اصلاحیه‌ها و آسیب‌پذیری‌ها

آسیب پذیری های DoS در محصولات Juniper و Cisco

۱۴۰۱-۰۱-۳۱۱۴۰۱-۰۱-۳۱

security vulnerability

آسیب‌پذیری‌های Cisco

چندین آسیب‌پذیری تازه کشف شده در محصولات Cisco امکان افزایش سطح دسترسی، اجرای دستورات دلخواه و حمله DoS را برای مهاجم فراهم می‌کنند. این آسیب پذیری‌ها شامل موارد زیر هستند:

شناسه آسیب‌پذیری و لینک اصلاحیه Cisco	محصولات آسیب‌پذیر	شدت
CVE-2022-20695	3504 Wireless Controller 5520 Wireless Controller 8540 Wireless Controller Mobility Express Virtual Wireless Controller (vWLC)	حیاتی CVSS: 10/10
CVE-2022-20716	SD-WAN vBond Orchestrator Software SD-WAN vEdge Cloud Routers SD-WAN vEdge Routers SD-WAN vManage Software SD-WAN vSmart Controller Software	بالا CVSS: 7.8/10
CVE-2022-20739	Cisco SD-WAN vManage Software	بالا CVSS: 7.3/10
CVE-2022-20761	Cisco 1000 Series (در صورتی که نسخه آسیب‌پذیری از نرم افزار Cisco IOS را اجرا می‌کنند و integrated wireless access point را فعال کرده باشند)	بالا CVSS: 7.4/10
CVE-2022-20622	Catalyst 9800 Embedded Wireless Controller for Catalyst 9300, 9400, and 9500 Series Switches IOS Software IOS XE Software IOS XR Software Meraki products NX-OS Software Wireless LAN Controller (WLC) AireOS Software	بالا CVSS: 8.6/10
CVE-2022-20678	1000 Series Integrated Services Routers 4000 Series Integrated Services Routers ASR 1001-X Routers ASR 1002-X Routers Catalyst 8300 Series Routers Catalyst 8500 Series Routers Catalyst 8000V Edge Software Cloud Services Router 1000V Series	بالا CVSS: 8.6/10
CVE-2022-20681	Catalyst 9300 Series Switches Catalyst 9400 Series Switches Catalyst 9500 Series Switches Catalyst 9800 Embedded Wireless Controllers for Catalyst 9300, 9400, and 9500 Series Switches Catalyst 9800 Series Wireless Controllers Catalyst 9800-CL Wireless Controllers for Cloud Embedded Wireless Controllers on Catalyst Access Points	بالا CVSS: 7.8/10
CVE-2022-20682	Catalyst 9800 Embedded Wireless Controllers for Catalyst 9300, 9400, and 9500 Series Switches Catalyst 9800 Series Wireless Controllers Catalyst 9800-CL Wireless Controllers for Cloud Embedded Wireless Controllers on Catalyst Access Points	بالا CVSS: 8.6/10
CVE-2022-20684	Catalyst 9800 Embedded Wireless Controllers for Catalyst 9300, 9400, and 9500 Series Switches Catalyst 9800 Series Wireless Controllers Catalyst 9800-CL Wireless Controllers for Cloud Embedded Wireless Controllers on Catalyst Access Points	بالا CVSS: 7.4/10

آسیب‌پذیری‌های Juniper

چندین آسیب‌پذیری در محصولات Juniper امکان حمله DoS و XSS را برای مهاجم فراهم می‌کنند. این آسیب پذیری‌ها شامل موارد زیر هستند:

شناسه آسیب‌پذیری و لینک اصلاحیه Juniper	محصولات آسیب‌پذیر	شدت
CVE-2022-22189	Juniper Networks Contrail Service Orchestration 6.0.0 versions prior to 6.0.0 Patch v3 on On-premises installations	بالا CVSS: 7.8/10
CVE-2022-22190	Juniper Networks Paragon Active Assurance version 3.1.0	بالا CVSS: 7.4/10
CVE-2022-22194	Juniper Networks Junos OS Evolved all versions prior to 20.4R2-S3-EVO on PTX10003, PTX10004, and PTX10008	بالا CVSS: 7.5/10
CVE-2022-22195	Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S1-EVO 21.1 versions prior to 21.1R3-EVO 21.2 versions prior to 21.2R3-EVO 21.3 versions prior to 21.3R2-EVO	بالا CVSS: 7.5/10
CVE-2022-22197	Juniper Networks Junos OS All versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S13, 17.4R3-S4; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R1-S8, 18.4R2-S8, 18.4R3-S6; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S1; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2; 20.3 versions prior to 20.3R1-S2, 20.3R2. Juniper Networks Junos OS Evolved All versions prior to 20.1R3; 20.2 versions prior to 20.2R3; 20.3 versions prior to 20.3R2.	بالا CVSS: 7.5/10
CVE-2022-22181	Juniper Networks Junos OS All versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R3-S4; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2.	بالا CVSS: 8/10
CVE-2022-22182	Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S19; 15.1 versions prior to 15.1R7-S10; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S10, 18.4R3-S9; 19.1 versions prior to 19.1R2-S3, 19.1R3-S6; 19.2 versions prior to 19.2R1-S8, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S2, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2; 21.2 versions prior to 21.2R1-S1, 21.2R2.	بالا CVSS: 8.8/10
CVE-2022-22185	Juniper Networks Junos OS on SRX Series: 18.3 versions prior to 18.3R3-S6; 18.4 versions prior to 18.4R3-S10; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R3-S4; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R2.	بالا CVSS: 7.5/10
CVE-2022-22186	Juniper Networks Junos OS on EX4650 Series: All versions prior to 19.1R3-S8; 19.2 versions prior to 19.2R3-S5; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R3-S7; 20.1 versions prior to 20.1R3-S3; 20.2 versions prior to 20.2R3-S4; 20.3 versions prior to 20.3R3-S3; 20.4 versions prior to 20.4R3-S2; 21.1 versions prior to 21.1R3-S1; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R2; 21.4 versions prior to 21.4R2.	بالا CVSS: 7.2/10