Vulnerabilites related to juniper - acx7100-48l
cve-2023-28961
Vulnerability from cvelistv5
Published
2023-04-17 00:00
Modified
2025-02-06 14:40
Severity ?
EPSS score ?
Summary
An Improper Handling of Unexpected Data Type vulnerability in IPv6 firewall filter processing of Juniper Networks Junos OS on the ACX Series devices will prevent a firewall filter with the term 'from next-header ah' from being properly installed in the packet forwarding engine (PFE). There is no immediate indication of an incomplete firewall filter commit shown at the CLI, which could allow an attacker to send valid packets to or through the device that were explicitly intended to be dropped. An indication that the filter was not installed can be identified with the following logs: fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_rule_prepare : Config failed: Unsupported Ip-protocol 51 in the filter lo0.0-inet6-i fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_rule_prepare : Please detach the filter, remove unsupported match and re-attach fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_process_rule : Status:104 dnx_dfw_rule_prepare failed fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_process_filter : Status:104 dnx_dfw_process_rule failed fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_update_filter_in_hw : Status:104 Could not process filter(lo0.0-inet6-i) for rule expansion Unsupported match, action present. fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_create_hw_instance : Status:104 Could not program dfw(lo0.0-inet6-i) type(IFP_DFLT_INET6_Lo0_FILTER)! [104] fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_bind_shim : [104] Could not create dfw(lo0.0-inet6-i) type(IFP_DFLT_INET6_Lo0_FILTER) fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_update_resolve : [100] Failed to bind filter(3) to bind point fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_change_end : dnx_dfw_update_resolve (resolve type) failed This issue affects Juniper Networks Junos OS on ACX Series: All versions prior to 20.2R3-S7; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R2.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Version: unspecified < 20.2R3-S7 Version: 20.4 < 20.4R3-S4 Version: 21.1 < 21.1R3-S3 Version: 21.2 < 21.2R3-S4 Version: 21.3 < 21.3R3 Version: 21.4 < 21.4R3 Version: 22.1 < 22.1R2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T13:51:38.860Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://supportportal.juniper.net/JSA70586", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-28961", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-06T14:40:23.891840Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-06T14:40:32.215Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "ACX Series", ], product: "Junos OS", vendor: "Juniper Networks", versions: [ { lessThan: "20.2R3-S7", status: "affected", version: "unspecified", versionType: "custom", }, { lessThan: "20.4R3-S4", status: "affected", version: "20.4", versionType: "custom", }, { lessThan: "21.1R3-S3", status: "affected", version: "21.1", versionType: "custom", }, { lessThan: "21.2R3-S4", status: "affected", version: "21.2", versionType: "custom", }, { lessThan: "21.3R3", status: "affected", version: "21.3", versionType: "custom", }, { lessThan: "21.4R3", status: "affected", version: "21.4", versionType: "custom", }, { lessThan: "22.1R2", status: "affected", version: "22.1", versionType: "custom", }, ], }, ], configurations: [ { lang: "en", value: "This issue affects systems with stateless firewall filters configured as follows:\n\n set firewall family inet6 filter <filter-name> term <term-name> from next-header ah\n", }, ], datePublic: "2023-04-12T00:00:00.000Z", descriptions: [ { lang: "en", value: "An Improper Handling of Unexpected Data Type vulnerability in IPv6 firewall filter processing of Juniper Networks Junos OS on the ACX Series devices will prevent a firewall filter with the term 'from next-header ah' from being properly installed in the packet forwarding engine (PFE). There is no immediate indication of an incomplete firewall filter commit shown at the CLI, which could allow an attacker to send valid packets to or through the device that were explicitly intended to be dropped. An indication that the filter was not installed can be identified with the following logs: fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_rule_prepare : Config failed: Unsupported Ip-protocol 51 in the filter lo0.0-inet6-i fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_rule_prepare : Please detach the filter, remove unsupported match and re-attach fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_process_rule : Status:104 dnx_dfw_rule_prepare failed fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_process_filter : Status:104 dnx_dfw_process_rule failed fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_update_filter_in_hw : Status:104 Could not process filter(lo0.0-inet6-i) for rule expansion Unsupported match, action present. fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_create_hw_instance : Status:104 Could not program dfw(lo0.0-inet6-i) type(IFP_DFLT_INET6_Lo0_FILTER)! [104] fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_bind_shim : [104] Could not create dfw(lo0.0-inet6-i) type(IFP_DFLT_INET6_Lo0_FILTER) fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_update_resolve : [100] Failed to bind filter(3) to bind point fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_change_end : dnx_dfw_update_resolve (resolve type) failed This issue affects Juniper Networks Junos OS on ACX Series: All versions prior to 20.2R3-S7; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R2.", }, ], exploits: [ { lang: "en", value: "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.8, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-241", description: "CWE-241 Improper Handling of Unexpected Data Type", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-17T00:00:00.000Z", orgId: "8cbe9d5a-a066-4c94-8978-4b15efeae968", shortName: "juniper", }, references: [ { url: "https://supportportal.juniper.net/JSA70586", }, ], solutions: [ { lang: "en", value: "The following software releases have been updated to resolve this specific issue: 20.2R3-S7, 20.4R3-S4, 21.1R3-S3, 21.2R3-S4, 21.3R3, 21.4R3, 22.1R2, 22.2R1, and all subsequent releases.\n", }, ], source: { advisory: "JSA70586", defect: [ "1653475", ], discovery: "USER", }, title: "Junos OS: ACX Series: IPv6 firewall filter is not installed in PFE when \"from next-header ah\" is used", workarounds: [ { lang: "en", value: "There are no known workarounds for this issue.", }, ], x_generator: { engine: "Vulnogram 0.0.9", }, }, }, cveMetadata: { assignerOrgId: "8cbe9d5a-a066-4c94-8978-4b15efeae968", assignerShortName: "juniper", cveId: "CVE-2023-28961", datePublished: "2023-04-17T00:00:00.000Z", dateReserved: "2023-03-29T00:00:00.000Z", dateUpdated: "2025-02-06T14:40:32.215Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-39519
Vulnerability from cvelistv5
Published
2024-07-11 15:55
Modified
2024-08-02 04:26
Severity ?
