gsd-2024-21596
Vulnerability from gsd
Modified
2023-12-28 06:02
Details
A Heap-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS).
If an attacker sends a specific BGP UPDATE message to the device, this will cause a memory overwrite and therefore an RPD crash and restart in the backup Routing Engine (RE). Continued receipt of these packets will cause a sustained Denial of Service (DoS) condition in the backup RE.
The primary RE is not impacted by this issue and there is no impact on traffic.
This issue only affects devices with NSR enabled.
This issue requires an attacker to have an established BGP session to a system affected by the issue. This issue affects both eBGP and iBGP implementations.
This issue affects:
Juniper Networks Junos OS
* All versions earlier than 20.4R3-S9;
* 21.2 versions earlier than 21.2R3-S7;
* 21.3 versions earlier than 21.3R3-S5;
* 21.4 versions earlier than 21.4R3-S5;
* 22.1 versions earlier than 22.1R3-S4;
* 22.2 versions earlier than 22.2R3-S2;
* 22.3 versions earlier than 22.3R3-S1;
* 22.4 versions earlier than 22.4R2-S2, 22.4R3;
* 23.1 versions earlier than 23.1R2;
* 23.2 versions earlier than 23.2R1-S2, 23.2R2.
Juniper Networks Junos OS Evolved
* All versions earlier than 21.3R3-S5-EVO;
* 21.4-EVO versions earlier than 21.4R3-S5-EVO;
* 22.1-EVO versions earlier than 22.1R3-S4-EVO;
* 22.2-EVO versions earlier than 22.2R3-S2-EVO;
* 22.3-EVO versions later than 22.3R1-EVO;
* 22.4-EVO versions earlier than 22.4R2-S2-EVO, 22.4R3-EVO;
* 23.1-EVO versions earlier than 23.1R2-EVO;
* 23.2-EVO versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO.
Aliases
{
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2024-21596"
],
"details": "\nA Heap-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS).\n\nIf an attacker sends a specific BGP UPDATE message to the device, this will cause a memory overwrite and therefore an RPD crash and restart in the backup Routing Engine (RE). Continued receipt of these packets will cause a sustained Denial of Service (DoS) condition in the backup RE.\n\nThe primary RE is not impacted by this issue and there is no impact on traffic.\n\nThis issue only affects devices with NSR enabled.\n\nThis issue requires an attacker to have an established BGP session to a system affected by the issue. This issue affects both eBGP and iBGP implementations.\n\nThis issue affects:\n\nJuniper Networks Junos OS\n\n\n\n * All versions earlier than 20.4R3-S9;\n * 21.2 versions earlier than 21.2R3-S7;\n * 21.3 versions earlier than 21.3R3-S5;\n * 21.4 versions earlier than 21.4R3-S5;\n * 22.1 versions earlier than 22.1R3-S4;\n * 22.2 versions earlier than 22.2R3-S2;\n * 22.3 versions earlier than 22.3R3-S1;\n * 22.4 versions earlier than 22.4R2-S2, 22.4R3;\n * 23.1 versions earlier than 23.1R2;\n * 23.2 versions earlier than 23.2R1-S2, 23.2R2.\n\n\n\n\nJuniper Networks Junos OS Evolved\n\n\n\n * All versions earlier than 21.3R3-S5-EVO;\n * 21.4-EVO versions earlier than 21.4R3-S5-EVO;\n * 22.1-EVO versions earlier than 22.1R3-S4-EVO;\n * 22.2-EVO versions earlier than 22.2R3-S2-EVO;\n * 22.3-EVO versions later than 22.3R1-EVO;\n * 22.4-EVO versions earlier than 22.4R2-S2-EVO, 22.4R3-EVO;\n * 23.1-EVO versions earlier than 23.1R2-EVO;\n * 23.2-EVO versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO.\n\n\n\n\n\n\n",
"id": "GSD-2024-21596",
"modified": "2023-12-28T06:02:03.442811Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"ID": "CVE-2024-21596",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "0",
"version_value": "20.4R3-S9"
},
{
"version_affected": "\u003c",
"version_name": "21.2",
"version_value": "21.2R3-S7"
},
{
"version_affected": "\u003c",
"version_name": "21.3",
"version_value": "21.3R3-S5"
},
{
"version_affected": "\u003c",
"version_name": "21.4",
"version_value": "21.4R3-S5"
},
{
"version_affected": "\u003c",
"version_name": "22.1",
"version_value": "22.1R3-S4"
},
{
"version_affected": "\u003c",
"version_name": "22.2",
"version_value": "22.2R3-S2"
},
{
"version_affected": "\u003c",
"version_name": "22.3",
"version_value": "22.3R3-S1"
},
{
"version_affected": "\u003c",
"version_name": "22.4",
"version_value": "22.4R2-S2, 22.4R3"
},
{
"version_affected": "\u003c",
"version_name": "23.1",
