Multiple vulnerabilities in Juniper Networks Session Smart Router



Published: 2022-10-17 | Updated: 2022-12-22
Risk High
Patch available YES
Number of vulnerabilities 79
CVE-ID CVE-2021-35550
CVE-2021-35578
CVE-2021-35567
CVE-2021-35565
CVE-2021-35564
CVE-2021-35561
CVE-2021-35559
CVE-2021-35556
CVE-2021-3347
CVE-2021-35588
CVE-2021-32399
CVE-2021-29650
CVE-2021-29154
CVE-2021-27365
CVE-2021-27364
CVE-2021-27363
CVE-2021-22555
CVE-2021-35586
CVE-2021-35603
CVE-2021-20271
CVE-2022-0778
CVE-2022-25315
CVE-2022-25236
CVE-2022-25235
CVE-2022-24903
CVE-2022-24407
CVE-2022-1271
CVE-2022-0847
CVE-2021-45417
CVE-2021-3653
CVE-2021-43527
CVE-2021-42574
CVE-2021-41617
CVE-2021-4034
CVE-2021-37750
CVE-2021-37576
CVE-2021-3715
CVE-2021-3656
CVE-2021-22543
CVE-2021-20265
CVE-2008-5161
CVE-2019-12735
CVE-2020-12362
CVE-2020-10769
CVE-2020-0427
CVE-2019-20934
CVE-2019-20811
CVE-2019-19532
CVE-2019-18282
CVE-2018-25032
CVE-2020-12364
CVE-2018-20534
CVE-2018-20533
CVE-2018-20532
CVE-2018-10689
CVE-2016-4658
CVE-2016-2124
CVE-2015-9262
CVE-2020-12363
CVE-2020-14314
CVE-2021-0543
CVE-2020-25710
CVE-2020-8648
CVE-2020-7053
CVE-2020-29661
CVE-2020-28374
CVE-2020-27777
CVE-2020-27170
CVE-2020-25717
CVE-2020-25709
CVE-2020-14351
CVE-2020-25705
CVE-2020-25656
CVE-2020-25645
CVE-2020-25643
CVE-2020-25212
CVE-2020-25211
CVE-2020-24394
CVE-2020-14385
CWE-ID CWE-300
CWE-20
CWE-416
CWE-362
CWE-119
CWE-77
CWE-264
CWE-200
CWE-787
CWE-345
CWE-835
CWE-190
CWE-94
CWE-122
CWE-89
CWE-908
CWE-269
CWE-476
CWE-400
CWE-755
CWE-78
CWE-125
CWE-284
CWE-617
CWE-667
CWE-22
CWE-862
CWE-203
CWE-330
CWE-319
CWE-367
CWE-732
Exploitation vector Network
Public exploit Public exploit code for vulnerability #17 is available.
Public exploit code for vulnerability #21 is available.
Vulnerability #28 is being exploited in the wild.
Public exploit code for vulnerability #32 is available.
Vulnerability #34 is being exploited in the wild.
Public exploit code for vulnerability #39 is available.
Public exploit code for vulnerability #42 is available.
Public exploit code for vulnerability #52 is available.
Public exploit code for vulnerability #53 is available.
Public exploit code for vulnerability #54 is available.
Public exploit code for vulnerability #72 is available.
Vulnerable software
Subscribe
Session Smart Router
Server applications / Other server solutions

Vendor Juniper Networks, Inc.

Security Bulletin

This security bulletin contains information about 79 vulnerabilities.

1) Man-in-the-Middle (MitM) attack

EUVDB-ID: #VU57487

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-35550

CWE-ID: CWE-300 - Channel Accessible by Non-Endpoint ('Man-in-the-Middle')

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The vulnerability exists due to the JSSE component in Oracle GraalVM Enterprise Edition offers cipher suites in the wrong way, which causes weaker cipher suites to be offered ahead of the strong ones. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Improper input validation

EUVDB-ID: #VU57495

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-35578

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The vulnerability exists due to improper input validation within the JSSE component in Oracle GraalVM Enterprise Edition when processing TLS 1.3 ClientHello packets. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Improper input validation

EUVDB-ID: #VU57486

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-35567

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Libraries component in Oracle GraalVM Enterprise Edition. A remote authenticated user can exploit this vulnerability to gain access to sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Improper input validation

EUVDB-ID: #VU57494

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-35565

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The vulnerability exists due to improper input validation within the JSSE component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Improper input validation

EUVDB-ID: #VU57490

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-35564

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The vulnerability exists due to improper input validation within the Keytool component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

6) Improper input validation

EUVDB-ID: #VU57493

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-35561

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The vulnerability exists due to improper input validation within the Utility component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

7) Improper input validation

EUVDB-ID: #VU57492

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-35559

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The vulnerability exists due to improper input validation within the Swing component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

8) Improper input validation

EUVDB-ID: #VU57491

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-35556

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The vulnerability exists due to improper input validation within the Swing component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

9) Use-after-free

EUVDB-ID: #VU52035

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-3347

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to elevate privileges on the system.

