ID

VAR-202210-0882


CVE

CVE-2022-22225


TITLE

Juniper Networks  Junos OS  and  Junos OS Evolved  In  Time-of-check Time-of-use (TOCTOU)  Race condition vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2022-019219

DESCRIPTION

A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated attacker with an established BGP session to cause a Denial of Service (DoS). In a BGP multipath scenario, when one of the contributing routes is flapping often and rapidly, rpd may crash. As this crash depends on whether a route is a contributing route, and on the internal timing of the events triggered by the flap this vulnerability is outside the direct control of a potential attacker. This issue affects: Juniper Networks Junos OS 19.2 versions prior to 19.2R3-S6; 20.2 versions prior to 20.2R3-S4; 20.3 versions prior to 20.3R3-S3; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2; 21.3 versions prior to 21.3R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S4-EVO; 21.1-EVO version 21.1R1-EVO and later versions; 21.2-EVO versions prior to 21.2R2-EVO; 21.3-EVO versions prior to 21.3R2-EVO. This issue does not affect: Juniper Networks Junos OS versions 19.2 versions prior to 19.2R2, 19.3R1 and above prior to 20.2R1. Juniper Networks Junos OS Evolved versions prior to 20.2R1-EVO

Trust: 1.71

sources: NVD: CVE-2022-22225 // JVNDB: JVNDB-2022-019219 // VULHUB: VHN-409754

AFFECTED PRODUCTS

vendor:junipermodel:junos os evolvedscope:eqversion:21.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:21.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:21.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.4

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:20.4

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:21.2

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:ltversion:20.4

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:21.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:21.1

Trust: 1.0

vendor:ジュニパーネットワークスmodel:junos osscope: - version: -

Trust: 0.8

vendor:ジュニパーネットワークスmodel:junos os evolvedscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-019219 // NVD: CVE-2022-22225

CVSS

SEVERITY

CVSSV2

CVSSV3

sirt@juniper.net: CVE-2022-22225
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2022-019219
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202210-675
value: MEDIUM

Trust: 0.6

sirt@juniper.net: CVE-2022-22225
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.1

Trust: 1.0

OTHER: JVNDB-2022-019219
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-019219 // CNNVD: CNNVD-202210-675 // NVD: CVE-2022-22225

PROBLEMTYPE DATA

problemtype:CWE-367

Trust: 1.1

problemtype:Time-of-check Time-of-use (TOCTOU) Race condition (CWE-367) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-409754 // JVNDB: JVNDB-2022-019219 // NVD: CVE-2022-22225

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202210-675

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202210-675

EXTERNAL IDS

db:NVDid:CVE-2022-22225

Trust: 3.3

db:JUNIPERid:JSA69875

Trust: 2.5

db:JVNDBid:JVNDB-2022-019219

Trust: 0.8

db:CNNVDid:CNNVD-202210-675

Trust: 0.6

db:VULHUBid:VHN-409754

Trust: 0.1

sources: VULHUB: VHN-409754 // JVNDB: JVNDB-2022-019219 // CNNVD: CNNVD-202210-675 // NVD: CVE-2022-22225

REFERENCES

url:https://kb.juniper.net/jsa69875

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-22225

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-22225/

Trust: 0.6

url:https://vigilance.fr/vulnerability/junos-os-multiple-vulnerabilities-39531

Trust: 0.6

sources: VULHUB: VHN-409754 // JVNDB: JVNDB-2022-019219 // CNNVD: CNNVD-202210-675 // NVD: CVE-2022-22225

SOURCES

db:VULHUBid:VHN-409754
db:JVNDBid:JVNDB-2022-019219
db:CNNVDid:CNNVD-202210-675
db:NVDid:CVE-2022-22225

LAST UPDATE DATE

2024-08-14T14:37:16.383000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-409754date:2022-10-21T00:00:00
db:JVNDBid:JVNDB-2022-019219date:2023-10-24T08:20:00
db:CNNVDid:CNNVD-202210-675date:2022-10-24T00:00:00
db:NVDid:CVE-2022-22225date:2022-10-21T17:59:05.023

SOURCES RELEASE DATE

db:VULHUBid:VHN-409754date:2022-10-18T00:00:00
db:JVNDBid:JVNDB-2022-019219date:2023-10-24T00:00:00
db:CNNVDid:CNNVD-202210-675date:2022-10-12T00:00:00
db:NVDid:CVE-2022-22225date:2022-10-18T03:15:09.857