Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.5656 Junos OS and Junos OS Evolved: In an SR to LDP interworking scenario, with SRMS, when a specific low privileged command is issued on an ABR rpd will crash (CVE-2022-22233) 8 November 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Junos OS Junos OS Evolved Publisher: Juniper Networks Operating System: Juniper Resolution: Patch/Upgrade CVE Names: CVE-2022-22233 Original Bulletin: https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-an-SR-to-LDP-interworking-scenario-with-SRMS-when-a-specific-low-privileged-command-is-issued-on-an-ABR-rpd-will-crash-CVE-2022-22233 Comment: CVSS (Max): 5.5 CVE-2022-22233 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) CVSS Source: NVD Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- Article ID: JSA69887 Product Affected: This issue affects Junos OS 21.4, 22.1. This issue affects Junos OS Evolved 21.4-EVO, 22.1-EVO. Severity Level: Medium CVSS Score: 5.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) Problem: An Unchecked Return Value to NULL Pointer Dereference vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). In Segment Routing (SR) to Label Distribution Protocol (LDP) interworking scenario, configured with Segment Routing Mapping Server (SRMS) at any node, when an Area Border Router (ABR) leaks the SRMS entries having "S" flag set from IS-IS Level 2 to Level 1, an rpd core might be observed when a specific low privileged CLI command is issued. This issue affects: Juniper Networks Junos OS 21.4 versions prior to 21.4R1-S2, 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R2. Juniper Networks Junos OS Evolved 21.4-EVO versions prior to 21.4R1-S2-EVO, 21.4R2-S1-EVO, 21.4R3-EVO; 22.1-EVO versions prior to 22.1R2-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 21.4R1. Juniper Networks Junos OS Evolved versions prior to 21.4R1. To be affected by the issue the device needs to be configured with ISIS L2 and L1 (neither disabled) and Segment Routing: [protocols isis interface <interface>] [protocols isis source-packet-routing] Juniper SIRT is not aware of any malicious exploitation of this vulnerability. This issue was seen during production usage. This issue has been assigned CVE-2022-22233. Solution: The following software releases have been updated to resolve this specific issue: Junos OS: 21.4R1-S2, 21.4R2-S1, 21.4R3, 22.1R2, 22.2R1 and all subsequent releases. Junos OS Evolved: 21.4R1-S2-EVO, 21.4R2-S1-EVO, 21.4R3-EVO, 22.1R2-EVO, 22.2R1-EVO and all subsequent releases. This issue is being tracked as PR 1662559 which is visible on the Customer Support website. Note: Juniper SIRT's policy is not to evaluate releases which are beyond End of Engineering (EOE) or End of Life (EOL). IMPLEMENTATION: Software Releases, patches and updates are available at https://support.juniper.net/support/downloads/. Workaround: There are no known workarounds for this issue. To reduce the risk of exploitation of this issue, use access lists or firewall filters to limit access to only trusted networks, hosts and users. Severity Assessment: Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories." Modification History: 2022-10-12: Initial Publication. Related Information: KB16613: Overview of the Juniper Networks SIRT Quarterly Security Bulletin Publication Process KB16765: In which releases are vulnerabilities fixed? KB16446: Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories Report a Security Vulnerability - How to Contact the Juniper Networks Security Incident Response Team CVE-2022-22233 at cve.mitre.org Last Updated: 2022-10-12 Created: 2022-10-12 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBY2oAiskNZI30y1K9AQgLTBAAt/gwYhHE54tA+dqTaELq4tlJH4iTYHSC 4ohai7V041IqNHHnpgbo0uPc2uwk2jxvZsbXxiG6nkjcJleuI317H9BFJcen7vGL 6txvzziBTDvqTrQJVL/h+yHnr20eWLxJ8QM1xNU9tWHtWYGyUxeVOJJ9AB2RJPWG 1XHt49AX9lwxUukYD/koth2mhuTKgYBZ07/r6YwgS6rinIFb8TALj3iSVBGWcH9A dpGQxsFQlQ/EdtF+Ni2EGzdVoWQ1GSvl1w5G8E8k7n6AUhGduBlI8sUpAD7eP9Dm rCHGDzHRU544XXCdhynNPUCNW2pdhwBY8uNka4szbUbwZasar6frqnqZOAT68I4U iXPWyxbvwDrr4ivCQg35jua7mhvcdfKpc3yQ0OGC8he8r2qwyg0+mXznovzU4P4p WNm5IEzyjXB8nzzg29S6YwZzxlJRxZUY4gUYwfrPB8cFJHnUi5hn1vzg2HZEBtdm cpzDvy/aSWl3bGr6Hh8Ws8EcaPD3xkrlEg0zwX2hmjEVPoPyT0G5skr+PsVEFUoX N3f9J2gsBszvf57gAa8VdLOzHA4DPj6ZKrN3yz+i5s3bDKhGaJbPHHLLoCsoCkEz BIjJuShxQHPrrf5hewli1AYIGVk0Jaoe610/oZ9tr737ei3ESFzcWuGYoz8e3vyc /TvupdV6j6o= =RJyS -----END PGP SIGNATURE-----