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.1 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
7.1 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
EPSS score ?
Summary
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX7000 Series allows an unauthenticated, adjacent attacker to cause a
Denial-of-Service (DoS).
On all ACX 7000 Series platforms running
Junos OS Evolved, and configured with IRBs, if a Customer Edge device (CE) device is dual homed to two Provider Edge devices (PE) a traffic loop will occur when the CE sends multicast packets. This issue can be triggered by IPv4 and IPv6 traffic.
This issue affects Junos OS Evolved:
All versions from 22.2R1-EVO and later versions before 22.4R2-EVO,
This issue does not affect Junos OS Evolved versions before 22.1R1-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportportal.juniper.net/JSA82983 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Version: 22.1-EVO ≤ Version: 22.2-EVO < Version: 22.3-EVO < Version: 22.4-EVO ≤ |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-39519", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-11T18:57:45.856923Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-11T18:57:54.595Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T04:26:15.781Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://supportportal.juniper.net/JSA82983", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "ACX7000 Series", ], product: "Junos OS Evolved", vendor: "Juniper Networks", versions: [ { status: "affected", version: "22.1-EVO", versionType: "semver", }, { lessThan: "22.1R1-EVO", status: "unaffected", version: "0", versionType: "semver", }, { status: "affected", version: "22.2-EVO", versionType: "custom", }, { status: "affected", version: "22.3-EVO", versionType: "custom", }, { lessThan: "22.4R2-EVO", status: "affected", version: "22.4-EVO", versionType: "semver", }, ], }, ], configurations: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>To be potentially exposed to this issue the device must be configured as follows:</p><tt>[ routing-instances evpna instance-type evpn ]<br>[ routing-instances evpna routing-interface irb.0 ]</tt>", }, ], value: "To be potentially exposed to this issue the device must be configured as follows:\n\n[ routing-instances evpna instance-type evpn ]\n[ routing-instances evpna routing-interface irb.0 ]", }, ], datePublic: "2024-07-10T16:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX7000 Series allows an unauthenticated, adjacent attacker to cause a \n\n<span style=\"background-color: rgb(255, 255, 255);\">Denial-of-Service (DoS).</span><p>\n\n<span style=\"background-color: rgb(255, 255, 255);\">On all ACX 7000 Series platforms running \n\n<span style=\"background-color: rgb(255, 255, 255);\">Junos OS Evolved, and configured with IRBs</span>, if a Customer Edge device (CE) device is dual homed to two Provider Edge devices (PE) a traffic loop will occur when the CE sends multicast packets. This issue can be triggered by IPv4 and IPv6 traffic.</span><span style=\"background-color: rgb(255, 255, 255);\"><br></span></p><p>This issue affects Junos OS Evolved: </p><p>All versions from 22.2R1-EVO and later versions before 22.4R2-EVO,</p><p><span style=\"background-color: var(--wht);\">This issue does not affect Junos OS Evolved versions before 22.1R1-EVO.</span><br></p>", }, ], value: "An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX7000 Series allows an unauthenticated, adjacent attacker to cause a \n\nDenial-of-Service (DoS).\n\nOn all ACX 7000 Series platforms running \n\nJunos OS Evolved, and configured with IRBs, if a Customer Edge device (CE) device is dual homed to two Provider Edge devices (PE) a traffic loop will occur when the CE sends multicast packets. This issue can be triggered by IPv4 and IPv6 traffic.\n\n\nThis issue affects Junos OS Evolved: \n\nAll versions from 22.2R1-EVO and later versions before 22.4R2-EVO,\n\nThis issue does not affect Junos OS Evolved versions before 22.1R1-EVO.", }, ], exploits: [ { lang: "eng", supportingMedia: [ { base64: false, type: "text/html", value: "Juniper SIRT is not aware of any malicious exploitation of this vulnerability. However, multiple occurrences of this issue have been reported in production.", }, ], value: "Juniper SIRT is not aware of any malicious exploitation of this vulnerability. However, multiple occurrences of this issue have been reported in production.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, { cvssV4_0: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "ADJACENT", baseScore: 7.1, baseSeverity: "HIGH", privilegesRequired: "NONE", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "LOW", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L", version: "4.0", vulnAvailabilityImpact: "HIGH", vulnConfidentialityImpact: "NONE", vulnIntegrityImpact: "NONE", vulnerabilityResponseEffort: "NOT_DEFINED", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-754", description: "CWE-754 Improper Check for Unusual or Exceptional Conditions", lang: "eng", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-11T15:55:37.087Z", orgId: "8cbe9d5a-a066-4c94-8978-4b15efeae968", shortName: "juniper", }, references: [ { tags: [ "vendor-advisory", ], url: "https://supportportal.juniper.net/JSA82983", }, ], solutions: [ { lang: "eng", supportingMedia: [ { base64: false, type: "text/html", value: "The following software releases have been updated to resolve this specific issue: 22.4R2-EVO, 23.2R1-EVO, and all subsequent releases.<br>", }, ], value: "The following software releases have been updated to resolve this specific issue: 22.4R2-EVO, 23.2R1-EVO, and all subsequent releases.", }, ], source: { advisory: "JSA82983", defect: [ "1691134", ], discovery: "USER", }, title: "Junos OS Evolved: ACX 7000 Series: Multicast traffic is looped in a multihoming EVPN MPLS scenario", workarounds: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "There are no known workarounds for this issue.", }, ], value: "There are no known workarounds for this issue.", }, ], x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "8cbe9d5a-a066-4c94-8978-4b15efeae968", assignerShortName: "juniper", cveId: "CVE-2024-39519", datePublished: "2024-07-11T15:55:37.087Z", dateReserved: "2024-06-25T15:12:53.239Z", dateUpdated: "2024-08-02T04:26:15.781Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-22227
Vulnerability from cvelistv5
Published
2022-10-18 02:46
Modified
2024-09-17 04:14
Severity ?
