Details of VAR-202204-1135

ID

VAR-202204-1135

CVE

CVE-2022-22196

TITLE

Juniper Networks Junos OS and Junos OS Evolved Code problem vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202204-3388

DESCRIPTION

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker with an established ISIS adjacency to cause a Denial of Service (DoS). The rpd CPU spikes to 100% after a malformed ISIS TLV has been received which will lead to processing issues of routing updates and in turn traffic impact. This issue affects: Juniper Networks Junos OS 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R2-S6, 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S3-EVO; 21.2 versions prior to 21.2R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 19.3R1

Trust: 1.08

sources: NVD: CVE-2022-22196 // VULHUB: VHN-409725 // VULMON: CVE-2022-22196

AFFECTED PRODUCTS

vendor:	juniper	model:	junos	scope:	eq	version:	19.3	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	20.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	19.4	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	21.2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	20.4	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	20.2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	20.3	Trust: 1.0
vendor:	juniper	model:	junos os evolved	scope:	eq	version:	20.4	Trust: 1.0
vendor:	juniper	model:	junos os evolved	scope:	eq	version:	21.2	Trust: 1.0
vendor:	juniper	model:	junos os evolved	scope:	lt	version:	20.4	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	21.1	Trust: 1.0

sources: NVD: CVE-2022-22196

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-22196
value:	MEDIUM
Trust: 1.0
sirt@juniper.net:	CVE-2022-22196
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202204-3388
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-409725
value:	LOW
Trust: 0.1
VULMON:	CVE-2022-22196
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2022-22196
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-409725
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-22196
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 2.0

sources: VULHUB: VHN-409725 // VULMON: CVE-2022-22196 // CNNVD: CNNVD-202204-3388 // NVD: CVE-2022-22196 // NVD: CVE-2022-22196

PROBLEMTYPE DATA

problemtype:

CWE-754

Trust: 1.1

sources: VULHUB: VHN-409725 // NVD: CVE-2022-22196

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202204-3388

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202204-3388

PATCH

title:

Juniper Networks Junos OS and Junos OS Evolved Fixes for code issue vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=190378

Trust: 0.6

sources: CNNVD: CNNVD-202204-3388

EXTERNAL IDS

db:	JUNIPER	id:	JSA69509	Trust: 1.8
db:	NVD	id:	CVE-2022-22196	Trust: 1.8
db:	CNNVD	id:	CNNVD-202204-3388	Trust: 0.6
db:	VULHUB	id:	VHN-409725	Trust: 0.1
db:	VULMON	id:	CVE-2022-22196	Trust: 0.1

sources: VULHUB: VHN-409725 // VULMON: CVE-2022-22196 // CNNVD: CNNVD-202204-3388 // NVD: CVE-2022-22196

REFERENCES

url:	https://kb.juniper.net/jsa69509	Trust: 1.8
url:	https://vigilance.fr/vulnerability/junos-os-multiple-vulnerabilities-38071	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-22196/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/754.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-409725 // VULMON: CVE-2022-22196 // CNNVD: CNNVD-202204-3388 // NVD: CVE-2022-22196

SOURCES

db:	VULHUB	id:	VHN-409725
db:	VULMON	id:	CVE-2022-22196
db:	CNNVD	id:	CNNVD-202204-3388
db:	NVD	id:	CVE-2022-22196

LAST UPDATE DATE

2024-08-14T14:44:00.574000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-409725	date:	2022-04-21T00:00:00
db:	VULMON	id:	CVE-2022-22196	date:	2022-04-21T00:00:00
db:	CNNVD	id:	CNNVD-202204-3388	date:	2022-04-22T00:00:00
db:	NVD	id:	CVE-2022-22196	date:	2022-04-21T09:57:20.987

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-409725	date:	2022-04-14T00:00:00
db:	VULMON	id:	CVE-2022-22196	date:	2022-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202204-3388	date:	2022-04-14T00:00:00
db:	NVD	id:	CVE-2022-22196	date:	2022-04-14T16:15:08.537