"version_value": "23.1R2"
},
{
"version_affected": "\u003c",
"version_name": "23.2",
"version_value": "23.2R1-S2, 23.2R2"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "0",
"version_value": "21.3R3-S5-EVO"
},
{
"version_affected": "\u003c",
"version_name": "21.4-EVO",
"version_value": "21.4R3-S5-EVO"
},
{
"version_affected": "\u003c",
"version_name": "22.1-EVO",
"version_value": "22.1R3-S4-EVO"
},
{
"version_affected": "\u003c",
"version_name": "22.2-EVO",
"version_value": "22.2R3-S2-EVO"
},
{
"version_affected": "\u003c",
"version_name": "22.4-EVO",
"version_value": "22.4R2-S2-EVO, 22.4R3-EVO"
},
{
"version_affected": "\u003c",
"version_name": "23.1-EVO",
"version_value": "23.1R2-EVO"
},
{
"version_affected": "\u003c",
"version_name": "23.2-EVO",
"version_value": "23.2R1-S2-EVO, 23.2R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following minimal configuration is required:\u003c/p\u003e\u003ccode\u003e [protocols bgp]\u003c/code\u003e\u003cbr/\u003e"
}
],
"value": "The following minimal configuration is required:\n\n [protocols bgp]\n"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "\nA Heap-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS).\n\nIf an attacker sends a specific BGP UPDATE message to the device, this will cause a memory overwrite and therefore an RPD crash and restart in the backup Routing Engine (RE). Continued receipt of these packets will cause a sustained Denial of Service (DoS) condition in the backup RE.\n\nThe primary RE is not impacted by this issue and there is no impact on traffic.\n\nThis issue only affects devices with NSR enabled.\n\nNote: NSR is not supported on the SRX Series and is therefore not affected by this vulnerability.\nThis issue requires an attacker to have an established BGP session to a system affected by the issue. This issue affects both eBGP and iBGP implementations.\n\nThis issue affects:\n\nJuniper Networks Junos OS\n\n\n\n * All versions earlier than 20.4R3-S9;\n * 21.2 versions earlier than 21.2R3-S7;\n * 21.3 versions earlier than 21.3R3-S5;\n * 21.4 versions earlier than 21.4R3-S5;\n * 22.1 versions earlier than 22.1R3-S4;\n * 22.2 versions earlier than 22.2R3-S2;\n * 22.3 versions earlier than 22.3R3-S1;\n * 22.4 versions earlier than 22.4R2-S2, 22.4R3;\n * 23.1 versions earlier than 23.1R2;\n * 23.2 versions earlier than 23.2R1-S2, 23.2R2.\n\n\n\n\nJuniper Networks Junos OS Evolved\n\n\n\n * All versions earlier than 21.3R3-S5-EVO;\n * 21.4-EVO versions earlier than 21.4R3-S5-EVO;\n * 22.1-EVO versions earlier than 22.1R3-S4-EVO;\n * 22.2-EVO versions earlier than 22.2R3-S2-EVO;\n * 22.3-EVO versions later than 22.3R1-EVO;\n * 22.4-EVO versions earlier than 22.4R2-S2-EVO, 22.4R3-EVO;\n * 23.1-EVO versions earlier than 23.1R2-EVO;\n * 23.2-EVO versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO.\n\n\n\n\n\n\n"
}
]
},
"exploit": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e"
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n"
}
],
"generator": {
"engine": "Vulnogram 0.1.0-av217"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-122",
"lang": "eng",
"value": "CWE-122 Heap-based Buffer Overflow"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://supportportal.juniper.net/JSA75735",
"refsource": "MISC",
"url": "https://supportportal.juniper.net/JSA75735"
},
{
"name": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"refsource": "MISC",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"
}
]
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue:\u003c/p\u003e\u003cp\u003eJunos OS:\u00a021.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S2, 22.3R3-S1, 22.4R2-S2, 22.4R3, 23.1R2, 23.2R1-S2, 23.2R2, 23.3R1, 23.4R1, and all subsequent releases.\u003c/p\u003e\u003cp\u003eJunos OS Evolved:\u00a021.3R3-S5-EVO, 21.4R3-S5-EVO, 22.1R3-S4-EVO, 22.2R3-S2-EVO, 22.4R2-S2-EVO, 22.4R3-EVO, 23.1R2-EVO, 23.2R1-S2-EVO, 23.2R2-EVO, 23.3R1-EVO, 23.4R1-EVO, and all subsequent releases.\u003c/p\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS:\u00a021.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S2, 22.3R3-S1, 22.4R2-S2, 22.4R3, 23.1R2, 23.2R1-S2, 23.2R2, 23.3R1, 23.4R1, and all subsequent releases.\n\nJunos OS Evolved:\u00a021.3R3-S5-EVO, 21.4R3-S5-EVO, 22.1R3-S4-EVO, 22.2R3-S2-EVO, 22.4R2-S2-EVO, 22.4R3-EVO, 23.1R2-EVO, 23.2R1-S2-EVO, 23.2R2-EVO, 23.3R1-EVO, 23.4R1-EVO, and all subsequent releases.\n\n"
