{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Juniper Networks Junos Space versions ant\u00e9rieures \u00e0 23.1R1","product":{"name":"Junos Space","vendor":{"name":"Juniper Networks","scada":false}}},{"description":"Junos OS Evolved versions ant\u00e9rieures \u00e0 20.4R3-S6-EVO, 20.4R3-S7-EVO, 21.2R3-S5-EVO, 21.3R3-S1-EVO, 21.3R3-S4-EVO, 21.4R3-EVO, 21.4R3-S2-EVO, 21.4R3-S3-EVO, 21.4R3-S4-EVO, 22.1R1-S2-EVO, 22.1R2-EVO, 22.1R3-EVO, 22.1R3-S3-EVO, 22.2R2-EVO, 22.2R2-S1-EVO, 22.2R3-S2-EVO*, 22.2R3-EVO et 22.3R1-EVO, 22.3R2-EVO, 22.3R3-EVO, 22.4R1-EVO, 22.4R1-S2-EVO, 22.4R2-EVO, 23.1R1-EVO","product":{"name":"Junos OS Evolved","vendor":{"name":"Juniper Networks","scada":false}}},{"description":"Junos OS gamme QFX10000 versions ant\u00e9rieures \u00e0 20.4R3-S5, 21.1R3-S5, 21.2R3-S5, 21.3R3-S4, 21.4R3-S1, 22.1R3, 22.2R2, 22.3R1-S2, 22.3R2 et 22.4R1","product":{"name":"Junos OS","vendor":{"name":"Juniper Networks","scada":false}}},{"description":"Junos OS gamme SRX versions ant\u00e9rieures \u00e0 20.2R3-S7, 20.4R3-S6, 21.1R3-S5, 21.2R3-S4, 21.3R3-S4, 21.4R3-S3, 22.1R3-S1, 22.2R3, 22.3R2, 22.3R2-S1, 22.3R3, 22.4R1-S1, 22.4R1-S2, 22.4R2 et 23.1R1","product":{"name":"Junos OS","vendor":{"name":"Juniper Networks","scada":false}}},{"description":"Junos OS gamme MX versions ant\u00e9rieures \u00e0 19.1R3-S10, 19.2R3-S7, 19.3R3-S8, 19.4R3-S12, 20.2R3-S8, 20.4R3-S7, 21.1R3-S5, 21.2R3-S5, 21.2R3-S4, 21.3R3-S4, 21.4R3-S3, 21.4R3-S4, 22.1R3-S2, 22.1R3-S3, 22.2R3-S1, 22.3R3, 22.3R2-S1, 22.4R1-S2, 22.4R2 et 23.1R1","product":{"name":"Junos OS","vendor":{"name":"Juniper Networks","scada":false}}},{"description":"Juniper Networks gammes SRX et MX versions ant\u00e9rieures \u00e0 SigPack 3598","product":{"name":"N/A","vendor":{"name":"Juniper Networks","scada":false}}},{"description":"Junos OS gammes SRX 4600 et SRX 5000 versions ant\u00e9rieures \u00e0 20.2R3-S7, 20.4R3-S7, 21.1R3-S5, 21.2R3-S3, 21.3R3-S3, 21.4R3-S1, 22.1R3, 22.2R2, 22.3R1-S1, 22.3R2 et 22.4R1","product":{"name":"Junos OS","vendor":{"name":"Juniper Networks","scada":false}}},{"description":"Junos OS versions ant\u00e9rieures \u00e0 19.1R3-S10, 19.2R3-S7, 19.3R3-S7, 19.3R3-S8, 19.4R3-S9, 19.4R3-S10, 19.4R3-S11, 20.2R3-S7, 20.3R3-S5, 20.3R3-S6, 20.4R3-S6, 20.4R3-S7, 21.1R3-S4, 21.2R3-S2, 21.3R3-S1, 21.4R3, 22.1R1-S2, 22.1R2, 22.2R2, 20.2R3-S6, 20.4R3-S5, 21.1R3-S4, 21.2R3-S3, 21.2R3-S5, 21.3R3-S2, 21.3R3-S4, 21.4R3, 21.4R3-S4, 22.1R3, 22.2R2, 22.2R3, 22.3R1, 22.3R2, 22.4R1 et 23.2R1","product":{"name":"Junos OS","vendor":{"name":"Juniper Networks","scada":false}}},{"description":"Juniper Networks Contrail Cloud versions ant\u00e9rieures \u00e0 16.3.0","product":{"name":"N/A","vendor":{"name":"Juniper Networks","scada":false}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2021-40085","url":"https://www.cve.org/CVERecord?id=CVE-2021-40085"},{"name":"CVE-2022-41974","url":"https://www.cve.org/CVERecord?id=CVE-2022-41974"},{"name":"CVE-2023-36831","url":"https://www.cve.org/CVERecord?id=CVE-2023-36831"},{"name":"CVE-2023-36848","url":"https://www.cve.org/CVERecord?id=CVE-2023-36848"},{"name":"CVE-2022-23825","url":"https://www.cve.org/CVERecord?id=CVE-2022-23825"},{"name":"CVE-2023-36850","url":"https://www.cve.org/CVERecord?id=CVE-2023-36850"},{"name":"CVE-2023-36833","url":"https://www.cve.org/CVERecord?id=CVE-2023-36833"},{"name":"CVE-2021-25220","url":"https://www.cve.org/CVERecord?id=CVE-2021-25220"},{"name":"CVE-2022-2964","url":"https://www.cve.org/CVERecord?id=CVE-2022-2964"},{"name":"CVE-2022-42703","url":"https://www.cve.org/CVERecord?id=CVE-2022-42703"},{"name":"CVE-2022-29900","url":"https://www.cve.org/CVERecord?id=CVE-2022-29900"},{"name":"CVE-2022-29901","url":"https://www.cve.org/CVERecord?id=CVE-2022-29901"},{"name":"CVE-2022-30123","url":"https://www.cve.org/CVERecord?id=CVE-2022-30123"},{"name":"CVE-2019-11358","url":"https://www.cve.org/CVERecord?id=CVE-2019-11358"},{"name":"CVE-2022-31626","url":"https