CWE-1250
Improper Preservation of Consistency Between Independent Representations of Shared State
The product has or supports multiple distributed components or sub-systems that are each required to keep their own local copy of shared data - such as state or cache - but the product does not ensure that all local copies remain consistent with each other.
CVE-2022-22234 (GCVE-0-2022-22234)
Vulnerability from cvelistv5
Published
2022-10-18 02:46
Modified
2025-05-09 15:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1250 - Improper Preservation of Consistency Between Independent Representations of Shared State
- Denial of Service (DoS)
Summary
An Improper Preservation of Consistency Between Independent Representations of Shared State vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). If the device is very busy for example while executing a series of show commands on the CLI one or more SFPs might not be detected anymore. The system then changes its state to "unplugged" which is leading to traffic impact and at least a partial DoS. Once the system is less busy the port states return to their actual value. Indicators of compromise are log messages about unplugged SFPs and corresponding syspld messages without any physical or environmental cause. These can be checked by issuing the following commands: user@device# show log messages | match unplugged %PFE-6: fpc0 sfp-0/1/2 SFP unplugged %PFE-6: fpc0 sfp-0/1/3 SFP unplugged The following log messages will also be seen when this issue happens: fpc0 Error tvp_drv_syspld_read: syspld read failed for address <address> fpc0 Error[-1]:tvp_optics_presence_get - Syspld read failed for port <pic/port> fpc0 optics pres failed(-1) for pic <pic> port <port> fpc0 tvp_drv_syspld_read: i2c access retry count 200 This issue affects Juniper Networks Junos OS on EX2300 Series, EX3400 Series: All versions prior to 18.4R3-S11; 19.1 versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R1-S9, 19.2R3-S5; 19.3 versions prior to 19.3R3-S6; 19.4 versions prior to 19.4R2-S7, 19.4R3-S8; 20.1 versions prior to 20.1R3-S4; 20.2 versions prior to 20.2R3-S4; 20.3 versions prior to 20.3R3-S4; 20.4 versions prior to 20.4R3-S3; 21.1 versions prior to 21.1R3-S1; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R2; 21.4 versions prior to 21.4R2.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Juniper Networks | Junos OS |
Version: unspecified < 18.4R3-S11 Version: 19.1 < 19.1R3-S9 Version: 19.2 < 19.2R1-S9, 19.2R3-S5 Version: 19.3 < 19.3R3-S6 Version: 19.4 < 19.4R2-S7, 19.4R3-S8 Version: 20.1 < 20.1R3-S4 Version: 20.2 < 20.2R3-S4 Version: 20.3 < 20.3R3-S4 Version: 20.4 < 20.4R3-S3 Version: 21.1 < 21.1R3-S1 Version: 21.2 < 21.2R3 Version: 21.3 < 21.3R2 Version: 21.4 < 21.4R2 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:07:49.798Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://kb.juniper.net/JSA69890" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-22234", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-05-09T15:37:47.222333Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-05-09T15:37:54.516Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "platforms": [ "EX2300 Series, EX3400 Series" ], "product": "Junos OS", "vendor": "Juniper Networks", "versions": [ { "lessThan": "18.4R3-S11", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThan": "19.1R3-S9", "status": "affected", "version": "19.1", "versionType": "custom" }, { "lessThan": "19.2R1-S9, 19.2R3-S5", "status": "affected", "version": "19.2", "versionType": "custom" }, { "lessThan": "19.3R3-S6", "status": "affected", "version": "19.3", "versionType": "custom" }, { "lessThan": "19.4R2-S7, 19.4R3-S8", "status": "affected", "version": "19.4", "versionType": "custom" }, { "lessThan": "20.1R3-S4", "status": "affected", "version": "20.1", "versionType": "custom" }, { "lessThan": "20.2R3-S4", "status": "affected", "version": "20.2", "versionType": "custom" }, { "lessThan": "20.3R3-S4", "status": "affected", "version": "20.3", "versionType": "custom" }, { "lessThan": "20.4R3-S3", "status": "affected", "version": "20.4", "versionType": "custom" }, { "lessThan": "21.1R3-S1", "status": "affected", "version": "21.1", "versionType": "custom" }, { "lessThan": "21.2R3", "status": "affected", "version": "21.2", "versionType": "custom" }, { "lessThan": "21.3R2", "status": "affected", "version": "21.3", "versionType": "custom" }, { "lessThan": "21.4R2", "status": "affected", "version": "21.4", "versionType": "custom" } ] } ], "datePublic": "2022-10-12T00:00:00.000Z", "descriptions": [ { "lang": "en", "value": "An Improper Preservation of Consistency Between Independent Representations of Shared State vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). If the device is very busy for example while executing a series of show commands on the CLI one or more SFPs might not be detected anymore. The system then changes its state to \"unplugged\" which is leading to traffic impact and at least a partial DoS. Once the system is less busy the port states return to their actual value. Indicators of compromise are log messages about unplugged SFPs and corresponding syspld messages without any physical or environmental cause. These can be checked by issuing the following commands: user@device# show log messages | match unplugged %PFE-6: fpc0 sfp-0/1/2 SFP unplugged %PFE-6: fpc0 sfp-0/1/3 SFP unplugged The following log messages will also be seen when this issue happens: fpc0 Error tvp_drv_syspld_read: syspld read failed for address \u003caddress\u003e fpc0 Error[-1]:tvp_optics_presence_get - Syspld read failed for port \u003cpic/port\u003e fpc0 optics pres failed(-1) for pic \u003cpic\u003e port \u003cport\u003e fpc0 tvp_drv_syspld_read: i2c access retry count 200 This issue affects Juniper Networks Junos OS on EX2300 Series, EX3400 Series: All versions prior to 18.4R3-S11; 19.1 versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R1-S9, 19.2R3-S5; 19.3 versions prior to 19.3R3-S6; 19.4 versions prior to 19.4R2-S7, 19.4R3-S8; 20.1 versions prior to 20.1R3-S4; 20.2 versions prior to 20.2R3-S4; 20.3 versions prior to 20.3R3-S4; 20.4 versions prior to 20.4R3-S3; 21.1 versions prior to 21.1R3-S1; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R2; 21.4 versions prior to 21.4R2." } ], "exploits": [ { "lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-1250", "description": "CWE-1250 Improper Preservation of Consistency Between Independent Representations of Shared State", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "description": "Denial of Service (DoS)", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-18T00:00:00.000Z", "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper" }, "references": [ { "url": "https://kb.juniper.net/JSA69890" } ], "solutions": [ { "lang": "en", "value": "The following software releases have been updated to resolve this specific issue: 18.4R3-S11, 19.1R3-S9, 19.2R1-S9, 19.2R3-S5, 19.3R3-S6, 19.4R2-S7, 19.4R3-S8, 20.1R3-S4, 20.2R3-S4, 20.3R3-S4, 20.4R3-S3, 21.1R3-S1, 21.2R3, 21.3R2, 21.4R2, 22.1R1, and all subsequent releases." } ], "source": { "advisory": "JSA69890", "defect": [ "1602732" ], "discovery": "USER" }, "title": "Junos OS: EX2300 and EX3400 Series: One of more SFPs might become unavailable when the system is very busy", "workarounds": [ { "lang": "en", "value": "There are no viable workarounds for this issue." } ], "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "cveId": "CVE-2022-22234", "datePublished": "2022-10-18T02:46:36.121Z", "dateReserved": "2021-12-21T00:00:00.000Z", "dateUpdated": "2025-05-09T15:37:54.516Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-22405 (GCVE-0-2023-22405)
Vulnerability from cvelistv5
Published
2023-01-12 00:00
Modified
2025-04-07 15:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1250 - Improper Preservation of Consistency Between Independent Representations of Shared State
- Denial of Service (DoS)
Summary
An Improper Preservation of Consistency Between Independent Representations of Shared State vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS) to device due to out of resources. When a device is configured with "service-provider/SP style" switching, and mac-limiting is configured on an Aggregated Ethernet (ae) interface, and then a PFE is restarted or the device is rebooted, mac-limiting doesn't work anymore. Please note that the issue might not be apparent as traffic will continue to flow through the device although the mac table and respective logs will indicate that mac limit is reached. Functionality can be restored by removing and re-adding the MAC limit configuration. This issue affects Juniper Networks Junos OS on QFX5k Series, EX46xx Series: All versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3 on; 21.4 versions prior to 21.4R3 on; 22.1 versions prior to 22.1R2 on.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Juniper Networks | Junos OS |
