EC2F-4FEE-B012-E9127A68FD4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f6:*:*:*:*:*:*",
"matchCriteriaId": "71D211B9-B2FE-4324-AAEE-8825D5238E48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f6-s1:*:*:*:*:*:*",
"matchCriteriaId": "ABD3A11C-4CAA-4DDB-AD20-6C7EFA368CCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f6-s10:*:*:*:*:*:*",
"matchCriteriaId": "4D9134BF-7289-4503-A9C5-977C4CDCD108",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f6-s12:*:*:*:*:*:*",
"matchCriteriaId": "2698D906-6D9D-429C-9ECC-46FF2334C637",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f6-s2:*:*:*:*:*:*",
"matchCriteriaId": "6126279A-8509-4CA1-BFB3-E76F701F5031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f6-s3:*:*:*:*:*:*",
"matchCriteriaId": "CA0D028E-0B07-4CB2-863A-527806B9917C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f6-s4:*:*:*:*:*:*",
"matchCriteriaId": "846582E4-05A0-4AD9-B78B-1707A09DAA74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f6-s5:*:*:*:*:*:*",
"matchCriteriaId": "E43A39D8-3BD4-41CD-A8A3-2BFF8D340BCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f6-s6:*:*:*:*:*:*",
"matchCriteriaId": "DECD665D-2CA4-4CB2-B77D-9230B102B339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f6-s7:*:*:*:*:*:*",
"matchCriteriaId": "85B83ED7-EE50-4F06-A386-B0A4FC7263DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f6-s8:*:*:*:*:*:*",
"matchCriteriaId": "64F1FD18-AAD2-48DD-8F23-55D65D34FCE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f6-s9:*:*:*:*:*:*",
"matchCriteriaId": "B02FED8D-A554-4039-9F0A-C7EEFC640317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:f7:*:*:*:*:*:*",
"matchCriteriaId": "BD332D86-5DA7-49A4-98C3-E4D946832DC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:r:*:*:*:*:*:*",
"matchCriteriaId": "6BFFAC38-5D41-4BDB-B9D4-579F104A61BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "D0D3EA8F-4D30-4383-AF2F-0FB6D822D0F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "0E6CD065-EC06-4846-BD2A-D3CA7866070F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "C7620D01-1A6B-490F-857E-0D803E0AEE56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:r4:*:*:*:*:*:*",
"matchCriteriaId": "4A1545CE-279F-4EE2-8913-8F3B2FAFE7F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:r4-s7:*:*:*:*:*:*",
"matchCriteriaId": "03B09A78-9DEA-43A7-8DD6-56D94869DAEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:r4-s8:*:*:*:*:*:*",
"matchCriteriaId": "18B1A6D6-EB40-461A-87B0-FD777019E1BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:r4-s9:*:*:*:*:*:*",
"matchCriteriaId": "F8CD62D3-0894-426E-80A8-CEBCBD49810F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:r5:*:*:*:*:*:*",
"matchCriteriaId": "08FC0245-A4FF-42C0-A236-8569301E351A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:r5-s1:*:*:*:*:*:*",
"matchCriteriaId": "A68E7711-C7B9-4578-AB7B-863F088A38BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:r5-s3:*:*:*:*:*:*",
"matchCriteriaId": "E0501706-CB27-42B6-916B-B0009EC333C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:r5-s5:*:*:*:*:*:*",
"matchCriteriaId": "41E43503-A694-406E-B95A-689E4167A4FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:r5-s6:*:*:*:*:*:*",
"matchCriteriaId": "A464B371-1B8B-4563-8728-969825896115",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:r6:*:*:*:*:*:*",
"matchCriteriaId": "120EA9E3-788B-4CFD-A74F-17111FFD0131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:r6-s1:*:*:*:*:*:*",
"matchCriteriaId": "6B4C2FBB-FEA0-4B98-8568-705FFFFFBB06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:r6-s2:*:*:*:*:*:*",
"matchCriteriaId": "B2506FCC-4B0F-4FEF-A44E-0C704B6217F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:r6-s3:*:*:*:*:*:*",
"matchCriteriaId": "9D9F2F31-B378-40FE-B012-000A225B76F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:r6-s4:*:*:*:*:*:*",
"matchCriteriaId": "D014FF7B-BBEA-4F80-BE0E-4C70E4585A1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:r6-s6:*:*:*:*:*:*",
"matchCriteriaId": "C8257676-7AA7-4B39-A8F8-685843D0685B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:r7:*:*:*:*:*:*",
"matchCriteriaId": "31001EA8-2C65-4D3D-AEC7-F298692E8752",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:r7-s1:*:*:*:*:*:*",
"matchCriteriaId": "33A3ECF9-AA4D-41F9-8441-1EB5F1DB882E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:r7-s2:*:*:*:*:*:*",
"matchCriteriaId": "989D1170-C430-4117-8E3B-46D8B459DF49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:r7-s3:*:*:*:*:*:*",
"matchCriteriaId": "DB2FD851-BBB6-4D29-B933-1070564E0B50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:r7-s4:*:*:*:*:*:*",
"matchCriteriaId": "5229750A-8555-4A4F-AD6C-82400BE81E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:r7-s5:*:*:*:*:*:*",
"matchCriteriaId": "C5646AB3-407E-4745-8B16-4B58A8961D81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:r7-s6:*:*:*:*:*:*",
"matchCriteriaId": "D61247C5-C611-47CE-89BA-AB3958A975B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:r7-s7:*:*:*:*:*:*",
"matchCriteriaId": "CA9DB8A3-2E5F-4969-9D42-25363489A133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:15.1:r7-s8:*:*:*:*:*:*",
"matchCriteriaId": "04830AA8-7432-46F1-BD93-7339E2B756E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.3:-:*:*:*:*:*:*",
"matchCriteriaId": "A283D32F-1CAF-4A5A-83E1-585F2801771F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "38A40E03-F915-4888-87B0-5950F75F097D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.3:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "C52E355B-DA7D-4FDE-B2D7-A3C3C9C99918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.3:r1-s4:*:*:*:*:*:*",
"matchCriteriaId": "267A3603-BC18-442E-803A-4CAEB6493433",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.3:r2:*:*:*:*:*:*",
"matchCriteriaId": "69FC46D4-39E2-4E2F-A1D3-1001769A7115",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.3:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "32F83E8B-A816-4F26-95F8-F0DA7F3DF426",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.3:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "2C433359-BC8B-4E69-BE74-A31EB148083A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.3:r2-s3:*:*:*:*:*:*",
"matchCriteriaId": "BCA2976C-C84B-40D9-A806-588629BFFB13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.3:r2-s4:*:*:*:*:*:*",
"matchCriteriaId": "A2C7B980-033E-40AC-98C9-B252733B0F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.3:r2-s5:*:*:*:*:*:*",
"matchCriteriaId": "BA8D32E4-1892-46DC-9782-5466A14E18D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.3:r3:*:*:*:*:*:*",
"matchCriteriaId": "25C7C3D0-A203-4979-8375-A610ADD48E9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.3:r3:-:*:*:*:*:*",
"matchCriteriaId": "D1CAEBD2-2E46-44B5-B1D1-1DDBD450FD27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.3:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "565AE6D8-28A9-4A62-A886-5BAB954695D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.3:r3-s10:*:*:*:*:*:*",
"matchCriteriaId": "E32BE8B3-C5D9-43D1-B425-28D58EA74DD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.3:r3-s11:*:*:*:*:*:*",
"matchCriteriaId": "DE0C7BD5-4D13-4C20-B2C9-524F72B206F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.3:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "0C366F93-BB30-4144-99AE-40B676977834",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.3:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "488BB10A-1360-42E5-A68D-23D51B332850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.3:r3-s4:*:*:*:*:*:*",
"matchCriteriaId": "64988F0A-E02C-455B-99C9-4059C896416F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.3:r3-s5:*:*:*:*:*:*",
