Lucene search

[email protected]CVE-2022-22208

HistoryOct 18, 2022 - 3:15 a.m.

CVE-2022-22208

2022-10-1803:15:09

CWE-416

CWE-362

[email protected]

web.nvd.nist.gov

juniper networks

junos os

junos os evolved

vulnerability

use after free

rdp

denial of service

dos

nvd

cve-2022-22208

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

38.6%

JSON

A Use After Free vulnerability in the Routing Protocol Daemon (rdp) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to cause Denial of Service (DoS). When a BGP session flap happens, a Use After Free of a memory location that was assigned to another object can occur, which will lead to an rpd crash. This is a race condition that is outside of the attacker’s control and cannot be deterministically exploited. Continued flapping of BGP sessions can create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS: All versions prior to 18.4R2-S9, 18.4R3-S11; 19.1 versions prior to 19.1R3-S8; 19.2 version 19.2R1 and later versions; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R2-S6, 19.4R3-S6; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R2-S1, 21.2R3. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S4-EVO; 21.1-EVO versions prior to 21.1R3-S2-EVO; 21.2-EVO versions prior to 21.2R3-EVO; 21.3-EVO versions prior to 21.3R2-EVO.

Affected configurations

NVD

Node

juniperjunosRange<18.4

juniperjunosMatch18.4-

juniperjunosMatch18.4r1

juniperjunosMatch18.4r1-s1

juniperjunosMatch18.4r1-s2

juniperjunosMatch18.4r1-s3

juniperjunosMatch18.4r1-s4

juniperjunosMatch18.4r1-s5

juniperjunosMatch18.4r1-s6

juniperjunosMatch18.4r1-s7

juniperjunosMatch18.4r2

juniperjunosMatch18.4r2-s1

juniperjunosMatch18.4r2-s10

juniperjunosMatch18.4r2-s2

juniperjunosMatch18.4r2-s3

juniperjunosMatch18.4r2-s4

juniperjunosMatch18.4r2-s5

juniperjunosMatch18.4r2-s6

juniperjunosMatch18.4r2-s7

juniperjunosMatch18.4r2-s8

juniperjunosMatch18.4r3-s11

juniperjunosMatch19.1-

juniperjunosMatch19.1r1

juniperjunosMatch19.1r1-s1

juniperjunosMatch19.1r1-s2

juniperjunosMatch19.1r1-s3

juniperjunosMatch19.1r1-s4

juniperjunosMatch19.1r1-s5

juniperjunosMatch19.1r1-s6

juniperjunosMatch19.1r2

juniperjunosMatch19.1r2-s1

juniperjunosMatch19.1r2-s2

juniperjunosMatch19.1r2-s3

juniperjunosMatch19.1r3

juniperjunosMatch19.1r3-s1

juniperjunosMatch19.1r3-s2

juniperjunosMatch19.1r3-s3

juniperjunosMatch19.1r3-s4

juniperjunosMatch19.1r3-s5

juniperjunosMatch19.1r3-s6

juniperjunosMatch19.1r3-s7

juniperjunosMatch19.2-

juniperjunosMatch19.2r1

juniperjunosMatch19.3-

juniperjunosMatch19.3r1

juniperjunosMatch19.3r1-s1

juniperjunosMatch19.3r2

juniperjunosMatch19.3r2-s1

juniperjunosMatch19.3r2-s2

juniperjunosMatch19.3r2-s3

juniperjunosMatch19.3r2-s4

juniperjunosMatch19.3r2-s5

juniperjunosMatch19.3r2-s6

juniperjunosMatch19.3r3

juniperjunosMatch19.3r3-s1

juniperjunosMatch19.3r3-s2

juniperjunosMatch19.3r3-s3

juniperjunosMatch19.3r3-s4

juniperjunosMatch19.4-

juniperjunosMatch19.4r1

juniperjunosMatch19.4r1-s1

juniperjunosMatch19.4r1-s2

juniperjunosMatch19.4r1-s3

juniperjunosMatch19.4r1-s4

juniperjunosMatch19.4r2

juniperjunosMatch19.4r2-s1

juniperjunosMatch19.4r2-s2

juniperjunosMatch19.4r2-s3

juniperjunosMatch19.4r2-s4

juniperjunosMatch19.4r2-s5

juniperjunosMatch19.4r3-s6

juniperjunosMatch20.1-

juniperjunosMatch20.1r1

juniperjunosMatch20.2-

juniperjunosMatch20.2r1

juniperjunosMatch20.2r1-s1

juniperjunosMatch20.2r1-s2

juniperjunosMatch20.2r1-s3

juniperjunosMatch20.2r2

juniperjunosMatch20.2r2-s1

juniperjunosMatch20.2r2-s2

juniperjunosMatch20.2r2-s3

juniperjunosMatch20.2r3

juniperjunosMatch20.2r3-s1

juniperjunosMatch20.2r3-s2

juniperjunosMatch20.3-

juniperjunosMatch20.3r1

juniperjunosMatch20.3r1-s1

juniperjunosMatch20.3r1-s2

juniperjunosMatch20.3r2

juniperjunosMatch20.3r2-s1

juniperjunosMatch20.3r3

juniperjunosMatch20.3r3-s1

juniperjunosMatch20.4-

juniperjunosMatch20.4r1

juniperjunosMatch20.4r1-s1

juniperjunosMatch20.4r2

juniperjunosMatch20.4r2-s1

juniperjunosMatch20.4r2-s2

juniperjunosMatch20.4r3

juniperjunosMatch21.1-

juniperjunosMatch21.1r1

