CVE-2022-22237

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions 21.2 prior to 21.2R3-S1 Juniper Networks Junos OS versions 21.3 prior to 21.3R2-S2, 21.3R3 Juniper Networks Junos OS versions 21.4 prior to 21.4R2-S1, 21.4R3 Juniper Networks Junos OS versions 22.1 prior to 22.1R1-S1, 22.1R2

Description The issue is related to an Improper Authentication vulnerability in the kernel of Juniper Networks Junos OS, allowing an unauthenticated, network-based attacker to impact confidentiality or integrity. This vulnerability is due to a flaw in the processing of TCP-AO, which enables a BGP or LDP peer not configured with authentication to establish a session even if the peer is locally configured to use authentication. This could lead to untrusted or unauthorized sessions being established.

Recommendations For Juniper Networks Junos OS version 21.2, update to version 21.2R3-S1 or later. For Juniper Networks Junos OS version 21.3, update to version 21.3R2-S2, 21.3R3 or later. For Juniper Networks Junos OS version 21.4, update to version 21.4R2-S1, 21.4R3 or later. For Juniper Networks Junos OS version 22.1, update to version 22.1R1-S1, 22.1R2 or later.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

BDU:2023-03136

CVE-2022-22237

Affected Products

Junos

CVE-2022-22237

Weakness Enumeration

Related Identifiers

Affected Products

References · 5