Sign-up

ID

VAR-202210-1074


CVE

CVE-2022-22228


TITLE

Juniper Networks  Junos OS  Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-019216

DESCRIPTION

An Improper Validation of Specified Type of Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS allows an attacker to cause an RPD memory leak leading to a Denial of Service (DoS). This memory leak only occurs when the attacker's packets are destined to any configured IPv6 address on the device. This issue affects: Juniper Networks Junos OS 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2; 22.1 versions prior to 22.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 21.1R1

Trust: 1.71

sources: NVD: CVE-2022-22228 // JVNDB: JVNDB-2022-019216 // VULHUB: VHN-409757

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:21.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:21.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:22.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:21.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:21.4

Trust: 1.0

vendor:ジュニパーネットワークスmodel:junos osscope:eqversion:21.3

Trust: 0.8

vendor:ジュニパーネットワークスmodel:junos osscope:eqversion:21.1

Trust: 0.8

vendor:ジュニパーネットワークスmodel:junos osscope:eqversion: -

Trust: 0.8

vendor:ジュニパーネットワークスmodel:junos osscope: - version: -

Trust: 0.8

vendor:ジュニパーネットワークスmodel:junos osscope:eqversion:21.2

Trust: 0.8

sources: JVNDB: JVNDB-2022-019216 // NVD: CVE-2022-22228

CVSS

SEVERITY

CVSSV2

CVSSV3

sirt@juniper.net: CVE-2022-22228
value: HIGH

Trust: 1.0

OTHER: JVNDB-2022-019216
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202210-664
value: HIGH

Trust: 0.6

sirt@juniper.net:
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

OTHER: JVNDB-2022-019216
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-019216 // NVD: CVE-2022-22228 // CNNVD: CNNVD-202210-664

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.1

problemtype:Inappropriate input confirmation (CWE-20) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-409757 // JVNDB: JVNDB-2022-019216 // NVD: CVE-2022-22228

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202210-664

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202210-664

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2022-22228

EXTERNAL IDS
db:NVDid:CVE-2022-22228
Trust: 3.3
db:JUNIPERid:JSA69880
Trust: 2.5
db:JVNDBid:JVNDB-2022-019216
Trust: 0.8
db:CNNVDid:CNNVD-202210-664
Trust: 0.6
db:VULHUBid:VHN-409757
Trust: 0.1
sources:
            
            
            VULHUB: VHN-409757 // 
            
            
            
            JVNDB: JVNDB-2022-019216 // 
            
            
            
            NVD: CVE-2022-22228 // 
            
            
            
            CNNVD: CNNVD-202210-664

REFERENCES
url:https://kb.juniper.net/jsa69880
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2022-22228
Trust: 0.8
url:https://cxsecurity.com/cveshow/cve-2022-22228/
Trust: 0.6
url:https://vigilance.fr/vulnerability/junos-os-multiple-vulnerabilities-39531
Trust: 0.6
sources:
            
            
            VULHUB: VHN-409757 // 
            
            
            
            JVNDB: JVNDB-2022-019216 // 
            
            
            
            NVD: CVE-2022-22228 // 
            
            
            
            CNNVD: CNNVD-202210-664

SOURCES
db:VULHUBid:VHN-409757
db:JVNDBid:JVNDB-2022-019216
db:NVDid:CVE-2022-22228
db:CNNVDid:CNNVD-202210-664

LAST UPDATE DATE
2023-12-18T13:59:29.368000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-409757date:2022-10-21T00:00:00
db:JVNDBid:JVNDB-2022-019216date:2023-10-24T08:20:00
db:NVDid:CVE-2022-22228date:2022-10-21T17:48:08.367
db:CNNVDid:CNNVD-202210-664date:2022-10-24T00:00:00

SOURCES RELEASE DATE
db:VULHUBid:VHN-409757date:2022-10-18T00:00:00
db:JVNDBid:JVNDB-2022-019216date:2023-10-24T00:00:00
db:NVDid:CVE-2022-22228date:2022-10-18T03:15:10.063
db:CNNVDid:CNNVD-202210-664date:2022-10-12T00:00:00