juniperjunosMatch21.1r1-s1

juniperjunosMatch21.1r2

juniperjunosMatch21.1r2-s1

juniperjunosMatch21.1r2-s2

juniperjunosMatch21.1r3

juniperjunosMatch21.1r3-s1

juniperjunosMatch21.1r3-s2

juniperjunosMatch21.2-

juniperjunosMatch21.2r1

juniperjunosMatch21.2r1-s1

juniperjunosMatch21.2r1-s2

juniperjunosMatch21.2r2

juniperjunosMatch21.2r3

Node

juniperjunos_os_evolvedMatch21.1-

juniperjunos_os_evolvedMatch21.1r1

juniperjunos_os_evolvedMatch21.1r1-s1

juniperjunos_os_evolvedMatch21.1r2

juniperjunos_os_evolvedMatch21.1r3

juniperjunos_os_evolvedMatch21.1r3-s1

juniperjunos_os_evolvedMatch21.2-

juniperjunos_os_evolvedMatch21.2r1

juniperjunos_os_evolvedMatch21.2r1-s1

juniperjunos_os_evolvedMatch21.2r1-s2

juniperjunos_os_evolvedMatch21.2r2

juniperjunos_os_evolvedMatch21.2r2-s1

juniperjunos_os_evolvedMatch21.2r2-s2

juniperjunos_os_evolvedMatch21.3-

juniperjunos_os_evolvedMatch21.3r1

juniperjunos_os_evolvedMatch21.3r1-s1

CPENameOperatorVersion
juniper:junosjuniper junoslt18.4
juniper:junosjuniper junoseq19.1
juniper:junosjuniper junoseq19.2
juniper:junosjuniper junoseq19.3
juniper:junosjuniper junoseq19.4
juniper:junosjuniper junoseq20.1
juniper:junosjuniper junoseq20.2
juniper:junosjuniper junoseq20.3
juniper:junosjuniper junoseq20.4
juniper:junosjuniper junoseq21.1

CPE	Name	Operator	Version
juniper:junos	juniper junos	lt	18.4
juniper:junos	juniper junos	eq	19.1
juniper:junos	juniper junos	eq	19.2
juniper:junos	juniper junos	eq	19.3
juniper:junos	juniper junos	eq	19.4
juniper:junos	juniper junos	eq	20.1
juniper:junos	juniper junos	eq	20.2
juniper:junos	juniper junos	eq	20.3
juniper:junos	juniper junos	eq	20.4
juniper:junos	juniper junos	eq	21.1

Rows per page:

1-10 of 111

CNA Affected

[
  {
    "vendor": "Juniper Networks",
    "product": "Junos OS",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "18.4R2-S9, 18.4R3-S11",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "19.1",
        "status": "affected",
        "lessThan": "19.1R3-S8",
        "versionType": "custom"
      },
      {
        "version": "19.2R1",
        "status": "affected",
        "lessThan": "19.2*",
        "versionType": "custom"
      },
      {
        "version": "19.3",
        "status": "affected",
        "lessThan": "19.3R3-S5",
        "versionType": "custom"
      },
      {
        "version": "19.4",
        "status": "affected",
        "lessThan": "19.4R2-S6, 19.4R3-S6",
        "versionType": "custom"
      },
      {
        "version": "20.1R1",
        "status": "affected",
        "lessThan": "20.1*",
        "versionType": "custom"
      },
      {
        "version": "20.2",
        "status": "affected",
        "lessThan": "20.2R3-S3",
        "versionType": "custom"
      },
      {
        "version": "20.3",
        "status": "affected",
        "lessThan": "20.3R3-S2",
        "versionType": "custom"
      },
      {
        "version": "20.4",
        "status": "affected",
        "lessThan": "20.4R3-S1",
        "versionType": "custom"
      },
      {
        "version": "21.1",
        "status": "affected",
        "lessThan": "21.1R3-S3",
        "versionType": "custom"
      },
      {
        "version": "21.2",
        "status": "affected",
        "lessThan": "21.2R2-S1, 21.2R3",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Juniper Networks",
    "product": "Junos OS Evolved",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "20.4R3-S4-EVO",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "21.1-EVO",
        "status": "affected",
        "lessThan": "21.1R3-S2-EVO",
        "versionType": "custom"
      },
      {
        "version": "21.2-EVO",
        "status": "affected",
        "lessThan": "21.2R3-EVO",
        "versionType": "custom"
      },
      {
        "version": "21.3-EVO",
        "status": "affected",
        "lessThan": "21.3R2-EVO",
        "versionType": "custom"
      }
    ]
  }
]

References

kb.juniper.net/JSA69879

Social References

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

38.6%

JSON

Related for CVE-2022-22208

nvd1 prion1 cvelist1