Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-24808 (GCVE-0-2022-24808)
Vulnerability from cvelistv5 – Published: 2024-04-16 19:52 – Updated: 2024-08-03 04:20
VLAI?
EPSS
Title
net-snmp: A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference
Summary
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a `SET` request to `NET-SNMP-AGENT-MIB::nsLogTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.
Severity ?
6.5 (Medium)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:net-snmp:net-snmp:5.9.2:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "net-snmp",
"vendor": "net-snmp",
"versions": [
{
"status": "affected",
"version": "5.9.2"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-24808",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-23T18:23:10.723285Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:15:57.749Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:20:50.466Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103225"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-29"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5209"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105240"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "net-snmp",
"repo": "https://github.com/net-snmp/net-snmp",
"vendor": "net-snmp",
"versions": [
{
"lessThan": "5.9.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a `SET` request to `NET-SNMP-AGENT-MIB::nsLogTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.\u003cbr\u003e"
}
],
"value": "net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a `SET` request to `NET-SNMP-AGENT-MIB::nsLogTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-16T19:52:31.783Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103225"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/"
},
{
"url": "https://security.gentoo.org/glsa/202210-29"
},
{
"url": "https://www.debian.org/security/2022/dsa-5209"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105240"
},
{
"url": "https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "net-snmp: A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-24808",
"datePublished": "2024-04-16T19:52:31.783Z",
"dateReserved": "2022-02-10T16:41:34.917Z",
"dateUpdated": "2024-08-03T04:20:50.466Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2103225\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/202210-29\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2022/dsa-5209\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2105240\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T04:20:50.466Z\"}}, {\"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-24808\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-04-23T18:23:10.723285Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:net-snmp:net-snmp:5.9.2:-:*:*:*:*:*:*\"], \"vendor\": \"net-snmp\", \"product\": \"net-snmp\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.9.2\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-04-23T16:14:02.603Z\"}, \"title\": \"CISA ADP Vulnrichment\"}], \"cna\": {\"title\": \"net-snmp: A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/net-snmp/net-snmp\", \"vendor\": \"net-snmp\", \"product\": \"net-snmp\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"5.9.2\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2103225\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/\"}, {\"url\": \"https://security.gentoo.org/glsa/202210-29\"}, {\"url\": \"https://www.debian.org/security/2022/dsa-5209\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2105240\"}, {\"url\": \"https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a `SET` request to `NET-SNMP-AGENT-MIB::nsLogTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a `SET` request to `NET-SNMP-AGENT-MIB::nsLogTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-476\", \"description\": \"CWE-476 NULL Pointer Dereference\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-04-16T19:52:31.783Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-24808\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-03T04:20:50.466Z\", \"dateReserved\": \"2022-02-10T16:41:34.917Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-04-16T19:52:31.783Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CERTFR-2023-AVI-0318
Vulnerability from certfr_avis - Published: 2023-04-17 - Updated: 2023-04-17
De multiples vulnérabilités ont été découvertes dans VMware. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | N/A | Isolation Segment versions 2.12.x antérieures à 2.12.19 | ||
| VMware | Tanzu | VMware Tanzu Application Service for VMs versions 2.12.x antérieures à 2.12.24 | ||
| VMware | N/A | Canonical Ubuntu 18.04 | ||
| VMware | Tanzu | VMware Tanzu Application Service for VMs versions 2.13.x antérieures à 2.13.17 | ||
| VMware | N/A | Platform Automation Toolkit versions 4.0.x antérieures à to 4.0.13 | ||
| VMware | Tanzu | VMware Tanzu Application Service for VMs versions 2.11.x antérieures à 2.11.35 | ||
| VMware | N/A | Platform Automation Toolkit versions 4.3.x versions antérieures à 4.3.5 | ||
| VMware | N/A | Platform Automation Toolkit versions 5.1.x versions antérieures à 5.1.0 | ||
| VMware | N/A | Operations Manager versions 3.0.x antérieures à 3.0.4 | ||
| VMware | N/A | Operations Manager versions 2.10.x antérieures à 2.10.51 | ||
| VMware | N/A | Isolation Segment versions 3.0.x antérieures à 3.0.7 (avec Jammy Stemcells versions antérieures à 1.80) | ||
| VMware | N/A | Isolation Segment versions 2.11.x antérieures à 2.11.29 | ||
| VMware | N/A | Platform Automation Toolkit versions 4.2.x antérieures à 4.2.8 | ||
| VMware | N/A | Canonical Ubuntu 16.04 | ||
| VMware | N/A | Platform Automation Toolkit versions 4.4.x versions antérieures à 4.4.30 | ||
| VMware | N/A | Canonical Ubuntu 22.04 | ||
| VMware | Tanzu | VMware Tanzu Application Service for VMs versions 3.0.x antérieures à 3.0.7 (avec Jammy Stemcells versions 1.80) | ||
| VMware | N/A | Platform Automation Toolkit versions 5.0.x versions antérieures à 5.0.23 | ||
| VMware | N/A | Isolation Segment versions 2.13.x antérieures à 2.13.14 | ||
| VMware | Tanzu | Tanzu Greenplum for Kubernetes versions antérieures à 1.4.0 | ||
| VMware | N/A | Platform Automation Toolkit versions 4.1.x antérieures à 4.1.13 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Isolation Segment versions 2.12.x ant\u00e9rieures \u00e0 2.12.19",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Tanzu Application Service for VMs versions 2.12.x ant\u00e9rieures \u00e0 2.12.24",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Canonical Ubuntu 18.04",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Tanzu Application Service for VMs versions 2.13.x ant\u00e9rieures \u00e0 2.13.17",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Platform Automation Toolkit versions 4.0.x ant\u00e9rieures \u00e0 to 4.0.13",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Tanzu Application Service for VMs versions 2.11.x ant\u00e9rieures \u00e0 2.11.35",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Platform Automation Toolkit versions 4.3.x versions ant\u00e9rieures \u00e0 4.3.5",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Platform Automation Toolkit versions 5.1.x versions ant\u00e9rieures \u00e0 5.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Operations Manager versions 3.0.x ant\u00e9rieures \u00e0 3.0.4",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Operations Manager versions 2.10.x ant\u00e9rieures \u00e0 2.10.51",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Isolation Segment versions 3.0.x ant\u00e9rieures \u00e0 3.0.7 (avec Jammy Stemcells versions ant\u00e9rieures \u00e0 1.80)",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Isolation Segment versions 2.11.x ant\u00e9rieures \u00e0 2.11.29",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Platform Automation Toolkit versions 4.2.x ant\u00e9rieures \u00e0 4.2.8",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Canonical Ubuntu 16.04",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Platform Automation Toolkit versions 4.4.x versions ant\u00e9rieures \u00e0 4.4.30",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Canonical Ubuntu 22.04",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Tanzu Application Service for VMs versions 3.0.x ant\u00e9rieures \u00e0 3.0.7 (avec Jammy Stemcells versions 1.80)",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Platform Automation Toolkit versions 5.0.x versions ant\u00e9rieures \u00e0 5.0.23",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Isolation Segment versions 2.13.x ant\u00e9rieures \u00e0 2.13.14",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum for Kubernetes versions ant\u00e9rieures \u00e0 1.4.0",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Platform Automation Toolkit versions 4.1.x ant\u00e9rieures \u00e0 4.1.13",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-24809",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24809"
},
{
"name": "CVE-2022-47629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47629"
},
{
"name": "CVE-2022-24805",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24805"
},
{
"name": "CVE-2022-44792",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44792"
},
{
"name": "CVE-2022-45061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
},
{
"name": "CVE-2022-4883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4883"
},
{
"name": "CVE-2022-44793",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44793"
},
{
"name": "CVE-2022-3165",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3165"
},
{
"name": "CVE-2022-0417",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0417"
},
{
"name": "CVE-2022-24807",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24807"
},
{
"name": "CVE-2022-24810",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24810"
},
{
"name": "CVE-2022-37454",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37454"
},
{
"name": "CVE-2022-44617",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44617"
},
{
"name": "CVE-2021-3682",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3682"
},
{
"name": "CVE-2021-23222",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23222"
},
{
"name": "CVE-2022-2962",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2962"
},
{
"name": "CVE-2023-22809",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22809"
},
{
"name": "CVE-2022-0392",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0392"
},
{
"name": "CVE-2022-33070",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33070"
},
{
"name": "CVE-2022-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0216"
},
{
"name": "CVE-2022-40898",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40898"
},
{
"name": "CVE-2022-24806",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24806"
