ID

VAR-202201-1488


CVE

CVE-2022-22177


TITLE

Juniper Networks Junos OS  and  Junos OS Evolved  Vulnerability in handling exceptional conditions in

Trust: 0.8

sources: JVNDB: JVNDB-2022-003784

DESCRIPTION

A release of illegal memory vulnerability in the snmpd daemon of Juniper Networks Junos OS, Junos OS Evolved allows an attacker to halt the snmpd daemon causing a sustained Denial of Service (DoS) to the service until it is manually restarted. This issue impacts any version of SNMP – v1,v2, v3 This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S20; 15.1 versions prior to 15.1R7-S11; 18.3 versions prior to 18.3R3-S6; 18.4 versions prior to 18.4R2-S9, 18.4R3-S10; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S8, 19.2R3-S4; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R2-S5, 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2-S2, 21.1R3; 21.2 versions prior to 21.2R1-S2, 21.2R2. Juniper Networks Junos OS Evolved 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO. Juniper Networks Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware equipment. The operating system provides a secure programming interface and Junos SDK

Trust: 1.8

sources: NVD: CVE-2022-22177 // JVNDB: JVNDB-2022-003784 // VULHUB: VHN-409706 // VULMON: CVE-2022-22177

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:18.3

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:21.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:21.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:21.2

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:21.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:12.3

Trust: 1.0

vendor:ジュニパーネットワークスmodel:junos os evolvedscope: - version: -

Trust: 0.8

vendor:ジュニパーネットワークスmodel:junos osscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-003784 // NVD: CVE-2022-22177

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-22177
value: HIGH

Trust: 1.0

sirt@juniper.net: CVE-2022-22177
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-22177
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202201-1083
value: HIGH

Trust: 0.6

VULHUB: VHN-409706
value: MEDIUM

Trust: 0.1

VULMON: CVE-2022-22177
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-22177
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-409706
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-22177
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

sirt@juniper.net: CVE-2022-22177
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2022-22177
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-409706 // VULMON: CVE-2022-22177 // JVNDB: JVNDB-2022-003784 // CNNVD: CNNVD-202201-1083 // NVD: CVE-2022-22177 // NVD: CVE-2022-22177

PROBLEMTYPE DATA

problemtype:CWE-755

Trust: 1.1

problemtype:Improper handling in exceptional conditions (CWE-755) [ others ]

Trust: 0.8

sources: VULHUB: VHN-409706 // JVNDB: JVNDB-2022-003784 // NVD: CVE-2022-22177

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202201-1083

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202201-1083

PATCH

title:Network Management and Monitoring Guide Security Bulletinurl:https://www.juniper.net/documentation/us/en/software/junos/network-mgmt/topics/ref/statement/client-list-edit-snmp.html

Trust: 0.8

title:Juniper Networks Junos OS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=178302

Trust: 0.6

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-23305

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-RCE

Trust: 0.1

sources: VULMON: CVE-2022-22177 // JVNDB: JVNDB-2022-003784 // CNNVD: CNNVD-202201-1083

EXTERNAL IDS

db:NVDid:CVE-2022-22177

Trust: 3.4

db:JUNIPERid:JSA11283

Trust: 1.8

db:JVNDBid:JVNDB-2022-003784

Trust: 0.8

db:CNNVDid:CNNVD-202201-1083

Trust: 0.7

db:AUSCERTid:ESB-2022.0177

Trust: 0.6

db:CS-HELPid:SB2022011706

Trust: 0.6

db:CNVDid:CNVD-2022-04984

Trust: 0.1

db:VULHUBid:VHN-409706

Trust: 0.1

db:VULMONid:CVE-2022-22177

Trust: 0.1

sources: VULHUB: VHN-409706 // VULMON: CVE-2022-22177 // JVNDB: JVNDB-2022-003784 // CNNVD: CNNVD-202201-1083 // NVD: CVE-2022-22177

REFERENCES

url:https://kb.juniper.net/jsa11283

Trust: 1.8

url:https://www.juniper.net/documentation/us/en/software/junos/network-mgmt/topics/ref/statement/client-list-edit-snmp.html

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-22177

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2022.0177

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022011706

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/755.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/alphabugx/cve-2022-23305

Trust: 0.1

sources: VULHUB: VHN-409706 // VULMON: CVE-2022-22177 // JVNDB: JVNDB-2022-003784 // CNNVD: CNNVD-202201-1083 // NVD: CVE-2022-22177

SOURCES

db:VULHUBid:VHN-409706
db:VULMONid:CVE-2022-22177
db:JVNDBid:JVNDB-2022-003784
db:CNNVDid:CNNVD-202201-1083
db:NVDid:CVE-2022-22177

LAST UPDATE DATE

2024-11-23T22:47:31.924000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-409706date:2022-01-26T00:00:00
db:VULMONid:CVE-2022-22177date:2022-01-26T00:00:00
db:JVNDBid:JVNDB-2022-003784date:2023-03-08T09:12:00
db:CNNVDid:CNNVD-202201-1083date:2022-02-28T00:00:00
db:NVDid:CVE-2022-22177date:2024-11-21T06:46:19.560

SOURCES RELEASE DATE

db:VULHUBid:VHN-409706date:2022-01-19T00:00:00
db:VULMONid:CVE-2022-22177date:2022-01-19T00:00:00
db:JVNDBid:JVNDB-2022-003784date:2023-03-08T00:00:00
db:CNNVDid:CNNVD-202201-1083date:2022-01-14T00:00:00
db:NVDid:CVE-2022-22177date:2022-01-19T01:15:09.517