CVE-2023-22402

{"id": "CVE-2023-22402", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "sirt@juniper.net", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2023-01-13T00:15:10.690", "references": [{"url": "https://kb.juniper.net/JSA70198", "tags": ["Vendor Advisory"], "source": "sirt@juniper.net"}, {"url": "https://kb.juniper.net/JSA70198", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "sirt@juniper.net", "description": [{"lang": "en", "value": "CWE-416"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "A Use After Free vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). In a Non Stop Routing (NSR) scenario, an unexpected kernel restart might be observed if \"bgp auto-discovery\" is enabled and if there is a BGP neighbor flap of auto-discovery sessions for any reason. This is a race condition which is outside of an attackers direct control and it depends on system internal timing whether this issue occurs. This issue affects Juniper Networks Junos OS Evolved: 21.3 versions prior to 21.3R3-EVO; 21.4 versions prior to 21.4R2-EVO; 22.1 versions prior to 22.1R2-EVO; 22.2 versions prior to 22.2R1-S1-EVO, 22.2R2-EVO."}, {"lang": "es", "value": "Una vulnerabilidad Use-After-Free en el n\u00facleo de Juniper Networks Junos OS Evolved permite que un atacante no autenticado basado en la red provoque una denegaci\u00f3n de servicio (DoS). En un escenario de Non Stop Routing (NSR), se podr\u00eda observar un reinicio inesperado del kernel si el \"BGP auto-discovery\" est\u00e1 habilitado y si hay una interrupci\u00f3n de las sesiones de descubrimiento autom\u00e1tico del vecino BGP por cualquier motivo. Esta es una condici\u00f3n de ejecuci\u00f3n que est\u00e1 fuera del control directo del atacante y depende de la sincronizaci\u00f3n interna del sistema si se produce este problema. Este problema afecta a Juniper Networks Junos OS Evolved: versiones 21.3 anteriores a 21.3R3-EVO; Versiones 21.4 anteriores a 21.4R2-EVO; Versiones 22.1 anteriores a 22.1R2-EVO; Versiones 22.2 anteriores a 22.2R1-S1-EVO, 22.2R2-EVO."}], "lastModified": "2024-11-21T07:44:44.663", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4EC38173-44AB-43D5-8C27-CB43AD5E0B2E"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A4DD04A-DE52-46BE-8C34-8DB47F7500F0"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r1-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FEE0E145-8E1C-446E-90ED-237E3B9CAF47"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F26369D-21B2-4C6A-98C1-492692A61283"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r2-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24003819-1A6B-4BDF-B3DF-34751C137788"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r2-s2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF8D332E-9133-45B9-BB07-B33C790F737A"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E907193-075E-45BC-9257-9607DB790D71"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B73A41D-3FF5-4E53-83FF-74DF58E0D6C3"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CEDF46A8-FC3A-4779-B695-2CA11D045AEB"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "39809219-9F87-4583-9DAD-9415DD320B36"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "750FE748-82E7-4419-A061-2DEA26E35309"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r1-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "236E23E5-8B04-4081-9D97-7300DF284000"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r1-s2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5FC96EA7-90A7-4838-B95D-60DBC88C7BC7"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D77A072D-350A-42F2-8324-7D3AC1711BF9"}], "operator": "OR"}]}], "sourceIdentifier": "sirt@juniper.net"}