},
{
"name": "CVE-2022-46285",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46285"
},
{
"name": "CVE-2021-3930",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3930"
},
{
"name": "CVE-2021-33621",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33621"
},
{
"name": "CVE-2022-24808",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24808"
},
{
"name": "CVE-2021-3750",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3750"
}
],
"initial_release_date": "2023-04-17T00:00:00",
"last_revision_date": "2023-04-17T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0318",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-04-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eVMware\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de\nprivil\u00e8ges, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware USN-5795-1 du 13 avril 2023",
"url": "https://tanzu.vmware.com/security/usn-5787-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware USN-5795-2 du 13 avril 2023",
"url": "https://tanzu.vmware.com/security/usn-5787-2"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware USN-5787-2 du 13 avril 2023",
"url": "https://tanzu.vmware.com/security/usn-5772-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware USN-5765-1 du 13 avril 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware USN-5821-1 du 13 avril 2023",
"url": "https://tanzu.vmware.com/security/usn-5821-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware USN-5801-1 du 13 avril 2023",
"url": "https://tanzu.vmware.com/security/usn-5795-2"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware USN-5811-1 du 13 avril 2023",
"url": "https://tanzu.vmware.com/security/usn-5811-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware USN-5787-1 du 13 avril 2023",
"url": "https://tanzu.vmware.com/security/usn-5767-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware USN-5806-1 du 13 avril 2023",
"url": "https://tanzu.vmware.com/security/usn-5801-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware USN-5807-1 du 13 avril 2023",
"url": "https://tanzu.vmware.com/security/usn-5807-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware USN-5787-1 du 12 avril 2023",
"url": "https://tanzu.vmware.com/security/usn-5765-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware USN-5806-2 du 13 avril 2023",
"url": "https://tanzu.vmware.com/security/usn-5806-2"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware USN-5772-1 du 13 avril 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware USN-5767-1 du 13 avril 2023",
"url": null
}
]
}
CERTFR-2025-AVI-0304
Vulnerability from certfr_avis - Published: 2025-04-10 - Updated: 2025-04-10
De multiples vulnérabilités ont été découvertes dans les produits Juniper Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
L'éditeur indique que les versions 21.4.x de Junos OS pour SRX Series ne bénéficient pas de correctif pour la vulnérabilité CVE-2025-30659.
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS | Junos OS versions 21.4.x antérieures à 21.4R3-S10 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 22.4.x-EVO antérieures à 22.4R3-S6-EVO | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 23.4.x-EVO antérieures à 23.4R2-S4-EVO | ||
| Juniper Networks | Junos OS | Junos OS versions 22.2.x antérieures à 22.2R3-S6 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions antérieures à 21.4R3-S10-EVO | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 23.2.x-EVO antérieures à 23.2R2-S3-EVO | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 24.2.x-EVO antérieures à 24.2R2-EVO | ||
| Juniper Networks | Junos Space | Junos Space versions antérieures à 24.1R3 | ||
| Juniper Networks | Junos Space | Junos Space Security Director versions antérieures à 24.1R3 | ||
| Juniper Networks | Junos OS | Junos OS versions 23.4.x antérieures à 23.4R2-S4 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 22.2.x-EVO antérieures à 22.2R3-S6-EVO | ||
| Juniper Networks | CTPView | CTPView versions antérieures à 9.2R1 | ||
| Juniper Networks | Junos OS | Junos OS versions 22.4.x antérieures à 22.4R3-S6 | ||
| Juniper Networks | Junos OS | Junos OS versions 23.2.x antérieures à 23.2R2-S3 | ||
| Juniper Networks | Junos OS | Junos OS versions 24.2.x antérieures à 24.2R2 | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 21.2R3-S9 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Junos OS versions 21.4.x ant\u00e9rieures \u00e0 21.4R3-S10 ",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.4.x-EVO ant\u00e9rieures \u00e0 22.4R3-S6-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 23.4.x-EVO ant\u00e9rieures \u00e0 23.4R2-S4-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.2.x ant\u00e9rieures \u00e0 22.2R3-S6",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 21.4R3-S10-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 23.2.x-EVO ant\u00e9rieures \u00e0 23.2R2-S3-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 24.2.x-EVO ant\u00e9rieures \u00e0 24.2R2-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space versions ant\u00e9rieures \u00e0 24.1R3",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space Security Director versions ant\u00e9rieures \u00e0 24.1R3",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 23.4.x ant\u00e9rieures \u00e0 23.4R2-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.2.x-EVO ant\u00e9rieures \u00e0 22.2R3-S6-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "CTPView versions ant\u00e9rieures \u00e0 9.2R1",
"product": {
"name": "CTPView",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.4.x ant\u00e9rieures \u00e0 22.4R3-S6",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 23.2.x ant\u00e9rieures \u00e0 23.2R2-S3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 24.2.x ant\u00e9rieures \u00e0 24.2R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 21.2R3-S9",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": "L\u0027\u00e9diteur indique que les versions 21.4.x de Junos OS pour SRX Series ne b\u00e9n\u00e9ficient pas de correctif pour la vuln\u00e9rabilit\u00e9 CVE-2025-30659.",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-42472",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42472"
},
{
"name": "CVE-2024-7006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7006"
},
{
"name": "CVE-2024-21235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
},
{
"name": "CVE-2024-27820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27820"
},
{
"name": "CVE-2024-42284",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42284"
},
{
"name": "CVE-2024-27052",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27052"
},
{
"name": "CVE-2025-21597",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21597"
},
{
"name": "CVE-2024-33602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33602"
},
{
"name": "CVE-2024-4076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4076"
},
{
"name": "CVE-2025-30658",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30658"
},
{
"name": "CVE-2024-40866",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40866"
},
{
"name": "CVE-2024-6232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6232"
},
{
"name": "CVE-2024-21823",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21823"
},
{
"name": "CVE-2023-28746",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28746"
},
{
"name": "CVE-2024-26993",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26993"
},
{
"name": "CVE-2024-1975",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1975"
},
{
"name": "CVE-2024-40898",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40898"
},
{
"name": "CVE-2024-26852",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26852"
},
{
"name": "CVE-2011-5094",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-5094"
},
{
"name": "CVE-2025-30657",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30657"
},
{
"name": "CVE-2025-30660",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30660"
},
{
"name": "CVE-2024-1737",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1737"
},
{
"name": "CVE-2024-33600",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33600"
},
{
"name": "CVE-2024-3652",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3652"
},
{
"name": "CVE-2024-44187",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44187"
},
{
"name": "CVE-2025-21601",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21601"
},
{
"name": "CVE-2024-32021",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32021"
},
{
"name": "CVE-2024-40725",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40725"
},
{
"name": "CVE-2019-7611",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7611"
},
{
"name": "CVE-2024-33599",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33599"
},
{
"name": "CVE-2025-21591",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21591"
},
{
"name": "CVE-2025-30649",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30649"
},
{
"name": "CVE-2025-30652",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30652"
},
{
"name": "CVE-2024-40789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40789"
},
{
"name": "CVE-2024-35845",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35845"
},
{
"name": "CVE-2025-30651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30651"
},
{
"name": "CVE-2024-32004",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32004"
},
{
"name": "CVE-2024-39884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39884"
},
{
"name": "CVE-2023-48161",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48161"
},
{
"name": "CVE-2024-32020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32020"
},
{
"name": "CVE-2024-0450",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0450"
},
{
"name": "CVE-2024-27838",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27838"
},
{
"name": "CVE-2024-23271",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23271"
},
{
"name": "CVE-2024-39487",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39487"
},
{
"name": "CVE-2024-36971",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36971"
},
{
"name": "CVE-2024-33601",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33601"
},
{
"name": "CVE-2025-30647",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30647"
},
{
"name": "CVE-2024-32465",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32465"
},
{
"name": "CVE-2011-1473",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1473"
},
{
"name": "CVE-2025-30654",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30654"
},
{
"name": "CVE-2025-30655",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30655"
},
{
"name": "CVE-2024-40782",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40782"
},
{
"name": "CVE-2024-26735",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26735"