"matchCriteriaId": "DC2ACA85-FA89-40F0-A2AD-778E1CB02A91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.3:r3-s6:*:*:*:*:*:*",
"matchCriteriaId": "9F431D3D-5D55-45A9-98E8-00CB1D4C0196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.3:r3-s7:*:*:*:*:*:*",
"matchCriteriaId": "C9C703CA-9309-413A-9CD7-585277ADD32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.3:r3-s8:*:*:*:*:*:*",
"matchCriteriaId": "130E4A30-A19D-4D1E-B91C-575E8F43EA87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.3:r3-s9:*:*:*:*:*:*",
"matchCriteriaId": "E3AC83F1-2BCF-4159-9719-EB15ADD7663B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:-:*:*:*:*:*:*",
"matchCriteriaId": "A00CA6FB-8F28-4171-B510-8DBA351E80C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "988D317A-0646-491F-9B97-853E8E208276",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "605F1AD7-5B09-44F0-9017-15AB3EEE559C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "CEDDCD30-2255-4FA9-B3E2-9E88AB6F8D80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r1-s3:*:*:*:*:*:*",
"matchCriteriaId": "DF3F9F86-166F-45E4-92B7-3DD3B06199F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r1-s4:*:*:*:*:*:*",
"matchCriteriaId": "4E4EB6B0-8DB2-4199-96E4-30195D49F756",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r1-s5:*:*:*:*:*:*",
"matchCriteriaId": "204FC7B5-9CF2-4AC2-9B8D-DA48CAEA6496",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r1-s6:*:*:*:*:*:*",
"matchCriteriaId": "9D8A8E33-473A-4A40-A7B7-47086BB9012A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r1-s7:*:*:*:*:*:*",
"matchCriteriaId": "F0F65DCA-34B9-4CE8-91C9-426AAAEB4097",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "0E0CE79A-157D-47DE-BE65-936BC12470EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "05060C06-18C1-40E8-AE01-385B036CC9AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r2-s10:*:*:*:*:*:*",
"matchCriteriaId": "341417EE-71C2-465C-96CA-65B2B5B63FF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r2-s11:*:*:*:*:*:*",
"matchCriteriaId": "A701A73D-A795-47DD-8EB5-55D1CDF67A49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r2-s12:*:*:*:*:*:*",
"matchCriteriaId": "CC1EE8D6-8963-49D8-84C7-C9406B04D9EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "0C752783-4843-407B-AF33-0E1D36FCAAF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r2-s3:*:*:*:*:*:*",
"matchCriteriaId": "006EE425-A146-4E10-B050-7E754BB8402A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r2-s4:*:*:*:*:*:*",
"matchCriteriaId": "2B482BCC-1F0C-47AA-B63B-1B39CEF7B2C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r2-s5:*:*:*:*:*:*",
"matchCriteriaId": "A636F9F2-2DA7-4A27-AD80-FD1B34DFCA94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r2-s6:*:*:*:*:*:*",
"matchCriteriaId": "4EC7D216-D8F3-4ABD-97C9-4C9FB6DF64FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r2-s7:*:*:*:*:*:*",
"matchCriteriaId": "5E327643-D8D8-4EFA-9F38-BA862A919501",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r2-s8:*:*:*:*:*:*",
"matchCriteriaId": "1BC6CE1C-9DD8-429E-BDC2-251D8C8674E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r2-s9:*:*:*:*:*:*",
"matchCriteriaId": "63B00B4F-3E65-4CB2-807D-43908B570AE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r3:*:*:*:*:*:*",
"matchCriteriaId": "8732E25A-9073-4C7B-9E89-C02368728EB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "09255363-BF79-4FC3-AADD-5FAD0902174F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "11A24AA6-5378-4EEA-82D5-66A5F1110698",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "64CF2868-993A-48C8-8FBA-892507BBBF21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:17.4:r3-s4:*:*:*:*:*:*",
"matchCriteriaId": "D2D5D460-EC5C-46BF-8017-CB87B45C69BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.3:-:*:*:*:*:*:*",
"matchCriteriaId": "1BB9C2BB-D20B-41E9-B75F-7FAD9ECCDB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "5342C3DC-D640-47AB-BD76-3444852988A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.3:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "8AB8585E-EDC6-4400-BEE3-3A6A7C922C90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.3:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "A2ABC574-B3FC-4025-B50D-7F9EEB28C806",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.3:r1-s3:*:*:*:*:*:*",
"matchCriteriaId": "6F6EAFC3-C3AC-4361-8530-39FCF89702F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.3:r1-s4:*:*:*:*:*:*",
"matchCriteriaId": "92FB1BF6-8852-45D8-817C-36CDBE730801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.3:r1-s5:*:*:*:*:*:*",
"matchCriteriaId": "6B363298-315C-4FD5-9417-C5B82883A224",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.3:r1-s6:*:*:*:*:*:*",
"matchCriteriaId": "EB08FF7B-01F5-4A19-858E-E2CD19D61A62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.3:r2:*:*:*:*:*:*",
"matchCriteriaId": "B7A3FBD3-5399-42A9-9BD9-E3C981CBD6DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.3:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "4EBD361C-8B4D-43EF-8B82-9FE165D8206E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.3:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "6E7539C4-6208-43EB-9A0B-4852D0CE0FA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.3:r2-s3:*:*:*:*:*:*",
"matchCriteriaId": "35299B02-DC75-458D-B86D-8A0DB95B06AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.3:r2-s4:*:*:*:*:*:*",
"matchCriteriaId": "9BAC3EF2-3339-4E3C-9C6D-E854EBBDEF9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.3:r3:*:*:*:*:*:*",
"matchCriteriaId": "CFB29C9B-9729-43EB-AF98-AF44038DA711",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.3:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "2D1FB957-54C8-428E-BC8D-2802D7F6895F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.3:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "A0BC4766-4BA4-4B02-A654-5C527EA66E9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.3:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "BB8263A9-5D63-46A2-9C98-B3980910B612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.3:r3-s4:*:*:*:*:*:*",
"matchCriteriaId": "75F125DC-3A21-489F-B324-A586F5BA350A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:-:*:*:*:*:*:*",
"matchCriteriaId": "74CA9010-D3DE-487B-B46F-589A48AB0F0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "A38F224C-8E9B-44F3-9D4F-6C9F04F57927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "853F146A-9A0F-49B6-AFD2-9907434212F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "8F73B88B-E66C-4ACD-B38D-9365FB230ABA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r1-s3:*:*:*:*:*:*",
"matchCriteriaId": "EE1F82EC-3222-4158-8923-59CDA1909A9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r1-s4:*:*:*:*:*:*",
"matchCriteriaId": "8FE95D15-B5E5-4E74-9464-C72D8B646A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r1-s5:*:*:*:*:*:*",
"matchCriteriaId": "C012CD07-706A-4E1C-B399-C55AEF5C8309",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r1-s6:*:*:*:*:*:*",
"matchCriteriaId": "A0C26E59-874A-4D87-9E7F-E366F4D65ED1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r1-s7:*:*:*:*:*:*",
"matchCriteriaId": "75902119-60D0-49F8-8E01-666E0F75935A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "D59D7A31-128B-4034-862B-8EF3CE3EE949",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "0C5E097B-B79E-4E6A-9291-C8CB9674FED5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "819FA3ED-F934-4B20-BC0E-D638ACCB7787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r2-s3:*:*:*:*:*:*",
"matchCriteriaId": "3D7D773A-4988-4D7C-A105-1885EBE14426",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r2-s4:*:*:*:*:*:*",
