CVE-2023-22402 - Vulnerability Details

Vendors	Products
Juniper	Junos Os Evolved

Link	Providers
https://kb.juniper.net/JSA70198

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-22402", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "dateUpdated": "2024-08-02T10:07:06.572Z", "dateReserved": "2022-12-27T00:00:00", "datePublished": "2023-01-12T00:00:00"}, "containers": {"cna": {"title": "Junos OS Evolved: The kernel might restart in a BGP scenario where \"bgp auto-discovery\" is enabled and such a neighbor flaps", "datePublic": "2023-01-11T00:00:00", "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2023-01-12T00:00:00"}, "descriptions": [{"lang": "en", "value": "A Use After Free vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). In a Non Stop Routing (NSR) scenario, an unexpected kernel restart might be observed if \"bgp auto-discovery\" is enabled and if there is a BGP neighbor flap of auto-discovery sessions for any reason. This is a race condition which is outside of an attackers direct control and it depends on system internal timing whether this issue occurs. This issue affects Juniper Networks Junos OS Evolved: 21.3 versions prior to 21.3R3-EVO; 21.4 versions prior to 21.4R2-EVO; 22.1 versions prior to 22.1R2-EVO; 22.2 versions prior to 22.2R1-S1-EVO, 22.2R2-EVO."}], "affected": [{"vendor": "Juniper Networks", "product": "Junos OS Evolved", "versions": [{"version": "21.3", "status": "affected", "lessThan": "21.3R3-EVO", "versionType": "custom"}, {"version": "21.4", "status": "affected", "lessThan": "21.4R2-EVO", "versionType": "custom"}, {"version": "22.1", "status": "affected", "lessThan": "22.1R2-EVO", "versionType": "custom"}, {"version": "22.2", "status": "affected", "lessThan": "22.2R1-S1-EVO, 22.2R2-EVO", "versionType": "custom"}]}], "references": [{"url": "https://kb.juniper.net/JSA70198"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-416 Use After Free", "cweId": "CWE-416"}]}, {"descriptions": [{"type": "text", "lang": "en", "description": "Denial of Service (DoS)"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"advisory": "JSA70198", "defect": ["1636063"], "discovery": "USER"}, "configurations": [{"lang": "en", "value": "To be exposed to this is issue non-stop routing (NSR) and BGP auto-discovery need to be configured:\n\n [routing-options nonstop-routing]\n [protocols bgp group <name> dynamic-neighbor <template> peer-auto-discovery]"}], "workarounds": [{"lang": "en", "value": "There are no known workarounds for this issue."}], "exploits": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "solutions": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue: 21.3R3-EVO, 21.4R2-EVO, 22.1R2-EVO, 22.2R1-S1-EVO, 22.2R2-EVO, 22.3R1-EVO, and all subsequent releases."}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:07:06.572Z"}, "title": "CVE Program Container", "references": [{"url": "https://kb.juniper.net/JSA70198", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:-:*:*:*:*:*:*", "matchCriteriaId": "4EC38173-44AB-43D5-8C27-CB43AD5E0B2E", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r1:*:*:*:*:*:*", "matchCriteriaId": "5A4DD04A-DE52-46BE-8C34-8DB47F7500F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "FEE0E145-8E1C-446E-90ED-237E3B9CAF47", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r2:*:*:*:*:*:*", "matchCriteriaId": "0F26369D-21B2-4C6A-98C1-492692A61283", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r2-s1:*:*:*:*:*:*", "matchCriteriaId": "24003819-1A6B-4BDF-B3DF-34751C137788", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r2-s2:*:*:*:*:*:*", "matchCriteriaId": "BF8D332E-9133-45B9-BB07-B33C790F737A", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:-:*:*:*:*:*:*", "matchCriteriaId": "2E907193-075E-45BC-9257-9607DB790D71", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1:*:*:*:*:*:*", "matchCriteriaId": "8B73A41D-3FF5-4E53-83FF-74DF58E0D6C3", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "CEDF46A8-FC3A-4779-B695-2CA11D045AEB", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s2:*:*:*:*:*:*", "matchCriteriaId": "39809219-9F87-4583-9DAD-9415DD320B36", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r1:*:*:*:*:*:*", "matchCriteriaId": "750FE748-82E7-4419-A061-2DEA26E35309", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "236E23E5-8B04-4081-9D97-7300DF284000", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r1-s2:*:*:*:*:*:*", "matchCriteriaId": "5FC96EA7-90A7-4838-B95D-60DBC88C7BC7", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r1:*:*:*:*:*:*", "matchCriteriaId": "D77A072D-350A-42F2-8324-7D3AC1711BF9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A Use After Free vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). In a Non Stop Routing (NSR) scenario, an unexpected kernel restart might be observed if \"bgp auto-discovery\" is enabled and if there is a BGP neighbor flap of auto-discovery sessions for any reason. This is a race condition which is outside of an attackers direct control and it depends on system internal timing whether this issue occurs. This issue affects Juniper Networks Junos OS Evolved: 21.3 versions prior to 21.3R3-EVO; 21.4 versions prior to 21.4R2-EVO; 22.1 versions prior to 22.1R2-EVO; 22.2 versions prior to 22.2R1-S1-EVO, 22.2R2-EVO."}, {"lang": "es", "value": "Una vulnerabilidad Use-After-Free en el n\u00facleo de Juniper Networks Junos OS Evolved permite que un atacante no autenticado basado en la red provoque una denegaci\u00f3n de servicio (DoS). En un escenario de Non Stop Routing (NSR), se podr\u00eda observar un reinicio inesperado del kernel si el \"BGP auto-discovery\" est\u00e1 habilitado y si hay una interrupci\u00f3n de las sesiones de descubrimiento autom\u00e1tico del vecino BGP por cualquier motivo. Esta es una condici\u00f3n de ejecuci\u00f3n que est\u00e1 fuera del control directo del atacante y depende de la sincronizaci\u00f3n interna del sistema si se produce este problema. Este problema afecta a Juniper Networks Junos OS Evolved: versiones 21.3 anteriores a 21.3R3-EVO; Versiones 21.4 anteriores a 21.4R2-EVO; Versiones 22.1 anteriores a 22.1R2-EVO; Versiones 22.2 anteriores a 22.2R1-S1-EVO, 22.2R2-EVO."}], "id": "CVE-2023-22402", "lastModified": "2024-11-21T07:44:44.663", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "sirt@juniper.net", "type": "Secondary"}]}, "published": "2023-01-13T00:15:10.690", "references": [{"source": "sirt@juniper.net", "tags": ["Vendor Advisory"], "url": "https://kb.juniper.net/JSA70198"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://kb.juniper.net/JSA70198"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "sirt@juniper.net", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object