},
{
"name": "CVE-2024-35899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35899"
},
{
"name": "CVE-2024-40954",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40954"
},
{
"name": "CVE-2021-47596",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47596"
},
{
"name": "CVE-2025-30659",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30659"
},
{
"name": "CVE-2025-30653",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30653"
},
{
"name": "CVE-2025-30645",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30645"
},
{
"name": "CVE-2020-7021",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7021"
},
{
"name": "CVE-2021-22135",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22135"
},
{
"name": "CVE-2025-30646",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30646"
},
{
"name": "CVE-2024-27851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27851"
},
{
"name": "CVE-2025-30644",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30644"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2025-30656",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30656"
},
{
"name": "CVE-2022-39253",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39253"
},
{
"name": "CVE-2021-22144",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22144"
},
{
"name": "CVE-2024-40958",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40958"
},
{
"name": "CVE-2025-21595",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21595"
},
{
"name": "CVE-2025-30648",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30648"
},
{
"name": "CVE-2024-21210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
},
{
"name": "CVE-2021-22137",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22137"
},
{
"name": "CVE-2024-32002",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32002"
},
{
"name": "CVE-2024-2961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2961"
},
{
"name": "CVE-2024-21217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
},
{
"name": "CVE-2024-28182",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28182"
},
{
"name": "CVE-2023-6597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6597"
},
{
"name": "CVE-2022-24808",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24808"
},
{
"name": "CVE-2024-21208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
},
{
"name": "CVE-2025-21594",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21594"
},
{
"name": "CVE-2020-7020",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7020"
}
],
"initial_release_date": "2025-04-10T00:00:00",
"last_revision_date": "2025-04-10T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0304",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-04-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Juniper Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper Networks",
"vendor_advisories": [
{
"published_at": "2025-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96456",
"url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-malformed-LLDP-TLV-results-in-l2cpd-crash-CVE-2025-30646"
},
{
"published_at": "2025-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96447",
"url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-24-1R3-release"
},
{
"published_at": "2025-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96467",
"url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-Processing-of-a-specific-BGP-update-causes-the-SRRD-process-to-crash-CVE-2025-30657?language=en_US"
},
{
"published_at": "2025-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96461",
"url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-specific-ICMPv6-packet-causes-a-memory-overrun-leading-to-an-rpd-crash-CVE-2025-30651"
},
{
"published_at": "2025-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96446",
"url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-Space-Security-Director-Multiple-vulnerabilities-resolved-in-24-1R3-release"
},
{
"published_at": "2025-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96451",
"url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-When-BGP-rib-sharding-and-update-threading-are-configured-and-a-peer-flaps-an-rpd-core-is-observed"
},
{
"published_at": "2025-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96470",
"url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-SRX-Series-A-device-configured-for-vector-routing-crashes-when-receiving-specific-traffic-CVE-2025-30659?language=en_US"
},
{
"published_at": "2025-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96458",
"url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-specifically-malformed-DHCP-packet-causes-jdhcpd-process-to-crash-CVE-2025-30648"
},
{
"published_at": "2025-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96462",
"url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Executing-a-specific-CLI-command-when-asregex-optimized-is-configured-causes-an-RPD-crash-CVE-2025-30652"
},
{
"published_at": "2025-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96457",
"url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-MX-Series-Subscriber-login-logout-activity-will-lead-to-a-memory-leak-CVE-2025-30647"
},
{
"published_at": "2025-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96466",
"url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-MX-Series-SRX-Series-Processing-of-specific-SIP-INVITE-messages-by-the-SIP-ALG-will-lead-to-an-FPC-crash-CVE-2025-30656?language=en_US"
},
{
"published_at": "2025-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96463",
"url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-LSP-flap-in-a-specific-MPLS-LSP-scenario-leads-to-RPD-crash-CVE-2025-30653"
},
{
"published_at": "2025-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96459",
"url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-MX240-MX480-MX960-with-SPC3-An-attacker-sending-specific-packets-will-cause-a-CPU-utilization-DoS-CVE-2025-30649"
},
{
"published_at": "2025-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96450",
"url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-an-EVPN-VXLAN-scenario-specific-ARP-or-NDP-packets-cause-FPC-to-crash-CVE-2025-21595"
},
{
"published_at": "2025-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96464",
"url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-local-low-privileged-user-can-access-sensitive-information-CVE-2025-30654"
},
{
"published_at": "2025-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96453",
"url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-EX2300-EX3400-EX4000-Series-QFX5k-Series-Receipt-of-a-specific-DHCP-packet-causes-FPC-crash-when-DHCP-Option-82-is-enabled-CVE-2025-30644"
},
{
"published_at": "2025-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96465",
"url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-specific-CLI-command-will-cause-a-RPD-crash-when-rib-sharding-and-update-threading-is-enabled-CVE-2025-30655?language=en_US"
},
{
"published_at": "2025-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96444",
"url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-CTP-View-Multiple-Vulnerabilities-resolved-in-9-2R1-release"
},
{
"published_at": "2025-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96469",
"url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-SRX-Series-On-devices-with-Anti-Virus-enabled-malicious-server-responses-will-cause-memory-to-leak-ultimately-causing-forwarding-to-stop-CVE-2025-30658?language=en_US"
},
{
"published_at": "2025-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96448",
"url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-An-unauthenticated-adjacent-attacker-sending-a-malformed-DHCP-packet-causes-jdhcpd-to-crash-CVE-2025-21591"
},
{
"published_at": "2025-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96471",
"url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-MX-Series-Decapsulation-of-specific-GRE-packets-leads-to-PFE-reset-CVE-2025-30660?language=en_US"
},
{
"published_at": "2025-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96449",
"url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-MX-Series-In-DS-lite-and-NAT-senario-receipt-of-crafted-IPv4-traffic-causes-port-block-CVE-2025-21594"
},
{
"published_at": "2025-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96455",
"url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-SRX-Series-Transmission-of-specific-control-traffic-sent-out-of-a-DS-Lite-tunnel-results-in-flowd-crash-CVE-2025-30645"
},
{
"published_at": "2025-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA96452",
"url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-SRX-and-EX-Series-MX240-MX480-MX960-QFX5120-Series-When-web-management-is-enabled-for-specific-services-an-attacker-may-cause-a-CPU-spike-by-sending-genuine-packets-to-the-device-CVE-2025-21601"
}
]
}
CERTFR-2025-AVI-0018
Vulnerability from certfr_avis - Published: 2025-01-09 - Updated: 2025-01-09
De multiples vulnérabilités ont été découvertes dans les produits Juniper Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS | Junos OS versions 22.4.x antérieures à 22.4R3-S5 | ||
| Juniper Networks | Junos Space | Junos Space versions antérieures à 24.1R2 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions antérieures à 21.2R3-S9-EVO | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 23.4.x-EVO antérieures à 23.4R2-S3-EVO | ||
| Juniper Networks | Junos OS | Junos OS versions 24.2.x antérieures à 24.2R1-S2 et 24.2R2 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 23.2.x-EVO antérieures à 23.2R2-S3-EVO | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 21.4.x-EVO antérieures à 21.4R3-S10-EVO | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 22.4.x-EVO antérieures à 22.4R3-S5-EVO | ||
| Juniper Networks | Junos OS | Junos OS versions 22.2.x antérieures à 22.2R3-S5 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 22.3.x-EVO antérieures à 22.3R3-S4-EVO | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 24.2.x-EVO antérieures à 24.2R1-S2-EVO et 24.2R2-EVO | ||
| Juniper Networks | Junos OS | Junos OS versions 22.3.x antérieures à 22.3R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS versions 23.4.x antérieures à 23.4R2-S3 | ||
| Juniper Networks | Junos OS | Junos OS versions 21.4.x antérieures à 21.4R3-S10 | ||
