Other official information and services: www.belgium.be

WARNING: MULTIPLE CRITICAL VULNERABILITIES ADDRESSED IN ALL VERSIONS OF JUNIPER NETWORKS JUNOS OS, PATCH IMMEDIATELY!

Référence:

Advisory #2023-41

Version:

1.0

Logiciels concernés :

All Juniper Networks Junos OS versions prior to 19.1R3-S10

19.4 versions prior to 19.4R3-S10

20.2 versions prior to 20.2R3-S6

20.3 versions prior to 20.3R3-S6

20.4 versions prior to 20.4R3-S5

21.1 versions prior to 21.1R3-S4

21.2 versions prior to 21.2R3-S4

21.3 versions prior to 21.3R3-S3

21.4 versions prior to 21.4R3-S1

22.1 versions prior to 22.1R2-S2, 22.1R3

22.2 versions prior to 22.2R2-S1, 22.2R3

Type:

Remote Code Execution, Denial of Service

CVE/CVSS:

CVE-2022-22822 CVSS 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVE-2022-22823 CVSS 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVE-2022-22824 CVSS 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVE-2022-23852 CVSS 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVE-2022-25235 CVSS 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVE-2022-25236 CVSS 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVE-2022-25315 CVSS 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Date:

17/04/2023

Sources

https://supportportal.juniper.net/s/article/2023-04-Security-Bulletin-Junos-OS-Multiple-vulnerabilities-in-expat-resolved?language=en_US

Risques

On April 12, 2023, networking provider Juniper Networks released a security advisory detailing multiple vulnerabilities found in the Expat (a.k.a. libexpat) component of the Junos OS. The Centre for Cyber security highlighted the most critical vulnerabilities of this patch bundle.

Currently, Juniper SIRT is not aware of any malicious exploitation of the mentioned vulnerabilities.

The Centre for Cyber security Belgium recommends system administrators to patch vulnerable systems as soon as possible and to analyse system and network logs for any suspicious activity. If your organization has already identified an intrusion or incident, please report it via: https://cert.be/en/report-incident.

Description

CVE-2022-22822 could allow a remote attacker to execute arbitrary code on a vulnerable system, caused by an integer overflow of addBinding in xmlparse.c.

CVE-2022-22823 could allow a remote attacker to execute arbitrary code on a vulnerable system, caused by an integer overflow of build_model in xmlparse.c.

CVE-2022-22824 could allow a remote attacker to execute arbitrary code on a vulnerable system, caused by an integer overflow of defineAttribute in xmlparse.c.

CVE-2022-23852 could allow a remote attacker to execute arbitrary code on a vulnerable system, caused by an integer overflow in the XML_GetBuffer function.

CVE-2022-25315 could allow a remote attacker to execute arbitrary code on a vulnerable system, caused by an integer overflow in storeRawNames. By persuading a victim to open a specially crafted file, an attacker could overflow a buffer and execute arbitrary code on the system.

CVE-2022-25235 could lead to a denial of service, caused by improper input validation in xmltok_impl.c. By persuading a victim to open a specially crafted content with malformed encoding, a remote attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2022-25236 could lead to a denial of service, caused by improper protection against insertion of characters into namespace URIs in xmlparse.c. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.

Actions recommandées

The CCB strongly recommends administrators to apply security updates for vulnerable systems with the highest priority, after thorough testing.