Sign-up

ID

VAR-202210-0813


CVE

CVE-2022-22230


TITLE

Juniper Networks  Junos OS  and  Junos OS Evolved  Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-019214

DESCRIPTION

An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent unauthenticated attacker to cause DoS (Denial of Service). If another router generates more than one specific valid OSPFv3 LSA then rpd will crash while processing these LSAs. This issue only affects systems configured with OSPFv3, while OSPFv2 is not affected. This issue affects: Juniper Networks Junos OS 19.2 versions prior to 19.2R3-S6; 19.3 version 19.3R2 and later versions; 19.4 versions prior to 19.4R2-S8, 19.4R3-S9; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3-S2; 21.4 versions prior to 21.4R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S5-EVO; 21.1-EVO versions prior to 21.1R3-S2-EVO; 21.2-EVO versions prior to 21.2R3-S1-EVO; 21.3-EVO versions prior to 21.3R3-S2-EVO; 21.4-EVO versions prior to 21.4R2-EVO; 22.1-EVO versions prior to 22.1R2-EVO; 22.2-EVO versions prior to 22.2R2-EVO. This issue does not affect Juniper Networks Junos OS 19.2 versions prior to 19.2R2

Trust: 1.71

sources: NVD: CVE-2022-22230 // JVNDB: JVNDB-2022-019214 // VULHUB: VHN-409759

AFFECTED PRODUCTS

vendor:junipermodel:junos os evolvedscope:eqversion:19.2

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:21.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:21.2

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:19.4

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:20.1

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:20.4

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:21.2

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:21.3

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:22.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.3

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:19.3

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:18.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:21.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.2

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:20.3

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:20.2

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:22.2

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:19.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:21.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:21.1

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:21.4

Trust: 1.0

vendor:ジュニパーネットワークスmodel:junos osscope: - version: -

Trust: 0.8

vendor:ジュニパーネットワークスmodel:junos os evolvedscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-019214 // NVD: CVE-2022-22230

CVSS

SEVERITY

CVSSV2

CVSSV3

sirt@juniper.net: CVE-2022-22230
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2022-019214
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202210-662
value: MEDIUM

Trust: 0.6

sirt@juniper.net: CVE-2022-22230
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

OTHER: JVNDB-2022-019214
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-019214 // CNNVD: CNNVD-202210-662 // NVD: CVE-2022-22230

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.1

problemtype:Inappropriate input confirmation (CWE-20) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-409759 // JVNDB: JVNDB-2022-019214 // NVD: CVE-2022-22230

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202210-662

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202210-662

EXTERNAL IDS

db:NVDid:CVE-2022-22230

Trust: 3.3

db:JUNIPERid:JSA69884

Trust: 2.5

db:JVNDBid:JVNDB-2022-019214

Trust: 0.8

db:CNNVDid:CNNVD-202210-662

Trust: 0.6

db:VULHUBid:VHN-409759

Trust: 0.1

sources: VULHUB: VHN-409759 // JVNDB: JVNDB-2022-019214 // CNNVD: CNNVD-202210-662 // NVD: CVE-2022-22230

REFERENCES

url:https://kb.juniper.net/jsa69884

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-22230

Trust: 0.8

url:https://vigilance.fr/vulnerability/junos-os-multiple-vulnerabilities-39531

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-22230/

Trust: 0.6

sources: VULHUB: VHN-409759 // JVNDB: JVNDB-2022-019214 // CNNVD: CNNVD-202210-662 // NVD: CVE-2022-22230

SOURCES

db:VULHUBid:VHN-409759
db:JVNDBid:JVNDB-2022-019214
db:CNNVDid:CNNVD-202210-662
db:NVDid:CVE-2022-22230

LAST UPDATE DATE

2024-08-14T14:49:32.561000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-409759date:2022-10-21T00:00:00
db:JVNDBid:JVNDB-2022-019214date:2023-10-24T08:20:00
db:CNNVDid:CNNVD-202210-662date:2022-10-24T00:00:00
db:NVDid:CVE-2022-22230date:2022-10-21T17:24:32.723

SOURCES RELEASE DATE

db:VULHUBid:VHN-409759date:2022-10-18T00:00:00
db:JVNDBid:JVNDB-2022-019214date:2023-10-24T00:00:00
db:CNNVDid:CNNVD-202210-662date:2022-10-12T00:00:00
db:NVDid:CVE-2022-22230date:2022-10-18T03:15:10.197