"matchCriteriaId": "1BD93674-9375-493E-BD6C-8AD41CC75DD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r2-s5:*:*:*:*:*:*",
"matchCriteriaId": "34E28FD9-1089-42F7-8586-876DBEC965DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r2-s6:*:*:*:*:*:*",
"matchCriteriaId": "B7E72C49-1849-4A6F-81BC-D03F06D47D6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r2-s7:*:*:*:*:*:*",
"matchCriteriaId": "541535BD-20DC-4489-91A7-F6CBC6802352",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r3:*:*:*:*:*:*",
"matchCriteriaId": "736B7A9F-E237-45AF-A6D6-84412475F481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "62E63730-F697-4FE6-936B-FD9B4F22EAE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "064A7052-4EF5-4BFB-88FF-8122AEECB6A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "08C58CCB-3BAA-4400-B371-556DF46DE69C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r3-s4:*:*:*:*:*:*",
"matchCriteriaId": "28F7740D-C636-4FA3-8479-E5E039041DA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r3-s5:*:*:*:*:*:*",
"matchCriteriaId": "81F6DEA3-F07E-4FD0-87CB-4E8C0B768706",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r3-s6:*:*:*:*:*:*",
"matchCriteriaId": "2C1601BB-CAB7-4C92-8416-1824BB85D820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r3-s7:*:*:*:*:*:*",
"matchCriteriaId": "14FC491D-8DA8-4E79-A9A6-3629E41C847A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r3-s8:*:*:*:*:*:*",
"matchCriteriaId": "44C4BE2C-814F-49AA-8B64-17245FC01270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.1:-:*:*:*:*:*:*",
"matchCriteriaId": "768C0EB7-8456-4BF4-8598-3401A54D21DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "5332B70A-F6B0-4C3B-90E2-5CBFB3326126",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.1:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "81439FE8-5405-45C2-BC04-9823D2009A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.1:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "E506138D-043E-485D-B485-94A2AB75F8E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.1:r1-s3:*:*:*:*:*:*",
"matchCriteriaId": "0EF3C901-3599-463F-BEFB-8858768DC195",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.1:r1-s4:*:*:*:*:*:*",
"matchCriteriaId": "CD806778-A995-4A9B-9C05-F4D7B1CB1F7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.1:r1-s5:*:*:*:*:*:*",
"matchCriteriaId": "02B42BE8-1EF2-47F7-9F10-DE486A017EED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.1:r1-s6:*:*:*:*:*:*",
"matchCriteriaId": "0B372356-D146-420B-95C3-381D0383B595",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "DCAB79C9-6639-4ED0-BEC9-E7C8229DF977",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.1:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "C8CF858F-84BB-4AEA-B829-FCF22C326160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.1:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "92292C23-DC38-42F1-97C1-8416BBB60FA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "5405F361-AB96-4477-AA0D-49B874324B39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.1:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "E45E5421-2F6F-4AF9-8EB1-431A804FC649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.1:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "93098975-4A06-4A72-8DF0-F2C5E1AF2F77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.1:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "E1F3AEE4-CEB8-4CAA-A48A-1B4647FFFCDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.1:r3-s4:*:*:*:*:*:*",
"matchCriteriaId": "69E2DF80-63D8-48DD-BC73-C406B7AA3C7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.2:-:*:*:*:*:*:*",
"matchCriteriaId": "0E7545CE-6300-4E81-B5AF-2BE150C1B190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "4CA3060F-1800-4A06-A453-FB8CE4B65312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.2:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "9A5B337A-727C-4767-AD7B-E0F7F99EB46F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.2:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "16FDE60B-7A99-4683-BC14-530B5B005F8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.2:r1-s3:*:*:*:*:*:*",
"matchCriteriaId": "725D8C27-E4F8-4394-B4EC-B49B6D3C2709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.2:r1-s4:*:*:*:*:*:*",
"matchCriteriaId": "8233C3AB-470E-4D13-9BFD-C9E90918FD0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.2:r1-s5:*:*:*:*:*:*",
"matchCriteriaId": "5F7A233A-D4F6-46FA-92E9-2ACE13E4A6A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.2:r1-s6:*:*:*:*:*:*",
"matchCriteriaId": "ADCE4EA8-DDBA-4766-BB81-E4DA29723723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "7C71D2FA-B1A4-4004-807F-7B3BB347DF4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.2:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "9E78E854-DDD3-4D1A-97AB-AEA70B9B811F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.2:r3:*:*:*:*:*:*",
"matchCriteriaId": "512FB3D1-BA5B-4F73-BDB2-49D6889F5473",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.2:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "7FCBFF57-83A1-4C1C-A38D-7DAB48BCA2EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.3:-:*:*:*:*:*:*",
"matchCriteriaId": "59006503-B2CA-4F79-AC13-7C5615A74CE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "B8110DA9-54B1-43CF-AACB-76EABE0C9EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.3:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "11B5CC5A-1959-4113-BFCF-E4BA63D918C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.3:r2:*:*:*:*:*:*",
"matchCriteriaId": "33F08A33-EF80-4D86-9A9A-9DF147B9B6D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.3:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "AF24ACBD-5F84-47B2-BFF3-E9A56666269C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.3:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "3935A586-41BD-4FA5-9596-DED6F0864777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.3:r2-s3:*:*:*:*:*:*",
"matchCriteriaId": "B83FB539-BD7C-4BEE-9022-098F73902F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.3:r2-s4:*:*:*:*:*:*",
"matchCriteriaId": "7659AC36-A5EA-468A-9793-C1EC914D36F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.3:r2-s5:*:*:*:*:*:*",
"matchCriteriaId": "E0E018E1-568E-40F2-ADA5-F71509811879",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.3:r3:*:*:*:*:*:*",
"matchCriteriaId": "B9295AF3-A883-47C3-BAF8-3D82F719733E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.3:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "F09D3262-394A-43D1-A4ED-8887FCB20F87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "DC743EE4-8833-452A-94DB-655BF139F883",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "FE96A8EA-FFE3-4D8F-9266-21899149D634",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "C12A75C6-2D00-4202-B861-00FF71585FA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r1-s3:*:*:*:*:*:*",
"matchCriteriaId": "70FF3DD4-14CB-435D-8529-0480EB853F60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "4DCFA774-96EF-4018-82CF-95C807025C24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "76022948-4B07-43CB-824C-44E1AB3537CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "25446F60-5CB9-4923-BCE8-609AE3CFDFBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r2-s3:*:*:*:*:*:*",
"matchCriteriaId": "A23E5CEA-EFF5-4641-BC47-BA2D0859F0EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "8328FDE6-9707-4142-B905-3B07C0E28E35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.1:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "41CD982F-E6F2-4951-9F96-A76C142DF08E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.1:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "19FDC05F-5582-4F7E-B628-E58A3C0E7F2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.1:r1-s3:*:*:*:*:*:*",
