Sign-up

ID

VAR-202210-0869


CVE

CVE-2022-22233


TITLE

Juniper Networks Junos OS Code problem vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202210-659

DESCRIPTION

An Unchecked Return Value to NULL Pointer Dereference vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). In Segment Routing (SR) to Label Distribution Protocol (LDP) interworking scenario, configured with Segment Routing Mapping Server (SRMS) at any node, when an Area Border Router (ABR) leaks the SRMS entries having "S" flag set from IS-IS Level 2 to Level 1, an rpd core might be observed when a specific low privileged CLI command is issued. This issue affects: Juniper Networks Junos OS 21.4 versions prior to 21.4R1-S2, 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R2. Juniper Networks Junos OS Evolved 21.4-EVO versions prior to 21.4R1-S2-EVO, 21.4R2-S1-EVO, 21.4R3-EVO; 22.1-EVO versions prior to 22.1R2-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 21.4R1. Juniper Networks Junos OS Evolved versions prior to 21.4R1-EVO

Trust: 0.99

sources: NVD: CVE-2022-22233 // VULHUB: VHN-409762

AFFECTED PRODUCTS

vendor:junipermodel:junos os evolvedscope:eqversion:21.4

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:22.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:21.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:22.1

Trust: 1.0

sources: NVD: CVE-2022-22233

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-22233
value: MEDIUM

Trust: 1.0

sirt@juniper.net: CVE-2022-22233
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202210-659
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2022-22233
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 2.0

sources: CNNVD: CNNVD-202210-659 // NVD: CVE-2022-22233 // NVD: CVE-2022-22233

PROBLEMTYPE DATA

problemtype:CWE-690

Trust: 1.0

problemtype:CWE-252

Trust: 1.0

problemtype:CWE-476

Trust: 0.1

sources: VULHUB: VHN-409762 // NVD: CVE-2022-22233

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202210-659

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202210-659

EXTERNAL IDS

db:NVDid:CVE-2022-22233

Trust: 1.7

db:JUNIPERid:JSA69887

Trust: 1.7

db:CNNVDid:CNNVD-202210-659

Trust: 0.6

db:VULHUBid:VHN-409762

Trust: 0.1

sources: VULHUB: VHN-409762 // CNNVD: CNNVD-202210-659 // NVD: CVE-2022-22233

REFERENCES

url:https://kb.juniper.net/jsa69887

Trust: 1.7

url:https://vigilance.fr/vulnerability/junos-os-multiple-vulnerabilities-39531

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-22233/

Trust: 0.6

sources: VULHUB: VHN-409762 // CNNVD: CNNVD-202210-659 // NVD: CVE-2022-22233

SOURCES

db:VULHUBid:VHN-409762
db:CNNVDid:CNNVD-202210-659
db:NVDid:CVE-2022-22233

LAST UPDATE DATE

2024-08-14T14:55:13.986000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-409762date:2022-10-21T00:00:00
db:CNNVDid:CNNVD-202210-659date:2023-06-28T00:00:00
db:NVDid:CVE-2022-22233date:2023-06-27T18:20:25.707

SOURCES RELEASE DATE

db:VULHUBid:VHN-409762date:2022-10-18T00:00:00
db:CNNVDid:CNNVD-202210-659date:2022-10-12T00:00:00
db:NVDid:CVE-2022-22233date:2022-10-18T03:15:10.407