CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2022-22233 – Junos OS and Junos OS Evolved: In an SR to LDP interworking scenario, with SRMS, when a specific low privileged command is issued on an ABR rpd will crash
https://notcve.org/view.php?id=CVE-2022-22233
An Unchecked Return Value to NULL Pointer Dereference vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). In Segment Routing (SR) to Label Distribution Protocol (LDP) interworking scenario, configured with Segment Routing Mapping Server (SRMS) at any node, when an Area Border Router (ABR) leaks the SRMS entries having "S" flag set from IS-IS Level 2 to Level 1, an rpd core might be observed when a specific low privileged CLI command is issued. This issue affects: Juniper Networks Junos OS 21.4 versions prior to 21.4R1-S2, 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R2. Juniper Networks Junos OS Evolved 21.4-EVO versions prior to 21.4R1-S2-EVO, 21.4R2-S1-EVO, 21.4R3-EVO; 22.1-EVO versions prior to 22.1R2-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 21.4R1. • https://kb.juniper.net/JSA69887 • CWE-252: Unchecked Return Value CWE-690: Unchecked Return Value to NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 32EXPL: 0CVE-2022-22232 – SRX Series: If Unified Threat Management (UTM) Enhanced Content Filtering (CF) is enabled and specific traffic is processed the PFE will crash
https://notcve.org/view.php?id=CVE-2022-22232
A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On SRX Series If Unified Threat Management (UTM) Enhanced Content Filtering (CF) is enabled and specific transit traffic is processed the PFE will crash and restart. This issue affects Juniper Networks Junos OS: 21.4 versions prior to 21.4R1-S2, 21.4R2 on SRX Series; 22.1 versions prior to 22.1R1-S1, 22.1R2 on SRX Series. This issue does not affect Juniper Networks Junos OS versions prior to 21.4R1. Una vulnerabilidad de Desreferencia de Puntero NULL en Packet Forwarding Engine del Juniper Networks Junos OS en la serie SRX permite a un atacante no autenticado basado en la red causar una Denegación de Servicio (DoS). • https://kb.juniper.net/JSA69886 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2022-22231 – SRX Series: If UTM Enhanced Content Filtering and AntiVirus are enabled, and specific traffic is processed the PFE will crash
https://notcve.org/view.php?id=CVE-2022-22231
An Unchecked Return Value to NULL Pointer Dereference vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On SRX Series if Unified Threat Management (UTM) Enhanced Content Filtering (CF) and AntiVirus (AV) are enabled together and the system processes specific valid transit traffic the Packet Forwarding Engine (PFE) will crash and restart. This issue affects Juniper Networks Junos OS 21.4 versions prior to 21.4R1-S2, 21.4R2 on SRX Series. This issue does not affect Juniper Networks Junos OS versions prior to 21.4R1. Una vulnerabilidad de Desreferencia de Valor de Retorno no Comprobado a puntero NULL en Packet Forwarding Engine (PFE) de Junos OS de Juniper Networks permite que un atacante no autenticado y basado en la red cause una Denegación de Servicio (DoS). • https://kb.juniper.net/JSA69885 • CWE-252: Unchecked Return Value CWE-690: Unchecked Return Value to NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 181EXPL: 0CVE-2022-22230 – Junos OS and Junos OS Evolved: RPD crash upon receipt of specific OSPFv3 LSAs
https://notcve.org/view.php?id=CVE-2022-22230
An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent unauthenticated attacker to cause DoS (Denial of Service). If another router generates more than one specific valid OSPFv3 LSA then rpd will crash while processing these LSAs. This issue only affects systems configured with OSPFv3, while OSPFv2 is not affected. This issue affects: Juniper Networks Junos OS 19.2 versions prior to 19.2R3-S6; 19.3 version 19.3R2 and later versions; 19.4 versions prior to 19.4R2-S8, 19.4R3-S9; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3-S2; 21.4 versions prior to 21.4R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S5-EVO; 21.1-EVO versions prior to 21.1R3-S2-EVO; 21.2-EVO versions prior to 21.2R3-S1-EVO; 21.3-EVO versions prior to 21.3R3-S2-EVO; 21.4-EVO versions prior to 21.4R2-EVO; 22.1-EVO versions prior to 22.1R2-EVO; 22.2-EVO versions prior to 22.2R2-EVO. • https://kb.juniper.net/JSA69884 • CWE-20: Improper Input Validation •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22229 – Paragon Active Assurance (Formerly Netrounds): Stored Cross-site Scripting (XSS) vulnerability in web administration
https://notcve.org/view.php?id=CVE-2022-22229
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability, a stored XSS (or persistent), in the Control Center Controller web pages of Juniper Networks Paragon Active Assurance (Formerly Netrounds) allows a high-privilege attacker with 'WRITE' permissions to store one or more malicious scripts that will infect any other authorized user's account when they accidentally trigger the malicious script(s) while managing the device. Triggering these attacks enables the attacker to execute commands with the permissions up to that of the superuser account. This issue affects: Juniper Networks Paragon Active Assurance (Formerly Netrounds) All versions prior to 3.1.1; 3.2 versions prior to 3.2.1. Una vulnerabilidad de Neutralización Inapropiada de la Entrada Durante la Generación de la Página Web ("Cross-site Scripting"), un ataque de tipo XSS almacenado (o persistente), en las páginas web del Control Center Controller de Juniper Networks Paragon Active Assurance (anteriormente Netrounds) permite a un atacante de alto privilegio con permisos "WRITE" almacenar uno o más scripts maliciosos que infectarán la cuenta de cualquier otro usuario autorizado cuando accidentalmente desencadene el o los scripts maliciosos mientras administra el dispositivo. El desencadenamiento de estos ataques permite al atacante ejecutar comandos con los permisos hasta los de la cuenta de super usuario. • https://kb.juniper.net/JSA69883 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •