ID

VAR-202207-0915


CVE

CVE-2022-22213


TITLE

Juniper Networks  Junos OS  and  Junos OS Evolved  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-013704

DESCRIPTION

A vulnerability in Handling of Undefined Values in the routing protocol daemon (RPD) process of Juniper Networks Junos OS and Junos OS Evolved may allow an unauthenticated network-based attacker to crash the RPD process by sending a specific BGP update while the system is under heavy load, leading to a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. Malicious exploitation of this issue requires a very specific combination of load, timing, and configuration of the vulnerable system which is beyond the direct control of the attacker. Internal reproduction has only been possible through artificially created load and specially instrumented source code. Systems are only vulnerable to this issue if BGP multipath is enabled. Routers not configured for BGP multipath are not vulnerable to this issue. This issue affects: Juniper Networks Junos OS: 21.1 versions prior to 21.1R3-S1; 21.2 versions prior to 21.2R2-S2, 21.2R3; 21.3 versions prior to 21.3R2, 21.3R3; 21.4 versions prior to 21.4R1-S1, 21.4R2. Juniper Networks Junos OS Evolved: 21.1 versions prior to 21.1R3-S1-EVO; 21.2 version 21.2R1-EVO and later versions; 21.3 versions prior to 21.3R3-EVO; 21.4 versions prior to 21.4R1-S1-EVO, 21.4R2-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 21.1. Juniper Networks Junos OS Evolved versions prior to 21.1-EVO. The operating system provides a secure programming interface and Junos SDK. The vulnerability stems from the fact that an attacker can cause a fatal error in Junos OS through BGP Update, resulting in a denial of service

Trust: 1.8

sources: NVD: CVE-2022-22213 // JVNDB: JVNDB-2022-013704 // VULHUB: VHN-409742 // VULMON: CVE-2022-22213

AFFECTED PRODUCTS

vendor:junipermodel:junos os evolvedscope:eqversion:21.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:21.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:21.2

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:21.2

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:21.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:21.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:21.1

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:21.4

Trust: 1.0

vendor:ジュニパーネットワークスmodel:junos osscope: - version: -

Trust: 0.8

vendor:ジュニパーネットワークスmodel:junos os evolvedscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-013704 // NVD: CVE-2022-22213

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-22213
value: MEDIUM

Trust: 1.0

sirt@juniper.net: CVE-2022-22213
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-22213
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202207-1245
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2022-22213
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: CVE-2022-22213
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-013704 // CNNVD: CNNVD-202207-1245 // NVD: CVE-2022-22213 // NVD: CVE-2022-22213

PROBLEMTYPE DATA

problemtype:CWE-232

Trust: 1.0

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-013704 // NVD: CVE-2022-22213

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202207-1245

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202207-1245

EXTERNAL IDS

db:NVDid:CVE-2022-22213

Trust: 3.4

db:JUNIPERid:JSA69717

Trust: 2.6

db:JVNDBid:JVNDB-2022-013704

Trust: 0.8

db:CNNVDid:CNNVD-202207-1245

Trust: 0.7

db:VULHUBid:VHN-409742

Trust: 0.1

db:VULMONid:CVE-2022-22213

Trust: 0.1

sources: VULHUB: VHN-409742 // VULMON: CVE-2022-22213 // JVNDB: JVNDB-2022-013704 // CNNVD: CNNVD-202207-1245 // NVD: CVE-2022-22213

REFERENCES

url:https://kb.juniper.net/jsa69717

Trust: 2.6

url:https://nvd.nist.gov/vuln/detail/cve-2022-22213

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-22213/

Trust: 0.6

url:https://vigilance.fr/vulnerability/junos-os-denial-of-service-via-bgp-update-38799

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-409742 // VULMON: CVE-2022-22213 // JVNDB: JVNDB-2022-013704 // CNNVD: CNNVD-202207-1245 // NVD: CVE-2022-22213

SOURCES

db:VULHUBid:VHN-409742
db:VULMONid:CVE-2022-22213
db:JVNDBid:JVNDB-2022-013704
db:CNNVDid:CNNVD-202207-1245
db:NVDid:CVE-2022-22213

LAST UPDATE DATE

2024-08-14T14:10:42.245000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-409742date:2022-07-29T00:00:00
db:VULMONid:CVE-2022-22213date:2022-07-20T00:00:00
db:JVNDBid:JVNDB-2022-013704date:2023-09-11T08:17:00
db:CNNVDid:CNNVD-202207-1245date:2022-08-10T00:00:00
db:NVDid:CVE-2022-22213date:2022-07-29T22:46:41.723

SOURCES RELEASE DATE

db:VULHUBid:VHN-409742date:2022-07-20T00:00:00
db:VULMONid:CVE-2022-22213date:2022-07-20T00:00:00
db:JVNDBid:JVNDB-2022-013704date:2023-09-11T00:00:00
db:CNNVDid:CNNVD-202207-1245date:2022-07-13T00:00:00
db:NVDid:CVE-2022-22213date:2022-07-20T15:15:08.827