Version: unspecified < 20.2R3-S5 Version: 20.3 < 20.3R3-S5 Version: 20.4 < 20.4R3-S4 Version: 21.1 < 21.1R3-S3 Version: 21.2 < 21.2R3-S1 Version: 21.3 < 21.3R3 Version: 21.4 < 21.4R3 Version: 22.1 < 22.1R2 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:07:06.650Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://kb.juniper.net/JSA70201" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-22405", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-04-07T15:00:37.278215Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-04-07T15:38:23.836Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "platforms": [ "QFX5k Series, EX46xx Series" ], "product": "Junos OS", "vendor": "Juniper Networks", "versions": [ { "lessThan": "20.2R3-S5", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThan": "20.3R3-S5", "status": "affected", "version": "20.3", "versionType": "custom" }, { "lessThan": "20.4R3-S4", "status": "affected", "version": "20.4", "versionType": "custom" }, { "lessThan": "21.1R3-S3", "status": "affected", "version": "21.1", "versionType": "custom" }, { "lessThan": "21.2R3-S1", "status": "affected", "version": "21.2", "versionType": "custom" }, { "lessThan": "21.3R3", "status": "affected", "version": "21.3", "versionType": "custom" }, { "lessThan": "21.4R3", "status": "affected", "version": "21.4", "versionType": "custom" }, { "lessThan": "22.1R2", "status": "affected", "version": "22.1", "versionType": "custom" } ] } ], "configurations": [ { "lang": "en", "value": "To be vulnerable to this issue a \"service provider/SP\"-style configuration like the following needs to be present:\n\n [interfaces \u003cinterface\u003e ether-options 802.3ad ae\u003c#\u003e]\n [interfaces ae\u003c#\u003e unit \u003cunit\u003e vlan-id \u003cid\u003e]\n [switch-options interface ae\u003c#\u003e.\u003cid\u003e interface-mac-limit \u003climit\u003e]\n [switch-options interface ae\u003c#\u003e.\u003cid\u003e interface-mac-limit packet-action \u003caction\u003e]" } ], "datePublic": "2023-01-11T00:00:00.000Z", "descriptions": [ { "lang": "en", "value": "An Improper Preservation of Consistency Between Independent Representations of Shared State vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS) to device due to out of resources. When a device is configured with \"service-provider/SP style\" switching, and mac-limiting is configured on an Aggregated Ethernet (ae) interface, and then a PFE is restarted or the device is rebooted, mac-limiting doesn\u0027t work anymore. Please note that the issue might not be apparent as traffic will continue to flow through the device although the mac table and respective logs will indicate that mac limit is reached. Functionality can be restored by removing and re-adding the MAC limit configuration. This issue affects Juniper Networks Junos OS on QFX5k Series, EX46xx Series: All versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3 on; 21.4 versions prior to 21.4R3 on; 22.1 versions prior to 22.1R2 on." } ], "exploits": [ { "lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-1250", "description": "CWE-1250 Improper Preservation of Consistency Between Independent Representations of Shared State", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "description": "Denial of Service (DoS)", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-12T00:00:00.000Z", "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper" }, "references": [ { "url": "https://kb.juniper.net/JSA70201" } ], "solutions": [ { "lang": "en", "value": "The following software releases have been updated to resolve this specific issue: 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R3-S3, 21.2R3-S1, 21.3R3, 21.4R3, 22.1R2, 22.2R1, and all subsequent releases." } ], "source": { "advisory": "JSA70201", "defect": [ "1659873" ], "discovery": "USER" }, "title": "Junos OS: QFX5k Series, EX46xx Series: MAC limiting feature stops working after PFE restart or device reboot", "workarounds": [ { "lang": "en", "value": "There are no known workarounds for this issue." } ], "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "cveId": "CVE-2023-22405", "datePublished": "2023-01-12T00:00:00.000Z", "dateReserved": "2022-12-27T00:00:00.000Z", "dateUpdated": "2025-04-07T15:38:23.836Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-10976 (GCVE-0-2024-10976)
