{"containers": {"cna": {"affected": [{"product": "Junos OS", "vendor": "Juniper Networks", "versions": [{"lessThan": "20.4R1", "status": "unaffected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "20.4R3-S1", "status": "affected", "version": "20.4", "versionType": "custom"}, {"lessThan": "21.1R2-S2, 21.1R3", "status": "affected", "version": "21.1", "versionType": "custom"}]}], "configurations": [{"lang": "en", "value": "The following two configuration line are both required for the issue to be seen: \n [ protocols bgp ... family <family> segment-routing-te ] \n [ protocols bgp ... traceoptions flag update ]"}], "datePublic": "2022-01-12T00:00:00", "descriptions": [{"lang": "en", "value": "An Improper Validation of Specified Quantity in Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause an rdp crash and thereby a Denial of Service (DoS). If a BGP update message is received over an established BGP session where a BGP SR-TE policy tunnel attribute is malformed and BGP update tracing flag is enabled, the rpd will core. This issue can happen with any BGP session as long as the previous conditions are met. This issue can not propagate as the crash occurs as soon as the malformed update is received. This issue affects Juniper Networks Junos OS: 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R2-S2, 21.1R3. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1."}], "exploits": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1284", "description": "CWE-1284 Improper Validation of Specified Quantity in Input", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"description": "Denial of Service (DoS)", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-01-19T00:21:11", "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://kb.juniper.net/JSA11274"}], "solutions": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue: 20.4R3-S1, 21.1R2-S2, 21.1R3, 21.2R1, and all subsequent releases."}], "source": {"advisory": "JSA11274", "defect": ["1598850"], "discovery": "USER"}, "title": "Junos OS: An rpd core will occur if BGP update tracing is configured and an update containing a malformed BGP SR-TE policy tunnel attribute is received", "workarounds": [{"lang": "en", "value": "Please remove the BGP update trace configuration that's applicable.\n\n [ protocols bgp ... traceoptions flag update ]"}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "sirt@juniper.net", "DATE_PUBLIC": "2022-01-12T17:00:00.000Z", "ID": "CVE-2022-22166", "STATE": "PUBLIC", "TITLE": "Junos OS: An rpd core will occur if BGP update tracing is configured and an update containing a malformed BGP SR-TE policy tunnel attribute is received"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Junos OS", "version": {"version_data": [{"version_affected": "<", "version_name": "20.4", "version_value": "20.4R3-S1"}, {"version_affected": "<", "version_name": "21.1", "version_value": "21.1R2-S2, 21.1R3"}, {"version_affected": "!<", "version_value": "20.4R1"}]}}]}, "vendor_name": "Juniper Networks"}]}}, "configuration": [{"lang": "en", "value": "The following two configuration line are both required for the issue to be seen: \n [ protocols bgp ... family <family> segment-routing-te ] \n [ protocols bgp ... traceoptions flag update ]"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An Improper Validation of Specified Quantity in Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause an rdp crash and thereby a Denial of Service (DoS). If a BGP update message is received over an established BGP session where a BGP SR-TE policy tunnel attribute is malformed and BGP update tracing flag is enabled, the rpd will core. This issue can happen with any BGP session as long as the previous conditions are met. This issue can not propagate as the crash occurs as soon as the malformed update is received. This issue affects Juniper Networks Junos OS: 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R2-S2, 21.1R3. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1."}]}, "exploit": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-1284 Improper Validation of Specified Quantity in Input"}]}, {"description": [{"lang": "eng", "value": "Denial of Service (DoS)"}]}]}, "references": {"reference_data": [{"name": "https://kb.juniper.net/JSA11274", "refsource": "CONFIRM", "url": "https://kb.juniper.net/JSA11274"}]}, "solution": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue: 20.4R3-S1, 21.1R2-S2, 21.1R3, 21.2R1, and all subsequent releases."}], "source": {"advisory": "JSA11274", "defect": ["1598850"], "discovery": "USER"}, "work_around": [{"lang": "en", "value": "Please remove the BGP update trace configuration that's applicable.