CVSS: 5.5EPSS: 0%CPEs: 30EXPL: 0CVE-2022-22193 – Junos OS and Junos OS Evolved: In a BGP rib-sharding scenario when a certain CLI command is executed the rpd process might crash
https://notcve.org/view.php?id=CVE-2022-22193
An Improper Handling of Unexpected Data Type vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). Continued execution of this command might cause a sustained Denial of Service condition. If BGP rib sharding is configured and a certain CLI command is executed the rpd process can crash. During the rpd crash and restart, the routing protocols might be impacted and traffic disruption might be seen due to the loss of routing information. This issue affects: Juniper Networks Junos OS 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2. • https://kb.juniper.net/JSA69503 • CWE-241: Improper Handling of Unexpected Data Type •
CVSS: 6.5EPSS: 0%CPEs: 209EXPL: 0CVE-2022-22191 – Junos OS: EX4300: PFE Denial of Service (DoS) upon receipt of a flood of specific ARP traffic
https://notcve.org/view.php?id=CVE-2022-22191
A Denial of Service (DoS) vulnerability in the processing of a flood of specific ARP traffic in Juniper Networks Junos OS on the EX4300 switch, sent from the local broadcast domain, may allow an unauthenticated network-adjacent attacker to trigger a PFEMAN watchdog timeout, causing the Packet Forwarding Engine (PFE) to crash and restart. After the restart, transit traffic will be temporarily interrupted until the PFE is reprogrammed. In a virtual chassis (VC), the impacted Flexible PIC Concentrator (FPC) may split from the VC temporarily, and join back into the VC once the PFE restarts. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS on the EX4300: All versions prior to 15.1R7-S12; 18.4 versions prior to 18.4R2-S10, 18.4R3-S11; 19.1 versions prior to 19.1R3-S8; 19.2 versions prior to 19.2R1-S9, 19.2R3-S4; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R2-S6, 19.4R3-S7; 20.1 versions prior to 20.1R3-S3; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2-S1, 21.2R3; 21.3 versions prior to 21.3R1-S2, 21.3R2. • https://kb.juniper.net/JSA69502 • CWE-400: Uncontrolled Resource Consumption CWE-410: Insufficient Resource Pool •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-22190 – Paragon Active Assurance Control Center: Information disclosure vulnerability in crafted URL
https://notcve.org/view.php?id=CVE-2022-22190
An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control Center allows an unauthenticated attacker to leverage a crafted URL to generate PDF reports, potentially containing sensitive configuration information. A feature was introduced in version 3.1 of the Paragon Active Assurance Control Center which allows users to selective share account data using a unique identifier. Knowing the proper format of the URL and the identifier of an existing object in an application it is possible to get access to that object without being logged in, even if the object is not shared, resulting in the opportunity for malicious exfiltration of user data. Note that the Paragon Active Assurance Control Center SaaS offering is not affected by this issue. This issue affects Juniper Networks Paragon Active Assurance version 3.1.0. • https://kb.juniper.net/JSA69500 • CWE-284: Improper Access Control CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-22189 – Contrail Service Orchestration: An authenticated local user may have their permissions elevated via the device via management interface without authentication
https://notcve.org/view.php?id=CVE-2022-22189
An Incorrect Ownership Assignment vulnerability in Juniper Networks Contrail Service Orchestration (CSO) allows a locally authenticated user to have their permissions elevated without authentication thereby taking control of the local system they are currently authenticated to. This issue affects: Juniper Networks Contrail Service Orchestration 6.0.0 versions prior to 6.0.0 Patch v3 on On-premises installations. This issue does not affect Juniper Networks Contrail Service Orchestration On-premises versions prior to 6.0.0. Una vulnerabilidad de Asignación de Propiedad Incorrecta en Juniper Networks Contrail Service Orchestration (CSO) permite que un usuario autenticado localmente tenga sus permisos elevados sin autenticación, tomando así el control del sistema local en el que está autenticado. Este problema afecta a: Juniper Networks Contrail Service Orchestration versiones 6.0.0 anteriores a 6.0.0 Patch v3 en instalaciones locales. • https://kb.juniper.net/JSA69498 • CWE-288: Authentication Bypass Using an Alternate Path or Channel CWE-708: Incorrect Ownership Assignment •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 1CVE-2022-22188 – Junos OS: QFX5100/QFX5110/QFX5120/QFX5200/QFX5210/EX4600/EX4650 Series: When storm control profiling is enabled and a device is under an active storm, a Heap-based Buffer Overflow in the PFE will cause a device to hang.
https://notcve.org/view.php?id=CVE-2022-22188
An Uncontrolled Memory Allocation vulnerability leading to a Heap-based Buffer Overflow in the packet forwarding engine (PFE) of Juniper Networks Junos OS allows a network-based unauthenticated attacker to flood the device with traffic leading to a Denial of Service (DoS). The device must be configured with storm control profiling limiting the number of unknown broadcast, multicast, or unicast traffic to be vulnerable to this issue. This issue affects: Juniper Networks Junos OS on QFX5100/QFX5110/QFX5120/QFX5200/QFX5210/EX4600/EX4650 Series; 20.2 version 20.2R1 and later versions prior to 20.2R2. This issue does not affect: Juniper Networks Junos OS versions prior to 20.2R1. Una vulnerabilidad de Asignación de Memoria no Controlada conllevando a un desbordamiento del búfer en la región Heap de la memoria en el motor de reenvío de paquetes (PFE) de Juniper Networks Junos OS permite a un atacante no autenticado basado en la red inundar el dispositivo con tráfico, conllevando a una Denegación de Servicio (DoS). • https://kb.juniper.net/JSA69497 • CWE-122: Heap-based Buffer Overflow CWE-789: Memory Allocation with Excessive Size Value •