CVE-2023-22402

13.01.2023, 00:15

A Use After Free vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). In a Non Stop Routing (NSR) scenario, an unexpected kernel restart might be observed if "bgp auto-discovery" is enabled and if there is a BGP neighbor flap of auto-discovery sessions for any reason. This is a race condition which is outside of an attackers direct control and it depends on system internal timing whether this issue occurs. This issue affects Juniper Networks Junos OS Evolved: 21.3 versions prior to 21.3R3-EVO; 21.4 versions prior to 21.4R2-EVO; 22.1 versions prior to 22.1R2-EVO; 22.2 versions prior to 22.2R1-S1-EVO, 22.2R2-EVO.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.9 MEDIUM	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
juniper	CNA	5.9 MEDIUM	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 40%

Vendor	Product	Version
juniper	junos_os_evolved	21.3
juniper	junos_os_evolved	21.3:r1
juniper	junos_os_evolved	21.3:r1-s1
juniper	junos_os_evolved	21.3:r2
juniper	junos_os_evolved	21.3:r2-s1
juniper	junos_os_evolved	21.3:r2-s2
juniper	junos_os_evolved	21.4
juniper	junos_os_evolved	21.4:r1
juniper	junos_os_evolved	21.4:r1-s1
juniper	junos_os_evolved	21.4:r1-s2
juniper	junos_os_evolved	22.1:r1
juniper	junos_os_evolved	22.1:r1-s1
juniper	junos_os_evolved	22.1:r1-s2
juniper	junos_os_evolved	22.2:r1

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-416 - Use After Free
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

References

https://kb.juniper.net/JSA70198