cnvd - cnvd-2022-06683

cnvd-2022-06683

Vulnerability from cnvd

Title

Juniper Networks Junos OS输入验证错误漏洞（CNVD-2022-06683）

Description

Juniper Networks Junos OS是美国瞻博网络（Juniper Networks）公司的一套专用于该公司的硬件设备的网络操作系统。该操作系统提供了安全编程接口和Junos SDK。 Juniper Networks Junos OS存在输入验证错误漏洞，该漏洞源于路由协议守护程序（rpd）中用户提供的输入验证不足。攻击者可利用该漏洞对目标系统执行DoS攻击。

Severity

中

Patch Name

Juniper Networks Junos OS输入验证错误漏洞（CNVD-2022-06683）的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11274&cat=SIRT_1&actp=LIST

Reference

https://vigilance.fr/vulnerability/Junos-OS-multiple-vulnerabilities-37234

Impacted products

Name
['Juniper Networks Junos OS 20.4，<20.4R3-S1', 'Juniper Networks Junos OS 21.1，<21.1R2-S2', 'Juniper Networks Junos OS 21.1，<21.1R3']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-22166",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-22166"
    }
  },
  "description": "Juniper Networks Junos OS\u662f\u7f8e\u56fd\u77bb\u535a\u7f51\u7edc\uff08Juniper Networks\uff09\u516c\u53f8\u7684\u4e00\u5957\u4e13\u7528\u4e8e\u8be5\u516c\u53f8\u7684\u786c\u4ef6\u8bbe\u5907\u7684\u7f51\u7edc\u64cd\u4f5c\u7cfb\u7edf\u3002\u8be5\u64cd\u4f5c\u7cfb\u7edf\u63d0\u4f9b\u4e86\u5b89\u5168\u7f16\u7a0b\u63a5\u53e3\u548cJunos SDK\u3002\n\nJuniper Networks Junos OS\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8def\u7531\u534f\u8bae\u5b88\u62a4\u7a0b\u5e8f\uff08rpd\uff09\u4e2d\u7528\u6237\u63d0\u4f9b\u7684\u8f93\u5165\u9a8c\u8bc1\u4e0d\u8db3\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bf9\u76ee\u6807\u7cfb\u7edf\u6267\u884cDoS\u653b\u51fb\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttp://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11274\u0026cat=SIRT_1\u0026actp=LIST",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-06683",
  "openTime": "2022-01-24",
  "patchDescription": "Juniper Networks Junos OS\u662f\u7f8e\u56fd\u77bb\u535a\u7f51\u7edc\uff08Juniper Networks\uff09\u516c\u53f8\u7684\u4e00\u5957\u4e13\u7528\u4e8e\u8be5\u516c\u53f8\u7684\u786c\u4ef6\u8bbe\u5907\u7684\u7f51\u7edc\u64cd\u4f5c\u7cfb\u7edf\u3002\u8be5\u64cd\u4f5c\u7cfb\u7edf\u63d0\u4f9b\u4e86\u5b89\u5168\u7f16\u7a0b\u63a5\u53e3\u548cJunos SDK\u3002\r\n\r\nJuniper Networks Junos OS\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8def\u7531\u534f\u8bae\u5b88\u62a4\u7a0b\u5e8f\uff08rpd\uff09\u4e2d\u7528\u6237\u63d0\u4f9b\u7684\u8f93\u5165\u9a8c\u8bc1\u4e0d\u8db3\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bf9\u76ee\u6807\u7cfb\u7edf\u6267\u884cDoS\u653b\u51fb\u3002 \u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Juniper Networks Junos OS\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2022-06683\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Juniper    Networks Junos OS 20.4\uff0c\u003c20.4R3-S1",
      "Juniper    Networks Junos OS 21.1\uff0c\u003c21.1R2-S2",
      "Juniper    Networks Junos OS 21.1\uff0c\u003c21.1R3"
    ]
  },
  "referenceLink": "https://vigilance.fr/vulnerability/Junos-OS-multiple-vulnerabilities-37234",
  "serverity": "\u4e2d",
  "submitTime": "2022-01-17",
  "title": "Juniper Networks Junos OS\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2022-06683\uff09"
}

CVE-2022-22166 (GCVE-0-2022-22166)

Vulnerability from cvelistv5

Published

2022-01-19 00:21

Modified

2024-09-16 18:39

Severity ?

6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-1284 - Improper Validation of Specified Quantity in Input
Denial of Service (DoS)

Summary

An Improper Validation of Specified Quantity in Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause an rdp crash and thereby a Denial of Service (DoS). If a BGP update message is received over an established BGP session where a BGP SR-TE policy tunnel attribute is malformed and BGP update tracing flag is enabled, the rpd will core. This issue can happen with any BGP session as long as the previous conditions are met. This issue can not propagate as the crash occurs as soon as the malformed update is received. This issue affects Juniper Networks Junos OS: 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R2-S2, 21.1R3. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1.

References

URL

Tags

https://kb.juniper.net/JSA11274

x_refsource_CONFIRM