\n\n [ protocols bgp ... traceoptions flag update ]"}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:07:49.671Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kb.juniper.net/JSA11274"}]}]}, "cveMetadata": {"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "cveId": "CVE-2022-22166", "datePublished": "2022-01-19T00:21:11.594846Z", "dateReserved": "2021-12-21T00:00:00", "dateUpdated": "2024-09-16T18:39:36.973Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:20.4:-:*:*:*:*:*:*", "matchCriteriaId": "3D361B23-A3C2-444B-BEB8-E231DA950567", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.4:r1:*:*:*:*:*:*", "matchCriteriaId": "20DDC6B7-BFC4-4F0B-8E68-442C23765BF2", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.4:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "037BA01C-3F5C-4503-A633-71765E9EF774", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.4:r2:*:*:*:*:*:*", "matchCriteriaId": "C54B047C-4B38-40C0-9855-067DCF7E48BD", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.4:r2-s1:*:*:*:*:*:*", "matchCriteriaId": "38984199-E332-4A9C-A4C0-78083D052E15", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.4:r2-s2:*:*:*:*:*:*", "matchCriteriaId": "AA6526FB-2941-4D18-9B2E-472AD5A62A53", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:20.4:r3:*:*:*:*:*:*", "matchCriteriaId": "09876787-A40A-4340-9C12-8628C325353B", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.1:-:*:*:*:*:*:*", "matchCriteriaId": "6FDB5B7D-FB37-47E3-8678-B9ED578CCA5F", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.1:r1:*:*:*:*:*:*", "matchCriteriaId": "625BA7E6-D2AD-4A48-9B94-24328BE5B06A", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.1:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "F462F4E3-762C-429F-8D25-5521100DD37C", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.1:r2:*:*:*:*:*:*", "matchCriteriaId": "C0BC9DAC-D6B5-4C5E-8C73-6E550D9A30F5", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.1:r2-s1:*:*:*:*:*:*", "matchCriteriaId": "689FE1AE-7A85-4FB6-AB02-E732F23581B6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An Improper Validation of Specified Quantity in Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause an rdp crash and thereby a Denial of Service (DoS). If a BGP update message is received over an established BGP session where a BGP SR-TE policy tunnel attribute is malformed and BGP update tracing flag is enabled, the rpd will core. This issue can happen with any BGP session as long as the previous conditions are met. This issue can not propagate as the crash occurs as soon as the malformed update is received. This issue affects Juniper Networks Junos OS: 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R2-S2, 21.1R3. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1."}, {"lang": "es", "value": "Una vulnerabilidad de comprobaci\u00f3n inapropiada de la cantidad especificada en la entrada en el demonio del protocolo de enrutamiento (rpd) del Sistema Operativo Junos de Juniper Networks permite a un atacante no autenticado conectado a la red causar un bloqueo del rdp y, por tanto, una denegaci\u00f3n de servicio (DoS). Si es recibido un mensaje de actualizaci\u00f3n de BGP a trav\u00e9s de una sesi\u00f3n BGP establecida en la que un atributo de t\u00fanel de pol\u00edtica SR-TE de BGP est\u00e1 malformado y la bandera de rastreo de actualizaciones de BGP est\u00e1 habilitada, el rpd ser\u00e1 bloqueado. Este problema puede ocurrir con cualquier sesi\u00f3n BGP siempre que se cumplan las condiciones anteriores. Este problema no puede propagarse, ya que el fallo es producido en cuanto es recibido la actualizaci\u00f3n malformada. Este problema afecta al Sistema Operativo Junos de Juniper Networks: versiones 20.4 anteriores a 20.4R3-S1; versiones 21.1 anteriores a 21.1R2-S2, 21.1R3. Este problema no afecta a versiones del Sistema Operativo Junos de Juniper Networks anteriores a 20.4R1"}], "id": "CVE-2022-22166", "lastModified": "2024-11-21T06:46:17.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "sirt@juniper.net", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-01-19T01:15:08.847", "references": [{"source": "sirt@juniper.net", "tags": ["Vendor Advisory"], "url": "https://kb.juniper.net/JSA11274"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://kb.juniper.net/JSA11274"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1284"}], "source": "sirt@juniper.net", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-1284"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}