"matchCriteriaId": "401306D1-E9CE-49C6-8DC9-0E8747B9DC2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.1:r1-s4:*:*:*:*:*:*",
"matchCriteriaId": "615EAF48-AD53-4CC2-B233-5EA5C0F72CB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "CD07B7E2-F5C2-4610-9133-FDA9E66DFF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.2:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "D3C23AEB-34DE-44FB-8D64-E69D6E8B7401",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.2:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "18DB9401-5A51-4BB3-AC2F-58F58F1C788C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.2:r1-s3:*:*:*:*:*:*",
"matchCriteriaId": "06F53DA5-59AE-403C-9B1E-41CE267D8BB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "5C9BC697-C7C9-447D-9EBD-E9711462583E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.3:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "7B80433B-57B1-49EF-B1A1-83781D6102E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:19.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "914D6984-1820-483B-AEB9-2C5257B5E900",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:19.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "14C57D33-01BB-4190-B787-F5BDACE82AFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:19.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "6480A5C9-3280-40C5-BC08-509555F28363",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:19.3:r2:*:*:*:*:*:*",
"matchCriteriaId": "2D3C2D74-AF22-4BED-A0C5-089B5507D275",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:19.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "83447F3F-79A3-41DF-8FD1-31DCFCBE40A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:19.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "2B14CED1-BEAF-4343-A05D-FB1E2B6AC955",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:19.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "ABB91C38-8C70-436A-83DB-42B8DF81D7D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.1:-:*:*:*:*:*:*",
"matchCriteriaId": "AED25FB6-E3FA-4543-90B2-50068D683D50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "F64FBB4B-7CBF-499B-A523-804857DEFAFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.1:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "EEBE159F-5D94-4C18-B922-331586BEA2CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.2:-:*:*:*:*:*:*",
"matchCriteriaId": "487A82C9-7B7E-4ACA-BABF-65B8504079AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.3:-:*:*:*:*:*:*",
"matchCriteriaId": "37625D47-53C3-43D5-A361-A833EE06C6D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "4AFB91E3-CAAC-429F-A869-DDD40FB0F84D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Exposure of System Data vulnerability in Juniper Networks Junos OS and Junos OS Evolved, where a sensitive system-level resource is not being sufficiently protected, allows a network-based unauthenticated attacker to send specific traffic which partially reaches this resource. A high rate of specific traffic may lead to a partial Denial of Service (DoS) as the CPU utilization of the RE is significantly increased. The SNMP Agent Extensibility (agentx) process should only be listening to TCP port 705 on the internal routing instance. External connections destined to port 705 should not be allowed. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S9; 17.3 versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R2-S13, 17.4R3-S5; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S8; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2; 20.3 versions prior to 20.3R2. Juniper Networks Junos OS Evolved versions prior to 20.3R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 13.2R1."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Exposici\u00f3n de Datos del Sistema en Juniper Networks Junos OS y Junos OS Evolved, en la que un recurso confidencial a nivel del sistema no est\u00e1 suficientemente protegido, permite a un atacante no autenticado basado en la red enviar tr\u00e1fico espec\u00edfico que alcance parcialmente este recurso. Una alta tasa de tr\u00e1fico espec\u00edfico puede conllevar una Denegaci\u00f3n de Servicio (DoS) parcial, ya que la utilizaci\u00f3n de la CPU del RE aumenta considerablemente. El proceso de Extensibilidad del Agente SNMP (agentx) s\u00f3lo deber\u00eda estar escuchando el puerto TCP 705 en la instancia de enrutamiento interna. Las conexiones externas destinadas al puerto 705 no deber\u00edan estar permitidas. Este problema afecta a: Juniper Networks Junos OS versiones: 15.1anteriores a 15.1R7-S9; versiones 17.3 anteriores a 17.3R3-S12; versiones 17.4 anteriores a 17.4R2-S13, 17.4R3-S5; versiones 18.3 anteriores a 18.3R3-S5; versiones 18.4 anteriores a 18.4R2-S8; versiones 19.1 anteriores a 19.1R3-S5; versiones 19. 2 anteriores a 19.2R3-S2; versiones 19.3 anteriores a 19.3R2-S6, 19.3R3-S2; versiones 19.4 anteriores a 19.4R1-S4, 19.4R2-S4, 19.4R3; versiones 20.1 anteriores a 20.1R2; versiones 20.2 anteriores a 20.2R2; versiones 20.3 anteriores a 20.3R2. Versiones de Juniper Networks Junos OS Evolved anteriores a 20.3R2-EVO. Este problema no afecta a versiones de Juniper Networks Junos OS anteriores a 13.2R1"
}
],
"id": "CVE-2021-0291",
"lastModified": "2024-11-21T05:42:25.110",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-15T20:15:10.943",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA11193"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA11193"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-497"
}
],
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-20 15:15
Modified
2024-11-21 06:46
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability in Handling of Undefined Values in the routing protocol daemon (RPD) process of Juniper Networks Junos OS and Junos OS Evolved may allow an unauthenticated network-based attacker to crash the RPD process by sending a specific BGP update while the system is under heavy load, leading to a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. Malicious exploitation of this issue requires a very specific combination of load, timing, and configuration of the vulnerable system which is beyond the direct control of the attacker. Internal reproduction has only been possible through artificially created load and specially instrumented source code. Systems are only vulnerable to this issue if BGP multipath is enabled. Routers not configured for BGP multipath are not vulnerable to this issue. This issue affects: Juniper Networks Junos OS: 21.1 versions prior to 21.1R3-S1; 21.2 versions prior to 21.2R2-S2, 21.2R3; 21.3 versions prior to 21.3R2, 21.3R3; 21.4 versions prior to 21.4R1-S1, 21.4R2. Juniper Networks Junos OS Evolved: 21.1 versions prior to 21.1R3-S1-EVO; 21.2 version 21.2R1-EVO and later versions; 21.3 versions prior to 21.3R3-EVO; 21.4 versions prior to 21.4R1-S1-EVO, 21.4R2-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 21.1. Juniper Networks Junos OS Evolved versions prior to 21.1-EVO.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| sirt@juniper.net | https://kb.juniper.net/JSA69717 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA69717 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos:21.1:-:*:*:*:*:*:*",