| Juniper Networks | Junos OS | Junos OS versions 23.2.x antérieures à 23.2R2-S3 | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 21.2R3-S9 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 22.2.x-EVO antérieures à 22.2R3-S5-EVO |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Junos OS versions 22.4.x ant\u00e9rieures \u00e0 22.4R3-S5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space versions ant\u00e9rieures \u00e0 24.1R2",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 21.2R3-S9-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 23.4.x-EVO ant\u00e9rieures \u00e0 23.4R2-S3-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 24.2.x ant\u00e9rieures \u00e0 24.2R1-S2 et 24.2R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 23.2.x-EVO ant\u00e9rieures \u00e0 23.2R2-S3-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 21.4.x-EVO ant\u00e9rieures \u00e0 21.4R3-S10-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.4.x-EVO ant\u00e9rieures \u00e0 22.4R3-S5-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.2.x ant\u00e9rieures \u00e0 22.2R3-S5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.3.x-EVO ant\u00e9rieures \u00e0 22.3R3-S4-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 24.2.x-EVO ant\u00e9rieures \u00e0 24.2R1-S2-EVO et 24.2R2-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.3.x ant\u00e9rieures \u00e0 22.3R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 23.4.x ant\u00e9rieures \u00e0 23.4R2-S3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 21.4.x ant\u00e9rieures \u00e0 21.4R3-S10",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 23.2.x ant\u00e9rieures \u00e0 23.2R2-S3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 21.2R3-S9",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.2.x-EVO ant\u00e9rieures \u00e0 22.2R3-S5-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-35875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35875"
},
{
"name": "CVE-2024-35797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35797"
},
{
"name": "CVE-2024-26886",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26886"
},
{
"name": "CVE-2023-52801",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52801"
},
{
"name": "CVE-2024-28834",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28834"
},
{
"name": "CVE-2024-26629",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26629"
},
{
"name": "CVE-2025-21592",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21592"
},
{
"name": "CVE-2022-24809",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24809"
},
{
"name": "CVE-2025-21599",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21599"
},
{
"name": "CVE-2024-35791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35791"
},
{
"name": "CVE-2023-3019",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3019"
},
{
"name": "CVE-2022-24805",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24805"
},
{
"name": "CVE-2023-50868",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50868"
},
{
"name": "CVE-2024-45492",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45492"
},
{
"name": "CVE-2024-36883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36883"
},
{
"name": "CVE-2023-3255",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3255"
},
{
"name": "CVE-2024-26946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26946"
},
{
"name": "CVE-2024-26720",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26720"
},
{
"name": "CVE-2023-4408",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4408"
},
{
"name": "CVE-2024-45490",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45490"
},
{
"name": "CVE-2024-45491",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45491"
},
{
"name": "CVE-2022-24807",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24807"
},
{
"name": "CVE-2024-39894",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39894"
},
{
"name": "CVE-2023-6240",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6240"
},
{
"name": "CVE-2023-6683",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6683"
},
{
"name": "CVE-2024-42131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42131"
},
{
"name": "CVE-2024-1488",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1488"
},
{
"name": "CVE-2022-24810",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24810"
},
{
"name": "CVE-2024-26630",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26630"
},
{
"name": "CVE-2023-5517",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5517"
},
{
"name": "CVE-2024-41073",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41073"
},
{
"name": "CVE-2025-21600",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21600"
},
{
"name": "CVE-2024-42082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42082"
},
{
"name": "CVE-2025-21596",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21596"
},
{
"name": "CVE-2024-32462",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32462"
},
{
"name": "CVE-2016-2183",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2183"
},
{
"name": "CVE-2025-21602",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21602"
},
{
"name": "CVE-2024-25742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25742"
},
{
"name": "CVE-2024-25743",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25743"
},
{
"name": "CVE-2024-42096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42096"
},
{
"name": "CVE-2024-38619",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38619"
},
{
"name": "CVE-2025-21593",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21593"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2024-36019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36019"
},
{
"name": "CVE-2024-41040",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41040"
},
{
"name": "CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"name": "CVE-2023-7008",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7008"
},
{
"name": "CVE-2024-40927",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40927"
},
{
"name": "CVE-2024-41055",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41055"
},
{
"name": "CVE-2023-50387",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50387"
},
{
"name": "CVE-2024-42102",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42102"
},
{
"name": "CVE-2025-21598",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21598"
},
{
"name": "CVE-2024-40936",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40936"
},
{
"name": "CVE-2006-5051",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-5051"
},
{
"name": "CVE-2024-41096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41096"
},
{
"name": "CVE-2023-6516",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6516"
},
{
"name": "CVE-2024-28835",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28835"
},
{
"name": "CVE-2024-41044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41044"
},
{
"name": "CVE-2024-38559",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38559"
},
{
"name": "CVE-2024-6387",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6387"
},
{
"name": "CVE-2022-24806",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24806"
},
{
"name": "CVE-2024-36979",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36979"
},
{
"name": "CVE-2023-52463",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52463"
},
{
"name": "CVE-2024-36000",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36000"
},
{
"name": "CVE-2023-5679",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5679"
},
{
"name": "CVE-2023-5088",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5088"
},
{
"name": "CVE-2023-42467",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42467"
},
{
"name": "CVE-2022-24808",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24808"
}
],
"initial_release_date": "2025-01-09T00:00:00",
"last_revision_date": "2025-01-09T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0018",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-01-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Juniper Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper Networks",
"vendor_advisories": [
{
"published_at": "2025-01-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-21593",
"url": "https://supportportal.juniper.net/s/article/2025-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-On-SRv6-enabled-devices-an-attacker-sending-a-malformed-BGP-update-can-cause-the-rpd-to-crash-CVE-2025-21593"
},
{
"published_at": "2025-01-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-21602",
"url": "https://supportportal.juniper.net/s/article/2025-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-specially-crafted-BGP-update-packet-causes-RPD-crash-CVE-2025-21602"
},
{
"published_at": "2025-01-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks 2025-01-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-24-1R2-release",
"url": "https://supportportal.juniper.net/s/article/2025-01-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-24-1R2-release"
},
{
"published_at": "2025-01-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks 2025-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Multiple-vulnerabilities-resolved-in-OpenSSH",
"url": "https://supportportal.juniper.net/s/article/2025-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Multiple-vulnerabilities-resolved-in-OpenSSH"
},
{
"published_at": "2025-01-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-21598",
"url": "https://supportportal.juniper.net/s/article/2025-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-When-BGP-traceoptions-are-configured-receipt-of-malformed-BGP-packets-causes-RPD-to-crash-CVE-2025-21598"
},
{
"published_at": "2025-01-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-21592",
"url": "https://supportportal.juniper.net/s/article/2025-01-Security-Bulletin-Junos-OS-SRX-Series-Low-privileged-user-able-to-access-highly-sensitive-information-on-file-system-CVE-2025-21592"
},
{
"published_at": "2025-01-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-21599",
"url": "https://supportportal.juniper.net/s/article/2025-01-Security-Bulletin-Junos-OS-Evolved-Receipt-of-specifically-malformed-IPv6-packets-causes-kernel-memory-exhaustion-leading-to-Denial-of-Service-CVE-2025-21599"
},
{
"published_at": "2025-01-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-21600",
"url": "https://supportportal.juniper.net/s/article/2025-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-With-certain-BGP-options-enabled-receipt-of-specifically-malformed-BGP-update-causes-RPD-crash-CVE-2025-21600"
},
{
"published_at": "2025-01-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-21596",
"url": "https://supportportal.juniper.net/s/article/2025-01-Security-Bulletin-Junos-OS-SRX1500-SRX4100-SRX4200-Execution-of-low-privileged-CLI-command-results-in-chassisd-crash-CVE-2025-21596"
}
]
}
CERTFR-2025-AVI-0855
Vulnerability from certfr_avis - Published: 2025-10-09 - Updated: 2025-10-09
De multiples vulnérabilités ont été découvertes dans les produits Juniper Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS | Junos OS versions 24.4 antérieures à 24.4R2 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions antérieures à 22.4R3-S8-EVO | ||