The vulnerability exists due to a use-after-free error when handling PI futexes. A local user can run a specially crafted program to trigger a use-after-free error and execute arbitrary code with elevated privileges.


Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

10) Improper input validation

EUVDB-ID: #VU57497

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-35588

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

11) Race condition

EUVDB-ID: #VU55257

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-32399

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition  for removal of the HCI controller within net/bluetooth/hci_request.c in the Linux kernel. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

12) Buffer overflow

EUVDB-ID: #VU56240

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-29650

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the netfilter subsystem in net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h. A local user can trigger memory corruption upon the assignment of a new table value and cause denial of service.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

13) Command Injection

EUVDB-ID: #VU56241

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-29154

CWE-ID: CWE-77 - Command injection

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect computation of branch displacements within the BPF JIT compilers in the Linux kernel in arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. A local user can inject and execute arbitrary commands with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

14) Buffer overflow

EUVDB-ID: #VU51451

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-27365

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error when processing Netlink messages in Linux kernel through 5.11.3, as certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. A local unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message, trigger memory corruption and execute arbitrary code on the system with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

15) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU51452

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-27364

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to iscsi_if_recv_msg() allows non-root users to connect and send commands to the Linux kernel. A local user can escalate privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

16) Information disclosure

EUVDB-ID: #VU51453

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-27363

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to the show_transport_handle() shows iSCSI transport handle to non-root users. A local user can gain unauthorized access to sensitive information and use it along with another vulnerability, such as #VU51452, to escalate privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

17) Out-of-bounds write

EUVDB-ID: #VU56017

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-22555

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error when processing untrusted input in net/netfilter/x_tables.c in Linux kernel. A local user can run a specially crafted program to trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

18) Improper input validation

EUVDB-ID: #VU57489

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-35586

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The vulnerability exists due to improper input validation within the ImageIO component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

19) Improper input validation

EUVDB-ID: #VU57496

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-35603

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The vulnerability exists due to improper input validation within the JSSE component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

20) Insufficient verification of data authenticity

EUVDB-ID: #VU54477

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-20271

CWE-ID: CWE-345 - Insufficient Verification of Data Authenticity

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to an error in RPM's signature check functionality when reading package files. A remote attacker can create a specially crafted package with a modified signature header, trick the victim into installing and compromise the affected system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

21) Infinite loop

EUVDB-ID: #VU61391

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-0778

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the BN_mod_sqrt() function when processing an ASN.1 certificate that contains elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. A remote attacker can supply a specially crafted certificate to the TLS server or client, consume all available system resources and cause denial of service conditions.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

22) Integer overflow

EUVDB-ID: #VU60739

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-25315

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in storeRawNames function. A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

23) Input validation error

EUVDB-ID: #VU60733

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-25236

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper protection against insertion of namesep characters into namespace URIs in xmlparse.c. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

24) Code Injection

EUVDB-ID: #VU60736

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-25235

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to the affected application lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

25) Heap-based buffer overflow

EUVDB-ID: #VU62830

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-24903

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service or potentially execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when parsing data in imtcp, imptcp, imgssapi, and imhttp modules used for TCP syslog reception. A remote attacker can pass specially crafted data to the application, trigger heap-based buffer overflow and cause a denial of service or potentially execute arbitrary code on the target system.

Successful exploitation of this vulnerability is possible if the attacker is able to directly send specially crafted messages to the rsyslog daemon or by injecting specially crafted data into log files. Vulnerability exploitation in the second scenario requires that the rsyslog client supports octet-counted framing, which is not a default configuration.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

26) SQL injection

EUVDB-ID: #VU60842

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-24407

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of password in the SQL plugin shipped with Cyrus SASL. A remote non-authenticated attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

27) Input validation error

EUVDB-ID: #VU62002

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-1271

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation when processing filenames with two or more newlines. A remote attacker can force zgrep or xzgrep to write arbitrary files on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise the affected system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

28) Use of uninitialized resource

EUVDB-ID: #VU61110

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-0847

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to usage of an uninitialized resources. A local user can overwrite arbitrary file in the page cache, even if the file is read-only, and execute arbitrary code on the system with elevated privileges.

