FKIE_CVE-2023-22402

Vulnerability from fkie_nvd - Published: 2023-01-13 00:15 - Updated: 2024-11-21 07:44
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A Use After Free vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). In a Non Stop Routing (NSR) scenario, an unexpected kernel restart might be observed if "bgp auto-discovery" is enabled and if there is a BGP neighbor flap of auto-discovery sessions for any reason. This is a race condition which is outside of an attackers direct control and it depends on system internal timing whether this issue occurs. This issue affects Juniper Networks Junos OS Evolved: 21.3 versions prior to 21.3R3-EVO; 21.4 versions prior to 21.4R2-EVO; 22.1 versions prior to 22.1R2-EVO; 22.2 versions prior to 22.2R1-S1-EVO, 22.2R2-EVO.
References
sirt@juniper.nethttps://kb.juniper.net/JSA70198Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://kb.juniper.net/JSA70198Vendor Advisory
Impacted products
Vendor Product Version
juniper junos_os_evolved 21.3
juniper junos_os_evolved 21.3
juniper junos_os_evolved 21.3
juniper junos_os_evolved 21.3
juniper junos_os_evolved 21.3
juniper junos_os_evolved 21.3
juniper junos_os_evolved 21.4
juniper junos_os_evolved 21.4
juniper junos_os_evolved 21.4
juniper junos_os_evolved 21.4
juniper junos_os_evolved 22.1
juniper junos_os_evolved 22.1
juniper junos_os_evolved 22.1
juniper junos_os_evolved 22.2
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "4EC38173-44AB-43D5-8C27-CB43AD5E0B2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r1:*:*:*:*:*:*",
              "matchCriteriaId": "5A4DD04A-DE52-46BE-8C34-8DB47F7500F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r1-s1:*:*:*:*:*:*",
              "matchCriteriaId": "FEE0E145-8E1C-446E-90ED-237E3B9CAF47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r2:*:*:*:*:*:*",
              "matchCriteriaId": "0F26369D-21B2-4C6A-98C1-492692A61283",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r2-s1:*:*:*:*:*:*",
              "matchCriteriaId": "24003819-1A6B-4BDF-B3DF-34751C137788",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r2-s2:*:*:*:*:*:*",
              "matchCriteriaId": "BF8D332E-9133-45B9-BB07-B33C790F737A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "2E907193-075E-45BC-9257-9607DB790D71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1:*:*:*:*:*:*",
              "matchCriteriaId": "8B73A41D-3FF5-4E53-83FF-74DF58E0D6C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s1:*:*:*:*:*:*",
              "matchCriteriaId": "CEDF46A8-FC3A-4779-B695-2CA11D045AEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s2:*:*:*:*:*:*",
              "matchCriteriaId": "39809219-9F87-4583-9DAD-9415DD320B36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r1:*:*:*:*:*:*",
              "matchCriteriaId": "750FE748-82E7-4419-A061-2DEA26E35309",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r1-s1:*:*:*:*:*:*",
              "matchCriteriaId": "236E23E5-8B04-4081-9D97-7300DF284000",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r1-s2:*:*:*:*:*:*",
              "matchCriteriaId": "5FC96EA7-90A7-4838-B95D-60DBC88C7BC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r1:*:*:*:*:*:*",
              "matchCriteriaId": "D77A072D-350A-42F2-8324-7D3AC1711BF9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A Use After Free vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). In a Non Stop Routing (NSR) scenario, an unexpected kernel restart might be observed if \"bgp auto-discovery\" is enabled and if there is a BGP neighbor flap of auto-discovery sessions for any reason. This is a race condition which is outside of an attackers direct control and it depends on system internal timing whether this issue occurs. This issue affects Juniper Networks Junos OS Evolved: 21.3 versions prior to 21.3R3-EVO; 21.4 versions prior to 21.4R2-EVO; 22.1 versions prior to 22.1R2-EVO; 22.2 versions prior to 22.2R1-S1-EVO, 22.2R2-EVO."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad Use-After-Free en el n\u00facleo de Juniper Networks Junos OS Evolved permite que un atacante no autenticado basado en la red provoque una denegaci\u00f3n de servicio (DoS). En un escenario de Non Stop Routing (NSR), se podr\u00eda observar un reinicio inesperado del kernel si el \"BGP auto-discovery\" est\u00e1 habilitado y si hay una interrupci\u00f3n de las sesiones de descubrimiento autom\u00e1tico del vecino BGP por cualquier motivo. Esta es una condici\u00f3n de ejecuci\u00f3n que est\u00e1 fuera del control directo del atacante y depende de la sincronizaci\u00f3n interna del sistema si se produce este problema. Este problema afecta a Juniper Networks Junos OS Evolved: versiones 21.3 anteriores a 21.3R3-EVO; Versiones 21.4 anteriores a 21.4R2-EVO; Versiones 22.1 anteriores a 22.1R2-EVO; Versiones 22.2 anteriores a 22.2R1-S1-EVO, 22.2R2-EVO."
    }
  ],
  "id": "CVE-2023-22402",
  "lastModified": "2024-11-21T07:44:44.663",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "sirt@juniper.net",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-01-13T00:15:10.690",
  "references": [
    {
      "source": "sirt@juniper.net",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.juniper.net/JSA70198"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.juniper.net/JSA70198"
    }
  ],
  "sourceIdentifier": "sirt@juniper.net",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "sirt@juniper.net",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.