://www.cve.org/CVERecord?id=CVE-2022-31626"},{"name":"CVE-2020-7071","url":"https://www.cve.org/CVERecord?id=CVE-2020-7071"},{"name":"CVE-2021-21704","url":"https://www.cve.org/CVERecord?id=CVE-2021-21704"},{"name":"CVE-2023-36849","url":"https://www.cve.org/CVERecord?id=CVE-2023-36849"},{"name":"CVE-2021-21705","url":"https://www.cve.org/CVERecord?id=CVE-2021-21705"},{"name":"CVE-2022-31625","url":"https://www.cve.org/CVERecord?id=CVE-2022-31625"},{"name":"CVE-2020-13946","url":"https://www.cve.org/CVERecord?id=CVE-2020-13946"},{"name":"CVE-2021-21707","url":"https://www.cve.org/CVERecord?id=CVE-2021-21707"},{"name":"CVE-2023-36832","url":"https://www.cve.org/CVERecord?id=CVE-2023-36832"},{"name":"CVE-2022-31629","url":"https://www.cve.org/CVERecord?id=CVE-2022-31629"},{"name":"CVE-2023-36836","url":"https://www.cve.org/CVERecord?id=CVE-2023-36836"},{"name":"CVE-2017-7653","url":"https://www.cve.org/CVERecord?id=CVE-2017-7653"},{"name":"CVE-2022-2795","url":"https://www.cve.org/CVERecord?id=CVE-2022-2795"},{"name":"CVE-2021-26401","url":"https://www.cve.org/CVERecord?id=CVE-2021-26401"},{"name":"CVE-2022-4378","url":"https://www.cve.org/CVERecord?id=CVE-2022-4378"},{"name":"CVE-2022-31627","url":"https://www.cve.org/CVERecord?id=CVE-2022-31627"},{"name":"CVE-2022-26373","url":"https://www.cve.org/CVERecord?id=CVE-2022-26373"},{"name":"CVE-2022-42898","url":"https://www.cve.org/CVERecord?id=CVE-2022-42898"},{"name":"CVE-2022-38023","url":"https://www.cve.org/CVERecord?id=CVE-2022-38023"},{"name":"CVE-2022-31628","url":"https://www.cve.org/CVERecord?id=CVE-2022-31628"},{"name":"CVE-2023-36834","url":"https://www.cve.org/CVERecord?id=CVE-2023-36834"},{"name":"CVE-2017-7654","url":"https://www.cve.org/CVERecord?id=CVE-2017-7654"},{"name":"CVE-2022-2588","url":"https://www.cve.org/CVERecord?id=CVE-2022-2588"},{"name":"CVE-2023-36840","url":"https://www.cve.org/CVERecord?id=CVE-2023-36840"},{"name":"CVE-2021-21708","url":"https://www.cve.org/CVERecord?id=CVE-2021-21708"},{"name":"CVE-2021-21703","url":"https://www.cve.org/CVERecord?id=CVE-2021-21703"},{"name":"CVE-2020-13817","url":"https://www.cve.org/CVERecord?id=CVE-2020-13817"},{"name":"CVE-2020-11868","url":"https://www.cve.org/CVERecord?id=CVE-2020-11868"},{"name":"CVE-2022-3276","url":"https://www.cve.org/CVERecord?id=CVE-2022-3276"},{"name":"CVE-2017-7655","url":"https://www.cve.org/CVERecord?id=CVE-2017-7655"},{"name":"CVE-2021-21702","url":"https://www.cve.org/CVERecord?id=CVE-2021-21702"},{"name":"CVE-2023-28985","url":"https://www.cve.org/CVERecord?id=CVE-2023-28985"},{"name":"CVE-2023-36838","url":"https://www.cve.org/CVERecord?id=CVE-2023-36838"},{"name":"CVE-2023-36835","url":"https://www.cve.org/CVERecord?id=CVE-2023-36835"}],"links":[],"reference":"CERTFR-2023-AVI-0537","revisions":[{"description":"Version initiale","revision_date":"2023-07-13T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"},{"description":"\u00c9l\u00e9vation de privil\u00e8ges"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d'entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Juniper JSA71636 du 12 juillet 2023","url":"https://supportportal.juniper.net/s/article/2023-07-Security-Bulletin-Junos-OS-SRX-Series-jbuf-memory-leak-when-SSL-Proxy-and-UTM-Web-Filtering-is-applied-CVE-2023-36831?language=en_US"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Juniper JSA71639 du 12 juillet 2023","url":"https://supportportal.juniper.net/s/article/2023-07-Security-Bulletin-Junos-OS-MX-Series-PFE-crash-upon-receipt-of-specific-packet-destined-to-an-AMS-interface-CVE-2023-36832?language=en_US"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Juniper JSA71661 du 12 juillet 2023","url":"https://supportportal.juniper.net/s/article/2023-07-Security-Bulletin-Junos-OS-MX-Series-An-MPC-will-crash-upon-receipt-of-a-malformed-CFM-packet-CVE-2023-36850?language=en_US"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Juniper JSA71659 du 12 