Lucene search

JuniperCVE-2022-22233

HistoryOct 18, 2022 - 3:15 a.m.

CVE-2022-22233

2022-10-1803:15:10

CWE-252

CWE-690

juniper

web.nvd.nist.gov

cve

2022

22233

null pointer dereference

vulnerability

routing protocol daemon

juniper networks

junos os

dos

security

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

5.3

Confidence

High

EPSS

Percentile

12.6%

JSON

An Unchecked Return Value to NULL Pointer Dereference vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). In Segment Routing (SR) to Label Distribution Protocol (LDP) interworking scenario, configured with Segment Routing Mapping Server (SRMS) at any node, when an Area Border Router (ABR) leaks the SRMS entries having “S” flag set from IS-IS Level 2 to Level 1, an rpd core might be observed when a specific low privileged CLI command is issued. This issue affects: Juniper Networks Junos OS 21.4 versions prior to 21.4R1-S2, 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R2. Juniper Networks Junos OS Evolved 21.4-EVO versions prior to 21.4R1-S2-EVO, 21.4R2-S1-EVO, 21.4R3-EVO; 22.1-EVO versions prior to 22.1R2-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 21.4R1. Juniper Networks Junos OS Evolved versions prior to 21.4R1-EVO.

Affected configurations

Nvd

Node

juniperjunosMatch21.4-

juniperjunosMatch21.4r1

juniperjunosMatch21.4r1-s1

juniperjunosMatch21.4r2

juniperjunosMatch22.1r1

juniperjunosMatch22.1r1-s1

juniperjunos_os_evolvedMatch21.4-

juniperjunos_os_evolvedMatch21.4r1

juniperjunos_os_evolvedMatch21.4r1-s1

juniperjunos_os_evolvedMatch21.4r2

juniperjunos_os_evolvedMatch22.1r1

VendorProductVersionCPE
juniperjunos21.4cpe:2.3:o:juniper:junos:21.4:-:*:*:*:*:*:*
juniperjunos21.4cpe:2.3:o:juniper:junos:21.4:r1:*:*:*:*:*:*
juniperjunos21.4cpe:2.3:o:juniper:junos:21.4:r1-s1:*:*:*:*:*:*
juniperjunos21.4cpe:2.3:o:juniper:junos:21.4:r2:*:*:*:*:*:*
juniperjunos22.1cpe:2.3:o:juniper:junos:22.1:r1:*:*:*:*:*:*
juniperjunos22.1cpe:2.3:o:juniper:junos:22.1:r1-s1:*:*:*:*:*:*
juniperjunos_os_evolved21.4cpe:2.3:o:juniper:junos_os_evolved:21.4:-:*:*:*:*:*:*
juniperjunos_os_evolved21.4cpe:2.3:o:juniper:junos_os_evolved:21.4:r1:*:*:*:*:*:*
juniperjunos_os_evolved21.4cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s1:*:*:*:*:*:*
juniperjunos_os_evolved21.4cpe:2.3:o:juniper:junos_os_evolved:21.4:r2:*:*:*:*:*:*

Vendor	Product	Version	CPE
juniper	junos	21.4	cpe:2.3:o:juniper:junos:21.4:-::::::
juniper	junos	21.4	cpe:2.3:o:juniper:junos:21.4:r1::::::
juniper	junos	21.4	cpe:2.3:o:juniper:junos:21.4:r1-s1::::::
juniper	junos	21.4	cpe:2.3:o:juniper:junos:21.4:r2::::::
juniper	junos	22.1	cpe:2.3:o:juniper:junos:22.1:r1::::::
juniper	junos	22.1	cpe:2.3:o:juniper:junos:22.1:r1-s1::::::
juniper	junos_os_evolved	21.4	cpe:2.3:o:juniper:junos_os_evolved:21.4:-::::::
juniper	junos_os_evolved	21.4	cpe:2.3:o:juniper:junos_os_evolved:21.4:r1::::::
juniper	junos_os_evolved	21.4	cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s1::::::
juniper	junos_os_evolved	21.4	cpe:2.3:o:juniper:junos_os_evolved:21.4:r2::::::

Rows per page:

1-10 of 111

CNA Affected

[
  {
    "vendor": "Juniper Networks",
    "product": "Junos OS",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "21.4R1",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "21.4",
        "status": "affected",
        "lessThan": "21.4R1-S2, 21.4R2-S1, 21.4R3",
        "versionType": "custom"
      },
      {
        "version": "22.1",
        "status": "affected",
        "lessThan": "22.1R2",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Juniper Networks",
    "product": "Junos OS Evolved",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "21.4R1-EVO",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "21.4-EVO",
        "status": "affected",
        "lessThan": "21.4R1-S2-EVO, 21.4R2-S1-EVO, 21.4R3-EVO",
        "versionType": "custom"
      },
      {
        "version": "22.1-EVO",
        "status": "affected",
        "lessThan": "22.1R2-EVO",
        "versionType": "custom"
      }
    ]
  }
]

References

kb.juniper.net/JSA69887

Social References

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

5.3

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVE-2022-22233