CVE-2023-22398 — Access of Uninitialized Pointer in Networks Junos OS

CWE-824 — Access of Uninitialized Pointer4 documents4 sources

Severity

5.5MEDIUMNVD

CNA5.3

EPSS

0.1%

top 82.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Networks Junos OS Evolved Juniper Junos +1 more

Timeline

PublishedJan 13

Description

An Access of Uninitialized Pointer vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). When an MPLS ping is performed on BGP LSPs, the RPD might crash. Repeated execution of this operation will lead to a sustained DoS. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S12; 19.1 versions prior to 19.1R3-S9; 19.2 versions prior …

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5juniper_networks/junos_os_evolvedunspecified — 20.4R3-S4-EVO+1

▶CVEListV5juniper_networks/junos_os15.1 — 15.1R7-S12+9

▶NVDjuniper/junos_os_evolved20.4, 21.1+1

▶NVDjuniper/junos10 versions+9

🔴Vulnerability Details

GHSA

GHSA-rxwj-9j86-c578: An Access of Uninitialized Pointer vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local↗2023-01-13

▶

CVEList

Junos OS and Junos OS Evolved: RPD might crash when MPLS ping is performed on BGP LSPs↗2023-01-12

▶

📋Vendor Advisories

Juniper

CVE-2023-22398: An Access of Uninitialized Pointer vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local↗2023-01-13

▶