"matchCriteriaId": "6FDB5B7D-FB37-47E3-8678-B9ED578CCA5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "625BA7E6-D2AD-4A48-9B94-24328BE5B06A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.1:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "F462F4E3-762C-429F-8D25-5521100DD37C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "C0BC9DAC-D6B5-4C5E-8C73-6E550D9A30F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.1:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "689FE1AE-7A85-4FB6-AB02-E732F23581B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.1:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "79E56DAC-75AD-4C81-9835-634B40C15DA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "A0040FE2-7ECD-4755-96CE-E899BA298E0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*",
"matchCriteriaId": "216E7DDE-453D-481F-92E2-9F8466CDDA3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "A52AF794-B36B-43A6-82E9-628658624B0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "3998DC76-F72F-4452-9150-652140B113EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "36ED4552-2420-45F9-B6E4-6DA2B2B12870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "C28A14E7-7EA0-4757-9764-E39A27CFDFA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "4A43752D-A4AF-4B4E-B95B-192E42883A5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "42986538-E9D0-4C2E-B1C4-A763A4EE451B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.3:-:*:*:*:*:*:*",
"matchCriteriaId": "2E7D597D-F6B6-44C3-9EBC-4FA0686ACB5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "CC78A4CB-D617-43FC-BB51-287D2D0C44ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.3:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "30FF67F8-1E3C-47A8-8859-709B3614BA6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.3:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "0C7C507E-C85E-4BC6-A3B0-549516BAB524",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.3:r2:*:*:*:*:*:*",
"matchCriteriaId": "6514CDE8-35DC-469F-89A3-078684D18F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:-:*:*:*:*:*:*",
"matchCriteriaId": "79ED3CE8-CC57-43AB-9A26-BBC87816062D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "4310D2D9-A8A6-48F8-9384-0A0692A1E1C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "9962B01C-C57C-4359-9532-676AB81CE8B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:-:*:*:*:*:*:*",
"matchCriteriaId": "52C3552E-798F-4719-B38D-F74E34EAAA40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "AE674DD3-3590-4434-B144-5AD7EB5F039D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "0099BDA9-9D4B-4D6C-8234-EFD9E8C63476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "D8729BC1-FB09-4E6D-A5D5-8BDC589555B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "9D72C3DF-4513-48AC-AAED-C1AADF0794E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:-:*:*:*:*:*:*",
"matchCriteriaId": "620B0CDD-5566-472E-B96A-31D2C12E3120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "3EA3DC63-B290-4D15-BEF9-21DEF36CA2EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "7E1E57AF-979B-4022-8AD6-B3558E06B718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "144730FB-7622-4B3D-9C47-D1B7A7FB7EB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "7BA246F0-154E-4F44-A97B-690D22FA73DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "25D6C07C-F96E-4523-BB54-7FEABFE1D1ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "2B70C784-534B-4FAA-A5ED-3709656E2B97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3:*:*:*:*:*:*",
"matchCriteriaId": "60448FFB-568E-4280-9261-ADD65244F31A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:-:*:*:*:*:*:*",
"matchCriteriaId": "4EC38173-44AB-43D5-8C27-CB43AD5E0B2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "5A4DD04A-DE52-46BE-8C34-8DB47F7500F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "FEE0E145-8E1C-446E-90ED-237E3B9CAF47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r2:*:*:*:*:*:*",
"matchCriteriaId": "0F26369D-21B2-4C6A-98C1-492692A61283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:-:*:*:*:*:*:*",
"matchCriteriaId": "2E907193-075E-45BC-9257-9607DB790D71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "8B73A41D-3FF5-4E53-83FF-74DF58E0D6C3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Handling of Undefined Values in the routing protocol daemon (RPD) process of Juniper Networks Junos OS and Junos OS Evolved may allow an unauthenticated network-based attacker to crash the RPD process by sending a specific BGP update while the system is under heavy load, leading to a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. Malicious exploitation of this issue requires a very specific combination of load, timing, and configuration of the vulnerable system which is beyond the direct control of the attacker. Internal reproduction has only been possible through artificially created load and specially instrumented source code. Systems are only vulnerable to this issue if BGP multipath is enabled. Routers not configured for BGP multipath are not vulnerable to this issue. This issue affects: Juniper Networks Junos OS: 21.1 versions prior to 21.1R3-S1; 21.2 versions prior to 21.2R2-S2, 21.2R3; 21.3 versions prior to 21.3R2, 21.3R3; 21.4 versions prior to 21.4R1-S1, 21.4R2. Juniper Networks Junos OS Evolved: 21.1 versions prior to 21.1R3-S1-EVO; 21.2 version 21.2R1-EVO and later versions; 21.3 versions prior to 21.3R3-EVO; 21.4 versions prior to 21.4R1-S1-EVO, 21.4R2-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 21.1. Juniper Networks Junos OS Evolved versions prior to 21.1-EVO."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el manejo de valores no definidos en el proceso del demonio del protocolo de enrutamiento (RPD) de Juniper Networks Junos OS y Junos OS Evolved puede permitir a un atacante no autenticado basado en la red bloquear el proceso RPD enviando una actualizaci\u00f3n BGP espec\u00edfica mientras el sistema est\u00e1 bajo una gran carga, conllevando a una Denegaci\u00f3n de Servicio (DoS). La recepci\u00f3n y el procesamiento continuado de este paquete crear\u00e1 una condici\u00f3n de Denegaci\u00f3n de Servicio (DoS) sostenida. La explotaci\u00f3n maliciosa de este problema requiere una combinaci\u00f3n muy espec\u00edfica de carga, tiempo y configuraci\u00f3n del sistema vulnerable que est\u00e1 fuera del control directo del atacante. La reproducci\u00f3n interna s\u00f3lo ha sido posible mediante una carga creada artificialmente y un c\u00f3digo fuente especialmente instrumentado. Los sistemas s\u00f3lo son vulnerables a este problema si BGP multipath est\u00e1 habilitado. Los routers no configurados para BGP multipath no son vulnerables a este problema. Este problema afecta a: Juniper Networks Junos OS: Versiones 21.1 anteriores a 21.1R3-S1; versiones 21.2 anteriores a 21.2R2-S2, 21.2R3; versiones 21.3 anteriores a 21.3R2, 21.3R3; versiones 21.4 anteriores a 21.4R1-S1, 21.4R2. Juniper Networks Junos OS Evolved: versiones 21.1 anteriores a 21.1R3-S1-EVO; versiones 21.2 21.2R1-EVO y posteriores; versiones 21.3 anteriores a 21.3R3-EVO; versiones 21.4 anteriores a 21.4R1-S1-EVO, 21.4R2-EVO. Este problema no afecta a: Las versiones del Sistema Operativo Junos de Juniper Networks anteriores a 21.1. Las versiones del Sistema Operativo Junos Evolved de Juniper Networks anteriores a 21.1-EVO"
}
],
"id": "CVE-2022-22213",
"lastModified": "2024-11-21T06:46:24.350",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-20T15:15:08.827",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA69717"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA69717"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-232"
}
],
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-10 23:15
Modified
2025-02-07 19:57
Severity ?
Summary
An Improper Check or Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).