| Juniper Networks | Junos OS | Junos OS versions 23.4 antérieures à 23.4R2-S5 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 23.2-EVO antérieures à 23.2R2-S4-EVO | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 22.4R3-S8 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 24.2-EVO antérieures à 24.2R2-S2-EVO | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 24.4-EVO antérieures à 24.4R2-EVO | ||
| Juniper Networks | Junos Space | Junos Space versions antérieures à 24.1R4 | ||
| Juniper Networks | Security Director | Security Director Policy Enforcer versions antérieures à 23.1R1 Hotpatch v3 | ||
| Juniper Networks | Junos Space | Junos Space Security Director versions antérieures à 24.1R4 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 23.4-EVO antérieures à 23.4R2-S5-EVO | ||
| Juniper Networks | Junos OS | Junos OS versions 23.2 antérieures à 23.2R2-S4 | ||
| Juniper Networks | Junos OS | Junos OS versions 24.2 antérieures à 24.2R2-S1 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Junos OS versions 24.4 ant\u00e9rieures \u00e0 24.4R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 22.4R3-S8-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 23.4 ant\u00e9rieures \u00e0 23.4R2-S5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 23.2-EVO ant\u00e9rieures \u00e0 23.2R2-S4-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 22.4R3-S8",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 24.2-EVO ant\u00e9rieures \u00e0 24.2R2-S2-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 24.4-EVO ant\u00e9rieures \u00e0 24.4R2-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space versions ant\u00e9rieures \u00e0 24.1R4",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Security Director Policy Enforcer versions ant\u00e9rieures \u00e0 23.1R1 Hotpatch v3",
"product": {
"name": "Security Director",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space Security Director versions ant\u00e9rieures \u00e0 24.1R4",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 23.4-EVO ant\u00e9rieures \u00e0 23.4R2-S5-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 23.2 ant\u00e9rieures \u00e0 23.2R2-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 24.2 ant\u00e9rieures \u00e0 24.2R2-S1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-24795",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24795"
},
{
"name": "CVE-2024-36903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36903"
},
{
"name": "CVE-2023-44431",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44431"
},
{
"name": "CVE-2021-47606",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47606"
},
{
"name": "CVE-2025-59993",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59993"
},
{
"name": "CVE-2025-59997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59997"
},
{
"name": "CVE-2023-7104",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7104"
},
{
"name": "CVE-2025-59995",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59995"
},
{
"name": "CVE-2024-21235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
},
{
"name": "CVE-2023-28466",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28466"
},
{
"name": "CVE-2024-36921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36921"
},
{
"name": "CVE-2025-59986",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59986"
},
{
"name": "CVE-2025-60009",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-60009"
},
{
"name": "CVE-2025-59989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59989"
},
{
"name": "CVE-2024-26897",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26897"
},
{
"name": "CVE-2023-46103",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46103"
},
{
"name": "CVE-2024-27052",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27052"
},
{
"name": "CVE-2023-2235",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2235"
},
{
"name": "CVE-2025-59999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59999"
},
{
"name": "CVE-2025-59994",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59994"
},
{
"name": "CVE-2024-4076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4076"
},
{
"name": "CVE-2025-59967",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59967"
},
{
"name": "CVE-2022-24805",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24805"
},
{
"name": "CVE-2024-12797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
},
{
"name": "CVE-2023-3390",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3390"
},
{
"name": "CVE-2024-37356",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37356"
},
{
"name": "CVE-2024-47538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47538"
},
{
"name": "CVE-2023-4004",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4004"
},
{
"name": "CVE-2024-21823",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21823"
},
{
"name": "CVE-2025-59991",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59991"
},
{
"name": "CVE-2024-5564",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5564"
},
{
"name": "CVE-2024-26600",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26600"
},
{
"name": "CVE-2023-28746",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28746"
},
{
"name": "CVE-2023-52864",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52864"
},
{
"name": "CVE-2025-26600",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26600"
},
{
"name": "CVE-2024-3596",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3596"
},
{
"name": "CVE-2024-27280",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27280"
},
{
"name": "CVE-2024-36929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36929"
},
{
"name": "CVE-2023-35788",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35788"
},
{
"name": "CVE-2025-59982",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59982"
},
{
"name": "CVE-2024-1975",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1975"
},
{
"name": "CVE-2023-43785",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43785"
},
{
"name": "CVE-2024-30205",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30205"
},
{
"name": "CVE-2018-17247",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17247"
},
{
"name": "CVE-2025-60004",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-60004"
},
{
"name": "CVE-2023-51594",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51594"
},
{
"name": "CVE-2024-22025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22025"
},
{
"name": "CVE-2023-50229",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50229"
},
{
"name": "CVE-2025-59974",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59974"
},
{
"name": "CVE-2025-26598",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26598"
},
{
"name": "CVE-2018-3824",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3824"
},
{
"name": "CVE-2024-40928",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40928"
},
{
"name": "CVE-2024-43398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43398"
},
{
"name": "CVE-2024-8508",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8508"
},
{
"name": "CVE-2024-36020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36020"
},
{
"name": "CVE-2021-45105",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45105"
},
{
"name": "CVE-2025-59981",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59981"
},
{
"name": "CVE-2023-31248",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31248"
},
{
"name": "CVE-2024-1737",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1737"
},
{
"name": "CVE-2023-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25193"
},
{
"name": "CVE-2021-4104",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4104"
},
{
"name": "CVE-2024-30203",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30203"
},
{
"name": "CVE-2023-3090",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3090"
},
{
"name": "CVE-2024-35937",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35937"
},
{
"name": "CVE-2025-59968",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59968"
},
{
"name": "CVE-2023-51592",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51592"
},
{
"name": "CVE-2025-59990",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59990"
},
{
"name": "CVE-2021-22146",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22146"
},
{
"name": "CVE-2025-59978",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59978"
},
{
"name": "CVE-2024-25629",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25629"
},
{
"name": "CVE-2024-36017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36017"
},
{
"name": "CVE-2024-24806",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24806"
},
{
"name": "CVE-2024-27434",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27434"
},
{
"name": "CVE-2023-47038",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47038"
},
{
"name": "CVE-2024-35852",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35852"
},
{
"name": "CVE-2024-38558",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38558"
},
{
"name": "CVE-2025-59992",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59992"
},
{
"name": "CVE-2024-35845",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35845"
},
{
"name": "CVE-2021-41072",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41072"
},
{
"name": "CVE-2025-60000",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-60000"
},
{
"name": "CVE-2022-24807",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24807"
},
{
"name": "CVE-2024-47607",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47607"
},
{
"name": "CVE-2024-27065",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27065"
},
{
"name": "CVE-2024-36005",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36005"
},
{
"name": "CVE-2023-45866",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45866"
},
{
"name": "CVE-2023-27349",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27349"
},
{
"name": "CVE-2023-0464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
},
{
"name": "CVE-2015-5377",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5377"
},
{
"name": "CVE-2023-48161",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48161"
},
{
"name": "CVE-2022-24810",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24810"
},
{
"name": "CVE-2024-33621",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33621"
},
{
"name": "CVE-2024-27983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27983"
},
{
"name": "CVE-2025-60001",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-60001"
},
{
"name": "CVE-2024-5742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5742"
},
{
"name": "CVE-2023-50230",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50230"
},
{
"name": "CVE-2025-52960",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52960"
},
{
"name": "CVE-2024-36922",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36922"
},
{
