CVE-2022-22237 — Improper Authentication in Networks Junos OS

CWE-287 — Improper Authentication4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.2%

top 59.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos

Timeline

PublishedOct 18

Description

An Improper Authentication vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause an impact on confidentiality or integrity. A vulnerability in the processing of TCP-AO will allow a BGP or LDP peer not configured with authentication to establish a session even if the peer is locally configured to use authentication. This could lead to untrusted or unauthorized sessions being established. This issue affects Juniper Networks Junos OS: 21…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_os21.2 — 21.2R3-S1+3

▶NVDjuniper/junos4 versions+3

🔴Vulnerability Details

GHSA

GHSA-5695-324m-jq3v: An Improper Authentication vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause an impa↗2022-10-18

▶

CVEList

Junos OS: Peers not configured for TCP-AO can establish a BGP or LDP session even if authentication is configured locally↗2022-10-18

▶

📋Vendor Advisories

Juniper

CVE-2022-22237: An Improper Authentication vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause an impa↗2022-10-18

▶