}
],
"source": {
"advisory": "JSA75735",
"defect": [
"1711727"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are no known workarounds for this issue.\u003c/p\u003e"
}
],
"value": "There are no known workarounds for this issue.\n\n"
}
]
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:-:*:*:*:*:*:*",
"matchCriteriaId": "3D361B23-A3C2-444B-BEB8-E231DA950567",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "20DDC6B7-BFC4-4F0B-8E68-442C23765BF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "037BA01C-3F5C-4503-A633-71765E9EF774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "C54B047C-4B38-40C0-9855-067DCF7E48BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "38984199-E332-4A9C-A4C0-78083D052E15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "AA6526FB-2941-4D18-9B2E-472AD5A62A53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r3:*:*:*:*:*:*",
"matchCriteriaId": "09876787-A40A-4340-9C12-8628C325353B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "41615104-C17E-44DA-AB0D-6E2053BD4EF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "1981DE38-36B5-469D-917E-92717EE3ED53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "AFA68ACD-AAE5-4577-B734-23AAF77BC85A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s4:*:*:*:*:*:*",
"matchCriteriaId": "65948ABC-22BB-46D5-8545-0806EDB4B86E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s5:*:*:*:*:*:*",
"matchCriteriaId": "283E41CB-9A90-4521-96DC-F31AA592CFD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s6:*:*:*:*:*:*",
"matchCriteriaId": "14EEA504-CBC5-4F6F-889A-D505EC4BB5B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s7:*:*:*:*:*:*",
"matchCriteriaId": "977DEF80-0DB5-4828-97AC-09BB3111D585",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s8:*:*:*:*:*:*",
"matchCriteriaId": "C445622E-8E57-4990-A71A-E1993BFCB91A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*",
"matchCriteriaId": "216E7DDE-453D-481F-92E2-9F8466CDDA3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "A52AF794-B36B-43A6-82E9-628658624B0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "3998DC76-F72F-4452-9150-652140B113EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "36ED4552-2420-45F9-B6E4-6DA2B2B12870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "C28A14E7-7EA0-4757-9764-E39A27CFDFA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "4A43752D-A4AF-4B4E-B95B-192E42883A5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "42986538-E9D0-4C2E-B1C4-A763A4EE451B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:r3:*:*:*:*:*:*",
"matchCriteriaId": "DE22CA01-EA7E-4EE5-B59F-EE100688C1DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "E596ABD9-6ECD-48DC-B770-87B7E62EA345",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "71745D02-D226-44DC-91AD-678C85F5E6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "39E44B09-7310-428C-8144-AE9DB0484D1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s4:*:*:*:*:*:*",
"matchCriteriaId": "53938295-8999-4316-9DED-88E24D037852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s5:*:*:*:*:*:*",
"matchCriteriaId": "2307BF56-640F-49A8-B060-6ACB0F653A61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s6:*:*:*:*:*:*",
"matchCriteriaId": "737DDF96-7B1D-44E2-AD0F-E2F50858B2A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos:21.3:-:*:*:*:*:*:*",
"matchCriteriaId": "2E7D597D-F6B6-44C3-9EBC-4FA0686ACB5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "CC78A4CB-D617-43FC-BB51-287D2D0C44ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.3:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "30FF67F8-1E3C-47A8-8859-709B3614BA6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.3:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "0C7C507E-C85E-4BC6-A3B0-549516BAB524",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.3:r2:*:*:*:*:*:*",
"matchCriteriaId": "6514CDE8-35DC-469F-89A3-078684D18F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.3:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "4624565D-8F59-44A8-B7A8-01AD579745E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.3:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "4BF8CD82-C338-4D9A-8C98-FCB3CEAA9227",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.3:r3:*:*:*:*:*:*",
