Details of VAR-202301-0920

ID

VAR-202301-0920

CVE

CVE-2023-22393

TITLE

Juniper Networks Junos OS and Junos OS Evolved Vulnerability in checking for exceptional conditions in

Trust: 0.8

sources: JVNDB: JVNDB-2023-001756

DESCRIPTION

An Improper Check for Unusual or Exceptional Conditions vulnerability in BGP route processing of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to cause Routing Protocol Daemon (RPD) crash by sending a BGP route with invalid next-hop resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue only affects systems without import policy configured. This issue affects: Juniper Networks Junos OS 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S2; 21.4 versions prior to 21.4R2-S2, 21.4R3; 22.1 versions prior to 22.1R1-S2, 22.1R2; 22.2 versions prior to 22.2R1-S1, 22.2R2. Juniper Networks Junos OS Evolved 21.4-EVO versions prior to 21.4R2-S2-EVO, 21.4R3-EVO; 22.1-EVO versions prior to 22.1R1-S2-EVO, 22.1R2-EVO; 22.2-EVO versions prior to 22.2R1-S1-EVO, 22.2R2-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 21.1R1. Juniper Networks Junos OS Evolved versions prior to 21.3R1-EVO

Trust: 1.8

sources: NVD: CVE-2023-22393 // JVNDB: JVNDB-2023-001756 // VULHUB: VHN-449809 // VULMON: CVE-2023-22393

AFFECTED PRODUCTS

vendor:	juniper	model:	junos	scope:	eq	version:	22.2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	21.3	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	22.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	21.2	Trust: 1.0
vendor:	juniper	model:	junos os evolved	scope:	eq	version:	22.2	Trust: 1.0
vendor:	juniper	model:	junos os evolved	scope:	eq	version:	22.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	21.4	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	21.1	Trust: 1.0
vendor:	juniper	model:	junos os evolved	scope:	eq	version:	21.4	Trust: 1.0
vendor:	ジュニパーネットワークス	model:	junos os	scope:	-	version:	-	Trust: 0.8
vendor:	ジュニパーネットワークス	model:	junos os evolved	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2023-001756 // NVD: CVE-2023-22393

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-22393
value:	HIGH
Trust: 1.0
sirt@juniper.net:	CVE-2023-22393
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2023-001756
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202301-1020
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2023-22393
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2023-001756
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-001756 // CNNVD: CNNVD-202301-1020 // NVD: CVE-2023-22393 // NVD: CVE-2023-22393

PROBLEMTYPE DATA

problemtype:	CWE-754	Trust: 1.1
problemtype:	CWE-358	Trust: 1.0
problemtype:	Improper checking in exceptional conditions (CWE-754) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-449809 // JVNDB: JVNDB-2023-001756 // NVD: CVE-2023-22393

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202301-1020

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202301-1020

PATCH

title:	JSA70189	url:	https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-RPD-crash-upon-receipt-of-BGP-route-with-invalid-next-hop-CVE-2023-22393?language=en_US	Trust: 0.8
title:	Juniper Networks Junos OS Fixes for code issue vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=222316	Trust: 0.6

sources: JVNDB: JVNDB-2023-001756 // CNNVD: CNNVD-202301-1020

EXTERNAL IDS

db:	NVD	id:	CVE-2023-22393	Trust: 3.4
db:	JUNIPER	id:	JSA70189	Trust: 1.8
db:	JVNDB	id:	JVNDB-2023-001756	Trust: 0.8
db:	CNNVD	id:	CNNVD-202301-1020	Trust: 0.6
db:	VULHUB	id:	VHN-449809	Trust: 0.1
db:	VULMON	id:	CVE-2023-22393	Trust: 0.1

sources: VULHUB: VHN-449809 // VULMON: CVE-2023-22393 // JVNDB: JVNDB-2023-001756 // CNNVD: CNNVD-202301-1020 // NVD: CVE-2023-22393

REFERENCES

url:	https://kb.juniper.net/jsa70189	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-22393	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2023-22393/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-449809 // VULMON: CVE-2023-22393 // JVNDB: JVNDB-2023-001756 // CNNVD: CNNVD-202301-1020 // NVD: CVE-2023-22393

SOURCES

db:	VULHUB	id:	VHN-449809
db:	VULMON	id:	CVE-2023-22393
db:	JVNDB	id:	JVNDB-2023-001756
db:	CNNVD	id:	CNNVD-202301-1020
db:	NVD	id:	CVE-2023-22393

LAST UPDATE DATE

2024-08-14T14:10:22.235000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-449809	date:	2023-01-24T00:00:00
db:	VULMON	id:	CVE-2023-22393	date:	2023-01-13T00:00:00
db:	JVNDB	id:	JVNDB-2023-001756	date:	2023-04-28T01:45:00
db:	CNNVD	id:	CNNVD-202301-1020	date:	2023-01-28T00:00:00
db:	NVD	id:	CVE-2023-22393	date:	2023-01-24T18:46:14.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-449809	date:	2023-01-13T00:00:00
db:	VULMON	id:	CVE-2023-22393	date:	2023-01-13T00:00:00
db:	JVNDB	id:	JVNDB-2023-001756	date:	2023-04-28T00:00:00
db:	CNNVD	id:	CNNVD-202301-1020	date:	2023-01-13T00:00:00
db:	NVD	id:	CVE-2023-22393	date:	2023-01-13T00:15:09.917