EPSS score ?
Summary
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX7000 Series allows an unauthenticated network-based attacker to cause a partial Denial of Service (DoS). On receipt of specific IPv6 transit traffic, Junos OS Evolved on ACX7100-48L, ACX7100-32C and ACX7509 sends this traffic to the Routing Engine (RE) instead of forwarding it, leading to increased CPU utilization of the RE and a partial DoS. This issue only affects systems configured with IPv6. This issue does not affect ACX7024 which is supported from 22.3R1-EVO onwards where the fix has already been incorporated as indicated in the solution section. This issue affects Juniper Networks Junos OS Evolved on ACX7100-48L, ACX7100-32C, ACX7509: 21.1-EVO versions prior to 21.1R3-S2-EVO; 21.2-EVO versions prior to 21.2R3-S2-EVO; 21.3-EVO versions prior to 21.3R3-EVO; 21.4-EVO versions prior to 21.4R1-S1-EVO, 21.4R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 21.1R1-EVO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA69878 |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Patch: unspecified Version: 21.1-EVO < 21.1R3-S2-EVO Version: 21.2-EVO < 21.2R3-S2-EVO Version: 21.3-EVO < 21.3R3-EVO Version: 21.4-EVO < 21.4R1-S1-EVO, 21.4R2-EVO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:07:50.130Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://kb.juniper.net/JSA69878", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "ACX7100-48L, ACX7100-32C, ACX7509", ], product: "Junos OS Evolved", vendor: "Juniper Networks", versions: [ { lessThan: "21.1R1-EVO", status: "unaffected", version: "unspecified", versionType: "custom", }, { lessThan: "21.1R3-S2-EVO", status: "affected", version: "21.1-EVO", versionType: "custom", }, { lessThan: "21.2R3-S2-EVO", status: "affected", version: "21.2-EVO", versionType: "custom", }, { lessThan: "21.3R3-EVO", status: "affected", version: "21.3-EVO", versionType: "custom", }, { lessThan: "21.4R1-S1-EVO, 21.4R2-EVO", status: "affected", version: "21.4-EVO", versionType: "custom", }, ], }, ], configurations: [ { lang: "en", value: "To be exposed to this vulnerability a device needs to be configured with a minimal IPv6 configuration like in the following example:\n\n [ interfaces <interface> unit <unit number> family inet6 ]", }, ], datePublic: "2022-10-12T00:00:00", descriptions: [ { lang: "en", value: "An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX7000 Series allows an unauthenticated network-based attacker to cause a partial Denial of Service (DoS). On receipt of specific IPv6 transit traffic, Junos OS Evolved on ACX7100-48L, ACX7100-32C and ACX7509 sends this traffic to the Routing Engine (RE) instead of forwarding it, leading to increased CPU utilization of the RE and a partial DoS. This issue only affects systems configured with IPv6. This issue does not affect ACX7024 which is supported from 22.3R1-EVO onwards where the fix has already been incorporated as indicated in the solution section. This issue affects Juniper Networks Junos OS Evolved on ACX7100-48L, ACX7100-32C, ACX7509: 21.1-EVO versions prior to 21.1R3-S2-EVO; 21.2-EVO versions prior to 21.2R3-S2-EVO; 21.3-EVO versions prior to 21.3R3-EVO; 21.4-EVO versions prior to 21.4R1-S1-EVO, 21.4R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 21.1R1-EVO.", }, ], exploits: [ { lang: "en", value: "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-754", description: "CWE-754 Improper Check for Unusual or Exceptional Conditions", lang: "en", type: "CWE", }, ], }, { descriptions: [ { description: "Denial of Service (DoS)", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-10-18T00:00:00", orgId: "8cbe9d5a-a066-4c94-8978-4b15efeae968", shortName: "juniper", }, references: [ { url: "https://kb.juniper.net/JSA69878", }, ], solutions: [ { lang: "en", value: "The following software releases have been updated to resolve this specific issue: 21.1R3-S2-EVO, 21.2R3-S2-EVO, 21.3R3-EVO, 21.4R1-S1-EVO, 21.4R2-EVO, 22.1R1-EVO, and all subsequent releases.", }, ], source: { advisory: "JSA69878", defect: [ "1641006", ], discovery: "USER", }, title: "Junos OS Evolved: ACX7000 Series: Specific IPv6 transit traffic gets exceptioned to the routing-engine which causes increased CPU utilization", workarounds: [ { lang: "en", value: "There are no viable workarounds for this issue.", }, ], x_generator: { engine: "Vulnogram 0.0.9", }, }, }, cveMetadata: { assignerOrgId: "8cbe9d5a-a066-4c94-8978-4b15efeae968", assignerShortName: "juniper", cveId: "CVE-2022-22227", datePublished: "2022-10-18T02:46:28.960454Z", dateReserved: "2021-12-21T00:00:00", dateUpdated: "2024-09-17T04:14:49.072Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2024-07-11 16:15
Modified
2024-11-21 09:27
Severity ?
Summary
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX7000 Series allows an unauthenticated, adjacent attacker to cause a
Denial-of-Service (DoS).
On all ACX 7000 Series platforms running
Junos OS Evolved, and configured with IRBs, if a Customer Edge device (CE) device is dual homed to two Provider Edge devices (PE) a traffic loop will occur when the CE sends multicast packets. This issue can be triggered by IPv4 and IPv6 traffic.
