Details of VAR-202201-0895

ID

VAR-202201-0895

CVE

CVE-2022-22164

TITLE

Juniper Networks Junos OS Evolved Initialization vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-003894

DESCRIPTION

An Improper Initialization vulnerability in Juniper Networks Junos OS Evolved may cause a commit operation for disabling the telnet service to not take effect as expected, resulting in the telnet service staying enabled. When it is not intended to be operating on the device, an administrator can issue the following command to verify whether telnet is operating in the background: user@device > show system connections | grep :23 tcp 0 0 0.0.0.0:23 0.0.0.0:* LISTEN 20879/xinetd This issue affects: Juniper Networks Junos OS Evolved All versions prior to 20.4R2-S2-EVO; 21.1 version 21.1R1-EVO and later versions; 21.2 versions prior to 21.2R2-EVO. Juniper Networks Junos OS Evolved Has an initialization vulnerability.Information may be tampered with

Trust: 1.8

sources: NVD: CVE-2022-22164 // JVNDB: JVNDB-2022-003894 // VULHUB: VHN-409693 // VULMON: CVE-2022-22164

AFFECTED PRODUCTS

vendor:	juniper	model:	junos os evolved	scope:	eq	version:	21.1	Trust: 1.0
vendor:	juniper	model:	junos os evolved	scope:	eq	version:	20.4	Trust: 1.0
vendor:	juniper	model:	junos os evolved	scope:	eq	version:	21.2	Trust: 1.0
vendor:	ジュニパーネットワークス	model:	junos os evolved	scope:	eq	version:	-	Trust: 0.8
vendor:	ジュニパーネットワークス	model:	junos os evolved	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-003894 // NVD: CVE-2022-22164

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-22164
value:	MEDIUM
Trust: 1.0
sirt@juniper.net:	CVE-2022-22164
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-22164
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202201-917
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-409693
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2022-22164
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-22164
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-409693
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-22164
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
sirt@juniper.net:	CVE-2022-22164
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.5
version:	3.1
Trust: 1.0
NVD:	CVE-2022-22164
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-409693 // VULMON: CVE-2022-22164 // JVNDB: JVNDB-2022-003894 // CNNVD: CNNVD-202201-917 // NVD: CVE-2022-22164 // NVD: CVE-2022-22164

PROBLEMTYPE DATA

problemtype:	CWE-665	Trust: 1.1
problemtype:	Improper initialization (CWE-665) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-409693 // JVNDB: JVNDB-2022-003894 // NVD: CVE-2022-22164

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202201-917

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202201-917

PATCH

title:	JSA11272	url:	https://supportportal.juniper.net/s/article/2022-01-Security-Bulletin-Junos-OS-Evolved-Telnet-service-may-be-enabled-when-it-is-expected-to-be-disabled-CVE-2022-22164?language=en_US	Trust: 0.8
title:	Juniper Networks Junos OS Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=183778	Trust: 0.6
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-23305	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-RCE	Trust: 0.1

sources: VULMON: CVE-2022-22164 // JVNDB: JVNDB-2022-003894 // CNNVD: CNNVD-202201-917

EXTERNAL IDS

db:	NVD	id:	CVE-2022-22164	Trust: 3.4
db:	JUNIPER	id:	JSA11272	Trust: 1.8
db:	JVNDB	id:	JVNDB-2022-003894	Trust: 0.8
db:	CS-HELP	id:	SB2022011235	Trust: 0.6
db:	CNNVD	id:	CNNVD-202201-917	Trust: 0.6
db:	VULHUB	id:	VHN-409693	Trust: 0.1
db:	VULMON	id:	CVE-2022-22164	Trust: 0.1

sources: VULHUB: VHN-409693 // VULMON: CVE-2022-22164 // JVNDB: JVNDB-2022-003894 // CNNVD: CNNVD-202201-917 // NVD: CVE-2022-22164

REFERENCES

url:	https://kb.juniper.net/jsa11272	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22164	Trust: 1.4
url:	https://www.cybersecurity-help.cz/vdb/sb2022011235	Trust: 0.6
url:	https://vigilance.fr/vulnerability/junos-os-multiple-vulnerabilities-37234	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/665.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/alphabugx/cve-2022-23305	Trust: 0.1

sources: VULHUB: VHN-409693 // VULMON: CVE-2022-22164 // JVNDB: JVNDB-2022-003894 // CNNVD: CNNVD-202201-917 // NVD: CVE-2022-22164

SOURCES

db:	VULHUB	id:	VHN-409693
db:	VULMON	id:	CVE-2022-22164
db:	JVNDB	id:	JVNDB-2022-003894
db:	CNNVD	id:	CNNVD-202201-917
db:	NVD	id:	CVE-2022-22164

LAST UPDATE DATE

2024-08-14T15:16:56.796000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-409693	date:	2022-01-26T00:00:00
db:	VULMON	id:	CVE-2022-22164	date:	2022-01-26T00:00:00
db:	JVNDB	id:	JVNDB-2022-003894	date:	2023-03-10T05:55:00
db:	CNNVD	id:	CNNVD-202201-917	date:	2022-02-28T00:00:00
db:	NVD	id:	CVE-2022-22164	date:	2022-01-26T02:21:45.687

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-409693	date:	2022-01-19T00:00:00
db:	VULMON	id:	CVE-2022-22164	date:	2022-01-19T00:00:00
db:	JVNDB	id:	JVNDB-2022-003894	date:	2023-03-10T00:00:00
db:	CNNVD	id:	CNNVD-202201-917	date:	2022-01-12T00:00:00
db:	NVD	id:	CVE-2022-22164	date:	2022-01-19T01:15:08.787