Details of VAR-202210-0846

ID

VAR-202210-0846

CVE

CVE-2022-22224

TITLE

Juniper Networks Junos OS and Junos OS Evolved Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-019220

DESCRIPTION

An Improper Check or Handling of Exceptional Conditions vulnerability in the processing of a malformed OSPF TLV in Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause the periodic packet management daemon (PPMD) process to go into an infinite loop, which in turn can cause protocols and functions reliant on PPMD such as OSPF neighbor reachability to be impacted, resulting in a sustained Denial of Service (DoS) condition. The DoS condition persists until the PPMD process is manually restarted. This issue affects: Juniper Networks Junos OS: All versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S5; 19.3 versions prior to 19.3R3-S3; 19.4 versions prior to 19.4R3-S9; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3-S1; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2. Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S3-EVO; 21.1 versions prior to 21.1R2-EVO

Trust: 1.71

sources: NVD: CVE-2022-22224 // JVNDB: JVNDB-2022-019220 // VULHUB: VHN-409753

AFFECTED PRODUCTS

vendor:	juniper	model:	junos	scope:	eq	version:	21.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	lt	version:	19.1	Trust: 1.0
vendor:	juniper	model:	junos os evolved	scope:	eq	version:	21.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	20.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	19.4	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	19.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	20.3	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	20.4	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	20.2	Trust: 1.0
vendor:	juniper	model:	junos os evolved	scope:	eq	version:	20.4	Trust: 1.0
vendor:	juniper	model:	junos os evolved	scope:	lt	version:	20.4	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	19.2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	19.3	Trust: 1.0
vendor:	ジュニパーネットワークス	model:	junos os	scope:	-	version:	-	Trust: 0.8
vendor:	ジュニパーネットワークス	model:	junos os evolved	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-019220 // NVD: CVE-2022-22224

CVSS

SEVERITY

CVSSV2

CVSSV3

sirt@juniper.net:	CVE-2022-22224
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2022-019220
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202210-667
value:	MEDIUM
Trust: 0.6

sirt@juniper.net:	CVE-2022-22224
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2022-019220
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-019220 // CNNVD: CNNVD-202210-667 // NVD: CVE-2022-22224

PROBLEMTYPE DATA

problemtype:	CWE-703	Trust: 1.0
problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-019220 // NVD: CVE-2022-22224

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202210-667

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202210-667

EXTERNAL IDS

db:	NVD	id:	CVE-2022-22224	Trust: 3.3
db:	JUNIPER	id:	JSA69874	Trust: 2.5
db:	JVNDB	id:	JVNDB-2022-019220	Trust: 0.8
db:	CNNVD	id:	CNNVD-202210-667	Trust: 0.6
db:	VULHUB	id:	VHN-409753	Trust: 0.1

sources: VULHUB: VHN-409753 // JVNDB: JVNDB-2022-019220 // CNNVD: CNNVD-202210-667 // NVD: CVE-2022-22224

REFERENCES

url:	https://kb.juniper.net/jsa69874	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22224	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-22224/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/junos-os-multiple-vulnerabilities-39531	Trust: 0.6

sources: VULHUB: VHN-409753 // JVNDB: JVNDB-2022-019220 // CNNVD: CNNVD-202210-667 // NVD: CVE-2022-22224

SOURCES

db:	VULHUB	id:	VHN-409753
db:	JVNDB	id:	JVNDB-2022-019220
db:	CNNVD	id:	CNNVD-202210-667
db:	NVD	id:	CVE-2022-22224

LAST UPDATE DATE

2024-08-14T15:42:11.895000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-409753	date:	2022-10-20T00:00:00
db:	JVNDB	id:	JVNDB-2022-019220	date:	2023-10-24T08:20:00
db:	CNNVD	id:	CNNVD-202210-667	date:	2022-10-21T00:00:00
db:	NVD	id:	CVE-2022-22224	date:	2022-10-20T20:08:09.713

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-409753	date:	2022-10-18T00:00:00
db:	JVNDB	id:	JVNDB-2022-019220	date:	2023-10-24T00:00:00
db:	CNNVD	id:	CNNVD-202210-667	date:	2022-10-12T00:00:00
db:	NVD	id:	CVE-2022-22224	date:	2022-10-18T03:15:09.787