An attacker can send specific traffic to the device, which causes the rpd to crash and restart. Continued receipt of this traffic will result in a sustained DoS condition.
This issue only affects devices with an EVPN-VPWS instance with IGMP-snooping enabled.
This issue affects Junos OS:
* All versions before 20.4R3-S10,
* from 21.4 before 21.4R3-S6,
* from 22.1 before 22.1R3-S5,
* from 22.2 before 22.2R3-S3,
* from 22.3 before 22.3R3-S2,
* from 22.4 before 22.4R3,
* from 23.2 before 23.2R2;
Junos OS Evolved:
* All versions before 20.4R3-S10-EVO,
* from 21.4-EVO before 21.4R3-S6-EVO,
* from 22.1-EVO before 22.1R3-S5-EVO,
* from 22.2-EVO before 22.2R3-S3-EVO,
* from 22.3-EVO before 22.3R3-S2-EVO,
* from 22.4-EVO before 22.4R3-EVO,
* from 23.2-EVO before 23.2R2-EVO.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| sirt@juniper.net | https://supportportal.juniper.net/JSA82980 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://supportportal.juniper.net/JSA82980 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A96966-5060-4139-A124-D4E2C879FD6C",
"versionEndExcluding": "20.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:-:*:*:*:*:*:*",
"matchCriteriaId": "3D361B23-A3C2-444B-BEB8-E231DA950567",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "20DDC6B7-BFC4-4F0B-8E68-442C23765BF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "037BA01C-3F5C-4503-A633-71765E9EF774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "C54B047C-4B38-40C0-9855-067DCF7E48BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "38984199-E332-4A9C-A4C0-78083D052E15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "AA6526FB-2941-4D18-9B2E-472AD5A62A53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r3:*:*:*:*:*:*",
"matchCriteriaId": "09876787-A40A-4340-9C12-8628C325353B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "41615104-C17E-44DA-AB0D-6E2053BD4EF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "1981DE38-36B5-469D-917E-92717EE3ED53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "AFA68ACD-AAE5-4577-B734-23AAF77BC85A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s4:*:*:*:*:*:*",
"matchCriteriaId": "65948ABC-22BB-46D5-8545-0806EDB4B86E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s5:*:*:*:*:*:*",
"matchCriteriaId": "283E41CB-9A90-4521-96DC-F31AA592CFD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s6:*:*:*:*:*:*",
"matchCriteriaId": "14EEA504-CBC5-4F6F-889A-D505EC4BB5B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s7:*:*:*:*:*:*",
"matchCriteriaId": "977DEF80-0DB5-4828-97AC-09BB3111D585",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s8:*:*:*:*:*:*",
"matchCriteriaId": "C445622E-8E57-4990-A71A-E1993BFCB91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s9:*:*:*:*:*:*",
"matchCriteriaId": "0CED6FFE-1854-4BB0-8DB5-D2D756E68CAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:-:*:*:*:*:*:*",
"matchCriteriaId": "79ED3CE8-CC57-43AB-9A26-BBC87816062D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "4310D2D9-A8A6-48F8-9384-0A0692A1E1C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "9962B01C-C57C-4359-9532-676AB81CE8B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "62178549-B679-4902-BFDB-2993803B7FCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "9AD697DF-9738-4276-94ED-7B9380CD09F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "09FF5818-0803-4646-A386-D7C645EE58A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "2229FA59-EB24-49A2-85CE-F529A8DE6BA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r3:*:*:*:*:*:*",
"matchCriteriaId": "0CB280D8-C5D8-4B51-A879-496ACCDE4538",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "5F3F54F1-75B3-400D-A735-2C27C8CEBE79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "476A49E7-37E9-40F9-BF2D-9BBFFAA1DFFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "0A5B196A-2AF1-4AE5-9148-A75A572807BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s4:*:*:*:*:*:*",
"matchCriteriaId": "3B457616-2D91-4913-9A7D-038BBF8F1F66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s5:*:*:*:*:*:*",
"matchCriteriaId": "C470FB4E-A927-4AF3-ACB0-AD1E264218B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:-:*:*:*:*:*:*",
"matchCriteriaId": "9D157211-535E-4B2D-B2FE-F697FAFDF65C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "3F96EBE9-2532-4E35-ABA5-CA68830476A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "B4D936AE-FD74-4823-A824-2D9F24C25BFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "E117E493-F4E1-4568-88E3-F243C74A2662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "01E3E308-FD9C-4686-8C35-8472A0E99F0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "3683A8F5-EE0E-4936-A005-DF7F6B75DED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "1B615DBA-8C53-41D4-B264-D3EED8578471",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "B3124DD0-9E42-4896-9060-CB7DD07FC342",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "44F6FD6C-03AF-4D2C-B411-A753DE12A2DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "D49FFB60-BA71-4902-9404-E67162919ADC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "EFF72FCA-C440-4D43-9BDB-F712DB413717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r3-s4:*:*:*:*:*:*",
"matchCriteriaId": "DE69E9E3-00FC-41BF-9109-617668CF9A0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.2:-:*:*:*:*:*:*",
"matchCriteriaId": "06156CD6-09D3-4A05-9C5E-BC64A70640F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "E949B21B-AD62-4022-9088-06313277479E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.2:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "8D862E6F-0D01-4B25-8340-888C30F75A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.2:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "2F28F73E-8563-41B9-A313-BBAAD5B57A67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "E37D4694-C80B-475E-AB5B-BB431F59C5E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.2:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "5EC0D2D2-4922-4675-8A2C-57A08D7BE334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.2:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "9EC91F9D-DEDA-46B4-A39F-59A2CDB86C2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.2:r3:*:*:*:*:*:*",
"matchCriteriaId": "591AA3E6-62A2-4A1A-A04C-E808F71D8B6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.2:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "786F993E-32CB-492A-A7CC-A7E4F48EA8B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.2:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "60CEA89D-BAC4-41CD-A1D1-AA5EDDEBD54A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.3:-:*:*:*:*:*:*",
"matchCriteriaId": "CEB98E3F-B0A9-488F-ACFC-56B9485E7C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "19519212-51DD-4448-B115-8A20A40192CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.3:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "5CC9909E-AE9F-414D-99B1-83AA04D5297B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.3:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "FDE9E767-4713-4EA2-8D00-1382975A4A15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.3:r2:*:*:*:*:*:*",
"matchCriteriaId": "59DDA54E-6845-47EB-AE3C-5EC6BD33DFA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.3:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "574730B0-56C8-4A03-867B-1737148ED9B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.3:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "20EBC676-1B26-4A71-8326-0F892124290A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.3:r3:*:*:*:*:*:*",
"matchCriteriaId": "FB4C0FBF-8813-44E5-B71A-22CBAA603E2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.3:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "8BCDE58C-80CC-4C5A-9667-8A4468D8D76C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:-:*:*:*:*:*:*",
"matchCriteriaId": "1379EF30-AF04-4F98-8328-52A631F24737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "28E42A41-7965-456B-B0AF-9D3229CE4D4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "CB1A77D6-D3AD-481B-979C-8F778530B175",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "3A064B6B-A99B-4D8D-A62D-B00C7870BC30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "40813417-A938-4F74-A419-8C5188A35486",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "7FC1BA1A-DF0E-4B15-86BA-24C60E546732",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "EBB967BF-3495-476D-839A-9DBFCBE69F91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:23.2:-:*:*:*:*:*:*",