Vulnerability from cvelistv5
Published
2024-11-14 13:00
Modified
2025-05-09 20:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1250 - Improper Preservation of Consistency Between Independent Representations of Shared State
Summary
Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invoker view, or SQL-language function references a table with a row-level security policy. This has the same consequences as the two earlier CVEs. That is to say, it leads to potentially incorrect policies being applied in cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy. An attacker must tailor an attack to a particular application's pattern of query plan reuse, user ID changes, and role-specific row security policies. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | PostgreSQL |
Version: 17 < 17.1 Version: 16 < 16.5 Version: 15 < 15.9 Version: 14 < 14.14 Version: 13 < 13.17 Version: 0 < 12.21 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-10976", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-14T18:53:41.183245Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-14T19:32:17.213Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2025-05-09T20:03:32.584Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "url": "https://security.netapp.com/advisory/ntap-20250509-0010/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "PostgreSQL", "vendor": "n/a", "versions": [ { "lessThan": "17.1", "status": "affected", "version": "17", "versionType": "rpm" }, { "lessThan": "16.5", "status": "affected", "version": "16", "versionType": "rpm" }, { "lessThan": "15.9", "status": "affected", "version": "15", "versionType": "rpm" }, { "lessThan": "14.14", "status": "affected", "version": "14", "versionType": "rpm" }, { "lessThan": "13.17", "status": "affected", "version": "13", "versionType": "rpm" }, { "lessThan": "12.21", "status": "affected", "version": "0", "versionType": "rpm" } ] } ], "configurations": [ { "lang": "en", "value": "application uses row security policies that react to the current role, and one database session reaches the same query via multiple roles" } ], "credits": [ { "lang": "en", "value": "The PostgreSQL project thanks Wolfgang Walther for reporting this problem." } ], "descriptions": [ { "lang": "en", "value": "Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invoker view, or SQL-language function references a table with a row-level security policy. This has the same consequences as the two earlier CVEs. That is to say, it leads to potentially incorrect policies being applied in cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy. An attacker must tailor an attack to a particular application\u0027s pattern of query plan reuse, user ID changes, and role-specific row security policies. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected." } ], "metrics": [ { "cvssV3_1": { "baseScore": 4.2, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-1250", "description": "Improper Preservation of Consistency Between Independent Representations of Shared State", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-14T13:00:01.930Z", "orgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "shortName": "PostgreSQL" }, "references": [ { "url": "https://www.postgresql.org/support/security/CVE-2024-10976/" } ], "title": "PostgreSQL row security below e.g. subqueries disregards user ID changes" } }, "cveMetadata": { "assignerOrgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "assignerShortName": "PostgreSQL", "cveId": "CVE-2024-10976", "datePublished": "2024-11-14T13:00:01.930Z", "dateReserved": "2024-11-07T19:27:02.623Z", "dateUpdated": "2025-05-09T20:03:32.584Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.