CVE-2022-22184

Published: Dic 22, 2022 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2022-27331 Aliases: GSD-2022-22184
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 7,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: high

Description

AI Translation Available

An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to cause a Denial of Service (DoS). If a BGP update message is received over an established BGP session, and that message contains a specific, optional transitive attribute, this session will be torn down with an update message error. This issue cannot propagate beyond an affected system as the processing error occurs as soon as the update is received. This issue is exploitable remotely as the respective attribute will propagate through unaffected systems and intermediate AS (if any). Continuous receipt of a BGP update containing this attribute will create a sustained Denial of Service (DoS) condition. Since this issue only affects 22.3R1, Juniper strongly encourages customers to move to 22.3R1-S1. Juniper SIRT felt that the need to promptly warn customers about this issue affecting the 22.3R1 versions of Junos OS and Junos OS Evolved warranted an Out of Cycle JSA. This issue affects: Juniper Networks Junos OS version 22.3R1. Juniper Networks Junos OS Evolved version 22.3R1-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 22.3R1. Juniper Networks Junos OS Evolved versions prior to 22.3R1-EVO.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0045
Percentile
0,6th
Updated

EPSS Score Trend (Last 90 Days)

20

Improper Input Validation

Stable
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Availability Confidentiality Integrity
Potential Impacts:
Dos: Crash, Exit, Or Restart Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory) Read Memory Read Files Or Directories Modify Memory Execute Unauthorized Code Or Commands
Applicable Platforms
All platforms may be affected
Likelihood of Exploit: High
View CWE Details
Operating System

Junos by Juniper

Product Information
Vendor Juniper
Product Junos
Version 22.3
cpe:2.3:o:juniper:junos:22.3:r1:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Junos Os Evolved by Juniper

Product Information
Vendor Juniper
Product Junos Os Evolved
Version 22.3
cpe:2.3:o:juniper:junos_os_evolved:22.3:r1:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://kb.juniper.net/JSA70175
Vendor Advisory
https://kb.juniper.net/JSA70175
https://kb.juniper.net/JSA70175
Vendor Advisory
https://kb.juniper.net/JSA70175