1. Home
  2. CVE Database
  3. CVE-2022-22164
MEDIUM · 6.5

CVE-2022-22164

An Improper Initialization vulnerability in Juniper Networks Junos OS Evolved may cause a commit operation for disabling the telnet service to not take effect as expected, resulting in the telnet serv...

Vulnerability Description

An Improper Initialization vulnerability in Juniper Networks Junos OS Evolved may cause a commit operation for disabling the telnet service to not take effect as expected, resulting in the telnet service staying enabled. When it is not intended to be operating on the device, an administrator can issue the following command to verify whether telnet is operating in the background: user@device > show system connections | grep :23 tcp 0 0 0.0.0.0:23 0.0.0.0:* LISTEN 20879/xinetd This issue affects: Juniper Networks Junos OS Evolved All versions prior to 20.4R2-S2-EVO; 21.1 version 21.1R1-EVO and later versions; 21.2 versions prior to 21.2R2-EVO.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
JuniperJunos Os Evolved20.4

Related Weaknesses (CWE)

CWE-665

References

FAQ

What is CVE-2022-22164?

CVE-2022-22164 is a vulnerability with a CVSS score of 6.5 (MEDIUM). An Improper Initialization vulnerability in Juniper Networks Junos OS Evolved may cause a commit operation for disabling the telnet service to not take effect as expected, resulting in the telnet serv...

How severe is CVE-2022-22164?

CVE-2022-22164 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-22164?

Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos Os Evolved.