Sign-up

ID

VAR-202210-0814


CVE

CVE-2022-22238


TITLE

Juniper Networks  Junos OS  and  Junos OS Evolved  Vulnerability in checking for exceptional conditions in

Trust: 0.8

sources: JVNDB: JVNDB-2022-019208

DESCRIPTION

An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). When an incoming RESV message corresponding to a protected LSP is malformed it causes an incorrect internal state resulting in an rpd core. This issue affects: Juniper Networks Junos OS All versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S6; 19.4 versions prior to 19.4R3-S8; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R1-S2, 21.2R3; 21.3 versions prior to 21.3R2. Juniper Networks Junos OS Evolved All versions prior to 20.2R3-S3-EVO; 20.3-EVO version 20.3R1-EVO and later versions; 20.4-EVO versions prior to 20.4R3-S1-EVO; 21.1-EVO version 21.1R1-EVO and later versions; 21.2-EVO version 21.2R1-EVO and later versions; 21.3-EVO versions prior to 21.3R2-EVO

Trust: 1.71

sources: NVD: CVE-2022-22238 // JVNDB: JVNDB-2022-019208 // VULHUB: VHN-409767

AFFECTED PRODUCTS

vendor:junipermodel:junos os evolvedscope:eqversion:21.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:21.2

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:20.4

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:21.2

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:ltversion:20.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:21.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.2

Trust: 1.0

vendor:junipermodel:junosscope:ltversion:19.2

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:20.3

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:20.2

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:21.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:21.1

Trust: 1.0

vendor:ジュニパーネットワークスmodel:junos osscope: - version: -

Trust: 0.8

vendor:ジュニパーネットワークスmodel:junos os evolvedscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-019208 // NVD: CVE-2022-22238

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-22238
value: MEDIUM

Trust: 1.0

sirt@juniper.net: CVE-2022-22238
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-22238
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202210-656
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2022-22238
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

sirt@juniper.net: CVE-2022-22238
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2022-22238
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-019208 // CNNVD: CNNVD-202210-656 // NVD: CVE-2022-22238 // NVD: CVE-2022-22238

PROBLEMTYPE DATA

problemtype:CWE-754

Trust: 1.1

problemtype:Improper checking in exceptional conditions (CWE-754) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-409767 // JVNDB: JVNDB-2022-019208 // NVD: CVE-2022-22238

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202210-656

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202210-656

EXTERNAL IDS

db:NVDid:CVE-2022-22238

Trust: 3.3

db:JUNIPERid:JSA69894

Trust: 2.5

db:JVNDBid:JVNDB-2022-019208

Trust: 0.8

db:AUSCERTid:ESB-2022.5663

Trust: 0.6

db:CNNVDid:CNNVD-202210-656

Trust: 0.6

db:VULHUBid:VHN-409767

Trust: 0.1

sources: VULHUB: VHN-409767 // JVNDB: JVNDB-2022-019208 // CNNVD: CNNVD-202210-656 // NVD: CVE-2022-22238

REFERENCES

url:https://kb.juniper.net/jsa69894

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-22238

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-22238/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.5663

Trust: 0.6

url:https://vigilance.fr/vulnerability/junos-os-multiple-vulnerabilities-39531

Trust: 0.6

sources: VULHUB: VHN-409767 // JVNDB: JVNDB-2022-019208 // CNNVD: CNNVD-202210-656 // NVD: CVE-2022-22238

SOURCES

db:VULHUBid:VHN-409767
db:JVNDBid:JVNDB-2022-019208
db:CNNVDid:CNNVD-202210-656
db:NVDid:CVE-2022-22238

LAST UPDATE DATE

2024-08-14T14:10:31.644000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-409767date:2022-10-21T00:00:00
db:JVNDBid:JVNDB-2022-019208date:2023-10-24T08:20:00
db:CNNVDid:CNNVD-202210-656date:2022-11-09T00:00:00
db:NVDid:CVE-2022-22238date:2022-10-21T18:37:49.533

SOURCES RELEASE DATE

db:VULHUBid:VHN-409767date:2022-10-18T00:00:00
db:JVNDBid:JVNDB-2022-019208date:2023-10-24T00:00:00
db:CNNVDid:CNNVD-202210-656date:2022-10-12T00:00:00
db:NVDid:CVE-2022-22238date:2022-10-18T03:15:10.747