Details of VAR-202204-1507

ID

VAR-202204-1507

CVE

CVE-2022-22193

TITLE

Juniper Networks Junos OS and Junos OS Evolved Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202204-3408

DESCRIPTION

An Improper Handling of Unexpected Data Type vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). Continued execution of this command might cause a sustained Denial of Service condition. If BGP rib sharding is configured and a certain CLI command is executed the rpd process can crash. During the rpd crash and restart, the routing protocols might be impacted and traffic disruption might be seen due to the loss of routing information. This issue affects: Juniper Networks Junos OS 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2. Juniper Networks Junos OS Evolved 20.4 versions prior to 20.4R3-EVO; 21.1 versions prior to 21.1R3-EVO; 21.2 versions prior to 21.2R2-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 20.3R1. Juniper Networks Junos OS Evolved versions prior to 20.3R1-EVO. Juniper Networks Junos..

Trust: 1.08

sources: NVD: CVE-2022-22193 // VULHUB: VHN-409722 // VULMON: CVE-2022-22193

AFFECTED PRODUCTS

vendor:	juniper	model:	junos	scope:	eq	version:	21.2	Trust: 1.0
vendor:	juniper	model:	junos os evolved	scope:	eq	version:	20.4	Trust: 1.0
vendor:	juniper	model:	junos os evolved	scope:	eq	version:	21.2	Trust: 1.0
vendor:	juniper	model:	junos os evolved	scope:	eq	version:	21.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	20.3	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	21.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	20.4	Trust: 1.0

sources: NVD: CVE-2022-22193

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-22193
value:	MEDIUM
Trust: 1.0
sirt@juniper.net:	CVE-2022-22193
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202204-3408
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-409722
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2022-22193
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-22193
severity:	MEDIUM
baseScore:	4.7
vectorString:	AV:L/AC:M/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-409722
severity:	MEDIUM
baseScore:	4.7
vectorString:	AV:L/AC:M/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-22193
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 2.0

sources: VULHUB: VHN-409722 // VULMON: CVE-2022-22193 // CNNVD: CNNVD-202204-3408 // NVD: CVE-2022-22193 // NVD: CVE-2022-22193

PROBLEMTYPE DATA

problemtype:

CWE-241

Trust: 1.1

sources: VULHUB: VHN-409722 // NVD: CVE-2022-22193

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202204-3408

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202204-3408

PATCH

title:

Juniper Networks Junos OS and Junos OS Evolved Security vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=190388

Trust: 0.6

sources: CNNVD: CNNVD-202204-3408

EXTERNAL IDS

db:	JUNIPER	id:	JSA69503	Trust: 1.8
db:	NVD	id:	CVE-2022-22193	Trust: 1.8
db:	CNNVD	id:	CNNVD-202204-3408	Trust: 0.6
db:	VULHUB	id:	VHN-409722	Trust: 0.1
db:	VULMON	id:	CVE-2022-22193	Trust: 0.1

sources: VULHUB: VHN-409722 // VULMON: CVE-2022-22193 // CNNVD: CNNVD-202204-3408 // NVD: CVE-2022-22193

REFERENCES

url:	https://kb.juniper.net/jsa69503	Trust: 1.8
url:	https://vigilance.fr/vulnerability/junos-os-multiple-vulnerabilities-38071	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-22193/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/241.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-409722 // VULMON: CVE-2022-22193 // CNNVD: CNNVD-202204-3408 // NVD: CVE-2022-22193

SOURCES

db:	VULHUB	id:	VHN-409722
db:	VULMON	id:	CVE-2022-22193
db:	CNNVD	id:	CNNVD-202204-3408
db:	NVD	id:	CVE-2022-22193

LAST UPDATE DATE

2024-08-14T15:27:18.826000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-409722	date:	2022-04-21T00:00:00
db:	VULMON	id:	CVE-2022-22193	date:	2022-04-21T00:00:00
db:	CNNVD	id:	CNNVD-202204-3408	date:	2022-04-22T00:00:00
db:	NVD	id:	CVE-2022-22193	date:	2022-04-21T09:52:00.810

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-409722	date:	2022-04-14T00:00:00
db:	VULMON	id:	CVE-2022-22193	date:	2022-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202204-3408	date:	2022-04-14T00:00:00
db:	NVD	id:	CVE-2022-22193	date:	2022-04-14T16:15:08.350