This issue affects Junos OS Evolved:
All versions from 22.2R1-EVO and later versions before 22.4R2-EVO,
This issue does not affect Junos OS Evolved versions before 22.1R1-EVO.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| sirt@juniper.net | https://supportportal.juniper.net/JSA82983 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://supportportal.juniper.net/JSA82983 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| juniper | junos_os_evolved | * | |
| juniper | junos_os_evolved | 22.4 | |
| juniper | junos_os_evolved | 22.4 | |
| juniper | junos_os_evolved | 22.4 | |
| juniper | junos_os_evolved | 22.4 | |
| juniper | acx7024 | - | |
| juniper | acx7024x | - | |
| juniper | acx7100-32c | - | |
| juniper | acx7100-48l | - | |
| juniper | acx7332 | - | |
| juniper | acx7348 | - | |
| juniper | acx7509 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*", matchCriteriaId: "1C8ED590-BF68-44C7-971F-A237A0E20F8E", versionEndExcluding: "22.4", versionStartIncluding: "22.2", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos_os_evolved:22.4:-:*:*:*:*:*:*", matchCriteriaId: "0A33C425-921F-4795-B834-608C8F1597E0", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos_os_evolved:22.4:r1:*:*:*:*:*:*", matchCriteriaId: "93887799-F62C-4A4A-BCF5-004D0B4D4154", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s1:*:*:*:*:*:*", matchCriteriaId: "62C473D2-2612-4480-82D8-8A24D0687BBD", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s2:*:*:*:*:*:*", matchCriteriaId: "7FB4C5CA-A709-4B13-A9E0-372098A72AD3", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:juniper:acx7024:-:*:*:*:*:*:*:*", matchCriteriaId: "1026737F-BA23-4550-9030-EA0502E97953", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:acx7024x:-:*:*:*:*:*:*:*", matchCriteriaId: "2FFFD74C-7BF9-4EAF-B364-356A8393712D", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:acx7100-32c:-:*:*:*:*:*:*:*", matchCriteriaId: "6FF19E76-F26B-4111-A814-BA7E5C3F2A74", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:acx7100-48l:-:*:*:*:*:*:*:*", matchCriteriaId: "F48C7E15-C23D-4E2D-9A1B-C314383C8C32", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:acx7332:-:*:*:*:*:*:*:*", matchCriteriaId: "3B618533-4361-4175-B10B-D229B6D34C37", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:acx7348:-:*:*:*:*:*:*:*", matchCriteriaId: "8E5D2688-2C0D-4064-8B8F-343A7C604966", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:acx7509:-:*:*:*:*:*:*:*", matchCriteriaId: "B50EC358-F551-4F2B-9DA1-61B6412AB957", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX7000 Series allows an unauthenticated, adjacent attacker to cause a \n\nDenial-of-Service (DoS).\n\nOn all ACX 7000 Series platforms running \n\nJunos OS Evolved, and configured with IRBs, if a Customer Edge device (CE) device is dual homed to two Provider Edge devices (PE) a traffic loop will occur when the CE sends multicast packets. This issue can be triggered by IPv4 and IPv6 traffic.\n\n\nThis issue affects Junos OS Evolved: \n\nAll versions from 22.2R1-EVO and later versions before 22.4R2-EVO,\n\nThis issue does not affect Junos OS Evolved versions before 22.1R1-EVO.", }, { lang: "es", value: "Una vulnerabilidad de verificación inadecuada de las condiciones inusuales o excepcionales en el motor de reenvío de paquetes (PFE) de Juniper Networks Junos OS Evolved en la serie ACX7000 permite que un atacante adyacente no autenticado provoque una denegación de servicio (DoS). En todas las plataformas de la serie ACX 7000 que ejecutan Junos OS Evolved y están configuradas con IRB, si un dispositivo de Customer Edge (CE) tiene conexión dual con dos dispositivos de borde del proveedor (PE), se producirá un bucle de tráfico cuando el CE envíe paquetes de multidifusión. Este problema puede deberse al tráfico IPv4 e IPv6. Este problema afecta a Junos OS Evolved: todas las versiones desde 22.2R1-EVO y versiones posteriores anteriores a 22.4R2-EVO. Este problema no afecta a las versiones de Junos OS Evolved anteriores a 22.1R1-EVO.", }, ], id: "CVE-2024-39519", lastModified: "2024-11-21T09:27:54.717", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "sirt@juniper.net", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "ADJACENT", availabilityRequirement: "NOT_DEFINED", baseScore: 7.1, baseSeverity: "HIGH", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "NONE", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "LOW", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "HIGH", vulnConfidentialityImpact: "NONE", vulnIntegrityImpact: "NONE", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "sirt@juniper.net", type: "Primary", }, ], }, published: "2024-07-11T16:15:02.717", references: [ { source: "sirt@juniper.net", tags: [ "Vendor Advisory", ], url: "https://supportportal.juniper.net/JSA82983", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://supportportal.juniper.net/JSA82983", }, ], sourceIdentifier: "sirt@juniper.net", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-754", }, ], source: "sirt@juniper.net", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-754", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-04-17 22:15
Modified
2024-11-21 07:56
Severity ?