juillet 2023","url":"https://supportportal.juniper.net/s/article/2023-07-Security-Bulletin-Junos-OS-The-FPC-will-crash-on-receiving-a-malformed-CFM-packet-CVE-2023-36848?language=en_US"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Juniper JSA71647 du 12 juillet 2023","url":"https://supportportal.juniper.net/s/article/2023-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-An-rpd-crash-occurs-when-a-specific-L2VPN-command-is-run-CVE-2023-36840?language=en_US"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Juniper JSA71642 du 12 juillet 2023","url":"https://supportportal.juniper.net/s/article/2023-07-Security-Bulletin-Junos-OS-QFX10000-Series-All-traffic-will-be-dropped-after-a-specific-valid-IP-packet-has-been-received-which-needs-to-be-routed-over-a-VXLAN-tunnel-CVE-2023-36835?language=en_US"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Juniper JSA71660 du 12 juillet 2023","url":"https://supportportal.juniper.net/s/article/2023-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-The-l2cpd-will-crash-when-a-malformed-LLDP-packet-is-received-CVE-2023-36849?language=en_US"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Juniper JSA71662 du 12 juillet 2023","url":"https://supportportal.juniper.net/s/article/2023-07-Security-Bulletin-SRX-Series-and-MX-Series-An-FPC-core-is-observed-when-IDP-is-enabled-on-the-device-and-a-specific-malformed-SSL-packet-is-received-CVE-2023-28985?language=en_US"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Juniper JSA71651 du 12 juillet 2023","url":"https://supportportal.juniper.net/s/article/2023-07-Security-Bulletin-Junos-OS-Evolved-Multiple-NTP-vulnerabilities-resolved?language=en_US"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Juniper JSA71643 du 12 juillet 2023","url":"https://supportportal.juniper.net/s/article/2023-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-a-MoFRR-scenario-an-rpd-core-may-be-observed-when-a-low-privileged-CLI-command-is-executed-CVE-2023-36836?language=en_US"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Juniper JSA71641 du 12 juillet 2023","url":"https://supportportal.juniper.net/s/article/2023-07-Security-Bulletin-Junos-OS-SRX-4600-and-SRX-5000-Series-The-receipt-of-specific-genuine-packets-by-SRXes-configured-for-L2-transparency-will-cause-a-DoS-CVE-2023-36834?language=en_US"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Juniper JSA71645 du 12 juillet 2023","url":"https://supportportal.juniper.net/s/article/2023-07-Security-Bulletin-Junos-OS-SRX-Series-A-flowd-core-occurs-when-running-a-low-privileged-CLI-command-CVE-2023-36838?language=en_US"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Juniper JSA71653 du 12 juillet 2023","url":"https://supportportal.juniper.net/s/article/2023-07-Security-Bulletin-Junos-OS-J-Web-Multiple-Vulnerabilities-in-PHP-software?language=en_US"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Juniper JSA71650 du 12 juillet 2023","url":"https://supportportal.juniper.net/s/article/2023-07-Security-Bulletin-Contrail-Cloud-Multiple-Vulnerabilities-have-been-resolved-in-Contrail-Cloud-release-16-3-0?language=en_US"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Juniper JSA71655 du 12 juillet 2023","url":"https://supportportal.juniper.net/s/article/2023-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Multiple-vulnerabilities-have-been-resolved-in-MQTT?language=en_US"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Juniper JSA71640 du 12 juillet 2023","url":"https://supportportal.juniper.net/s/article/2023-07-Security-Bulletin-Junos-OS-Evolved-PTX10001-36MR-and-PTX10004-PTX10008-PTX10016-with-LC1201-1202-The-aftman-bt-process-will-crash-in-a-MoFRR-scenario-CVE-2023-36833?language=en_US"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Juniper JSA71656 du 12 juillet 2023","url":"https://supportportal.juniper.net/s/article/2023-07-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-23-1R1-release?language=en_US"}]}