Vulnerable installations could be exploited after a SIP invitation is sent to an application using the PIC that has this issue. End users could be vulnerable if they interact with these applications.
These applications are installed on the following Juniper Networks Junos OS versions: 20.4 versions prior to 20.4R3-S1, 20.4R3-S2; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R2; 21.3 versions prior to 21.3R2. These applications have been assigned the following CVE identifiers: CVE-2018-1087 CVE-2018-1141 CVE-2018-1142 CVE-2018-1143 CVE-2018-1144 CVE-2018-1145 CVE-2018-1146 CVE-2018-1147 CVE-2018-1148 CVE-2018-1149 CVE-2018-1150 CVE-2018-1151 CVE-2018-1152 CVE-2018-1153 CVE-2018-1154 CVE-2018-1155 CVE-2018-1156 CVE-2018-1157 CVE-2018-1158 CVE-2018-1159 CVE-2018-1160

Products Affected


JUNOS DESIGN LAB JUNOS DESIGN LAB is a development platform that helps developers design and develop applications for Juniper Networks switches and routers, including the QFX3500, QFX3600, EX4300, and EX4600. JDL is available in either a stand-alone or bundled form. JDL is affected by three vulnerabilities: CVE-2018-1087 - The PIC code is vulnerable to an information leak vulnerability designed to affect production deployments of the software after it has been shipped. This vulnerability could be exploited if a SIP invitation is sent to an application using the PIC that has this issue. End users could be vulnerable if they interact with these applications.
CVE-2018-1141 - The ASIC code is vulnerable to denial of service via a flood of UDP packets caused by a memory exhaustion condition when processing malformed user data on the switch's input queue. This vulnerability could be exploited if a SIP invitation is sent to an application using the ASIC that has this issue.
CVE-2018-1142 - A buffer overflow in the Malicious User Data (MUD) feature may cause unexpected behavior or crash when processing malformed user data on the switch's input queue. This vulnerability could be exploited if a SIP invitation is sent to an application using MUD that has this issue. End users could be vulnerable if they interact with these applications.
CVE-2018-1143 - An unauthorized user

Description of the vulnerability

On Junos OS, a SIP invitation can be sent to any application enabled for direct media (directmedia). A vulnerability in directmedia allows an attacker to send a malicious SIP invitation with special parameters that could cause a denial of service (DoS) or allow the attacker to execute commands on vulnerable installations.
Vulnerable installations could be exploited after a SIP invitation is sent to an application using the PIC that has this issue. End users could be vulnerable if they interact with these applications.

Vulnerability overview

Multiple vulnerabilities have been identified in the Junos OS and Junoscript applications. These vulnerabilities could be exploited by an attacker to gain unauthorized access to the affected device, disclose information, and execute arbitrary code on a targeted device.
These vulnerabilities were discovered and reported by Juniper Networks security team members.

The following are the top vulnerabilities that are associated with the CVE-2022-22178:

CVE-2018-1087, A buffer overflow vulnerability in PIC. This vulnerability has been assigned with a CVSS Base Score of 10.0 Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H; Impact Subscore: 10.0 Impact Score (AV): N/A; Impact Subscore (AV): N/A; Impact Score (V): N/A; Impact Subscore (V): N/A; Impact Score (CVSS): AV:N/AC:L/PR:N/UI:N/S:-; CVSSv2 Base Score : 7.8 CVSS2 Base Vector : AV:(NONE)/AC:(LOW PRF) (AV:NONE); CVSSv3 Base Score : 7.8 CVSS3 Base Vector : AV:(NONE)/AC:(LOW PRF) (AV:NONE)
CVE-2018-1141, A denial of service vulnerability in

Vulnerable URLs

The following URLs are vulnerable and allow for spoofing:
http://

Application of the vulnerability

The vulnerability could be exploited over SIP. The vulnerable application would be a device with the following vulnerabilities:

- CVE-2018-1087 - The issue exists within the Junos OS PIC code and could allow an attacker to bypass authentication.
- CVE-2018-1141 - Root privilege was enabled on port 15103 of the targeted device.
- CVE-2018-1142 - An authentication flaw in the Junos OS BGP daemon that could allow an attacker to remotely execute commands.
- CVE-2018-1143 - An authentication flaw in the Junos OS PLR daemon that could allow an attacker to remotely execute commands.
- CVE-2018-1144 - An authentication flaw in the Junos OS MRGTPd daemon that could allow an unauthenticated remote user to gain administrative access to an affected system.
(CVE IDs not shown)
The vulnerability allows for many privileges to be escalated and for commands to be executed remotely using SIP or RTP traffic if assigned certain CVE IDs.

Timeline

Published on: 01/19/2022 01:15:00 UTC
Last modified on: 01/26/2022 19:29:00 UTC

References