ID
VAR-202210-0917
CVE
CVE-2022-22237
TITLE
Juniper Networks Junos OS Authentication vulnerability in
Trust: 0.8
DESCRIPTION
An Improper Authentication vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause an impact on confidentiality or integrity. A vulnerability in the processing of TCP-AO will allow a BGP or LDP peer not configured with authentication to establish a session even if the peer is locally configured to use authentication. This could lead to untrusted or unauthorized sessions being established. This issue affects Juniper Networks Junos OS: 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R2-S2, 21.3R3; 21.4 versions prior to 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R1-S1, 22.1R2. This issue does not affect Juniper Networks Junos OS Evolved
Trust: 1.71
AFFECTED PRODUCTS
| vendor: | juniper | model: | junos | scope: | eq | version: | 22.1 | Trust: 1.0 |
| vendor: | juniper | model: | junos | scope: | eq | version: | 21.4 | Trust: 1.0 |
| vendor: | juniper | model: | junos | scope: | eq | version: | 21.3 | Trust: 1.0 |
| vendor: | juniper | model: | junos | scope: | eq | version: | 21.2 | Trust: 1.0 |
| vendor: | ジュニパーネットワークス | model: | junos os | scope: | eq | version: | 21.2 | Trust: 0.8 |
| vendor: | ジュニパーネットワークス | model: | junos os | scope: | eq | version: | 21.3 | Trust: 0.8 |
| vendor: | ジュニパーネットワークス | model: | junos os | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | ジュニパーネットワークス | model: | junos os | scope: | eq | version: | 21.4 | Trust: 0.8 |
| vendor: | ジュニパーネットワークス | model: | junos os | scope: | - | version: | - | Trust: 0.8 |
| vendor: | ジュニパーネットワークス | model: | junos os | scope: | eq | version: | 22.1 | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-287 | Trust: 1.1 |
| problemtype: | Inappropriate authentication (CWE-287) [NVD evaluation ] | Trust: 0.8 |
THREAT TYPE
remote
Trust: 0.6
TYPE
authorization issue
Trust: 0.6
EXTERNAL IDS
| db: | NVD | id: | CVE-2022-22237 | Trust: 3.3 |
| db: | JUNIPER | id: | JSA69893 | Trust: 2.5 |
| db: | JVNDB | id: | JVNDB-2022-019501 | Trust: 0.8 |
| db: | AUSCERT | id: | ESB-2022.5662 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-202210-657 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-409766 | Trust: 0.1 |
REFERENCES
| url: | https://kb.juniper.net/jsa69893 | Trust: 2.5 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2022-22237 | Trust: 0.8 |
| url: | https://cxsecurity.com/cveshow/cve-2022-22237/ | Trust: 0.6 |
| url: | https://www.auscert.org.au/bulletins/esb-2022.5662 | Trust: 0.6 |
| url: | https://vigilance.fr/vulnerability/junos-os-multiple-vulnerabilities-39531 | Trust: 0.6 |
SOURCES
| db: | VULHUB | id: | VHN-409766 |
| db: | JVNDB | id: | JVNDB-2022-019501 |
| db: | CNNVD | id: | CNNVD-202210-657 |
| db: | NVD | id: | CVE-2022-22237 |
LAST UPDATE DATE
2024-08-14T14:24:29.344000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-409766 | date: | 2022-10-20T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-019501 | date: | 2023-10-25T08:15:00 |
| db: | CNNVD | id: | CNNVD-202210-657 | date: | 2022-11-09T00:00:00 |
| db: | NVD | id: | CVE-2022-22237 | date: | 2022-10-20T14:58:11.403 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-409766 | date: | 2022-10-18T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-019501 | date: | 2023-10-25T00:00:00 |
| db: | CNNVD | id: | CNNVD-202210-657 | date: | 2022-10-12T00:00:00 |
| db: | NVD | id: | CVE-2022-22237 | date: | 2022-10-18T03:15:10.673 |