"matchCriteriaId": "1A78CC80-E8B1-4CDA-BB35-A61833657FA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:23.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "4B3B2FE1-C228-46BE-AC76-70C2687050AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:23.2:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "F1B16FF0-900F-4AEE-B670-A537139F6909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:23.2:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "B227E831-30FF-4BE1-B8B2-31829A5610A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F41A7DF-2B27-4E2E-ABFC-E0510A028199",
"versionEndExcluding": "20.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:-:*:*:*:*:*:*",
"matchCriteriaId": "247FB9DF-7EC0-4298-B27C-3235D141C1D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "C9C8866D-162F-4C9B-8167-2FBA25410368",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "F85E5BC7-8607-4330-AA72-2273D32F8604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "878C81C9-A418-4A21-8FDB-2116A992679C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "7451A671-A3CC-4904-8D45-947B1D3783C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "0108AD20-EAE6-41D1-AE48-254C46B5388A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "44FBCA6F-EB05-4EE4-85FD-944BDAF7D81B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s3:*:*:*:*:*:*",
"matchCriteriaId": "E554FD12-FE69-44D1-B2C9-4382F8CA4456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3:*:*:*:*:*:*",
"matchCriteriaId": "E0C1D53E-70BE-4246-89ED-1074C8C70747",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "B39DDCF8-BB68-49F4-8AAF-AE25C9C13AC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "B38A90A9-B739-49BE-8845-9ABF846CCC5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "AAE56A7C-BA26-405F-A640-C43AF78B0A3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s4:*:*:*:*:*:*",
"matchCriteriaId": "683D8EED-9F26-41E7-B69C-FE198225A8F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s5:*:*:*:*:*:*",
"matchCriteriaId": "8979C85C-87DD-42B1-9CCC-BC3F7007C600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s6:*:*:*:*:*:*",
"matchCriteriaId": "5BDD5111-1BC2-456B-8A31-F2D252DF613C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s7:*:*:*:*:*:*",
"matchCriteriaId": "89B9BF7C-525C-4819-B80D-9B5F240F9878",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s8:*:*:*:*:*:*",
"matchCriteriaId": "49547BB0-3327-4315-B112-AD57B70EF223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s9:*:*:*:*:*:*",
"matchCriteriaId": "E3FE3B93-5536-4A97-8727-CD0F61EE1200",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:-:*:*:*:*:*:*",
"matchCriteriaId": "2E907193-075E-45BC-9257-9607DB790D71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "8B73A41D-3FF5-4E53-83FF-74DF58E0D6C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "CEDF46A8-FC3A-4779-B695-2CA11D045AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "39809219-9F87-4583-9DAD-9415DD320B36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "DB299492-A919-4EBA-A62A-B3CF02FC0A95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "74ED0939-D5F8-4334-9838-40F29DE3597F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "C6937069-8C19-4B01-8415-ED7E9EAE2CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3:*:*:*:*:*:*",
"matchCriteriaId": "97DB6DD5-F5DD-4AE1-AF2F-8DB9E18FF882",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "21DF05B8-EF7E-422F-8831-06904160714C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "492FCE45-68A1-4378-85D4-C4034FE0D836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "522114CC-1505-4205-B4B8-797DE1BD833B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s4:*:*:*:*:*:*",
"matchCriteriaId": "C9D664AB-0FA7-49C7-B6E1-69C77652FBEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s5:*:*:*:*:*:*",
"matchCriteriaId": "9DB01252-2F11-41DB-9023-C74FD723334E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:-:*:*:*:*:*:*",
"matchCriteriaId": "C16434C0-21A7-4CE5-92E1-7D60A35EF5D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "750FE748-82E7-4419-A061-2DEA26E35309",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "236E23E5-8B04-4081-9D97-7300DF284000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "5FC96EA7-90A7-4838-B95D-60DBC88C7BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "97541867-C52F-40BB-9AAE-7E87ED23D789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "85CF6664-E35A-4E9B-95C0-CDC91F7F331A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "E048A05D-882F-4B1C-BA32-3BBA3FEA31A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "47E8D51D-1424-4B07-B036-E3E195F21AC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "6F3C82ED-5728-406F-ACF6-D7411B0AB6C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "1475A58F-1515-4492-B5A3-BE40C30E5B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r3-s4:*:*:*:*:*:*",
"matchCriteriaId": "4C9C133A-6114-495F-872C-BD1200953131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:-:*:*:*:*:*:*",
"matchCriteriaId": "A3CA3365-F9AF-40DF-8700-30AD4BC58E27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "D77A072D-350A-42F2-8324-7D3AC1711BF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "83AE395C-A651-4568-88E3-3600544BF799",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "C7FEFD0A-A969-4F53-8668-1231FD675D6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "B3BE1FD4-DAD9-4357-A2E9-20E5826B0D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "81CC3480-4B65-4588-8D46-FA80A8F6D143",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "F7E76F5F-DB37-4B7F-9247-3CEB4EBD7696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r3:*:*:*:*:*:*",
"matchCriteriaId": "C63DBEE5-B0C2-498F-A672-B6596C89B0A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "9370C46D-3AA1-4562-B67F-DF6EA10F209B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "1FD8C240-A7FE-4FD5-ADCC-289C1BC461BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:-:*:*:*:*:*:*",
"matchCriteriaId": "BE2EF84D-55A9-41DC-A324-69E1DC426D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "433631CA-3AC4-4D66-9B46-AEA4209347F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "6E4CD8AD-277A-4FC5-A102-3E151060C216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "4BC09BAC-83E7-48CE-B571-ED49277B2987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r2:*:*:*:*:*:*",
"matchCriteriaId": "FA4481D2-F693-48A5-8DBC-E86430987A25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "136CA584-2475-4A14-9771-F367180201D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "4546776C-A657-42E3-9A36-47F9F59A88AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r3:*:*:*:*:*:*",
"matchCriteriaId": "156DD8ED-CE6E-48C0-9E67-16B04767D62E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "10F9C2B1-BD81-4EDC-ADF5-4B0F39001C7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:-:*:*:*:*:*:*",
"matchCriteriaId": "0A33C425-921F-4795-B834-608C8F1597E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "93887799-F62C-4A4A-BCF5-004D0B4D4154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "62C473D2-2612-4480-82D8-8A24D0687BBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "7FB4C5CA-A709-4B13-A9E0-372098A72AD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "04CE952D-E3C1-4B34-9E65-EC52BFE887AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "8AE9D1A7-4721-4E1D-B965-FDC38126B1DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "A8643AA3-29EF-48A7-B033-CB60988E214B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:23.2:-:*:*:*:*:*:*",
"matchCriteriaId": "6DEAA7FD-385F-4221-907E-65ABC16BE4BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:23.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "DDEC008A-3137-48D1-8ABC-6DB0EFC40E50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:23.2:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "558D234D-BC50-415F-86D6-8E19D6C3ACE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:23.2:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "33F4EEEE-77E9-4973-A770-99E7BA2F05F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Check or Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).\n\nAn attacker can send specific traffic to the device, which causes the rpd to crash and restart. Continued receipt of this traffic will result in a sustained DoS condition.\n\nThis issue only affects devices with an EVPN-VPWS instance with IGMP-snooping enabled.\n\nThis issue affects Junos OS: \n * All versions before 20.4R3-S10,\u00a0\n * from 21.4 before 21.4R3-S6,\u00a0\n * from 22.1 before 22.1R3-S5,\u00a0\n * from 22.2 before 22.2R3-S3,\u00a0\n * from 22.3 before 22.3R3-S2,\u00a0\n * from 22.4 before 22.4R3,\u00a0\n * from 23.2 before 23.2R2;\n\n\nJunos OS Evolved: \n * All versions before 20.4R3-S10-EVO,\u00a0\n * from 21.4-EVO before 21.4R3-S6-EVO,\u00a0\n * from 22.1-EVO before 22.1R3-S5-EVO,\u00a0\n * from 22.2-EVO before 22.2R3-S3-EVO,\u00a0\n * from 22.3-EVO before 22.3R3-S2-EVO,\u00a0\n * from 22.4-EVO before 22.4R3-EVO,\u00a0\n * from 23.2-EVO before 23.2R2-EVO."