"name": "CVE-2025-59996",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59996"
},
{
"name": "CVE-2024-39487",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39487"
},
{
"name": "CVE-2024-27982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27982"
},
{
"name": "CVE-2023-38575",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38575"
},
{
"name": "CVE-2024-35911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35911"
},
{
"name": "CVE-2025-59957",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59957"
},
{
"name": "CVE-2025-59958",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59958"
},
{
"name": "CVE-2021-41043",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41043"
},
{
"name": "CVE-2018-17244",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17244"
},
{
"name": "CVE-2019-12900",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12900"
},
{
"name": "CVE-2024-39908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39908"
},
{
"name": "CVE-2025-26597",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26597"
},
{
"name": "CVE-2024-36971",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36971"
},
{
"name": "CVE-2023-2603",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2603"
},
{
"name": "CVE-2024-41946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41946"
},
{
"name": "CVE-2023-3776",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3776"
},
{
"name": "CVE-2024-42934",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42934"
},
{
"name": "CVE-2023-51580",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51580"
},
{
"name": "CVE-2024-35848",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35848"
},
{
"name": "CVE-2024-27417",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27417"
},
{
"name": "CVE-2023-21102",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21102"
},
{
"name": "CVE-2024-27281",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27281"
},
{
"name": "CVE-2025-59983",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59983"
},
{
"name": "CVE-2024-36941",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36941"
},
{
"name": "CVE-2024-2236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2236"
},
{
"name": "CVE-2024-38428",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38428"
},
{
"name": "CVE-2024-35969",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35969"
},
{
"name": "CVE-2021-45046",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45046"
},
{
"name": "CVE-2025-60006",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-60006"
},
{
"name": "CVE-2024-36489",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36489"
},
{
"name": "CVE-2015-1427",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1427"
},
{
"name": "CVE-2024-38575",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38575"
},
{
"name": "CVE-2024-35899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35899"
},
{
"name": "CVE-2024-35823",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35823"
},
{
"name": "CVE-2024-40954",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40954"
},
{
"name": "CVE-2024-9632",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9632"
},
{
"name": "CVE-2023-38408",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38408"
},
{
"name": "CVE-2025-26595",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26595"
},
{
"name": "CVE-2024-26868",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26868"
},
{
"name": "CVE-2023-43787",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43787"
},
{
"name": "CVE-2023-43786",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43786"
},
{
"name": "CVE-2024-8235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8235"
},
{
"name": "CVE-2023-4147",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4147"
},
{
"name": "CVE-2025-59977",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59977"
},
{
"name": "CVE-2023-6004",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6004"
},
{
"name": "CVE-2023-3610",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3610"
},
{
"name": "CVE-2025-26596",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26596"
},
{
"name": "CVE-2024-4603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
},
{
"name": "CVE-2022-48622",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48622"
},
{
"name": "CVE-2021-42550",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42550"
},
{
"name": "CVE-2021-44228",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
},
{
"name": "CVE-2024-26828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26828"
},
{
"name": "CVE-2025-59998",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59998"
},
{
"name": "CVE-2024-26808",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26808"
},
{
"name": "CVE-2024-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30204"
},
{
"name": "CVE-2025-60002",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-60002"
},
{
"name": "CVE-2023-35001",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35001"
},
{
"name": "CVE-2024-27282",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27282"
},
{
"name": "CVE-2018-3831",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3831"
},
{
"name": "CVE-2023-43490",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43490"
},
{
"name": "CVE-2025-59976",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59976"
},
{
"name": "CVE-2025-59980",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59980"
},
{
"name": "CVE-2025-26599",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26599"
},
{
"name": "CVE-2024-47615",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47615"
},
{
"name": "CVE-2018-3823",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3823"
},
{
"name": "CVE-2023-22655",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22655"
},
{
"name": "CVE-2024-6126",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6126"
},
{
"name": "CVE-2023-4911",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4911"
},
{
"name": "CVE-2023-39368",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39368"
},
{
"name": "CVE-2021-44832",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44832"
},
{
"name": "CVE-2024-26853",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26853"
},
{
"name": "CVE-2025-59975",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59975"
},
{
"name": "CVE-2025-0624",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0624"
},
{
"name": "CVE-2025-59987",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59987"
},
{
"name": "CVE-2024-40958",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40958"
},
{
"name": "CVE-2018-3826",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3826"
},
{
"name": "CVE-2025-26601",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26601"
},
{
"name": "CVE-2024-52337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52337"
},
{
"name": "CVE-2025-59985",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59985"
},
{
"name": "CVE-2025-11198",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11198"
},
{
"name": "CVE-2022-24806",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24806"
},
{
"name": "CVE-2023-32233",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32233"
},
{
"name": "CVE-2024-35789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35789"
},
{
"name": "CVE-2024-26327",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26327"
},
{
"name": "CVE-2015-3253",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3253"
},
{
"name": "CVE-2025-59964",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59964"
},
{
"name": "CVE-2025-59988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59988"
},
{
"name": "CVE-2024-21210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
},
{
"name": "CVE-2024-2511",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2511"
},
{
"name": "CVE-2024-34397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34397"
},
{
"name": "CVE-2023-45733",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45733"
},
{
"name": "CVE-2021-40153",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40153"
},
{
"name": "CVE-2024-6655",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6655"
},
{
"name": "CVE-2024-41123",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41123"
},
{
"name": "CVE-2024-27049",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27049"
},
{
"name": "CVE-2025-59984",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59984"
},
{
"name": "CVE-2025-52961",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52961"
},
{
"name": "CVE-2023-51589",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51589"
},
{
"name": "CVE-2024-21217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
},
{
"name": "CVE-2024-28182",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28182"
},
{
"name": "CVE-2021-3903",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3903"
},
{
"name": "CVE-2024-35800",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35800"
},
{
"name": "CVE-2023-2124",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2124"
},
{
"name": "CVE-2023-51596",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51596"
},
{
"name": "CVE-2025-60010",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-60010"
},
{
"name": "CVE-2023-51764",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51764"
},
{
"name": "CVE-2025-26594",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26594"
},
{
"name": "CVE-2024-6409",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6409"
},
{
"name": "CVE-2024-49761",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49761"
},
{
"name": "CVE-2022-24808",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24808"
},
{
"name": "CVE-2025-59962",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59962"
},
{
"name": "CVE-2024-21208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
},
{
"name": "CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
},
{
"name": "CVE-2024-40961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40961"
}
],
"initial_release_date": "2025-10-09T00:00:00",
"last_revision_date": "2025-10-09T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0855",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Juniper Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper Networks",
"vendor_advisories": [