The vulnerability was dubbed Dirty Pipe.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

29) Heap-based buffer overflow

EUVDB-ID: #VU59952

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-45417

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in src/base64.h. A local user can use specially crafted file metadata, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

30) Security restrictions bypass

EUVDB-ID: #VU56904

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-3653

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a malicious guest to escalate privileges on the system.

The vulnerability exists due to improperly imposed security restrictions within the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "int_ctl" field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest.

As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

31) Heap-based buffer overflow

EUVDB-ID: #VU58477

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-43527

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when handling DER-encoded DSA or RSA-PSS signatures. A remote attacker can send specially crafted signatures encoded within CMS, S/MIME, PKCS #7, or PKCS #12 to the application, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

32) Input validation error

EUVDB-ID: #VU57848

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-42574

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: Yes

Description

The vulnerability allows an attacker to bypass certain security checks.

The vulnerability exists in the Bidirectional Algorithm in the Unicode Specification. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters.

An attacker can leverage this behavior to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

33) Improper Privilege Management

EUVDB-ID: #VU58333

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-41617

CWE-ID: CWE-269 - Improper Privilege Management

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges.

The vulnerability exists due to improper privilege management in sshd, when certain non-default configurations are used, because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user. A local user can escalate privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

34) Input validation error

EUVDB-ID: #VU60007

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-4034

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper handling of the calling parameters count in the pkexec setuid binary, which causes the binary to execute environment variables as commands. A local user can craft environment variables in a way that they will be processed and executed by pkexec and execute arbitrary commands on the system as root.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

35) NULL pointer dereference

EUVDB-ID: #VU56828

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-37750

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the Key Distribution Center (KDC) in kdc/do_tgs_req.c. A remote user can pass specially crafted data via the FAST inner body that lacks a server field, trigger a NULL pointer dereference error and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

36) Out-of-bounds write

EUVDB-ID: #VU57101

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-37576

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to a boundary error in arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform. An attacker on KVM guest OS can cause host OS memory corruption via rtas_args.nargs and execute arbitrary code on the host OS.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

37) Use-after-free

EUVDB-ID: #VU56393

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-3715

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in the "Routing decision" classifier in the Linux kernel's Traffic Control networking subsystem (route4_change() function in net/sched/cls_route.c) in the way it handled changing of classification filters. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.


Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

38) Security restrictions bypass

EUVDB-ID: #VU56929

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-3656

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a malicious guest to escalate privileges on the system.

The vulnerability exists due to improperly imposed security restrictions within the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "virt_ext" field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest.

The vulnerability allows the L2 guest to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

39) Buffer overflow

EUVDB-ID: #VU56018

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-22543

CWE-ID: CWE-119 - Memory corruption

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in Linux kernel when handling VM_IO|VM_PFNMAP vmas in KVM. A local user can  can bypass RO checks and cause the pages to get freed while still accessible by the VMM and guest. As a result, an attacker with the ability to start and control a VM to read/write random pages of memory, can trigger memory corruption and execute arbitrary code with elevated privileges.


Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

40) Resource exhaustion

EUVDB-ID: #VU51548

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-20265

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources in the unix_stream_recvmsg function in the Linux kernel when a signal was pending. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

41) Improper handling of exceptional conditions

EUVDB-ID: #VU68362

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2008-5161

CWE-ID: CWE-755 - Improper Handling of Exceptional Conditions

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

42) OS Command Injection

EUVDB-ID: #VU31049

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-12735

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: Yes

Description

The vulnerability allows a local non-authenticated attacker to execute arbitrary code.

getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

43) Integer overflow

EUVDB-ID: #VU54234

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-12362

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer overflow. A local user can run a specially crafted program to trigger integer overflow and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

44) Out-of-bounds read

EUVDB-ID: #VU50427

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-10769

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition within the crypto_authenc_extractkeys() function in crypto/authenc.c in the IPsec Cryptographic algorithm's module "authenc". A local low-privileged user can run a specially crafted program to trigger an out-of-bounds read error and crash the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

45) Out-of-bounds read

EUVDB-ID: #VU47057

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-0427

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a use after free when processing files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

46) Use-after-free

EUVDB-ID: #VU55260

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-20934

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in Linux fair scheduler within the show_numa_stats() function, caused by improperly freed NUMA fault statistics. A local user can trigger a use-after-free error and escalate privileges on the system.


Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

47) Input validation error

EUVDB-ID: #VU34374

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-20811

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a local authenticated user to manipulate data.

An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

48) Out-of-bounds write

EUVDB-ID: #VU24440

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-19532

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in drivers/hid/hid-axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c, drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c, drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c, drivers/hid/hid-logitech-hidpp.c, drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c, drivers/hid/hid-tmff.c, and drivers/hid/hid-zpff.c. A local user with physical access can use a malicious USB device in the Linux kernel HID drivers, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

49) Information disclosure

EUVDB-ID: #VU51269

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2019-18282

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to track devices via UDP packets.

The vulnerability exists due to excessive data output in the flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 and affects net/core/flow_dissector.c and related code. The auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd value as a secret, and because jhash (instead of siphash) is used. The hashrnd value remains the same starting from boot time, and can be inferred by an attacker. A remote attacker can use the hashrnd value and track reliably track activity of devices using UDP packets.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

50) Buffer overflow

EUVDB-ID: #VU61671

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2018-25032

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when compressing data. A remote attacker can pass specially crafted input to the application, trigger memory corruption and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

51) NULL pointer dereference

EUVDB-ID: #VU54249

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-12364

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A local user can run a specially crafted program to perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

52) Input validation error

EUVDB-ID: #VU17721

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-20534

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input processed by the pool_whatprovides function, as defined in the ext/pool.h source code file of the affected software. A remote attacker can trick the victim into opening or executing a file that submits malicious input, trigger an illegal access address condition and cause the affected software to crash, resulting in a DoS condition.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

53) NULL pointer dereference

EUVDB-ID: #VU17720

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-20533

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input processed by the testcase_str2dep_complex function, as defined in the ext/testcase.c source code file of the affected software. A remote attacker can trick the victim into opening or executing a file that submits malicious input, trigger a NULL pointer dereference condition and cause the affected software to crash, resulting in a DoS condition.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

54) NULL pointer dereference

EUVDB-ID: #VU17719

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-20532

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input processed by the testcase_read function, as defined in the ext/testcase.c source code file of the affected software. A remote attacker can trick the victim into opening or executing a file that submits malicious input, trigger a NULL pointer dereference condition and cause the affected software to crash, resulting in a DoS condition.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

55) Buffer overflow

EUVDB-ID: #VU22938

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-10689

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the dev_map_read() function in btt/devmap.c in blktrace. A local user can create a specially crafted file, pass it to he application that is using the vulnerable component (e.g. btt program), trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

56) Use-after-free

EUVDB-ID: #VU57346

Risk: High

CVSSv3.1:

CVE-ID: CVE-2016-4658

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error, caused by using namespace nodes in XPointer ranges within the xpointer.c in libxml2. A remote attackers can pass specially crated XML document to he application, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

57) Improper access control

EUVDB-ID: #VU58098

Risk: High

CVSSv3.1:

CVE-ID: CVE-2016-2124

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to SMB1 client connections can be downgraded to plaintext authentication. A remote attacker can perform a man-in-the-middle attack and downgrade a negotiated SMB1 client connection and its capabitilities.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

58) Heap-based buffer overflow

EUVDB-ID: #VU17462

Risk: High

CVSSv3.1:

CVE-ID: CVE-2015-9262

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in _XcursorThemeInherits in library.c. A remote attacker can trigger a one-byte heap overflow and cause the service to crash or execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

59) Input validation error

EUVDB-ID: #VU54248

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-12363

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A local user can run a specially crafted program to perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

60) Out-of-bounds read

EUVDB-ID: #VU47106

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-14314

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.

A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

61) Out-of-bounds write

EUVDB-ID: #VU68363

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-0543

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within the phNxpNciHal_process_ext_rsp() function in phNxpNciHal_ext.cc. A local application can trigger an out-of-bounds read and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

62) Reachable Assertion

EUVDB-ID: #VU48515

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-25710

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion when processing LDAP requests in slapd within the csnNormalize23() function in schema_init.c. A remote attacker can send a specially crafted packet to the server, trigger an assertion failure and crash the daemon.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

63) Use-after-free

EUVDB-ID: #VU28416

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-8648

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local authenticated user to #BASIC_IMPACT#.

