Details of VAR-202301-1021

ID

VAR-202301-1021

CVE

CVE-2023-22401

TITLE

Juniper Networks Junos OS and Junos OS Evolved Vulnerability in array index validation in

Trust: 0.8

sources: JVNDB: JVNDB-2023-001550

DESCRIPTION

An Improper Validation of Array Index vulnerability in the Advanced Forwarding Toolkit Manager daemon (aftmand) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On the PTX10008 and PTX10016 platforms running Junos OS or Junos OS Evolved, when a specific SNMP MIB is queried this will cause a PFE crash and the FPC will go offline and not automatically recover. A system restart is required to get the affected FPC in an operational state again. This issue affects: Juniper Networks Junos OS 22.1 version 22.1R2 and later versions; 22.1 versions prior to 22.1R3; 22.2 versions prior to 22.2R2. Juniper Networks Junos OS Evolved 21.3-EVO version 21.3R3-EVO and later versions; 21.4-EVO version 21.4R1-S2-EVO, 21.4R2-EVO and later versions prior to 21.4R2-S1-EVO; 22.1-EVO version 22.1R2-EVO and later versions prior to 22.1R3-EVO; 22.2-EVO versions prior to 22.2R1-S1-EVO, 22.2R2-EVO

Trust: 1.8

sources: NVD: CVE-2023-22401 // JVNDB: JVNDB-2023-001550 // VULHUB: VHN-449817 // VULMON: CVE-2023-22401

AFFECTED PRODUCTS

vendor:	juniper	model:	junos	scope:	eq	version:	22.1	Trust: 1.0
vendor:	juniper	model:	junos os evolved	scope:	eq	version:	22.2	Trust: 1.0
vendor:	juniper	model:	junos os evolved	scope:	eq	version:	21.3	Trust: 1.0
vendor:	juniper	model:	junos os evolved	scope:	eq	version:	22.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	22.2	Trust: 1.0
vendor:	juniper	model:	junos os evolved	scope:	eq	version:	21.4	Trust: 1.0
vendor:	ジュニパーネットワークス	model:	junos os evolved	scope:	-	version:	-	Trust: 0.8
vendor:	ジュニパーネットワークス	model:	junos os	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2023-001550 // NVD: CVE-2023-22401

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-22401
value:	HIGH
Trust: 1.0
sirt@juniper.net:	CVE-2023-22401
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2023-001550
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202301-1029
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2023-22401
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2023-001550
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-001550 // CNNVD: CNNVD-202301-1029 // NVD: CVE-2023-22401 // NVD: CVE-2023-22401

PROBLEMTYPE DATA

problemtype:	CWE-129	Trust: 1.1
problemtype:	Improper validation of array indexes (CWE-129) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-449817 // JVNDB: JVNDB-2023-001550 // NVD: CVE-2023-22401

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202301-1029

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202301-1029

PATCH

title:	JSA70197	url:	https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-PTX10008-PTX10016-When-a-specific-SNMP-MIB-is-queried-the-FPC-will-crash-CVE-2023-22401?language=en_US	Trust: 0.8
title:	Juniper Networks Junos OS Enter the fix for the verification error vulnerability	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=222321	Trust: 0.6
title:	-	url:	https://github.com/Live-Hack-CVE/CVE-2023-22401	Trust: 0.1

sources: VULMON: CVE-2023-22401 // JVNDB: JVNDB-2023-001550 // CNNVD: CNNVD-202301-1029

EXTERNAL IDS

db:	NVD	id:	CVE-2023-22401	Trust: 3.4
db:	JUNIPER	id:	JSA70197	Trust: 1.8
db:	JVNDB	id:	JVNDB-2023-001550	Trust: 0.8
db:	CNNVD	id:	CNNVD-202301-1029	Trust: 0.6
db:	VULHUB	id:	VHN-449817	Trust: 0.1
db:	VULMON	id:	CVE-2023-22401	Trust: 0.1

sources: VULHUB: VHN-449817 // VULMON: CVE-2023-22401 // JVNDB: JVNDB-2023-001550 // CNNVD: CNNVD-202301-1029 // NVD: CVE-2023-22401

REFERENCES

url:	https://kb.juniper.net/jsa70197	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-22401	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2023-22401/	Trust: 0.6
url:	https://github.com/live-hack-cve/cve-2023-22401	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-449817 // VULMON: CVE-2023-22401 // JVNDB: JVNDB-2023-001550 // CNNVD: CNNVD-202301-1029 // NVD: CVE-2023-22401

SOURCES

db:	VULHUB	id:	VHN-449817
db:	VULMON	id:	CVE-2023-22401
db:	JVNDB	id:	JVNDB-2023-001550
db:	CNNVD	id:	CNNVD-202301-1029
db:	NVD	id:	CVE-2023-22401

LAST UPDATE DATE

2024-08-14T15:32:20.588000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-449817	date:	2023-01-24T00:00:00
db:	VULMON	id:	CVE-2023-22401	date:	2023-01-13T00:00:00
db:	JVNDB	id:	JVNDB-2023-001550	date:	2023-04-19T08:40:00
db:	CNNVD	id:	CNNVD-202301-1029	date:	2023-01-28T00:00:00
db:	NVD	id:	CVE-2023-22401	date:	2023-01-24T17:29:21.353

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-449817	date:	2023-01-13T00:00:00
db:	VULMON	id:	CVE-2023-22401	date:	2023-01-13T00:00:00
db:	JVNDB	id:	JVNDB-2023-001550	date:	2023-04-19T00:00:00
db:	CNNVD	id:	CNNVD-202301-1029	date:	2023-01-13T00:00:00
db:	NVD	id:	CVE-2023-22401	date:	2023-01-13T00:15:10.613