5.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
An Improper Handling of Unexpected Data Type vulnerability in IPv6 firewall filter processing of Juniper Networks Junos OS on the ACX Series devices will prevent a firewall filter with the term 'from next-header ah' from being properly installed in the packet forwarding engine (PFE). There is no immediate indication of an incomplete firewall filter commit shown at the CLI, which could allow an attacker to send valid packets to or through the device that were explicitly intended to be dropped. An indication that the filter was not installed can be identified with the following logs: fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_rule_prepare : Config failed: Unsupported Ip-protocol 51 in the filter lo0.0-inet6-i fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_rule_prepare : Please detach the filter, remove unsupported match and re-attach fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_process_rule : Status:104 dnx_dfw_rule_prepare failed fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_process_filter : Status:104 dnx_dfw_process_rule failed fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_update_filter_in_hw : Status:104 Could not process filter(lo0.0-inet6-i) for rule expansion Unsupported match, action present. fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_create_hw_instance : Status:104 Could not program dfw(lo0.0-inet6-i) type(IFP_DFLT_INET6_Lo0_FILTER)! [104] fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_bind_shim : [104] Could not create dfw(lo0.0-inet6-i) type(IFP_DFLT_INET6_Lo0_FILTER) fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_update_resolve : [100] Failed to bind filter(3) to bind point fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_change_end : dnx_dfw_update_resolve (resolve type) failed This issue affects Juniper Networks Junos OS on ACX Series: All versions prior to 20.2R3-S7; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R2.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| sirt@juniper.net | https://supportportal.juniper.net/JSA70586 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://supportportal.juniper.net/JSA70586 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*", matchCriteriaId: "9D5DC3ED-1843-467F-903D-2DB6CDFF06F1", versionEndExcluding: "20.2", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.2:-:*:*:*:*:*:*", matchCriteriaId: "D4CF52CF-F911-4615-9171-42F84429149F", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.2:r1:*:*:*:*:*:*", matchCriteriaId: "CD07B7E2-F5C2-4610-9133-FDA9E66DFF4F", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.2:r1-s1:*:*:*:*:*:*", matchCriteriaId: "D3C23AEB-34DE-44FB-8D64-E69D6E8B7401", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.2:r1-s2:*:*:*:*:*:*", matchCriteriaId: "18DB9401-5A51-4BB3-AC2F-58F58F1C788C", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.2:r1-s3:*:*:*:*:*:*", matchCriteriaId: "06F53DA5-59AE-403C-9B1E-41CE267D8BB1", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.2:r2:*:*:*:*:*:*", matchCriteriaId: "3332262F-81DA-4D78-99C9-514CADA46611", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.2:r2-s1:*:*:*:*:*:*", matchCriteriaId: "B46B63A2-1518-4A29-940C-F05624C9658D", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.2:r2-s2:*:*:*:*:*:*", matchCriteriaId: "8E0D4959-3865-42A7-98CD-1103EBD84528", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.2:r2-s3:*:*:*:*:*:*", matchCriteriaId: "3A58292B-814C-49E7-8D6D-BE26EFB9ADDF", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.2:r3:*:*:*:*:*:*", matchCriteriaId: "681AE183-7183-46E7-82EA-28C398FA1C3D", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.2:r3-s1:*:*:*:*:*:*", matchCriteriaId: "8A6E9627-8BF1-4BE8-844B-EE8F1C9478F0", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.2:r3-s2:*:*:*:*:*:*", matchCriteriaId: "0A80F23B-CD13-4745-BA92-67C23B297A18", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.2:r3-s3:*:*:*:*:*:*", matchCriteriaId: "67D4004B-1233-4258-9C7A-F05189146B44", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.2:r3-s4:*:*:*:*:*:*", matchCriteriaId: "69E33F24-D480-4B5F-956D-D435A551CBE7", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.2:r3-s5:*:*:*:*:*:*", matchCriteriaId: "6E5E3FDB-3F33-4686-9B64-0152AD41939D", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.2:r3-s6:*:*:*:*:*:*", matchCriteriaId: "9C411A2E-A407-44E5-A2B2-3D049FB2DB4D", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:-:*:*:*:*:*:*", matchCriteriaId: "3D361B23-A3C2-444B-BEB8-E231DA950567", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r1:*:*:*:*:*:*", matchCriteriaId: "20DDC6B7-BFC4-4F0B-8E68-442C23765BF2", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r1-s1:*:*:*:*:*:*", matchCriteriaId: "037BA01C-3F5C-4503-A633-71765E9EF774", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r2:*:*:*:*:*:*", matchCriteriaId: "C54B047C-4B38-40C0-9855-067DCF7E48BD", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r2-s1:*:*:*:*:*:*", matchCriteriaId: "38984199-E332-4A9C-A4C0-78083D052E15", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r2-s2:*:*:*:*:*:*", matchCriteriaId: "AA6526FB-2941-4D18-9B2E-472AD5A62A53", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r3:*:*:*:*:*:*", matchCriteriaId: "09876787-A40A-4340-9C12-8628C325353B", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r3-s1:*:*:*:*:*:*", matchCriteriaId: "41615104-C17E-44DA-AB0D-6E2053BD4EF4", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r3-s2:*:*:*:*:*:*", matchCriteriaId: "1981DE38-36B5-469D-917E-92717EE3ED53", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:20.4:r3-s3:*:*:*:*:*:*", matchCriteriaId: "AFA68ACD-AAE5-4577-B734-23AAF77BC85A", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.1:-:*:*:*:*:*:*", matchCriteriaId: "6FDB5B7D-FB37-47E3-8678-B9ED578CCA5F", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.1:r1:*:*:*:*:*:*", matchCriteriaId: "625BA7E6-D2AD-4A48-9B94-24328BE5B06A", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.1:r1-s1:*:*:*:*:*:*", matchCriteriaId: "F462F4E3-762C-429F-8D25-5521100DD37C", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.1:r2:*:*:*:*:*:*", matchCriteriaId: "C0BC9DAC-D6B5-4C5E-8C73-6E550D9A30F5", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.1:r2-s1:*:*:*:*:*:*", matchCriteriaId: "689FE1AE-7A85-4FB6-AB02-E732F23581B6", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.1:r2-s2:*:*:*:*:*:*", matchCriteriaId: "79E56DAC-75AD-4C81-9835-634B40C15DA6", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.1:r3:*:*:*:*:*:*", matchCriteriaId: "A0040FE2-7ECD-4755-96CE-E899BA298E0C", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.1:r3-s1:*:*:*:*:*:*", matchCriteriaId: "076AB086-BB79-4583-AAF7-A5233DFB2F95", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.1:r3-s2:*:*:*:*:*:*", matchCriteriaId: "72E2DDF6-01DF-4880-AB60-B3DA3281E88D", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*", matchCriteriaId: "216E7DDE-453D-481F-92E2-9F8466CDDA3F", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r1:*:*:*:*:*:*", matchCriteriaId: "A52AF794-B36B-43A6-82E9-628658624B0A", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r1-s1:*:*:*:*:*:*", matchCriteriaId: "3998DC76-F72F-4452-9150-652140B113EB", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r1-s2:*:*:*:*:*:*", matchCriteriaId: "36ED4552-2420-45F9-B6E4-6DA2B2B12870", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r2:*:*:*:*:*:*", matchCriteriaId: "C28A14E7-7EA0-4757-9764-E39A27CFDFA5", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r2-s1:*:*:*:*:*:*", matchCriteriaId: "4A43752D-A4AF-4B4E-B95B-192E42883A5B", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r2-s2:*:*:*:*:*:*", matchCriteriaId: "42986538-E9D0-4C2E-B1C4-A763A4EE451B", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r3:*:*:*:*:*:*", matchCriteriaId: "DE22CA01-EA7E-4EE5-B59F-EE100688C1DA", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r3-s1:*:*:*:*:*:*", matchCriteriaId: "E596ABD9-6ECD-48DC-B770-87B7E62EA345", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r3-s2:*:*:*:*:*:*", matchCriteriaId: "71745D02-D226-44DC-91AD-678C85F5E6FC", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.2:r3-s3:*:*:*:*:*:*", matchCriteriaId: "39E44B09-7310-428C-8144-AE9DB0484D1F", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:-:*:*:*:*:*:*", matchCriteriaId: "2E7D597D-F6B6-44C3-9EBC-4FA0686ACB5C", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r1:*:*:*:*:*:*", matchCriteriaId: "CC78A4CB-D617-43FC-BB51-287D2D0C44ED", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r1-s1:*:*:*:*:*:*", matchCriteriaId: "30FF67F8-1E3C-47A8-8859-709B3614BA6E", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r1-s2:*:*:*:*:*:*", matchCriteriaId: "0C7C507E-C85E-4BC6-A3B0-549516BAB524", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r2:*:*:*:*:*:*", matchCriteriaId: "6514CDE8-35DC-469F-89A3-078684D18F7A", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r2-s1:*:*:*:*:*:*", matchCriteriaId: "4624565D-8F59-44A8-B7A8-01AD579745E7", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.3:r2-s2:*:*:*:*:*:*", matchCriteriaId: "4BF8CD82-C338-4D9A-8C98-FCB3CEAA9227", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:-:*:*:*:*:*:*", matchCriteriaId: "79ED3CE8-CC57-43AB-9A26-BBC87816062D", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r1:*:*:*:*:*:*", matchCriteriaId: "4310D2D9-A8A6-48F8-9384-0A0692A1E1C3", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r1-s1:*:*:*:*:*:*", matchCriteriaId: "9962B01C-C57C-4359-9532-676AB81CE8B0", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r1-s2:*:*:*:*:*:*", matchCriteriaId: "62178549-B679-4902-BFDB-2993803B7FCE", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r2:*:*:*:*:*:*", matchCriteriaId: "9AD697DF-9738-4276-94ED-7B9380CD09F5", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r2-s1:*:*:*:*:*:*", matchCriteriaId: "09FF5818-0803-4646-A386-D7C645EE58A3", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:21.4:r2-s2:*:*:*:*:*:*", matchCriteriaId: "2229FA59-EB24-49A2-85CE-F529A8DE6BA7", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r1:*:*:*:*:*:*", matchCriteriaId: "3F96EBE9-2532-4E35-ABA5-CA68830476A4", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r1-s1:*:*:*:*:*:*", matchCriteriaId: "B4D936AE-FD74-4823-A824-2D9F24C25BFB", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos:22.1:r1-s2:*:*:*:*:*:*", matchCriteriaId: "E117E493-F4E1-4568-88E3-F243C74A2662", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:juniper:acx1000:-:*:*:*:*:*:*:*", matchCriteriaId: "AF19CB03-4A42-48BC-A6E1-A6F56D40F422", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:acx1100:-:*:*:*:*:*:*:*", matchCriteriaId: "648CB4A2-05FA-4445-BB4F-F9285A8E8A5D", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:acx2000:-:*:*:*:*:*:*:*", matchCriteriaId: "90339191-4DE3-4116-8CEC-C5440D063CEE", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:acx2100:-:*:*:*:*:*:*:*", matchCriteriaId: "E9F5683A-7DCC-4691-AD3A-F2B66684DA9C", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:acx2200:-:*:*:*:*:*:*:*", matchCriteriaId: "154658D0-FE3E-43C1-8A4D-CAF67C9BCD98", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:acx4000:-:*:*:*:*:*:*:*", matchCriteriaId: "76E2CDA9-2379-482C-B509-D527AFE2C7D5", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:acx500:-:*:*:*:*:*:*:*", matchCriteriaId: "36729286-5080-47E8-A961-976BF64F5A93", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:acx5000:-:*:*:*:*:*:*:*", matchCriteriaId: "4C398D8D-AD15-422C-90DE-2EAD9B9A7DF4", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:acx5048:-:*:*:*:*:*:*:*", matchCriteriaId: "3F8DB691-C9F4-4084-8563-642A2F63DA86", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:acx5096:-:*:*:*:*:*:*:*", matchCriteriaId: "44B58F51-4F0D-40BD-A90F-226A26F4646E", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:acx5400:-:*:*:*:*:*:*:*", matchCriteriaId: "D013356B-A9FE-4301-BFEB-0D5B1AB3541D", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:acx5448:-:*:*:*:*:*:*:*", matchCriteriaId: "2EB7B849-D1D4-46F3-B502-5D84C5E7C3B0", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:acx5800:-:*:*:*:*:*:*:*", matchCriteriaId: "6D0730C3-5846-43E9-A9BD-8AEED356A959", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:acx6300:-:*:*:*:*:*:*:*", matchCriteriaId: "6655453A-D027-41A3-B1E9-D40A5220E4CD", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:acx6360:-:*:*:*:*:*:*:*", matchCriteriaId: "58626682-A25D-46B6-B2B3-493772FFBA11", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:acx710:-:*:*:*:*:*:*:*", matchCriteriaId: "AC3484A2-C7E4-43D1-9D47-08C531185C67", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:acx7100-32c:-:*:*:*:*:*:*:*", matchCriteriaId: "6FF19E76-F26B-4111-A814-BA7E5C3F2A74", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:acx7100-48l:-:*:*:*:*:*:*:*", matchCriteriaId: "F48C7E15-C23D-4E2D-9A1B-C314383C8C32", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:acx7509:-:*:*:*:*:*:*:*", matchCriteriaId: "B50EC358-F551-4F2B-9DA1-61B6412AB957", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "An Improper Handling of Unexpected Data Type vulnerability in IPv6 firewall filter processing of Juniper Networks Junos OS on the ACX Series devices will prevent a firewall filter with the term 'from next-header ah' from being properly installed in the packet forwarding engine (PFE). There is no immediate indication of an incomplete firewall filter commit shown at the CLI, which could allow an attacker to send valid packets to or through the device that were explicitly intended to be dropped. An indication that the filter was not installed can be identified with the following logs: fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_rule_prepare : Config failed: Unsupported Ip-protocol 51 in the filter lo0.0-inet6-i fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_rule_prepare : Please detach the filter, remove unsupported match and re-attach fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_process_rule : Status:104 dnx_dfw_rule_prepare failed fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_process_filter : Status:104 dnx_dfw_process_rule failed fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_update_filter_in_hw : Status:104 Could not process filter(lo0.0-inet6-i) for rule expansion Unsupported match, action present. fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_create_hw_instance : Status:104 Could not program dfw(lo0.0-inet6-i) type(IFP_DFLT_INET6_Lo0_FILTER)! [104] fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_bind_shim : [104] Could not create dfw(lo0.0-inet6-i) type(IFP_DFLT_INET6_Lo0_FILTER) fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_update_resolve : [100] Failed to bind filter(3) to bind point fpc0 ACX_DFW_CFG_FAILED: ACX Error (dfw):dnx_dfw_change_end : dnx_dfw_update_resolve (resolve type) failed This issue affects Juniper Networks Junos OS on ACX Series: All versions prior to 20.2R3-S7; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R2.", }, ], id: "CVE-2023-28961", lastModified: "2024-11-21T07:56:17.437", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.8, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "sirt@juniper.net", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-04-17T22:15:08.457", references: [ { source: "sirt@juniper.net", tags: [ "Vendor Advisory", ], url: "https://supportportal.juniper.net/JSA70586", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://supportportal.juniper.net/JSA70586", }, ], sourceIdentifier: "sirt@juniper.net", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-241", }, ], source: "sirt@juniper.net", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-10-18 03:15
Modified
2024-11-21 06:46
Severity ?
Summary
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX7000 Series allows an unauthenticated network-based attacker to cause a partial Denial of Service (DoS). On receipt of specific IPv6 transit traffic, Junos OS Evolved on ACX7100-48L, ACX7100-32C and ACX7509 sends this traffic to the Routing Engine (RE) instead of forwarding it, leading to increased CPU utilization of the RE and a partial DoS. This issue only affects systems configured with IPv6. This issue does not affect ACX7024 which is supported from 22.3R1-EVO onwards where the fix has already been incorporated as indicated in the solution section. This issue affects Juniper Networks Junos OS Evolved on ACX7100-48L, ACX7100-32C, ACX7509: 21.1-EVO versions prior to 21.1R3-S2-EVO; 21.2-EVO versions prior to 21.2R3-S2-EVO; 21.3-EVO versions prior to 21.3R3-EVO; 21.4-EVO versions prior to 21.4R1-S1-EVO, 21.4R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 21.1R1-EVO.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| sirt@juniper.net | https://kb.juniper.net/JSA69878 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA69878 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| juniper | junos_os_evolved | 21.1 | |
| juniper | junos_os_evolved | 21.1 | |
| juniper | junos_os_evolved | 21.1 | |
| juniper | junos_os_evolved | 21.1 | |
| juniper | junos_os_evolved | 21.1 | |
| juniper | junos_os_evolved | 21.1 | |
| juniper | junos_os_evolved | 21.2 | |
| juniper | junos_os_evolved | 21.2 | |
| juniper | junos_os_evolved | 21.2 | |
| juniper | junos_os_evolved | 21.2 | |
| juniper | junos_os_evolved | 21.2 | |
| juniper | junos_os_evolved | 21.2 | |
| juniper | junos_os_evolved | 21.2 | |
| juniper | junos_os_evolved | 21.2 | |
| juniper | junos_os_evolved | 21.2 | |
| juniper | junos_os_evolved | 21.3 | |
| juniper | junos_os_evolved | 21.3 | |
| juniper | junos_os_evolved | 21.3 | |
| juniper | junos_os_evolved | 21.3 | |
| juniper | junos_os_evolved | 21.3 | |
| juniper | junos_os_evolved | 21.3 | |
| juniper | junos_os_evolved | 21.4 | |
| juniper | junos_os_evolved | 21.4 | |
| juniper | acx7100-32c | - | |
| juniper | acx7100-48l | - | |