"matchCriteriaId": "57E08E70-1AF3-4BA5-9A09-06DFE9663ADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.3:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "255B6F20-D32F-42C1-829C-AE9C7923558A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.3:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "90AE30DB-C448-4FE9-AC11-FF0F27CDA227",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.3:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "93F324AE-65D3-4CFC-AEAB-898CE1BD05CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.3:r3-s4:*:*:*:*:*:*",
"matchCriteriaId": "3CCBB2F4-F05B-4CC5-9B1B-ECCB798D0483",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:-:*:*:*:*:*:*",
"matchCriteriaId": "79ED3CE8-CC57-43AB-9A26-BBC87816062D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "4310D2D9-A8A6-48F8-9384-0A0692A1E1C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "9962B01C-C57C-4359-9532-676AB81CE8B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "62178549-B679-4902-BFDB-2993803B7FCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "9AD697DF-9738-4276-94ED-7B9380CD09F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "09FF5818-0803-4646-A386-D7C645EE58A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "2229FA59-EB24-49A2-85CE-F529A8DE6BA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r3:*:*:*:*:*:*",
"matchCriteriaId": "0CB280D8-C5D8-4B51-A879-496ACCDE4538",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "5F3F54F1-75B3-400D-A735-2C27C8CEBE79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "476A49E7-37E9-40F9-BF2D-9BBFFAA1DFFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "0A5B196A-2AF1-4AE5-9148-A75A572807BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s4:*:*:*:*:*:*",
"matchCriteriaId": "3B457616-2D91-4913-9A7D-038BBF8F1F66",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:-:*:*:*:*:*:*",
"matchCriteriaId": "9D157211-535E-4B2D-B2FE-F697FAFDF65C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "3F96EBE9-2532-4E35-ABA5-CA68830476A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "B4D936AE-FD74-4823-A824-2D9F24C25BFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "E117E493-F4E1-4568-88E3-F243C74A2662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "01E3E308-FD9C-4686-8C35-8472A0E99F0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "3683A8F5-EE0E-4936-A005-DF7F6B75DED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "1B615DBA-8C53-41D4-B264-D3EED8578471",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "B3124DD0-9E42-4896-9060-CB7DD07FC342",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "44F6FD6C-03AF-4D2C-B411-A753DE12A2DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "D49FFB60-BA71-4902-9404-E67162919ADC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.1:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "EFF72FCA-C440-4D43-9BDB-F712DB413717",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos:22.2:-:*:*:*:*:*:*",
"matchCriteriaId": "06156CD6-09D3-4A05-9C5E-BC64A70640F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "E949B21B-AD62-4022-9088-06313277479E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.2:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "8D862E6F-0D01-4B25-8340-888C30F75A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.2:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "2F28F73E-8563-41B9-A313-BBAAD5B57A67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "E37D4694-C80B-475E-AB5B-BB431F59C5E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.2:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "5EC0D2D2-4922-4675-8A2C-57A08D7BE334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.2:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "9EC91F9D-DEDA-46B4-A39F-59A2CDB86C2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.2:r3:*:*:*:*:*:*",
"matchCriteriaId": "591AA3E6-62A2-4A1A-A04C-E808F71D8B6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.2:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "786F993E-32CB-492A-A7CC-A7E4F48EA8B9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos:22.3:-:*:*:*:*:*:*",