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103140",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-Space-Multiple-XSS-vulnerabilities-resolved-in-24-1R4-release"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103141",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-24-1R4-release"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103163",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-Evolved-Multiple-OS-command-injection-vulnerabilities-fixed-CVE-2025-60006"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103168",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Device-allows-login-for-user-with-expired-password-CVE-2025-60010"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103171",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-Space-Reflected-client-side-HTTP-parameter-pollution-vulnerability-in-web-interface-CVE-2025-59977"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103167",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-When-a-user-with-the-name-ftp-or-anonymous-is-configured-unauthenticated-filesystem-access-is-allowed-CVE-2025-59980"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103156",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-Evolved-ACX7024-ACX7024X-ACX7100-32C-ACX7100-48L-ACX7348-ACX7509-When-specific-valid-multicast-traffic-is-received-on-the-L3-interface-a-vulnerable-device-evo-pfemand-crashes-and-restarts-CVE-2025-59967"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103437",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Security-Director-Policy-Enforcer-An-unrestricted-API-allows-a-network-based-unauthenticated-attacker-to-deploy-malicious-vSRX-images-to-VMWare-NSX-Server-CVE-2025-11198"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103172",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-Space-Flooding-device-with-inbound-API-calls-leads-to-WebUI-and-CLI-management-access-DoS-CVE-2025-59975"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103157",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Juniper-Security-Director-Insufficient-authorization-for-sensitive-resources-in-web-interface-CVE-2025-59968"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103170",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-Space-Arbitrary-file-download-vulnerability-in-web-interface-CVE-2025-59976"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103139",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-Space-Security-Director-Multiple-vulnerabilities-resolved-in-24-1R4"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103151",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-With-BGP-sharding-enabled-change-in-indirect-next-hop-can-cause-RPD-crash-CVE-2025-59962"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103153",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-SRX4700-When-forwarding-options-sampling-is-enabled-any-traffic-destined-to-the-RE-will-cause-the-forwarding-line-card-to-crash-and-restart-CVE-2025-59964"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103147",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-Evolved-PTX-Series-When-firewall-filter-rejects-traffic-these-packets-are-erroneously-sent-to-the-RE-CVE-2025-59958"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103144",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-Evolved-PTX-Series-except-PTX10003-An-unauthenticated-adjacent-attacker-sending-specific-valid-traffic-can-cause-a-memory-leak-in-cfmman-leading-to-FPC-crash-and-restart-CVE-2025-52961"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103143",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-SRX-Series-and-MX-Series-Receipt-of-specific-SIP-packets-in-a-high-utilization-situation-causes-a-flowd-crash-CVE-2025-52960"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103146",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-EX4600-Series-and-QFX5000-Series-An-attacker-with-physical-access-can-open-a-persistent-backdoor-CVE-2025-59957"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103138",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-Space-Security-Director-Multiple-vulnerabilities-resolved-in-24-1R4-by-upgrading-Log4j-Java-library-to-2-23-1-and-ElasticSearch-to-6-8-17"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103165",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Specific-BGP-EVPN-update-message-causes-rpd-crash-CVE-2025-60004"
}
]
}
FKIE_CVE-2022-24808
Vulnerability from fkie_nvd - Published: 2024-04-16 20:15 - Updated: 2025-01-17 16:16
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a `SET` request to `NET-SNMP-AGENT-MIB::nsLogTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://bugzilla.redhat.com/show_bug.cgi?id=2103225 | Third Party Advisory | |
| security-advisories@github.com | https://bugzilla.redhat.com/show_bug.cgi?id=2105240 | Third Party Advisory | |
| security-advisories@github.com | https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937 | Patch | |
| security-advisories@github.com | https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775 | Patch | |
| security-advisories@github.com | https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html | Third Party Advisory | |
| security-advisories@github.com | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/ | Product | |
| security-advisories@github.com | https://security.gentoo.org/glsa/202210-29 | Third Party Advisory | |
| security-advisories@github.com | https://www.debian.org/security/2022/dsa-5209 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=2103225 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=2105240 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/ | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202210-29 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2022/dsa-5209 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| net-snmp | net-snmp | * | |
| fedoraproject | fedora | 36 | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 | |
| redhat | enterprise_linux | 9.0 | |
| redhat | enterprise_linux_eus | 9.2 | |
| redhat | enterprise_linux_eus | 9.4 | |
| redhat | enterprise_linux_for_arm_64 | 9.0 | |
| redhat | enterprise_linux_for_arm_64 | 9.2_aarch64 | |
| redhat | enterprise_linux_for_arm_64 | 9.4_aarch64 | |
| redhat | enterprise_linux_for_arm_64_eus | 9.4_aarch64 | |
| redhat | enterprise_linux_for_ibm_z_systems | 9.0 | |
| redhat | enterprise_linux_for_ibm_z_systems | 9.2_s390x | |
| redhat | enterprise_linux_for_ibm_z_systems | 9.4_s390x | |
| redhat | enterprise_linux_for_ibm_z_systems_eus | 9.4_s390x | |
| redhat | enterprise_linux_for_power_little_endian | 9.0 | |
| redhat | enterprise_linux_for_power_little_endian_eus | 9.2_ppc64le | |
| redhat | enterprise_linux_for_power_little_endian_eus | 9.4_ppc64le | |
| redhat | enterprise_linux_server_aus | 9.2 | |
| redhat | enterprise_linux_server_aus | 9.4 | |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 9.2_ppc64le | |
| redhat | enterprise_linux_server_update_services_for_sap_solutions | 9.2 | |
| redhat | enterprise_linux_update_services_for_sap_solutions | 9.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:net-snmp:net-snmp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79AD3D1F-9090-4939-8C82-E676C8C0FBC7",
"versionEndExcluding": "5.9.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3C74F6FA-FA6C-4648-9079-91446E45EE47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B03506D7-0FCD-47B7-90F6-DDEEB5C5A733",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6B528C5D-0F72-4685-8516-257597E94AE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.2_aarch64:*:*:*:*:*:*:*",
"matchCriteriaId": "D85E0DBA-A856-472A-8271-A4F37C35F952",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.4_aarch64:*:*:*:*:*:*:*",
"matchCriteriaId": "DBF70805-7EBF-4731-83DB-D71F7A646B0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:*",
"matchCriteriaId": "01363FFA-F7A6-43FC-8D47-E67F95410095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D650BFB9-4FDC-4311-8D7E-D981C8F4FA3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.2_s390x:*:*:*:*:*:*:*",
"matchCriteriaId": "2E068ABB-31C2-416E-974A-95E07A2BAB0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.4_s390x:*:*:*:*:*:*:*",
"matchCriteriaId": "069180B4-BA50-4AD0-8BA9-83F8005E58BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*",
"matchCriteriaId": "F843B777-5C64-4CAE-80D6-89DC2C9515B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "35EEDB95-DCD1-4FED-9BBB-877B2062410C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "99952557-C766-4B9E-8BF5-DBBA194349FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "FC3CBA5D-9E5D-4C46-B37E-7BB35BE8DADB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F32CA554-F9D7-425B-8F1C-89678507F28C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "39D345D3-108A-4551-A112-5EE51991411A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "CC6A25CB-907A-4D05-8460-A2488938A8BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FC7D8E93-D4BE-46E7-BDE7-843BF8A33162",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "18B7F648-9A31-4EE5-A215-C860616A4AB7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a `SET` request to `NET-SNMP-AGENT-MIB::nsLogTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.\n"
},
{
"lang": "es",
"value": "net-snmp proporciona varias herramientas relacionadas con el protocolo simple de administraci\u00f3n de red. Antes de la versi\u00f3n 5.9.2, un usuario con credenciales de lectura y escritura pod\u00eda utilizar un OID con formato incorrecto en una solicitud `SET` a `NET-SNMP-AGENT-MIB::nsLogTable` para provocar una desreferencia del puntero NULL. La versi\u00f3n 5.9.2 contiene un parche. Los usuarios deben utilizar credenciales SNMPv3 seguras y evitar compartirlas. Aquellos que deben utilizar SNMPv1 o SNMPv2c deben utilizar una cadena de comunidad compleja y mejorar la protecci\u00f3n restringiendo el acceso a un rango de direcciones IP determinado."
}
],
"id": "CVE-2022-24808",
"lastModified": "2025-01-17T16:16:28.860",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-04-16T20:15:08.840",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103225"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105240"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html"
},
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202210-29"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5209"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103225"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105240"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202210-29"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5209"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2022-24808
Vulnerability from fstec - Published: 16.04.2024
VLAI Severity ?
Title
Уязвимость функции NET-SNMP-AGENT-MIB::nsLogTable() в компоненте OID Handler набора программного обеспечения Net-SNMP операционной системы Linux, позволяющая нарушителю оказать воздействие на целостность данных
Description
Уязвимость функции NET-SNMP-AGENT-MIB::nsLogTable() в компоненте OID Handler набора программного обеспечения Net-SNMP операционной системы Linux связана с разыменованием указателя NULL. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, оказать воздействие на целостность данных
Severity ?