| juniper | acx7509 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:juniper:junos_os_evolved:21.1:-:*:*:*:*:*:*", matchCriteriaId: "52C3552E-798F-4719-B38D-F74E34EAAA40", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos_os_evolved:21.1:r1:*:*:*:*:*:*", matchCriteriaId: "AE674DD3-3590-4434-B144-5AD7EB5F039D", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos_os_evolved:21.1:r1-s1:*:*:*:*:*:*", matchCriteriaId: "0099BDA9-9D4B-4D6C-8234-EFD9E8C63476", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos_os_evolved:21.1:r2:*:*:*:*:*:*", matchCriteriaId: "D8729BC1-FB09-4E6D-A5D5-8BDC589555B6", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos_os_evolved:21.1:r3:*:*:*:*:*:*", matchCriteriaId: "9D72C3DF-4513-48AC-AAED-C1AADF0794E1", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos_os_evolved:21.1:r3-s1:*:*:*:*:*:*", matchCriteriaId: "8C583289-96C4-4451-A320-14CA1C390819", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos_os_evolved:21.2:-:*:*:*:*:*:*", matchCriteriaId: "620B0CDD-5566-472E-B96A-31D2C12E3120", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos_os_evolved:21.2:r1:*:*:*:*:*:*", matchCriteriaId: "3EA3DC63-B290-4D15-BEF9-21DEF36CA2EA", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos_os_evolved:21.2:r1-s1:*:*:*:*:*:*", matchCriteriaId: "7E1E57AF-979B-4022-8AD6-B3558E06B718", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos_os_evolved:21.2:r1-s2:*:*:*:*:*:*", matchCriteriaId: "144730FB-7622-4B3D-9C47-D1B7A7FB7EB0", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos_os_evolved:21.2:r2:*:*:*:*:*:*", matchCriteriaId: "7BA246F0-154E-4F44-A97B-690D22FA73DD", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos_os_evolved:21.2:r2-s1:*:*:*:*:*:*", matchCriteriaId: "25D6C07C-F96E-4523-BB54-7FEABFE1D1ED", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos_os_evolved:21.2:r2-s2:*:*:*:*:*:*", matchCriteriaId: "2B70C784-534B-4FAA-A5ED-3709656E2B97", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3:*:*:*:*:*:*", matchCriteriaId: "60448FFB-568E-4280-9261-ADD65244F31A", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s1:*:*:*:*:*:*", matchCriteriaId: "2B770C52-7E3E-4B92-9138-85DEC56F3B22", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos_os_evolved:21.3:-:*:*:*:*:*:*", matchCriteriaId: "4EC38173-44AB-43D5-8C27-CB43AD5E0B2E", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos_os_evolved:21.3:r1:*:*:*:*:*:*", matchCriteriaId: "5A4DD04A-DE52-46BE-8C34-8DB47F7500F0", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos_os_evolved:21.3:r1-s1:*:*:*:*:*:*", matchCriteriaId: "FEE0E145-8E1C-446E-90ED-237E3B9CAF47", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos_os_evolved:21.3:r2:*:*:*:*:*:*", matchCriteriaId: "0F26369D-21B2-4C6A-98C1-492692A61283", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos_os_evolved:21.3:r2-s1:*:*:*:*:*:*", matchCriteriaId: "24003819-1A6B-4BDF-B3DF-34751C137788", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos_os_evolved:21.3:r2-s2:*:*:*:*:*:*", matchCriteriaId: "BF8D332E-9133-45B9-BB07-B33C790F737A", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos_os_evolved:21.4:-:*:*:*:*:*:*", matchCriteriaId: "2E907193-075E-45BC-9257-9607DB790D71", vulnerable: true, }, { criteria: "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1:*:*:*:*:*:*", matchCriteriaId: "8B73A41D-3FF5-4E53-83FF-74DF58E0D6C3", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:juniper:acx7100-32c:-:*:*:*:*:*:*:*", matchCriteriaId: "6FF19E76-F26B-4111-A814-BA7E5C3F2A74", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:acx7100-48l:-:*:*:*:*:*:*:*", matchCriteriaId: "F48C7E15-C23D-4E2D-9A1B-C314383C8C32", vulnerable: false, }, { criteria: "cpe:2.3:h:juniper:acx7509:-:*:*:*:*:*:*:*", matchCriteriaId: "B50EC358-F551-4F2B-9DA1-61B6412AB957", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX7000 Series allows an unauthenticated network-based attacker to cause a partial Denial of Service (DoS). On receipt of specific IPv6 transit traffic, Junos OS Evolved on ACX7100-48L, ACX7100-32C and ACX7509 sends this traffic to the Routing Engine (RE) instead of forwarding it, leading to increased CPU utilization of the RE and a partial DoS. This issue only affects systems configured with IPv6. This issue does not affect ACX7024 which is supported from 22.3R1-EVO onwards where the fix has already been incorporated as indicated in the solution section. This issue affects Juniper Networks Junos OS Evolved on ACX7100-48L, ACX7100-32C, ACX7509: 21.1-EVO versions prior to 21.1R3-S2-EVO; 21.2-EVO versions prior to 21.2R3-S2-EVO; 21.3-EVO versions prior to 21.3R3-EVO; 21.4-EVO versions prior to 21.4R1-S1-EVO, 21.4R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 21.1R1-EVO.", }, { lang: "es", value: "Una vulnerabilidad de comprobación inapropiada de condiciones inusuales o excepcionales en Packet Forwarding Engine (PFE) de Juniper Networks Junos OS Evolved on ACX7000 Series permite a un atacante no autenticado basado en la red causar una Denegación de Servicio (DoS) parcial. Al recibir un tráfico de tránsito IPv6 específico, Junos OS Evolved en ACX7100-48L, ACX7100-32C y ACX7509 envía este tráfico al motor de enrutamiento (RE) en lugar de reenviarlo, conllevando a un aumento del uso de la CPU del RE y una denegación de servicio parcial. Este problema sólo afecta a sistemas configurados con IPv6. Este problema no afecta al ACX7024, que es admitido a partir de la versión 22.3R1-EVO, en la que ya ha sido incorporado la corrección como es indicado en la sección de soluciones. Este problema afecta a Juniper Networks Junos OS Evolved en ACX7100-48L, ACX7100-32C, ACX7509: versiones 21.1-EVO anteriores a 21.1R3-S2-EVO; versiones 21.2-EVO anteriores a 21.2R3-S2-EVO; versiones 21.3-EVO anteriores a 21.3R3-EVO; versiones 21.4-EVO anteriores a 21.4R1-S1-EVO, 21.4R2-EVO. Este problema no afecta a Juniper Networks Junos OS Evolved versiones anteriores a 21.1R1-EVO", }, ], id: "CVE-2022-22227", lastModified: "2024-11-21T06:46:26.273", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "sirt@juniper.net", type: "Primary", }, ], }, published: "2022-10-18T03:15:09.997", references: [ { source: "sirt@juniper.net", tags: [ "Vendor Advisory", ], url: "https://kb.juniper.net/JSA69878", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://kb.juniper.net/JSA69878", }, ], sourceIdentifier: "sirt@juniper.net", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-754", }, ], source: "sirt@juniper.net", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-754", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }