Details of VAR-202301-0904

ID

VAR-202301-0904

CVE

CVE-2023-22402

TITLE

Juniper Networks Junos OS Evolved Vulnerability in using free memory in

Trust: 0.8

sources: JVNDB: JVNDB-2023-001549

DESCRIPTION

A Use After Free vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). In a Non Stop Routing (NSR) scenario, an unexpected kernel restart might be observed if "bgp auto-discovery" is enabled and if there is a BGP neighbor flap of auto-discovery sessions for any reason. This is a race condition which is outside of an attackers direct control and it depends on system internal timing whether this issue occurs. This issue affects Juniper Networks Junos OS Evolved: 21.3 versions prior to 21.3R3-EVO; 21.4 versions prior to 21.4R2-EVO; 22.1 versions prior to 22.1R2-EVO; 22.2 versions prior to 22.2R1-S1-EVO, 22.2R2-EVO

Trust: 1.8

sources: NVD: CVE-2023-22402 // JVNDB: JVNDB-2023-001549 // VULHUB: VHN-449818 // VULMON: CVE-2023-22402

AFFECTED PRODUCTS

vendor:	juniper	model:	junos os evolved	scope:	eq	version:	21.3	Trust: 1.0
vendor:	juniper	model:	junos os evolved	scope:	eq	version:	22.1	Trust: 1.0
vendor:	juniper	model:	junos os evolved	scope:	eq	version:	22.2	Trust: 1.0
vendor:	juniper	model:	junos os evolved	scope:	eq	version:	21.4	Trust: 1.0
vendor:	ジュニパーネットワークス	model:	junos os evolved	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2023-001549 // NVD: CVE-2023-22402

CVSS

SEVERITY

CVSSV2

CVSSV3

sirt@juniper.net:	CVE-2023-22402
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2023-001549
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202301-1030
value:	MEDIUM
Trust: 0.6

sirt@juniper.net:	CVE-2023-22402
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	3.6
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2023-001549
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-001549 // CNNVD: CNNVD-202301-1030 // NVD: CVE-2023-22402

PROBLEMTYPE DATA

problemtype:	CWE-416	Trust: 1.1
problemtype:	Use of freed memory (CWE-416) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-449818 // JVNDB: JVNDB-2023-001549 // NVD: CVE-2023-22402

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202301-1030

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202301-1030

PATCH

title:	JSA70198	url:	https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-Evolved-The-kernel-might-restart-in-a-BGP-scenario-where-bgp-auto-discovery-is-enabled-and-such-a-neighbor-flaps-CVE-2023-22402?language=en_US	Trust: 0.8
title:	Juniper Networks Junos OS Remediation of resource management error vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=222322	Trust: 0.6
title:	-	url:	https://github.com/Live-Hack-CVE/CVE-2023-22402	Trust: 0.1

sources: VULMON: CVE-2023-22402 // JVNDB: JVNDB-2023-001549 // CNNVD: CNNVD-202301-1030

EXTERNAL IDS

db:	NVD	id:	CVE-2023-22402	Trust: 3.4
db:	JUNIPER	id:	JSA70198	Trust: 1.8
db:	JVNDB	id:	JVNDB-2023-001549	Trust: 0.8
db:	CNNVD	id:	CNNVD-202301-1030	Trust: 0.6
db:	VULHUB	id:	VHN-449818	Trust: 0.1
db:	VULMON	id:	CVE-2023-22402	Trust: 0.1

sources: VULHUB: VHN-449818 // VULMON: CVE-2023-22402 // JVNDB: JVNDB-2023-001549 // CNNVD: CNNVD-202301-1030 // NVD: CVE-2023-22402

REFERENCES

url:	https://kb.juniper.net/jsa70198	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-22402	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2023-22402/	Trust: 0.6
url:	https://github.com/live-hack-cve/cve-2023-22402	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-449818 // VULMON: CVE-2023-22402 // JVNDB: JVNDB-2023-001549 // CNNVD: CNNVD-202301-1030 // NVD: CVE-2023-22402

SOURCES

db:	VULHUB	id:	VHN-449818
db:	VULMON	id:	CVE-2023-22402
db:	JVNDB	id:	JVNDB-2023-001549
db:	CNNVD	id:	CNNVD-202301-1030
db:	NVD	id:	CVE-2023-22402

LAST UPDATE DATE

2024-08-14T15:00:35.071000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-449818	date:	2023-01-20T00:00:00
db:	VULMON	id:	CVE-2023-22402	date:	2023-01-13T00:00:00
db:	JVNDB	id:	JVNDB-2023-001549	date:	2023-04-19T08:31:00
db:	CNNVD	id:	CNNVD-202301-1030	date:	2023-01-28T00:00:00
db:	NVD	id:	CVE-2023-22402	date:	2023-01-20T14:53:01.540

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-449818	date:	2023-01-13T00:00:00
db:	VULMON	id:	CVE-2023-22402	date:	2023-01-13T00:00:00
db:	JVNDB	id:	JVNDB-2023-001549	date:	2023-04-19T00:00:00
db:	CNNVD	id:	CNNVD-202301-1030	date:	2023-01-13T00:00:00
db:	NVD	id:	CVE-2023-22402	date:	2023-01-13T00:15:10.690