CVE-2022-22164Improper Initialization in Networks Junos OS Evolved

CWE-665Improper Initialization4 documents4 sources
Severity
5.3MEDIUMNVD
CNA6.5
EPSS
0.3%
top 45.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OS EvolvedJuniper Junos OS Evolved
Timeline
PublishedJan 19
Latest updateJan 20

Description

An Improper Initialization vulnerability in Juniper Networks Junos OS Evolved may cause a commit operation for disabling the telnet service to not take effect as expected, resulting in the telnet service staying enabled. When it is not intended to be operating on the device, an administrator can issue the following command to verify whether telnet is operating in the background: user@device > show system connections | grep :23 tcp 0 0 0.0.0.0:23 0.0.0.0:* LISTEN 20879/xinetd This issue affects:

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5juniper_networks/junos_os_evolvedunspecified20.4R2-S2-EVO+2
NVDjuniper/junos_os_evolved20.4, 21.1, 21.2+2

🔴Vulnerability Details

2
GHSA
GHSA-56fg-32qc-v967: An Improper Initialization vulnerability in Juniper Networks Junos OS Evolved may cause a commit operation for disabling the telnet service to not tak2022-01-20
CVEList
Junos OS Evolved: Telnet service may be enabled when it is expected to be disabled.2022-01-19

📋Vendor Advisories

1
Juniper
CVE-2022-22164: An Improper Initialization vulnerability in Juniper Networks Junos OS Evolved may cause a commit operation for disabling the telnet service to not tak2022-01-19
CVE-2022-22164 — Improper Initialization | cvebase