CVE-2022-22164: Junos OS Evolved: Telnet service may be enabled when it is expected to be disabled.
First published: Wed Jan 19 2022(Updated: )
An Improper Initialization vulnerability in Juniper Networks Junos OS Evolved may cause a commit operation for disabling the telnet service to not take effect as expected, resulting in the telnet service staying enabled. When it is not intended to be operating on the device, an administrator can issue the following command to verify whether telnet is operating in the background: user@device > show system connections | grep :23 tcp 0 0 0.0.0.0:23 0.0.0.0:* LISTEN 20879/xinetd This issue affects: Juniper Networks Junos OS Evolved All versions prior to 20.4R2-S2-EVO; 21.1 version 21.1R1-EVO and later versions; 21.2 versions prior to 21.2R2-EVO.
Credit: sirt@juniper.net
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Juniper Junos Os Evolved | =20.4 | |
| Juniper Junos Os Evolved | =20.4-r1 | |
| Juniper Junos Os Evolved | =20.4-r1-s1 | |
| Juniper Junos Os Evolved | =20.4-r1-s2 | |
| Juniper Junos Os Evolved | =20.4-r2 | |
| Juniper Junos Os Evolved | =20.4-r2-s1 | |
| Juniper Junos Os Evolved | =20.4-r2-s2 | |
| Juniper Junos Os Evolved | =20.4-r2-s3 | |
| Juniper Junos Os Evolved | =20.4-r3-s1 | |
| Juniper Junos Os Evolved | =21.1 | |
| Juniper Junos Os Evolved | =21.2 |
Remedy
The following software releases have been updated to resolve this specific issue: Junos OS Evolved: 20.4R2-S2-EVO, 21.2R2-EVO, 21.3R1-EVO and all subsequent releases.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this security vulnerability?
The vulnerability ID is CVE-2022-22164.
What is the title of this vulnerability?
The title of this vulnerability is 'An Improper Initialization vulnerability in Juniper Networks Junos OS Evolved may cause a commit operation for disabling the telnet service to not take effect as expected, resulting in the telnet service staying enabled.'
What is the affected software?
The affected software is Juniper Networks Junos OS Evolved version 20.4 and later.
What is the severity rating of this vulnerability?
The severity rating of this vulnerability is medium with a CVSS score of 5.3.
How can I fix this vulnerability?
To fix this vulnerability, you should upgrade Juniper Networks Junos OS Evolved to version 21.2 or apply the necessary patches or updates provided by the vendor.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/remedy
- agent/author
- agent/title
- agent/references
- agent/last-modified-date
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/juniper
- canonical/juniper junos os evolved
- version/juniper junos os evolved/20.4
- version/juniper junos os evolved/20.4-r1
- version/juniper junos os evolved/20.4-r1-s1
- version/juniper junos os evolved/20.4-r1-s2
- version/juniper junos os evolved/20.4-r2
- version/juniper junos os evolved/20.4-r2-s1
- version/juniper junos os evolved/20.4-r2-s2
- version/juniper junos os evolved/20.4-r2-s3
- version/juniper junos os evolved/20.4-r3-s1
- version/juniper junos os evolved/21.1
- version/juniper junos os evolved/21.2