How severe is CVE-2023-22407?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2023-22407?

This is classified as CWE-459, which is a common weakness in software security.

CVE-2023-22407 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

An Incomplete Cleanup vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). An rpd crash can occur when an MPLS TE tunnel configuration change occurs on a directly connected router. This issue affects: Juniper Networks Junos OS All versions prior to 18.4R2-S7; 19.1 versions prior to 19.1R3-S2; 19.2 versions prior to 19.2R3; 19.3 versions prior to 19.3R3; 19.4 versions prior to 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2. Juniper Networks Junos OS Evolved All versions prior to 19.2R3-EVO; 19.3 versions prior to 19.3R3-EVO; 19.4 versions prior to 19.4R3-EVO; 20.1 versions prior to 20.1R3-EVO; 20.2 versions prior to 20.2R2-EVO.

Related Vulnerabilities

CVE-2019-12902

MEDIUM

CVSS:6.5(Medium)

Pydio Cells before 1.5.0 does incomplete cleanup of a user's data upon deletion. This allows a new user, holding the same User ID as a deleted user, to restore the deleted user's data.

CWE-4592019

CVE-2020-12414

MEDIUM

CVSS:6.5(Medium)

IndexedDB should be cleared when leaving private browsing mode and it is not, the API for WKWebViewConfiguration was being used incorrectly and requires the private instance of this object be deleted ...

CWE-4592020

CVE-2020-12624

MEDIUM

CVSS:6.5(Medium)

The League application before 2020-05-02 on Android sends a bearer token in an HTTP Authorization header to an arbitrary web site that hosts an external image because an OkHttp object is reused, which...

CWE-4592020

CVE-2020-13346

MEDIUM

CVSS:6.5(Medium)

Membership changes are not reflected in ToDo subscriptions in GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, allowing guest users to access confidential issues through API.

CWE-4592020

CVE-2022-37428

MEDIUM

CVSS:6.5(Medium)

PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logging is enabled, has Improper Cleanup upon a Thrown Exception, leading to a denial of service (daemon crash) via a DNS qu...

CWE-4592022

CVE-2023-28859

MEDIUM

CVSS:6.5(Medium)

redis-py before 4.4.4 and 4.5.x before 4.5.4 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request. (...

CWE-4592023