mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 01:02:25 +00:00
212 lines
8.1 KiB
JSON
212 lines
8.1 KiB
JSON
{
|
|
"id": "CVE-2022-22237",
|
|
"sourceIdentifier": "sirt@juniper.net",
|
|
"published": "2022-10-18T03:15:10.673",
|
|
"lastModified": "2024-11-21T06:46:27.563",
|
|
"vulnStatus": "Modified",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "An Improper Authentication vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause an impact on confidentiality or integrity. A vulnerability in the processing of TCP-AO will allow a BGP or LDP peer not configured with authentication to establish a session even if the peer is locally configured to use authentication. This could lead to untrusted or unauthorized sessions being established. This issue affects Juniper Networks Junos OS: 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R2-S2, 21.3R3; 21.4 versions prior to 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R1-S1, 22.1R2. This issue does not affect Juniper Networks Junos OS Evolved."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Una vulnerabilidad de autenticaci\u00f3n inapropiada en el kernel del Juniper Networks Junos OS permite a un atacante no autenticado y basado en la red causar un impacto en la Confidencialidad o la Integridad. Una vulnerabilidad en el procesamiento de TCP-AO permitir\u00e1 que un peer BGP o LDP no configurado con autenticaci\u00f3n establezca una sesi\u00f3n aunque el peer est\u00e9 configurado localmente para usar la autenticaci\u00f3n. Esto podr\u00eda conllevar a un establecimiento de sesiones no confiables o no autorizadas. Este problema afecta a Juniper Networks Junos OS: Versiones 21.2 anteriores a 21.2R3-S1; versiones 21.3 anteriores a 21.3R2-S2, 21.3R3; versiones 21.4 anteriores a 21.4R2-S1, 21.4R3; versiones 22.1 anteriores a 22.1R1-S1, 22.1R2. Este problema no afecta a Juniper Networks Junos OS Evolved"
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "sirt@juniper.net",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
|
|
"baseScore": 6.5,
|
|
"baseSeverity": "MEDIUM",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "LOW",
|
|
"integrityImpact": "LOW",
|
|
"availabilityImpact": "NONE"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 2.5
|
|
},
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
|
|
"baseScore": 6.5,
|
|
"baseSeverity": "MEDIUM",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "LOW",
|
|
"integrityImpact": "LOW",
|
|
"availabilityImpact": "NONE"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 2.5
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "sirt@juniper.net",
|
|
"type": "Secondary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-287"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-287"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*",
|
|
"matchCriteriaId": "216E7DDE-453D-481F-92E2-9F8466CDDA3F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:21.2:r1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A52AF794-B36B-43A6-82E9-628658624B0A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:21.2:r1-s1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3998DC76-F72F-4452-9150-652140B113EB"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:21.2:r1-s2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "36ED4552-2420-45F9-B6E4-6DA2B2B12870"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:21.2:r2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C28A14E7-7EA0-4757-9764-E39A27CFDFA5"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:21.2:r2-s1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4A43752D-A4AF-4B4E-B95B-192E42883A5B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:21.2:r2-s2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "42986538-E9D0-4C2E-B1C4-A763A4EE451B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:21.2:r3:*:*:*:*:*:*",
|
|
"matchCriteriaId": "DE22CA01-EA7E-4EE5-B59F-EE100688C1DA"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:21.3:-:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2E7D597D-F6B6-44C3-9EBC-4FA0686ACB5C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:21.3:r1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "CC78A4CB-D617-43FC-BB51-287D2D0C44ED"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:21.3:r1-s1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "30FF67F8-1E3C-47A8-8859-709B3614BA6E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:21.3:r1-s2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0C7C507E-C85E-4BC6-A3B0-549516BAB524"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:21.3:r2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "6514CDE8-35DC-469F-89A3-078684D18F7A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:21.3:r2-s1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4624565D-8F59-44A8-B7A8-01AD579745E7"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:21.4:-:*:*:*:*:*:*",
|
|
"matchCriteriaId": "79ED3CE8-CC57-43AB-9A26-BBC87816062D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:21.4:r1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4310D2D9-A8A6-48F8-9384-0A0692A1E1C3"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9962B01C-C57C-4359-9532-676AB81CE8B0"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "62178549-B679-4902-BFDB-2993803B7FCE"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:21.4:r2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9AD697DF-9738-4276-94ED-7B9380CD09F5"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:22.1:r1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3F96EBE9-2532-4E35-ABA5-CA68830476A4"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://kb.juniper.net/JSA69893",
|
|
"source": "sirt@juniper.net",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://kb.juniper.net/JSA69893",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |