CVSS: 7.5EPSS: 0%CPEs: 236EXPL: 0CVE-2022-22177 – Junos OS and Junos OS Evolved: After receiving a specific number of crafted packets snmpd will segmentation fault (SIGSEGV) requiring a manual restart.
https://notcve.org/view.php?id=CVE-2022-22177
A release of illegal memory vulnerability in the snmpd daemon of Juniper Networks Junos OS, Junos OS Evolved allows an attacker to halt the snmpd daemon causing a sustained Denial of Service (DoS) to the service until it is manually restarted. This issue impacts any version of SNMP – v1,v2, v3 This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S20; 15.1 versions prior to 15.1R7-S11; 18.3 versions prior to 18.3R3-S6; 18.4 versions prior to 18.4R2-S9, 18.4R3-S10; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S8, 19.2R3-S4; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R2-S5, 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2-S2, 21.1R3; 21.2 versions prior to 21.2R1-S2, 21.2R2. Juniper Networks Junos OS Evolved 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO. Una vulnerabilidad de liberación de memoria ilegal en el demonio snmpd de Juniper Networks Junos OS, Junos OS Evolved permite a un atacante detener el demonio snmpd causando una denegación de servicio (DoS) sostenida al servicio hasta que sea reiniciada manualmente. Este problema afecta a cualquier versión de SNMP: v1, v2, v3: Juniper Networks Junos OS 12.3 versiones anteriores a 12.3R12-S20; 15.1 versiones anteriores a 15.1R7-S11; 18.3 versiones anteriores a 18.3R3-S6; 18.4 versiones anteriores a 18.4R2-S9, 18.4R3-S10; 19.1 versiones anteriores a 19.1R2-S3, 19.1R3-S7; 19.2 versiones anteriores a 19.2R1-S8, 19.2R3-S4; 19. 3 versiones anteriores a 19.3R3-S4; 19.4 versiones anteriores a 19.4R2-S5, 19.4R3-S6; 20.1 versiones anteriores a 20.1R3-S2; versiones 20.2 anteriores a 20.2R3-S3; versiones 20.3 anteriores a 20.3R3-S1; versiones 20.4 anteriores a 20.4R3; versiones 21.1 anteriores a 21.1R2-S2, 21.1R3; 21.2 versiones anteriores a 21.2R1-S2, 21.2R2. • https://kb.juniper.net/JSA11283 https://www.juniper.net/documentation/us/en/software/junos/network-mgmt/topics/ref/statement/client-list-edit-snmp.html • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 149EXPL: 0CVE-2022-22173 – Junos OS: CRL failing to download causes a memory leak and ultimately a DoS
https://notcve.org/view.php?id=CVE-2022-22173
A Missing Release of Memory after Effective Lifetime vulnerability in the Public Key Infrastructure daemon (pkid) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause Denial of Service (DoS). In a scenario where Public Key Infrastructure (PKI) is used in combination with Certificate Revocation List (CRL), if the CRL fails to download the memory allocated to store the CRL is not released. Repeated occurrences will eventually consume all available memory and lead to an inoperable state of the affected system causing a DoS. This issue affects Juniper Networks Junos OS: All versions prior to 18.3R3-S6; 18.4 versions prior to 18.4R2-S9, 18.4R3-S10; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S8, 19.2R3-S4; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R2-S5, 19.4R3-S5; 20.1 versions prior to 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2, 21.1R3; 21.2 versions prior to 21.2R1-S1, 21.2R2. This issue can be observed by monitoring the memory utilization of the pkid process via: root@jtac-srx1500-r2003> show system processes extensive | match pki 20931 root 20 0 733M 14352K select 0:00 0.00% pkid which increases over time: root@jtac-srx1500-r2003> show system processes extensive | match pki 22587 root 20 0 901M 181M select 0:03 0.00% pkid Una vulnerabilidad de Falta de Liberación de Memoria Después del Tiempo de Vida Efectivo en el demonio de infraestructura de clave pública (pkid) del Sistema Operativo Junos de Juniper Networks permite a un atacante no autenticado en red causar una denegación de servicio (DoS). • https://kb.juniper.net/JSA11279 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 84EXPL: 0CVE-2022-22168 – Junos OS: vMX and MX150: Specific packets might cause a memory leak and eventually an FPC reboot
https://notcve.org/view.php?id=CVE-2022-22168
An Improper Validation of Specified Type of Input vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated adjacent attacker to trigger a Missing Release of Memory after Effective Lifetime vulnerability. Continued exploitation of this vulnerability will eventually lead to an FPC reboot and thereby a Denial of Service (DoS). This issue affects: Juniper Networks Junos OS on vMX and MX150: All versions prior to 19.2R1-S8, 19.2R3-S4; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R2-S5, 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R1-S1, 21.2R2; 21.3 versions prior to 21.3R1-S1, 21.3R2. Una vulnerabilidad de Comprobación Inapropiada del Tipo de Entrada especificado en el kernel del Sistema Operativo Junos de Juniper Networks permite a un atacante adyacente no autenticado desencadenar una vulnerabilidad de Falta de Liberación de Memoria Después del Tiempo de Vida Efectivo. Una explotación continuada de esta vulnerabilidad conllevará finalmente a un reinicio del FPC y, por tanto, una denegación de servicio (DoS). • https://kb.juniper.net/JSA11275 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-1287: Improper Validation of Specified Type of Input •
CVSS: 7.4EPSS: 0%CPEs: 173EXPL: 0CVE-2022-22163 – Junos OS: jdhcpd crashes upon receipt of a specific DHCPv6 packet
https://notcve.org/view.php?id=CVE-2022-22163
An Improper Input Validation vulnerability in the Juniper DHCP daemon (jdhcpd) of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to cause a crash of jdhcpd and thereby a Denial of Service (DoS). If a device is configured as DHCPv6 local server and persistent storage is enabled, jdhcpd will crash when receiving a specific DHCPv6 message. This issue affects: Juniper Networks Junos OS All versions prior to 15.1R7-S11; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S8, 19.2R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2; 21.2 versions prior to 21.2R2. Una vulnerabilidad de comprobación de entrada inapropiada en el demonio DHCP de Juniper (jdhcpd) del Sistema Operativo Junos de Juniper Networks permite a un atacante adyacente no autenticado causar un bloqueo de jdhcpd y, por tanto, una denegación de servicio (DoS). Si un dispositivo está configurado como servidor local DHCPv6 y el almacenamiento persistente está habilitado, jdhcpd será bloqueado cuando reciba un mensaje DHCPv6 específico. • https://kb.juniper.net/JSA11271 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 204EXPL: 0CVE-2022-22162 – Junos OS: A low privileged user can elevate their privileges to the ones of the highest privileged j-web user logged in
https://notcve.org/view.php?id=CVE-2022-22162
A Generation of Error Message Containing Sensitive Information vulnerability in the CLI of Juniper Networks Junos OS allows a locally authenticated attacker with low privileges to elevate these to the level of any other user logged in via J-Web at this time, potential leading to a full compromise of the device. This issue affects Juniper Networks Junos OS: All versions prior to 15.1R7-S11; 18.3 versions prior to 18.3R3-S6; 18.4 versions prior to 18.4R2-S9, 18.4R3-S10; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S8, 19.2R3-S4; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R1-S1, 21.2R2. Una vulnerabilidad de generación de mensajes de error que contienen información confidencial en la CLI de Juniper Networks Junos OS permite a un atacante autenticado localmente con bajos privilegios elevarlos al nivel de cualquier otro usuario conectado por medio de J-Web en ese momento, lo que podría conllevar a un compromiso total del dispositivo. Este problema afecta a Juniper Networks Junos OS: Todas las versiones anteriores a 15.1R7-S11; las versiones 18.3 anteriores a 18.3R3-S6; las versiones 18.4 anteriores a 18.4R2-S9, 18.4R3-S10; las versiones 19.1 anteriores a 19.1R2-S3, 19.1R3-S7; las versiones 19.2 anteriores a 19.2R1-S8, 19.2R3-S4; las versiones 19.3 anteriores a 19.3R3-S4; las versiones 19. 4 versiones anteriores a 19.4R3-S6; 20.1 versiones anteriores a 20.1R3-S2; versiones 20.2 anteriores a 20.2R3-S3; versiones 20.3 anteriores a 20.3R3-S1; versiones 20.4 anteriores a 20.4R3-S1; versiones 21.1 anteriores a 21.1R2-S1, 21.1R3; versiones 21.2 anteriores a 21.2R1-S1, 21.2R2 • https://kb.juniper.net/JSA11270 • CWE-209: Generation of Error Message Containing Sensitive Information •