Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistJuniperCVELIST:CVE-2022-22233
HistoryOct 18, 2022 - 2:46 a.m.

CVE-2022-22233 Junos OS and Junos OS Evolved: In an SR to LDP interworking scenario, with SRMS, when a specific low privileged command is issued on an ABR rpd will crash

2022-10-1802:46:35
CWE-690
juniper
www.cve.org
4
juniper networks
dos vulnerability
rpd
srms
abr
cve-2022-22233
junos os evolved

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0

Percentile

12.6%

JSON

An Unchecked Return Value to NULL Pointer Dereference vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). In Segment Routing (SR) to Label Distribution Protocol (LDP) interworking scenario, configured with Segment Routing Mapping Server (SRMS) at any node, when an Area Border Router (ABR) leaks the SRMS entries having “S” flag set from IS-IS Level 2 to Level 1, an rpd core might be observed when a specific low privileged CLI command is issued. This issue affects: Juniper Networks Junos OS 21.4 versions prior to 21.4R1-S2, 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R2. Juniper Networks Junos OS Evolved 21.4-EVO versions prior to 21.4R1-S2-EVO, 21.4R2-S1-EVO, 21.4R3-EVO; 22.1-EVO versions prior to 22.1R2-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 21.4R1. Juniper Networks Junos OS Evolved versions prior to 21.4R1-EVO.

CNA Affected

[
  {
    "vendor": "Juniper Networks",
    "product": "Junos OS",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "21.4R1",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "21.4",
        "status": "affected",
        "lessThan": "21.4R1-S2, 21.4R2-S1, 21.4R3",
        "versionType": "custom"
      },
      {
        "version": "22.1",
        "status": "affected",
        "lessThan": "22.1R2",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Juniper Networks",
    "product": "Junos OS Evolved",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "21.4R1-EVO",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "21.4-EVO",
        "status": "affected",
        "lessThan": "21.4R1-S2-EVO, 21.4R2-S1-EVO, 21.4R3-EVO",
        "versionType": "custom"
      },
      {
        "version": "22.1-EVO",
        "status": "affected",
        "lessThan": "22.1R2-EVO",
        "versionType": "custom"
      }
    ]
  }
]

Related

nvd 1
prion 1
nessus 1
cve 1
nvd
nvd
CVE-2022-22233
2022-10-18 03:15:10
prion
prion
Null pointer dereference
2022-10-18 03:15:00
nessus
nessus
Juniper Junos OS Vulnerability (JSA69887)
2022-10-12 00:00:00
cve
cve
CVE-2022-22233
2022-10-18 03:15:10

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0

Percentile

12.6%

JSON
Related for CVELIST:CVE-2022-22233
nvd1prion1nessus1cve1