CVE-2023-22402Use After Free in Networks Junos OS Evolved

CWE-416Use After Free4 documents4 sources
Severity
5.9MEDIUMNVD
EPSS
0.5%
top 36.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OS EvolvedJuniper Junos OS Evolved
Timeline
PublishedJan 13

Description

A Use After Free vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). In a Non Stop Routing (NSR) scenario, an unexpected kernel restart might be observed if "bgp auto-discovery" is enabled and if there is a BGP neighbor flap of auto-discovery sessions for any reason. This is a race condition which is outside of an attackers direct control and it depends on system internal timing whether this issue

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

CVEListV5juniper_networks/junos_os_evolved21.321.3R3-EVO+3
NVDjuniper/junos_os_evolved4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-3gh6-5qqw-c955: A Use After Free vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial2023-01-13
CVEList
Junos OS Evolved: The kernel might restart in a BGP scenario where "bgp auto-discovery" is enabled and such a neighbor flaps2023-01-12

📋Vendor Advisories

1
Juniper
CVE-2023-22402: A Use After Free vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial2023-01-13
CVE-2023-22402 — Use After Free | cvebase