Lucene search

[email protected]CVE-2022-22233

HistoryOct 18, 2022 - 3:15 a.m.

CVE-2022-22233

2022-10-1803:15:10

CWE-252

CWE-690

[email protected]

web.nvd.nist.gov

cve

2022

22233

null pointer dereference

vulnerability

routing protocol daemon

juniper networks

junos os

dos

security

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.6%

JSON

An Unchecked Return Value to NULL Pointer Dereference vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). In Segment Routing (SR) to Label Distribution Protocol (LDP) interworking scenario, configured with Segment Routing Mapping Server (SRMS) at any node, when an Area Border Router (ABR) leaks the SRMS entries having “S” flag set from IS-IS Level 2 to Level 1, an rpd core might be observed when a specific low privileged CLI command is issued. This issue affects: Juniper Networks Junos OS 21.4 versions prior to 21.4R1-S2, 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R2. Juniper Networks Junos OS Evolved 21.4-EVO versions prior to 21.4R1-S2-EVO, 21.4R2-S1-EVO, 21.4R3-EVO; 22.1-EVO versions prior to 22.1R2-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 21.4R1. Juniper Networks Junos OS Evolved versions prior to 21.4R1-EVO.

Affected configurations

NVD

Node

juniperjunosMatch21.4-

juniperjunosMatch21.4r1

juniperjunosMatch21.4r1-s1

juniperjunosMatch21.4r2

juniperjunosMatch22.1r1

juniperjunosMatch22.1r1-s1

juniperjunos_os_evolvedMatch21.4-

juniperjunos_os_evolvedMatch21.4r1

juniperjunos_os_evolvedMatch21.4r1-s1

juniperjunos_os_evolvedMatch21.4r2

juniperjunos_os_evolvedMatch22.1r1

CPENameOperatorVersion
juniper:junosjuniper junoseq21.4
juniper:junosjuniper junoseq22.1
juniper:junos_os_evolvedjuniper junos os evolvedeq21.4
juniper:junos_os_evolvedjuniper junos os evolvedeq22.1

CPE	Name	Operator	Version
juniper:junos	juniper junos	eq	21.4
juniper:junos	juniper junos	eq	22.1
juniper:junos_os_evolved	juniper junos os evolved	eq	21.4
juniper:junos_os_evolved	juniper junos os evolved	eq	22.1

CNA Affected

[
  {
    "vendor": "Juniper Networks",
    "product": "Junos OS",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "21.4R1",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "21.4",
        "status": "affected",
        "lessThan": "21.4R1-S2, 21.4R2-S1, 21.4R3",
        "versionType": "custom"
      },
      {
        "version": "22.1",
        "status": "affected",
        "lessThan": "22.1R2",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Juniper Networks",
    "product": "Junos OS Evolved",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "21.4R1-EVO",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "21.4-EVO",
        "status": "affected",
        "lessThan": "21.4R1-S2-EVO, 21.4R2-S1-EVO, 21.4R3-EVO",
        "versionType": "custom"
      },
      {
        "version": "22.1-EVO",
        "status": "affected",
        "lessThan": "22.1R2-EVO",
        "versionType": "custom"
      }
    ]
  }
]

References

kb.juniper.net/JSA69887

Social References

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.6%

JSON

Related for CVE-2022-22233

nvd1 cvelist1 nessus1 prion1