CVE-2022-22247

Published: Oct 18, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: sirt@juniper.net (Secondary)

Description

An Improper Input Validation vulnerability in ingress TCP segment processing of Juniper Networks Junos OS Evolved allows a network-based unauthenticated attacker to send a crafted TCP segment to the device, triggering a kernel panic, leading to a Denial of Service (DoS) condition. Continued receipt and processing of this TCP segment could create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS Evolved: 21.3 versions prior to 21.3R3-EVO; 21.4 versions prior to 21.4R2-EVO; 22.1 versions prior to 22.1R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 21.3R1-EVO.

Affected (8)

Products: Juniper: Junos Os Evolved

Juniper

1 product

Junos Os Evolved

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Juniper Junos Os Evolved	Version 21.3
Juniper Junos Os Evolved	Version 21.3 r1-s1
Juniper Junos Os Evolved	Version 21.3 r1
Juniper Junos Os Evolved	Version 21.3 r2
Juniper Junos Os Evolved	Version 21.4
Juniper Junos Os Evolved	Version 21.4 r1-s1
Juniper Junos Os Evolved	Version 21.4 r1
Juniper Junos Os Evolved	Version 22.1 r1

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://kb.juniper.net/JSA69904

Source: sirt@juniper.net

Vendor Advisory

https://kb.juniper.net/JSA69904

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.