},
{
"lang": "es",
"value": "Una vulnerabilidad de verificaci\u00f3n o manejo inadecuado de condiciones excepcionales en el demonio de protocolo de enrutamiento (rpd) de Juniper Networks Junos y Junos OS Evolved permite que un atacante adyacente no autenticado provoque una denegaci\u00f3n de servicio (DoS). Un atacante puede enviar tr\u00e1fico espec\u00edfico al dispositivo, lo que provoca que el rpd falle y se reinicie. La recepci\u00f3n continua de este tr\u00e1fico dar\u00e1 como resultado una condici\u00f3n DoS sostenida. Este problema solo afecta a los dispositivos con una instancia EVPN-VPWS con IGMP-snooping habilitado. Este problema afecta a Junos OS: * Todas las versiones anteriores a 20.4R3-S10, * desde 21.4 anterior a 21.4R3-S6, * desde 22.1 anterior a 22.1R3-S5, * desde 22.2 anterior a 22.2R3-S3, * desde 22.3 anterior a 22.3R3-S2 , * de 22.4 antes de 22.4R3, * de 23.2 antes de 23.2R2; Junos OS Evolved: * Todas las versiones anteriores a 20.4R3-S10-EVO, * desde 21.4-EVO antes de 21.4R3-S6-EVO, * desde 22.1-EVO antes de 22.1R3-S5-EVO, * desde 22.2-EVO antes de 22.2R3- S3-EVO, * desde 22.3-EVO antes de 22.3R3-S2-EVO, * desde 22.4-EVO antes de 22.4R3-EVO, * desde 23.2-EVO antes de 23.2R2-EVO."
}
],
"id": "CVE-2024-39514",
"lastModified": "2025-02-07T19:57:23.167",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "sirt@juniper.net",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "sirt@juniper.net",
"type": "Primary"
}
]
},
"published": "2024-07-10T23:15:10.877",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Vendor Advisory"
],
"url": "https://supportportal.juniper.net/JSA82980"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://supportportal.juniper.net/JSA82980"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-703"
}
],
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-22 20:15
Modified
2024-11-21 05:42
Severity ?
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
In Juniper Networks Junos OS Evolved, receipt of a stream of specific genuine Layer 2 frames may cause the Advanced Forwarding Toolkit (AFT) manager process (Evo-aftmand), responsible for handling Route, Class-of-Service (CoS), Firewall operations within the packet forwarding engine (PFE) to crash and restart, leading to a Denial of Service (DoS) condition. By continuously sending this specific stream of genuine Layer 2 frames, an attacker can repeatedly crash the PFE, causing a sustained Denial of Service (DoS). This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R1-EVO. This issue does not affect Junos OS versions.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| sirt@juniper.net | https://kb.juniper.net/JSA11134 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA11134 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| juniper | junos_os_evolved | 20.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "C9C8866D-162F-4C9B-8167-2FBA25410368",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Juniper Networks Junos OS Evolved, receipt of a stream of specific genuine Layer 2 frames may cause the Advanced Forwarding Toolkit (AFT) manager process (Evo-aftmand), responsible for handling Route, Class-of-Service (CoS), Firewall operations within the packet forwarding engine (PFE) to crash and restart, leading to a Denial of Service (DoS) condition. By continuously sending this specific stream of genuine Layer 2 frames, an attacker can repeatedly crash the PFE, causing a sustained Denial of Service (DoS). This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R1-EVO. This issue does not affect Junos OS versions."
},
{
"lang": "es",
"value": "En Juniper Networks, Junos OS Evolved, la recepci\u00f3n de un flujo de tramas de capa 2 genuinas espec\u00edficas puede causar que el proceso de gesti\u00f3n Advanced Forwarding Toolkit (AFT) (Evo-aftmand), responsable de gestionar las operaciones de ruta, clase de servicio (CoS) y cortafuegos. dentro del packet forwarding engine (PFE) para bloquearse y reiniciarse, conllevando a una condici\u00f3n de Denegaci\u00f3n de Servicio (DoS).\u0026#xa0;Al enviar continuamente este flujo espec\u00edfico de tramas genuinas de Capa 2, Un atacante puede ser capaz de bloquear repetidamente el PFE, provocando una Denegaci\u00f3n de Servicio (DoS) sostenida.\u0026#xa0;Este problema afecta a Juniper Networks Junos OS Evolved: todas las versiones anteriores a 20.4R1-EVO.\u0026#xa0;Este problema no afecta a Junos OS versiones"
}
],
"id": "CVE-2021-0239",
"lastModified": "2024-11-21T05:42:16.777",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-22T20:15:08.943",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA11134"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA11134"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-754"
}
],
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-754"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-04-12 15:15
Modified
2025-02-06 18:39
Severity ?
Summary
An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to access confidential information on the system.
On all Junos OS and Junos OS Evolved platforms, when NETCONF traceoptions are configured, and a super-user performs specific actions via NETCONF, then a low-privileged user can access sensitive information compromising the confidentiality of the system.
This issue affects:
Junos OS:
* all versions before 21.2R3-S7,
* from 21.4 before 21.4R3-S5,
* from 22.1 before 22.1R3-S5,
* from 22.2 before 22.2R3-S3,
* from 22.3 before 22.3R3-S2,
* from 22.4 before 22.4R3,
* from 23.2 before 23.2R1-S2.
Junos OS Evolved:
* all versions before 21.2R3-S7-EVO,
* from 21.3 before 21.3R3-S5-EVO,
* from 21.4 before 21.4R3-S5-EVO,
* from 22.1 before 22.1R3-S5-EVO,
* from 22.2 before 22.2R3-S3-EVO,
* from 22.3 before 22.3R3-S2-EVO,
* from 22.4 before 22.4R3-EVO,
* from 23.2 before 23.2R1-S2.
References
Impacted products