There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

64) Use-after-free

EUVDB-ID: #VU24711

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-7053

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the i915_ppgtt_close() function in drivers/gpu/drm/i915/i915_gem_gtt.c, related to i915_gem_context_destroy_ioctl() call in drivers/gpu/drm/i915/i915_gem_context.c. A local user can run a specially crafted application to execute arbitrary code on the system with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

65) Improper locking

EUVDB-ID: #VU51543

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-29661

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a escalate privileges on the system.

The vulnerability exists due to locking error in the tty subsystem of the Linux kernel in drivers/tty/tty_jobctrl.c. An local user can exploit this vulnerability to trigger a use-after-free error against TIOCSPGRP and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

66) Path traversal

EUVDB-ID: #VU49914

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-28374

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote user to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in drivers/target/target_core_xcopy.c in the Linux kernel. A remote user with access to iSCSI LUN can send a specially crafted XCOPY request and read or write arbitrary files on the system.


Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

67) Missing Authorization

EUVDB-ID: #VU56242

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-27777

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to the way RTAS handles memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like user could use this flaw to further increase their privileges to that of a running kernel.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

68) Observable discrepancy

EUVDB-ID: #VU51774

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-27170

CWE-ID: CWE-203 - Observable discrepancy

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists in kernel/bpf/verifier.c due to kernel performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations. A local user can run a specially crafted program to gain access to sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

69) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU58097

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-25717

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to the Windows Active Directory (AD) domains have by default a feature to allow users to create computer accounts. A remote authenticated attacker can create such account with elevated privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

70) Reachable Assertion

EUVDB-ID: #VU48516

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-25709

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion in certificateListValidate() function in schema_init.c. A remote attacker can send specially crafted packet to the slapd daemon, trigger an assertion failure and crash the service.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

71) Use-after-free

EUVDB-ID: #VU51544

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-14351

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the perf subsystem. A local user with permission to monitor perf events cam corrupt memory and execute arbitrary code with elevated privileges.


Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

72) Use of insufficiently random values

EUVDB-ID: #VU49150

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-25705

CWE-ID: CWE-330 - Use of Insufficiently Random Values

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

73) Use-after-free

EUVDB-ID: #VU51547

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-25656

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a use-after-free error in the way the console subsystem uses KDGKBSENT and KDSKBSENT IOCTLs. A local user can run a specially crafted program to trigger an out-of-bounds read and gain access to sensitive information.


Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

74) Cleartext transmission of sensitive information

EUVDB-ID: #VU51546

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-25645

CWE-ID: CWE-319 - Cleartext Transmission of Sensitive Information

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to traffic passed between two Geneve endpoints with configured IPsec can be unencrypted for the specific UDP port. A remote attacker with ability to intercept network traffic can gain access to sensitive data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

75) Out-of-bounds read

EUVDB-ID: #VU51881

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-25643

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the HDLC_PPP module of the Linux kernel in the ppp_cp_parse_cr() function. A remote authenticated user can trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

76) Time-of-check Time-of-use (TOCTOU) Race Condition

EUVDB-ID: #VU51433

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-25212

CWE-ID: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a TOCTOU mismatch in the NFS client code in the Linux kernel. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code on the system with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

77) Buffer overflow

EUVDB-ID: #VU51545

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-25211

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to crash the system.

The vulnerability exists due to a boundary error within the ctnetlink_parse_tuple_filter() function in net/netfilter/nf_conntrack_netlink.c. A local user can inject conntrack netlink configuration, trigger buffer overflow and crash the kernel or force usage of incorrect protocol numbers.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

78) Incorrect permission assignment for critical resource

EUVDB-ID: #VU51240

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-24394

CWE-ID: CWE-732 - Incorrect Permission Assignment for Critical Resource

Exploit availability: No

Description

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to incorrect assignment of permissions on new filesystem objects when the filesystem lacks ACL support in fs/nfsd/vfs.c (in the NFS server). A local user can read and write arbitrary files on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

79) Buffer overflow

EUVDB-ID: #VU58841

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-14385

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the file system metadata validator in XFS. A local user can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt and shutdown the the filesystem.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Session Smart Router: before 5.4.7


CPE2.3
External links

http://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###