Vendor
Red Hat Inc., Сообщество свободного программного обеспечения, ООО «Ред Софт», ООО «РусБИТех-Астра», Fedora Project, АО "НППКТ", АО "РАСУ", АО «НТЦ ИТ РОСА»
Software Name
Red Hat Enterprise Linux, Debian GNU/Linux, РЕД ОС (запись в едином реестре российских программ №3751), Astra Linux Special Edition (запись в едином реестре российских программ №369), Fedora, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), Net-SNMP, УСШ (PBC-01R), ROSA Virtualization 3.0 (запись в едином реестре российских программ №21308)
Software Version
8 (Red Hat Enterprise Linux), 10 (Debian GNU/Linux), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 7.3 (РЕД ОС), 1.7 (Astra Linux Special Edition), 36 (Fedora), 9 (Red Hat Enterprise Linux), до 2.6 (ОСОН ОСнова Оnyx), от 5.9.0 до 5.9.2 (Net-SNMP), 2.0.1 (УСШ (PBC-01R)), 3.0 (ROSA Virtualization 3.0)
Possible Mitigations
Для Net-SNMP:
https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937
https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775
Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2022-24808
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/CVE-2022-24808
Для Fedora:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/
Для ОС Astra Linux Special Edition 1.7:
обновить пакет net-snmp до 5.7.3+dfsg-5+deb10u3 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-1110SE17
Для ОСОН ОСнова Оnyx: Обновление программного обеспечения net-snmp до версии 5.7.3+dfsg-5+deb10u3
Для программной системы управления средой виртуализации с подсистемой безагентного резервного копирования виртуальных машин «ROSA Virtualization 3.0»: https://abf.rosa.ru/advisories/ROSA-SA-2025-2813
Reference
https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937
https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775
https://redos.red-soft.ru/support/secure/
https://security-tracker.debian.org/tracker/CVE-2022-24808
https://access.redhat.com/security/cve/CVE-2022-24808
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.6/
https://abf.rosa.ru/advisories/ROSA-SA-2025-2813
CWE
CWE-476
{
"CVSS 2.0": "AV:N/AC:L/Au:S/C:N/I:C/A:N",
"CVSS 3.0": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Fedora Project, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", \u0410\u041e \"\u0420\u0410\u0421\u0423\", \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "8 (Red Hat Enterprise Linux), 10 (Debian GNU/Linux), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 7.3 (\u0420\u0415\u0414 \u041e\u0421), 1.7 (Astra Linux Special Edition), 36 (Fedora), 9 (Red Hat Enterprise Linux), \u0434\u043e 2.6 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u043e\u0442 5.9.0 \u0434\u043e 5.9.2 (Net-SNMP), 2.0.1 (\u0423\u0421\u0428 (PBC-01R)), 3.0 (ROSA Virtualization 3.0)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f Net-SNMP:\nhttps://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937 \nhttps://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2022-24808\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/CVE-2022-24808\n\n\u0414\u043b\u044f Fedora:\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux Special Edition 1.7:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 net-snmp \u0434\u043e 5.7.3+dfsg-5+deb10u3 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-1110SE17\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx: \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f net-snmp \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 5.7.3+dfsg-5+deb10u3\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0440\u0435\u0434\u043e\u0439 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441 \u043f\u043e\u0434\u0441\u0438\u0441\u0442\u0435\u043c\u043e\u0439 \u0431\u0435\u0437\u0430\u0433\u0435\u043d\u0442\u043d\u043e\u0433\u043e \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u043e\u0433\u043e \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u043c\u0430\u0448\u0438\u043d \u00abROSA Virtualization 3.0\u00bb: https://abf.rosa.ru/advisories/ROSA-SA-2025-2813",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "16.04.2024",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "19.08.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "27.08.2024",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-06507",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2022-24808",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, Debian GNU/Linux, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Fedora, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), Net-SNMP, \u0423\u0421\u0428 (PBC-01R), ROSA Virtualization 3.0 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211621308)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 12 , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Fedora Project Fedora 36 , Red Hat Inc. Red Hat Enterprise Linux 9 , \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.6 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb ROSA Virtualization 3.0 3.0 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211621308)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 NET-SNMP-AGENT-MIB::nsLogTable() \u0432 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 OID Handler \u043d\u0430\u0431\u043e\u0440\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Net-SNMP \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0445",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0430\u0437\u044b\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044f NULL (CWE-476)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 NET-SNMP-AGENT-MIB::nsLogTable() \u0432 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 OID Handler \u043d\u0430\u0431\u043e\u0440\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Net-SNMP \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0440\u0430\u0437\u044b\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0443\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044f NULL. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0445",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937\nhttps://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775\nhttps://redos.red-soft.ru/support/secure/\nhttps://security-tracker.debian.org/tracker/CVE-2022-24808\nhttps://access.redhat.com/security/cve/CVE-2022-24808\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.6/\nhttps://abf.rosa.ru/advisories/ROSA-SA-2025-2813",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-476",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,8)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,5)"
}
GSD-2022-24808
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a `SET` request to `NET-SNMP-AGENT-MIB::nsLogTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-24808",
"id": "GSD-2022-24808",
"references": [
"https://www.suse.com/security/cve/CVE-2022-24808.html",
"https://www.debian.org/security/2022/dsa-5209",
"https://ubuntu.com/security/CVE-2022-24808",
"https://advisories.mageia.org/CVE-2022-24808.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-24808"
],
"details": "net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a `SET` request to `NET-SNMP-AGENT-MIB::nsLogTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.\n",
"id": "GSD-2022-24808",
"modified": "2023-12-13T01:19:43.423052Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-24808",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "net-snmp",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "0",
"version_value": "5.9.2"
}
]
}
}
]
},
"vendor_name": "net-snmp"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a `SET` request to `NET-SNMP-AGENT-MIB::nsLogTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.\n"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-476",
"lang": "eng",
"value": "CWE-476 NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775",
"refsource": "MISC",
"url": "https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2103225",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103225"
},
{
"name": "https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html",
"refsource": "MISC",
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/"
},
{
"name": "https://security.gentoo.org/glsa/202210-29",
"refsource": "MISC",
"url": "https://security.gentoo.org/glsa/202210-29"
},
{
"name": "https://www.debian.org/security/2022/dsa-5209",
"refsource": "MISC",
"url": "https://www.debian.org/security/2022/dsa-5209"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2105240",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105240"
},
{
"name": "https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937",
"refsource": "MISC",
"url": "https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
},
"nvd.nist.gov": {
"cve": {
"descriptions": [
{
"lang": "en",
"value": "net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a `SET` request to `NET-SNMP-AGENT-MIB::nsLogTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.\n"
},
{
"lang": "es",
"value": "net-snmp proporciona varias herramientas relacionadas con el protocolo simple de administraci\u00f3n de red. Antes de la versi\u00f3n 5.9.2, un usuario con credenciales de lectura y escritura pod\u00eda utilizar un OID con formato incorrecto en una solicitud `SET` a `NET-SNMP-AGENT-MIB::nsLogTable` para provocar una desreferencia del puntero NULL. La versi\u00f3n 5.9.2 contiene un parche. Los usuarios deben utilizar credenciales SNMPv3 seguras y evitar compartirlas. Aquellos que deben utilizar SNMPv1 o SNMPv2c deben utilizar una cadena de comunidad compleja y mejorar la protecci\u00f3n restringiendo el acceso a un rango de direcciones IP determinado."
}
],
"id": "CVE-2022-24808",
"lastModified": "2024-04-17T12:48:31.863",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2024-04-16T20:15:08.840",
"references": [
{
"source": "security-advisories@github.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103225"
},
{
"source": "security-advisories@github.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105240"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/"
},
{
"source": "security-advisories@github.com",
"url": "https://security.gentoo.org/glsa/202210-29"
},
{
"source": "security-advisories@github.com",
"url": "https://www.debian.org/security/2022/dsa-5209"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
}
}
}
cve-2022-24808
Vulnerability from osv_almalinux
Published
2024-09-26 00:00
Modified
2024-09-27 07:22
Summary
Moderate: net-snmp security update
Details
The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol (SNMP), including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base (MIB) browser.
Security Fix(es):
- net-snmp: A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an out-of-bounds memory access. (CVE-2022-24805)
- : net-snmp: Improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously (CVE-2022-24806)
- net-snmp: A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access (CVE-2022-24807)
- net-snmp: A malformed OID in a GET-NEXT to the nsVacmAccessTable can cause a NULL pointer dereference. (CVE-2022-24809)
- net-snmp: A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference (CVE-2022-24808)
- net-snmp: A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference. (CVE-2022-24810)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "net-snmp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:5.9.1-13.el9_4.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "net-snmp-agent-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:5.9.1-13.el9_4.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "net-snmp-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:5.9.1-13.el9_4.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "net-snmp-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:5.9.1-13.el9_4.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "net-snmp-perl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:5.9.1-13.el9_4.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "net-snmp-utils"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:5.9.1-13.el9_4.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "python3-net-snmp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:5.9.1-13.el9_4.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol (SNMP), including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base (MIB) browser.\n\nSecurity Fix(es):\n\n* net-snmp: A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an out-of-bounds memory access. (CVE-2022-24805)\n* : net-snmp: Improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously (CVE-2022-24806)\n* net-snmp: A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access (CVE-2022-24807)\n* net-snmp: A malformed OID in a GET-NEXT to the nsVacmAccessTable can cause a NULL pointer dereference. (CVE-2022-24809)\n* net-snmp: A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference (CVE-2022-24808)\n* net-snmp: A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference. (CVE-2022-24810)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2024:7260",
"modified": "2024-09-27T07:22:47Z",
"published": "2024-09-26T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2024:7260"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-24805"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-24806"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-24807"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-24808"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-24809"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-24810"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2103225"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2104759"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2104763"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2104766"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2104768"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2104769"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2024-7260.html"
}
],
"related": [
"CVE-2022-24805",
"CVE-2022-24806",
"CVE-2022-24807",
"CVE-2022-24809",
"CVE-2022-24808",
"CVE-2022-24810"
],
"summary": "Moderate: net-snmp security update"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…