CVE-2022-22237

{"id": "CVE-2022-22237", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "sirt@juniper.net", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 3.9}]}, "published": "2022-10-18T03:15:10.673", "references": [{"url": "https://kb.juniper.net/JSA69893", "tags": ["Vendor Advisory"], "source": "sirt@juniper.net"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}, {"type": "Secondary", "source": "sirt@juniper.net", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "An Improper Authentication vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause an impact on confidentiality or integrity. A vulnerability in the processing of TCP-AO will allow a BGP or LDP peer not configured with authentication to establish a session even if the peer is locally configured to use authentication. This could lead to untrusted or unauthorized sessions being established. This issue affects Juniper Networks Junos OS: 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R2-S2, 21.3R3; 21.4 versions prior to 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R1-S1, 22.1R2. This issue does not affect Juniper Networks Junos OS Evolved."}, {"lang": "es", "value": "Una vulnerabilidad de autenticaci\u00f3n inapropiada en el kernel del Juniper Networks Junos OS permite a un atacante no autenticado y basado en la red causar un impacto en la Confidencialidad o la Integridad. Una vulnerabilidad en el procesamiento de TCP-AO permitir\u00e1 que un peer BGP o LDP no configurado con autenticaci\u00f3n establezca una sesi\u00f3n aunque el peer est\u00e9 configurado localmente para usar la autenticaci\u00f3n. Esto podr\u00eda conllevar a un establecimiento de sesiones no confiables o no autorizadas. Este problema afecta a Juniper Networks Junos OS: Versiones 21.2 anteriores a 21.2R3-S1; versiones 21.3 anteriores a 21.3R2-S2, 21.3R3; versiones 21.4 anteriores a 21.4R2-S1, 21.4R3; versiones 22.1 anteriores a 22.1R1-S1, 22.1R2. Este problema no afecta a Juniper Networks Junos OS Evolved"}], "lastModified": "2022-10-20T14:58:11.403", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "216E7DDE-453D-481F-92E2-9F8466CDDA3F"}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A52AF794-B36B-43A6-82E9-628658624B0A"}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:r1-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3998DC76-F72F-4452-9150-652140B113EB"}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:r1-s2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36ED4552-2420-45F9-B6E4-6DA2B2B12870"}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:r2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C28A14E7-7EA0-4757-9764-E39A27CFDFA5"}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:r2-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A43752D-A4AF-4B4E-B95B-192E42883A5B"}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:r2-s2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42986538-E9D0-4C2E-B1C4-A763A4EE451B"}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:r3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE22CA01-EA7E-4EE5-B59F-EE100688C1DA"}, {"criteria": "cpe:2.3:o:juniper:junos:21.3:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E7D597D-F6B6-44C3-9EBC-4FA0686ACB5C"}, {"criteria": "cpe:2.3:o:juniper:junos:21.3:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC78A4CB-D617-43FC-BB51-287D2D0C44ED"}, {"criteria": "cpe:2.3:o:juniper:junos:21.3:r1-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30FF67F8-1E3C-47A8-8859-709B3614BA6E"}, {"criteria": "cpe:2.3:o:juniper:junos:21.3:r1-s2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C7C507E-C85E-4BC6-A3B0-549516BAB524"}, {"criteria": "cpe:2.3:o:juniper:junos:21.3:r2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6514CDE8-35DC-469F-89A3-078684D18F7A"}, {"criteria": "cpe:2.3:o:juniper:junos:21.3:r2-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4624565D-8F59-44A8-B7A8-01AD579745E7"}, {"criteria": "cpe:2.3:o:juniper:junos:21.4:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "79ED3CE8-CC57-43AB-9A26-BBC87816062D"}, {"criteria": "cpe:2.3:o:juniper:junos:21.4:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4310D2D9-A8A6-48F8-9384-0A0692A1E1C3"}, {"criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9962B01C-C57C-4359-9532-676AB81CE8B0"}, {"criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62178549-B679-4902-BFDB-2993803B7FCE"}, {"criteria": "cpe:2.3:o:juniper:junos:21.4:r2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9AD697DF-9738-4276-94ED-7B9380CD09F5"}, {"criteria": "cpe:2.3:o:juniper:junos:22.1:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F96EBE9-2532-4E35-ABA5-CA68830476A4"}], "operator": "OR"}]}], "sourceIdentifier": "sirt@juniper.net"}