"matchCriteriaId": "CEB98E3F-B0A9-488F-ACFC-56B9485E7C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "19519212-51DD-4448-B115-8A20A40192CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.3:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "5CC9909E-AE9F-414D-99B1-83AA04D5297B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.3:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "FDE9E767-4713-4EA2-8D00-1382975A4A15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.3:r2:*:*:*:*:*:*",
"matchCriteriaId": "59DDA54E-6845-47EB-AE3C-5EC6BD33DFA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.3:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "574730B0-56C8-4A03-867B-1737148ED9B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.3:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "20EBC676-1B26-4A71-8326-0F892124290A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.3:r3:*:*:*:*:*:*",
"matchCriteriaId": "FB4C0FBF-8813-44E5-B71A-22CBAA603E2F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:-:*:*:*:*:*:*",
"matchCriteriaId": "1379EF30-AF04-4F98-8328-52A631F24737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "28E42A41-7965-456B-B0AF-9D3229CE4D4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "CB1A77D6-D3AD-481B-979C-8F778530B175",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "3A064B6B-A99B-4D8D-A62D-B00C7870BC30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "40813417-A938-4F74-A419-8C5188A35486",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "7FC1BA1A-DF0E-4B15-86BA-24C60E546732",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos:23.1:-:*:*:*:*:*:*",
"matchCriteriaId": "A6B764F3-EE2A-4CA1-8A7E-ED1D86037B8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:23.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "0038F142-6F5E-476D-A1EC-E977FD30F155",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos:23.2:-:*:*:*:*:*:*",
"matchCriteriaId": "1A78CC80-E8B1-4CDA-BB35-A61833657FA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:23.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "4B3B2FE1-C228-46BE-AC76-70C2687050AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:23.2:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "F1B16FF0-900F-4AEE-B670-A537139F6909",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:-:*:*:*:*:*:*",
"matchCriteriaId": "4EC38173-44AB-43D5-8C27-CB43AD5E0B2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "5A4DD04A-DE52-46BE-8C34-8DB47F7500F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "FEE0E145-8E1C-446E-90ED-237E3B9CAF47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r2:*:*:*:*:*:*",
"matchCriteriaId": "0F26369D-21B2-4C6A-98C1-492692A61283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "24003819-1A6B-4BDF-B3DF-34751C137788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "BF8D332E-9133-45B9-BB07-B33C790F737A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r3:*:*:*:*:*:*",
"matchCriteriaId": "3E2A4377-D044-4E43-B6CC-B753D7F6ABD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "8DAEC4F4-5748-4D36-A72B-4C62A0A30E38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "C76DA7A5-9320-4E21-96A2-ACE70803A1CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "703C73EB-2D63-4D4F-8129-239AE1E96B2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r3-s4:*:*:*:*:*:*",
"matchCriteriaId": "8F67CE3C-3A06-487C-90DE-D5B3B1EC08A2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:-:*:*:*:*:*:*",
"matchCriteriaId": "2E907193-075E-45BC-9257-9607DB790D71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "8B73A41D-3FF5-4E53-83FF-74DF58E0D6C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "CEDF46A8-FC3A-4779-B695-2CA11D045AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "39809219-9F87-4583-9DAD-9415DD320B36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "DB299492-A919-4EBA-A62A-B3CF02FC0A95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "74ED0939-D5F8-4334-9838-40F29DE3597F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "C6937069-8C19-4B01-8415-ED7E9EAE2CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3:*:*:*:*:*:*",
