Vulnerability Name: | CVE-2022-22237 (CCN-238487) |
Assigned: | 2021-12-21 |
Published: | 2022-10-12 |
Updated: | 2022-10-20 |
Summary: | An Improper Authentication vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause an impact on confidentiality or integrity. A vulnerability in the processing of TCP-AO will allow a BGP or LDP peer not configured with authentication to establish a session even if the peer is locally configured to use authentication. This could lead to untrusted or unauthorized sessions being established. This issue affects Juniper Networks Junos OS: 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R2-S2, 21.3R3; 21.4 versions prior to 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R1-S1, 22.1R2. This issue does not affect Juniper Networks Junos OS Evolved.
|
CVSS v3 Severity: | 6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) 5.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C)Exploitability Metrics: | Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None | Scope: | Scope (S): Unchanged
| Impact Metrics: | Confidentiality (C): Low Integrity (I): Low Availibility (A): None | 6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) 5.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C)Exploitability Metrics: | Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None | Scope: | Scope (S): Unchanged
| Impact Metrics: | Confidentiality (C): Low Integrity (I): Low Availibility (A): None |
|
CVSS v2 Severity: | 6.4 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
| Impact Metrics: | Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None |
|
Vulnerability Type: | CWE-287
|
Vulnerability Consequences: | Bypass Security |
References: | Source: MITRE Type: CNA CVE-2022-22237
Source: XF Type: UNKNOWN juniper-cve202222237-sec-bypass(238487)
Source: CONFIRM Type: Vendor Advisory https://kb.juniper.net/JSA69893
Source: CCN Type: Juniper Networks Security Bulletin JSA69893 Junos OS: Peers not configured for TCP-AO can establish a BGP or LDP session even if authentication is configured locally (CVE-2022-22237)
|
Vulnerable Configuration: | Configuration 1: cpe:/o:juniper:junos:21.2:r1:*:*:*:*:*:*OR cpe:/o:juniper:junos:21.2:r1-s1:*:*:*:*:*:*OR cpe:/o:juniper:junos:21.3:r1:*:*:*:*:*:*OR cpe:/o:juniper:junos:21.3:r2:*:*:*:*:*:*OR cpe:/o:juniper:junos:21.2:r2:*:*:*:*:*:*OR cpe:/o:juniper:junos:21.2:-:*:*:*:*:*:*OR cpe:/o:juniper:junos:21.2:r1-s2:*:*:*:*:*:*OR cpe:/o:juniper:junos:21.2:r2-s1:*:*:*:*:*:*OR cpe:/o:juniper:junos:21.2:r2-s2:*:*:*:*:*:*OR cpe:/o:juniper:junos:22.1:r1:*:*:*:*:*:*OR cpe:/o:juniper:junos:21.2:r3:*:*:*:*:*:*OR cpe:/o:juniper:junos:21.3:-:*:*:*:*:*:*OR cpe:/o:juniper:junos:21.3:r1-s1:*:*:*:*:*:*OR cpe:/o:juniper:junos:21.3:r1-s2:*:*:*:*:*:*OR cpe:/o:juniper:junos:21.3:r2-s1:*:*:*:*:*:*OR cpe:/o:juniper:junos:21.4:-:*:*:*:*:*:*OR cpe:/o:juniper:junos:21.4:r1:*:*:*:*:*:*OR cpe:/o:juniper:junos:21.4:r1-s1:*:*:*:*:*:*OR cpe:/o:juniper:junos:21.4:r1-s2:*:*:*:*:*:*OR cpe:/o:juniper:junos:21.4:r2:*:*:*:*:*:* Configuration CCN 1: cpe:/o:juniper:junos:21.2:-:*:*:*:*:*:*OR cpe:/o:juniper:junos:21.3:-:*:*:*:*:*:*OR cpe:/o:juniper:junos:22.1:r1:*:*:*:*:*:*OR cpe:/o:juniper:junos:21.4:-:*:*:*:*:*:*
Denotes that component is vulnerable |
BACK |