CVSS: 6.1EPSS: 46%CPEs: 160EXPL: 0CVE-2022-22242 – Junos OS: Cross-site Scripting (XSS) vulnerability in J-Web
https://notcve.org/view.php?id=CVE-2022-22242
A Cross-site Scripting (XSS) vulnerability in the J-Web component of Juniper Networks Junos OS allows an unauthenticated attacker to run malicious scripts reflected off of J-Web to the victim's browser in the context of their session within J-Web. This issue affects Juniper Networks Junos OS all versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S7, 19.4R3-S8; 20.1 versions prior to 20.1R3-S5; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2; 22.1 versions prior to 22.1R2. Una vulnerabilidad de tipo Cross-site Scripting (XSS) en el componente J-Web del Juniper Networks Junos OS permite a un atacante no autenticado ejecute scripts maliciosos reflejados desde J-Web al navegador de la víctima en el contexto de su sesión dentro de J-Web. Este problema afecta a todas las versiones de Junos OS anteriores a 19.1R3-S9; a las versiones 19.2 anteriores a 19.2R3-S6; a las versiones 19.3 anteriores a 19.3R3-S7; a las versiones 19.4 anteriores a 19.4R2-S7, 19.4R3-S8; a las versiones 20.1 anteriores a 20.1R3-S5; a las versiones 20.2 anteriores a 20. 2R3-S5; 20.3 versiones anteriores a 20.3R3-S5; 20.4 versiones anteriores a 20.4R3-S4; 21.1 versiones anteriores a 21.1R3-S4; 21.2 versiones anteriores a 21.2R3-S1; 21.3 versiones anteriores a 21.3R3; 21.4 versiones anteriores a 21.4R2; 22.1 versiones anteriores a 22.1R2 • https://kb.juniper.net/JSA69899 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 161EXPL: 0CVE-2022-22241 – Junos OS: Vulnerability in J-Web may allow deserialization without authentication
https://notcve.org/view.php?id=CVE-2022-22241
An Improper Input Validation vulnerability in the J-Web component of Juniper Networks Junos OS may allow an unauthenticated attacker to access data without proper authorization. Utilizing a crafted POST request, deserialization may occur which could lead to unauthorized local file access or the ability to execute arbitrary commands. This issue affects Juniper Networks Junos OS: all versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S7, 19.4R3-S9; 20.1 versions prior to 20.1R3-S5; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R2-S2, 21.3R3; 21.4 versions prior to 21.4R1-S2, 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R1-S1, 22.1R2. Una vulnerabilidad de Comprobación de Entrada Inapropiada en el componente J-Web del Juniper Networks Junos OS puede permitir a un atacante no autenticado acceda a los datos sin la autorización adecuada. usando una petición POST diseñada, puede producirse una deserialización que podría conllevar a un acceso no autorizado a archivos locales o la capacidad de ejecutar comandos arbitrarios. Este problema afecta a Juniper Networks Junos OS: todas las versiones anteriores a 19.1R3-S9; las versiones 19.2 anteriores a 19.2R3-S6; las versiones 19.3 anteriores a 19.3R3-S7; las versiones 19.4 anteriores a 19.4R2-S7, 19.4R3-S9; las versiones 20.1 anteriores a 20.1R3-S5; las versiones 20.2 anteriores a 20.2R3-S5; las versiones 20. 3 versiones anteriores a 20.3R3-S5; 20.4 versiones anteriores a 20.4R3-S4; 21.1 versiones anteriores a 21.1R3-S2; 21.2 versiones anteriores a 21.2R3-S1; 21.3 versiones anteriores a 21.3R2-S2, 21.3R3; 21.4 versiones anteriores a 21.4R1-S2, 21.4R2-S1, 21.4R3; 22.1 versiones anteriores a 22.1R1-S1, 22.1R2 • https://kb.juniper.net/JSA69899 • CWE-20: Improper Input Validation CWE-502: Deserialization of Untrusted Data •
CVSS: 6.5EPSS: 0%CPEs: 147EXPL: 0CVE-2022-22238 – Junos OS and Junos OS Evolved: The rpd process will crash when a malformed incoming RESV message is processed
https://notcve.org/view.php?id=CVE-2022-22238
An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). When an incoming RESV message corresponding to a protected LSP is malformed it causes an incorrect internal state resulting in an rpd core. This issue affects: Juniper Networks Junos OS All versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S6; 19.4 versions prior to 19.4R3-S8; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R1-S2, 21.2R3; 21.3 versions prior to 21.3R2. Juniper Networks Junos OS Evolved All versions prior to 20.2R3-S3-EVO; 20.3-EVO version 20.3R1-EVO and later versions; 20.4-EVO versions prior to 20.4R3-S1-EVO; 21.1-EVO version 21.1R1-EVO and later versions; 21.2-EVO version 21.2R1-EVO and later versions; 21.3-EVO versions prior to 21.3R2-EVO. Una vulnerabilidad de Comprobación Inapropiada de Condiciones Inusuales o Excepcionales en el demonio de protocolo de enrutamiento (rpd) de Juniper Networks Junos OS y Junos OS Evolved permite a un atacante adyacente no autenticado causar una Denegación de Servicio (DoS). • https://kb.juniper.net/JSA69894 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 5.5EPSS: 0%CPEs: 184EXPL: 0CVE-2022-22234 – Junos OS: EX2300 and EX3400 Series: One of more SFPs might become unavailable when the system is very busy
https://notcve.org/view.php?id=CVE-2022-22234
An Improper Preservation of Consistency Between Independent Representations of Shared State vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). If the device is very busy for example while executing a series of show commands on the CLI one or more SFPs might not be detected anymore. The system then changes its state to "unplugged" which is leading to traffic impact and at least a partial DoS. Once the system is less busy the port states return to their actual value. Indicators of compromise are log messages about unplugged SFPs and corresponding syspld messages without any physical or environmental cause. • https://kb.juniper.net/JSA69890 • CWE-1250: Improper Preservation of Consistency Between Independent Representations of Shared State •
CVSS: 6.5EPSS: 0%CPEs: 125EXPL: 0CVE-2022-22224 – Junos OS and Junos OS Evolved: PPMD goes into infinite loop upon receipt of malformed OSPF TLV
https://notcve.org/view.php?id=CVE-2022-22224
An Improper Check or Handling of Exceptional Conditions vulnerability in the processing of a malformed OSPF TLV in Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause the periodic packet management daemon (PPMD) process to go into an infinite loop, which in turn can cause protocols and functions reliant on PPMD such as OSPF neighbor reachability to be impacted, resulting in a sustained Denial of Service (DoS) condition. The DoS condition persists until the PPMD process is manually restarted. This issue affects: Juniper Networks Junos OS: All versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S5; 19.3 versions prior to 19.3R3-S3; 19.4 versions prior to 19.4R3-S9; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3-S1; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2. Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S3-EVO; 21.1 versions prior to 21.1R2-EVO. Una vulnerabilidad de comprobación o administración inapropiada de condiciones excepcionales en el procesamiento de un TLV OSPF malformado en Juniper Networks Junos OS y Junos OS Evolved permite a un atacante adyacente no autenticado causar que el proceso del demonio de administración de paquetes periódicos (PPMD) entre en un bucle infinito, lo que a su vez puede causar que los protocolos y las funciones que dependen de PPMD, como la accesibilidad de los vecinos de OSPF, estén afectados, resultando en una condición de Denegación de Servicio (DoS) sostenida. • https://kb.juniper.net/JSA69874 • CWE-703: Improper Check or Handling of Exceptional Conditions •