"matchCriteriaId": "97DB6DD5-F5DD-4AE1-AF2F-8DB9E18FF882",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "21DF05B8-EF7E-422F-8831-06904160714C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "492FCE45-68A1-4378-85D4-C4034FE0D836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "522114CC-1505-4205-B4B8-797DE1BD833B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s4:*:*:*:*:*:*",
"matchCriteriaId": "C9D664AB-0FA7-49C7-B6E1-69C77652FBEF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:-:*:*:*:*:*:*",
"matchCriteriaId": "C16434C0-21A7-4CE5-92E1-7D60A35EF5D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "750FE748-82E7-4419-A061-2DEA26E35309",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "236E23E5-8B04-4081-9D97-7300DF284000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "5FC96EA7-90A7-4838-B95D-60DBC88C7BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "97541867-C52F-40BB-9AAE-7E87ED23D789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "85CF6664-E35A-4E9B-95C0-CDC91F7F331A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "E048A05D-882F-4B1C-BA32-3BBA3FEA31A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "47E8D51D-1424-4B07-B036-E3E195F21AC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "6F3C82ED-5728-406F-ACF6-D7411B0AB6C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "1475A58F-1515-4492-B5A3-BE40C30E5B14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:-:*:*:*:*:*:*",
"matchCriteriaId": "A3CA3365-F9AF-40DF-8700-30AD4BC58E27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "D77A072D-350A-42F2-8324-7D3AC1711BF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "83AE395C-A651-4568-88E3-3600544BF799",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "B3BE1FD4-DAD9-4357-A2E9-20E5826B0D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "81CC3480-4B65-4588-8D46-FA80A8F6D143",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "F7E76F5F-DB37-4B7F-9247-3CEB4EBD7696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r3:*:*:*:*:*:*",
"matchCriteriaId": "C63DBEE5-B0C2-498F-A672-B6596C89B0A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "9370C46D-3AA1-4562-B67F-DF6EA10F209B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "6E4CD8AD-277A-4FC5-A102-3E151060C216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "4BC09BAC-83E7-48CE-B571-ED49277B2987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r2:*:*:*:*:*:*",
"matchCriteriaId": "FA4481D2-F693-48A5-8DBC-E86430987A25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "136CA584-2475-4A14-9771-F367180201D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "4546776C-A657-42E3-9A36-47F9F59A88AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r3:*:*:*:*:*:*",
"matchCriteriaId": "156DD8ED-CE6E-48C0-9E67-16B04767D62E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "10F9C2B1-BD81-4EDC-ADF5-4B0F39001C7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "61F649B0-0121-4760-9432-5F57214EFC2B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:-:*:*:*:*:*:*",
"matchCriteriaId": "0A33C425-921F-4795-B834-608C8F1597E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "93887799-F62C-4A4A-BCF5-004D0B4D4154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "62C473D2-2612-4480-82D8-8A24D0687BBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "7FB4C5CA-A709-4B13-A9E0-372098A72AD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "04CE952D-E3C1-4B34-9E65-EC52BFE887AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "8AE9D1A7-4721-4E1D-B965-FDC38126B1DD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:23.1:-:*:*:*:*:*:*",
"matchCriteriaId": "57477D7B-F7BB-4491-B545-C770B1160F01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:23.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "82A4E4C8-2D50-4675-8A96-8C9DADCE46CF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:23.2:-:*:*:*:*:*:*",
