CVE-2022-22164 : An Improper Initialization vulnerability in Juniper Networks Junos OS Evolved ma

An Improper Initialization vulnerability in Juniper Networks Junos OS Evolved may cause a commit operation for disabling the telnet service to not take effect as expected, resulting in the telnet service staying enabled. When it is not intended to be operating on the device, an administrator can issue the following command to verify whether telnet is operating in the background: user@device > show system connections | grep :23 tcp 0 0 0.0.0.0:23 0.0.0.0:* LISTEN 20879/xinetd This issue affects: Juniper Networks Junos OS Evolved All versions prior to 20.4R2-S2-EVO; 21.1 version 21.1R1-EVO and later versions; 21.2 versions prior to 21.2R2-EVO.

Published 2022-01-19 01:15:09

Updated 2022-01-26 02:21:46

Source Juniper Networks, Inc.

View at NVD, CVE.org

Products affected by CVE-2022-22164

Juniper » Junos Os Evolved » Version: 20.4 Update R1
cpe:2.3:o:juniper:junos_os_evolved:20.4:r1:*:*:*:*:*:*
Matching versions
Juniper » Junos Os Evolved » Version: 20.4 Update R1-s1
cpe:2.3:o:juniper:junos_os_evolved:20.4:r1-s1:*:*:*:*:*:*
Matching versions
Juniper » Junos Os Evolved » Version: 20.4 Update R1-s2
cpe:2.3:o:juniper:junos_os_evolved:20.4:r1-s2:*:*:*:*:*:*
Matching versions
Juniper » Junos Os Evolved » Version: 21.1
cpe:2.3:o:juniper:junos_os_evolved:21.1:-:*:*:*:*:*:*
Matching versions
Juniper » Junos Os Evolved » Version: 20.4 Update R2
cpe:2.3:o:juniper:junos_os_evolved:20.4:r2:*:*:*:*:*:*
Matching versions
Juniper » Junos Os Evolved » Version: 20.4 Update R2-s1
cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s1:*:*:*:*:*:*
Matching versions
Juniper » Junos Os Evolved » Version: 20.4 Update R2-s2
cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s2:*:*:*:*:*:*
Matching versions
Juniper » Junos Os Evolved » Version: 20.4 Update R2-s3
cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s3:*:*:*:*:*:*
Matching versions
Juniper » Junos Os Evolved » Version: 20.4 Update R3-s1
cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s1:*:*:*:*:*:*
Matching versions
Juniper » Junos Os Evolved » Version: 21.2
cpe:2.3:o:juniper:junos_os_evolved:21.2:-:*:*:*:*:*:*
Matching versions
Juniper » Junos Os Evolved » Version: 20.4
cpe:2.3:o:juniper:junos_os_evolved:20.4:-:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2022-22164

EPSS FAQ

0.31%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 51 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-22164

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:P/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	3.9	1.4	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: Low Availability: None
6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N	3.9	2.5	Juniper Networks, Inc.
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: Low Availability: None

CWE ids for CVE-2022-22164

CWE-665 Improper Initialization

The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.
Assigned by:
- nvd@nist.gov (Primary)
- sirt@juniper.net (Secondary)

References for CVE-2022-22164

https://kb.juniper.net/JSA11272

2022-01 Security Bulletin: Junos OS Evolved: Telnet service may be enabled when it is expected to be disabled. (CVE-2022-22164) - Juniper Networks
Vendor Advisory

Jump to

Vulnerability Details : CVE-2022-22164

Products affected by CVE-2022-22164

Exploit prediction scoring system (EPSS) score for CVE-2022-22164

CVSS scores for CVE-2022-22164

CWE ids for CVE-2022-22164

References for CVE-2022-22164