Lucene search

[email protected]CVE-2022-22193

HistoryApr 14, 2022 - 4:15 p.m.

CVE-2022-22193

2022-04-1416:15:08

CWE-241

[email protected]

web.nvd.nist.gov

cve-2022-22193

juniper networks

junos os

junos os evolved

vulnerability

rpd

dos

bgp

routing protocols

nvd

4.7 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

An Improper Handling of Unexpected Data Type vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). Continued execution of this command might cause a sustained Denial of Service condition. If BGP rib sharding is configured and a certain CLI command is executed the rpd process can crash. During the rpd crash and restart, the routing protocols might be impacted and traffic disruption might be seen due to the loss of routing information. This issue affects: Juniper Networks Junos OS 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2. Juniper Networks Junos OS Evolved 20.4 versions prior to 20.4R3-EVO; 21.1 versions prior to 21.1R3-EVO; 21.2 versions prior to 21.2R2-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 20.3R1. Juniper Networks Junos OS Evolved versions prior to 20.3R1-EVO.

Affected configurations

NVD

Node

juniperjunosMatch20.3r1

juniperjunosMatch20.3r1-s1

juniperjunosMatch20.3r2

juniperjunosMatch20.3r2-s1

juniperjunosMatch20.3r3

juniperjunosMatch20.4r1

juniperjunosMatch20.4r1-s1

juniperjunosMatch20.4r2

juniperjunosMatch20.4r2-s1

juniperjunosMatch21.1r1

juniperjunosMatch21.1r1-s1

juniperjunosMatch21.1r2

juniperjunosMatch21.1r2-s1

juniperjunosMatch21.1r2-s2

juniperjunosMatch21.2r1

juniperjunosMatch21.2r1-s1

juniperjunosMatch21.2r1-s2

juniperjunos_os_evolvedMatch20.4r1

juniperjunos_os_evolvedMatch20.4r1-s1

juniperjunos_os_evolvedMatch20.4r1-s2

juniperjunos_os_evolvedMatch20.4r2

juniperjunos_os_evolvedMatch20.4r2-s1

juniperjunos_os_evolvedMatch20.4r2-s2

juniperjunos_os_evolvedMatch20.4r2-s3

juniperjunos_os_evolvedMatch21.1r1

juniperjunos_os_evolvedMatch21.1r1-s1

juniperjunos_os_evolvedMatch21.1r2

juniperjunos_os_evolvedMatch21.2r1

juniperjunos_os_evolvedMatch21.2r1-s1

juniperjunos_os_evolvedMatch21.2r1-s2

CPENameOperatorVersion
juniper:junosjuniper junoseq20.3
juniper:junosjuniper junoseq20.4
juniper:junosjuniper junoseq21.1
juniper:junosjuniper junoseq21.2
juniper:junos_os_evolvedjuniper junos os evolvedeq20.4
juniper:junos_os_evolvedjuniper junos os evolvedeq21.1
juniper:junos_os_evolvedjuniper junos os evolvedeq21.2

CPE	Name	Operator	Version
juniper:junos	juniper junos	eq	20.3
juniper:junos	juniper junos	eq	20.4
juniper:junos	juniper junos	eq	21.1
juniper:junos	juniper junos	eq	21.2
juniper:junos_os_evolved	juniper junos os evolved	eq	20.4
juniper:junos_os_evolved	juniper junos os evolved	eq	21.1
juniper:junos_os_evolved	juniper junos os evolved	eq	21.2

CNA Affected

[
  {
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "20.3R1",
        "status": "unaffected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "20.3R3-S1",
        "status": "affected",
        "version": "20.3",
        "versionType": "custom"
      },
      {
        "lessThan": "20.4R3",
        "status": "affected",
        "version": "20.4",
        "versionType": "custom"
      },
      {
        "lessThan": "21.1R3",
        "status": "affected",
        "version": "21.1",
        "versionType": "custom"
      },
      {
        "lessThan": "21.2R2",
        "status": "affected",
        "version": "21.2",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Junos OS Evolved",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "20.3R1-EVO",
        "status": "unaffected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "20.4R3-EVO",
        "status": "affected",
        "version": "20.4",
        "versionType": "custom"
      },
      {
        "lessThan": "21.1R3-EVO",
        "status": "affected",
        "version": "21.1",
        "versionType": "custom"
      },
      {
        "lessThan": "21.2R2-EVO",
        "status": "affected",
        "version": "21.2",
        "versionType": "custom"
      },
      {
        "lessThan": "20.3*",
        "status": "affected",
        "version": "20.3R1-EVO",
        "versionType": "custom"
      }
    ]
  }
]

References

kb.juniper.net/JSA69503

4.7 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Related for CVE-2022-22193

cvelist1 nvd1 nessus1 prion1