CVE Vulnerabilities

CVE-2022-22237

Improper Authentication

Published: Oct 18, 2022 | Modified: Oct 20, 2022
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

An Improper Authentication vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause an impact on confidentiality or integrity. A vulnerability in the processing of TCP-AO will allow a BGP or LDP peer not configured with authentication to establish a session even if the peer is locally configured to use authentication. This could lead to untrusted or unauthorized sessions being established. This issue affects Juniper Networks Junos OS: 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R2-S2, 21.3R3; 21.4 versions prior to 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R1-S1, 22.1R2. This issue does not affect Juniper Networks Junos OS Evolved.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Junos Juniper 21.2 21.2
Junos Juniper 21.2 21.2
Junos Juniper 21.3 21.3
Junos Juniper 21.3 21.3
Junos Juniper 21.2 21.2
Junos Juniper 21.2 21.2
Junos Juniper 21.2 21.2
Junos Juniper 21.2 21.2
Junos Juniper 21.2 21.2
Junos Juniper 21.4 21.4
Junos Juniper 21.3 21.3
Junos Juniper 21.3 21.3
Junos Juniper 21.4 21.4
Junos Juniper 21.3 21.3
Junos Juniper 21.4 21.4
Junos Juniper 21.2 21.2
Junos Juniper 22.1 22.1
Junos Juniper 21.4 21.4
Junos Juniper 21.4 21.4
Junos Juniper 21.3 21.3

Potential Mitigations

References