"matchCriteriaId": "6DEAA7FD-385F-4221-907E-65ABC16BE4BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:23.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "DDEC008A-3137-48D1-8ABC-6DB0EFC40E50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:23.2:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "558D234D-BC50-415F-86D6-8E19D6C3ACE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "\nA Heap-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS).\n\nIf an attacker sends a specific BGP UPDATE message to the device, this will cause a memory overwrite and therefore an RPD crash and restart in the backup Routing Engine (RE). Continued receipt of these packets will cause a sustained Denial of Service (DoS) condition in the backup RE.\n\nThe primary RE is not impacted by this issue and there is no impact on traffic.\n\nThis issue only affects devices with NSR enabled.\n\nNote: NSR is not supported on the SRX Series and is therefore not affected by this vulnerability.\nThis issue requires an attacker to have an established BGP session to a system affected by the issue. This issue affects both eBGP and iBGP implementations.\n\nThis issue affects:\n\nJuniper Networks Junos OS\n\n\n\n * All versions earlier than 20.4R3-S9;\n * 21.2 versions earlier than 21.2R3-S7;\n * 21.3 versions earlier than 21.3R3-S5;\n * 21.4 versions earlier than 21.4R3-S5;\n * 22.1 versions earlier than 22.1R3-S4;\n * 22.2 versions earlier than 22.2R3-S2;\n * 22.3 versions earlier than 22.3R3-S1;\n * 22.4 versions earlier than 22.4R2-S2, 22.4R3;\n * 23.1 versions earlier than 23.1R2;\n * 23.2 versions earlier than 23.2R1-S2, 23.2R2.\n\n\n\n\nJuniper Networks Junos OS Evolved\n\n\n\n * All versions earlier than 21.3R3-S5-EVO;\n * 21.4-EVO versions earlier than 21.4R3-S5-EVO;\n * 22.1-EVO versions earlier than 22.1R3-S4-EVO;\n * 22.2-EVO versions earlier than 22.2R3-S2-EVO;\n * 22.3-EVO versions later than 22.3R1-EVO;\n * 22.4-EVO versions earlier than 22.4R2-S2-EVO, 22.4R3-EVO;\n * 23.1-EVO versions earlier than 23.1R2-EVO;\n * 23.2-EVO versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO.\n\n\n\n\n\n\n"
},
{
"lang": "es",
"value": "Una vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n Heap de la memoria en el Routing Protocol Daemon (RPD) de Juniper Networks Junos OS y Junos OS Evolved permite que un atacante basado en red no autenticado provoque una denegaci\u00f3n de servicio (DoS). Si un atacante env\u00eda un mensaje de ACTUALIZACI\u00d3N de BGP espec\u00edfico al dispositivo, esto provocar\u00e1 una sobrescritura de la memoria y, por lo tanto, un bloqueo del RPD y un reinicio en el Routing Engine (RE) de respaldo. La recepci\u00f3n continua de estos paquetes provocar\u00e1 una condici\u00f3n sostenida de Denegaci\u00f3n de Servicio (DoS) en el RE de respaldo. El RE principal no se ve afectado por este problema y no hay ning\u00fan impacto en el tr\u00e1fico. Este problema solo afecta a dispositivos con NSR habilitado. Este problema requiere que un atacante tenga una sesi\u00f3n BGP establecida en un sistema afectado por el problema. Este problema afecta tanto a las implementaciones de eBGP como de iBGP. Este problema afecta a: Juniper Networks Junos OS * Todas las versiones anteriores a 20.4R3-S9; * Versiones 21.2 anteriores a 21.2R3-S7; * Versiones 21.3 anteriores a 21.3R3-S5; * Versiones 21.4 anteriores a 21.4R3-S5; * Versiones 22.1 anteriores a 22.1R3-S4; * Versiones 22.2 anteriores a 22.2R3-S2; * Versiones 22.3 anteriores a 22.3R3-S1; * Versiones 22.4 anteriores a 22.4R2-S2, 22.4R3; * Versiones 23.1 anteriores a 23.1R2; * Versiones 23.2 anteriores a 23.2R1-S2, 23.2R2. Juniper Networks Junos OS Evolved * Todas las versiones anteriores a 21.3R3-S5-EVO; * Versiones 21.4-EVO anteriores a 21.4R3-S5-EVO; * Versiones 22.1-EVO anteriores a 22.1R3-S4-EVO; * Versiones 22.2-EVO anteriores a 22.2R3-S2-EVO; * Versiones 22.3-EVO posteriores a 22.3R1-EVO; * Versiones 22.4-EVO anteriores a 22.4R2-S2-EVO, 22.4R3-EVO; * Versiones 23.1-EVO anteriores a 23.1R2-EVO; * Versiones 23.2-EVO anteriores a 23.2R1-S2-EVO, 23.2R2-EVO."
}
],
"id": "CVE-2024-21596",
"lastModified": "2024-01-26T01:15:10.873",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "sirt@juniper.net",
"type": "Secondary"
}
]
},
"published": "2024-01-12T01:15:47.267",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Vendor Advisory"
],
"url": "https://supportportal.juniper.net/JSA75735"
},
{
"source": "sirt@juniper.net",
"tags": [
"Vendor Advisory"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "sirt@juniper.net",
"type": "Secondary"
}
]
}
}
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.