Details of VAR-202201-1560

ID

VAR-202201-1560

CVE

CVE-2022-22157

TITLE

Juniper Networks Junos OS Fraud related to unauthorized authentication in

Trust: 0.8

sources: JVNDB: JVNDB-2022-004214

DESCRIPTION

A traffic classification vulnerability in Juniper Networks Junos OS on the SRX Series Services Gateways may allow an attacker to bypass Juniper Deep Packet Inspection (JDPI) rules and access unauthorized networks or resources, when 'no-syn-check' is enabled on the device. JDPI incorrectly classifies out-of-state asymmetric TCP flows as the dynamic-application INCONCLUSIVE instead of UNKNOWN, which is more permissive, causing the firewall to allow traffic to be forwarded that should have been denied. This issue only occurs when 'set security flow tcp-session no-syn-check' is configured on the device. This issue affects Juniper Networks Junos OS on SRX Series: 18.4 versions prior to 18.4R2-S9, 18.4R3-S9; 19.1 versions prior to 19.1R2-S3, 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R2-S5, 19.4R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R3-S1; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 18.4R1

Trust: 1.8

sources: NVD: CVE-2022-22157 // JVNDB: JVNDB-2022-004214 // VULHUB: VHN-409686 // VULMON: CVE-2022-22157

AFFECTED PRODUCTS

vendor:	juniper	model:	junos	scope:	eq	version:	21.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	20.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	19.4	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	19.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	20.3	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	20.4	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	20.2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	21.2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	18.4	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	19.2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	19.3	Trust: 1.0
vendor:	ジュニパーネットワークス	model:	junos os	scope:	-	version:	-	Trust: 0.8
vendor:	ジュニパーネットワークス	model:	junos os	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-004214 // NVD: CVE-2022-22157

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-22157
value:	CRITICAL
Trust: 1.0
sirt@juniper.net:	CVE-2022-22157
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-22157
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202201-920
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-409686
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2022-22157
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-22157
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-409686
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-22157
baseSeverity:	CRITICAL
baseScore:	9.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	4.7
version:	3.1
Trust: 1.0
sirt@juniper.net:	CVE-2022-22157
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.7
version:	3.1
Trust: 1.0
NVD:	CVE-2022-22157
baseSeverity:	CRITICAL
baseScore:	9.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-409686 // VULMON: CVE-2022-22157 // JVNDB: JVNDB-2022-004214 // CNNVD: CNNVD-202201-920 // NVD: CVE-2022-22157 // NVD: CVE-2022-22157

PROBLEMTYPE DATA

problemtype:	CWE-863	Trust: 1.1
problemtype:	Illegal authentication (CWE-863) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-409686 // JVNDB: JVNDB-2022-004214 // NVD: CVE-2022-22157

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202201-920

TYPE

security feature problem

Trust: 0.6

sources: CNNVD: CNNVD-202201-920

PATCH

title:	JSA11265	url:	https://supportportal.juniper.net/s/article/2022-01-Security-Bulletin-Junos-OS-SRX-Series-Multiple-vulnerabilities-in-traffic-classification-when-no-syn-check-is-enabled-CVE-2022-22157-CVE-2022-22167?language=en_US	Trust: 0.8
title:	Juniper Networks Junos OS Fixing measures for security feature vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=183781	Trust: 0.6
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-23305	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-RCE	Trust: 0.1

sources: VULMON: CVE-2022-22157 // JVNDB: JVNDB-2022-004214 // CNNVD: CNNVD-202201-920

EXTERNAL IDS

db:	NVD	id:	CVE-2022-22157	Trust: 3.4
db:	JUNIPER	id:	JSA11265	Trust: 1.8
db:	JVNDB	id:	JVNDB-2022-004214	Trust: 0.8
db:	CS-HELP	id:	SB2022011701	Trust: 0.6
db:	CNNVD	id:	CNNVD-202201-920	Trust: 0.6
db:	VULHUB	id:	VHN-409686	Trust: 0.1
db:	VULMON	id:	CVE-2022-22157	Trust: 0.1

sources: VULHUB: VHN-409686 // VULMON: CVE-2022-22157 // JVNDB: JVNDB-2022-004214 // CNNVD: CNNVD-202201-920 // NVD: CVE-2022-22157

REFERENCES

url:	https://kb.juniper.net/jsa11265	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22157	Trust: 1.4
url:	https://www.cybersecurity-help.cz/vdb/sb2022011701	Trust: 0.6
url:	https://vigilance.fr/vulnerability/junos-os-multiple-vulnerabilities-37234	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/863.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/alphabugx/cve-2022-23305	Trust: 0.1

sources: VULHUB: VHN-409686 // VULMON: CVE-2022-22157 // JVNDB: JVNDB-2022-004214 // CNNVD: CNNVD-202201-920 // NVD: CVE-2022-22157

SOURCES

db:	VULHUB	id:	VHN-409686
db:	VULMON	id:	CVE-2022-22157
db:	JVNDB	id:	JVNDB-2022-004214
db:	CNNVD	id:	CNNVD-202201-920
db:	NVD	id:	CVE-2022-22157

LAST UPDATE DATE

2024-08-14T13:43:04.244000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-409686	date:	2022-01-28T00:00:00
db:	VULMON	id:	CVE-2022-22157	date:	2022-01-28T00:00:00
db:	JVNDB	id:	JVNDB-2022-004214	date:	2023-03-31T05:46:00
db:	CNNVD	id:	CNNVD-202201-920	date:	2022-02-28T00:00:00
db:	NVD	id:	CVE-2022-22157	date:	2022-01-28T20:00:27.750

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-409686	date:	2022-01-19T00:00:00
db:	VULMON	id:	CVE-2022-22157	date:	2022-01-19T00:00:00
db:	JVNDB	id:	JVNDB-2022-004214	date:	2023-03-31T00:00:00
db:	CNNVD	id:	CNNVD-202201-920	date:	2022-01-12T00:00:00
db:	NVD	id:	CVE-2022-22157	date:	2022-01-19T01:15:08.450