ID

VAR-202210-0846


CVE

CVE-2022-22224


TITLE

Juniper Networks  Junos OS  and  Junos OS Evolved  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-019220

DESCRIPTION

An Improper Check or Handling of Exceptional Conditions vulnerability in the processing of a malformed OSPF TLV in Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause the periodic packet management daemon (PPMD) process to go into an infinite loop, which in turn can cause protocols and functions reliant on PPMD such as OSPF neighbor reachability to be impacted, resulting in a sustained Denial of Service (DoS) condition. The DoS condition persists until the PPMD process is manually restarted. This issue affects: Juniper Networks Junos OS: All versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S5; 19.3 versions prior to 19.3R3-S3; 19.4 versions prior to 19.4R3-S9; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3-S1; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2. Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S3-EVO; 21.1 versions prior to 21.1R2-EVO

Trust: 1.71

sources: NVD: CVE-2022-22224 // JVNDB: JVNDB-2022-019220 // VULHUB: VHN-409753

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:21.1

Trust: 1.0

vendor:junipermodel:junosscope:ltversion:19.1

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:21.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.2

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:20.4

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:ltversion:20.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.3

Trust: 1.0

vendor:ジュニパーネットワークスmodel:junos osscope: - version: -

Trust: 0.8

vendor:ジュニパーネットワークスmodel:junos os evolvedscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-019220 // NVD: CVE-2022-22224

CVSS

SEVERITY

CVSSV2

CVSSV3

sirt@juniper.net: CVE-2022-22224
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2022-019220
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202210-667
value: MEDIUM

Trust: 0.6

sirt@juniper.net: CVE-2022-22224
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

OTHER: JVNDB-2022-019220
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-019220 // CNNVD: CNNVD-202210-667 // NVD: CVE-2022-22224

PROBLEMTYPE DATA

problemtype:CWE-703

Trust: 1.0

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-019220 // NVD: CVE-2022-22224

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202210-667

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202210-667

EXTERNAL IDS

db:NVDid:CVE-2022-22224

Trust: 3.3

db:JUNIPERid:JSA69874

Trust: 2.5

db:JVNDBid:JVNDB-2022-019220

Trust: 0.8

db:CNNVDid:CNNVD-202210-667

Trust: 0.6

db:VULHUBid:VHN-409753

Trust: 0.1

sources: VULHUB: VHN-409753 // JVNDB: JVNDB-2022-019220 // CNNVD: CNNVD-202210-667 // NVD: CVE-2022-22224

REFERENCES

url:https://kb.juniper.net/jsa69874

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-22224

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-22224/

Trust: 0.6

url:https://vigilance.fr/vulnerability/junos-os-multiple-vulnerabilities-39531

Trust: 0.6

sources: VULHUB: VHN-409753 // JVNDB: JVNDB-2022-019220 // CNNVD: CNNVD-202210-667 // NVD: CVE-2022-22224

SOURCES

db:VULHUBid:VHN-409753
db:JVNDBid:JVNDB-2022-019220
db:CNNVDid:CNNVD-202210-667
db:NVDid:CVE-2022-22224

LAST UPDATE DATE

2024-08-14T15:42:11.895000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-409753date:2022-10-20T00:00:00
db:JVNDBid:JVNDB-2022-019220date:2023-10-24T08:20:00
db:CNNVDid:CNNVD-202210-667date:2022-10-21T00:00:00
db:NVDid:CVE-2022-22224date:2022-10-20T20:08:09.713

SOURCES RELEASE DATE

db:VULHUBid:VHN-409753date:2022-10-18T00:00:00
db:JVNDBid:JVNDB-2022-019220date:2023-10-24T00:00:00
db:CNNVDid:CNNVD-202210-667date:2022-10-12T00:00:00
db:NVDid:CVE-2022-22224date:2022-10-18T03:15:09.787