CVE-2023-22402

Junos OS Evolved: The kernel might restart in a BGP scenario where "bgp auto-discovery" is enabled and such a neighbor flaps

Severity Score

5.9

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A Use After Free vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). In a Non Stop Routing (NSR) scenario, an unexpected kernel restart might be observed if "bgp auto-discovery" is enabled and if there is a BGP neighbor flap of auto-discovery sessions for any reason. This is a race condition which is outside of an attackers direct control and it depends on system internal timing whether this issue occurs. This issue affects Juniper Networks Junos OS Evolved: 21.3 versions prior to 21.3R3-EVO; 21.4 versions prior to 21.4R2-EVO; 22.1 versions prior to 22.1R2-EVO; 22.2 versions prior to 22.2R1-S1-EVO, 22.2R2-EVO.

Una vulnerabilidad Use-After-Free en el núcleo de Juniper Networks Junos OS Evolved permite que un atacante no autenticado basado en la red provoque una denegación de servicio (DoS). En un escenario de Non Stop Routing (NSR), se podría observar un reinicio inesperado del kernel si el "BGP auto-discovery" está habilitado y si hay una interrupción de las sesiones de descubrimiento automático del vecino BGP por cualquier motivo. Esta es una condición de ejecución que está fuera del control directo del atacante y depende de la sincronización interna del sistema si se produce este problema. Este problema afecta a Juniper Networks Junos OS Evolved: versiones 21.3 anteriores a 21.3R3-EVO; Versiones 21.4 anteriores a 21.4R2-EVO; Versiones 22.1 anteriores a 22.1R2-EVO; Versiones 22.2 anteriores a 22.2R1-S1-EVO, 22.2R2-EVO.

*Credits: N/A

CVSS Scores

Juniper Networksv3.1 5.9

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-12-27 CVE Reserved
2023-01-12 CVE Published
2024-08-02 CVE Updated
2024-08-04 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-416: Use After Free

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://kb.juniper.net/JSA70198	2023-01-20

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				21.3 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.3"		-		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				21.3 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.3"		r1		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				21.3 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.3"		r1-s1		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				21.3 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.3"		r2		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				21.3 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.3"		r2-s1		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				21.3 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.3"		r2-s2		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				21.4 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.4"		-		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				21.4 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.4"		r1		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				21.4 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.4"		r1-s1		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				21.4 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.4"		r1-s2		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				22.1 Search vendor "Juniper" for product "Junos Os Evolved" and version "22.1"		r1		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				22.1 Search vendor "Juniper" for product "Junos Os Evolved" and version "22.1"		r1-s1		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				22.1 Search vendor "Juniper" for product "Junos Os Evolved" and version "22.1"		r1-s2		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				22.2 Search vendor "Juniper" for product "Junos Os Evolved" and version "22.2"		r1		Affected