CVE-2022-22154External Control of Critical State Data in Networks Junos OS

CWE-642External Control of Critical State DataCWE-668Resource Exposure4 documents4 sources
Severity
6.8MEDIUMNVD
EPSS
0.0%
top 84.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedJan 19
Latest updateJan 20

Description

In a Junos Fusion scenario an External Control of Critical State Data vulnerability in the Satellite Device (SD) control state machine of Juniper Networks Junos OS allows an attacker who is able to make physical changes to the cabling of the device to cause a denial of service (DoS). An SD can get rebooted and subsequently controlled by an Aggregation Device (AD) which does not belong to the original Fusion setup and is just connected to an extended port of the SD. To carry out this attack the a

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5juniper_networks/junos_os16.1R116.1*+3
NVDjuniper/junos19 versions+18

🔴Vulnerability Details

2
GHSA
GHSA-w7gv-qp22-428h: In a Junos Fusion scenario an External Control of Critical State Data vulnerability in the Satellite Device (SD) control state machine of Juniper Netw2022-01-20
CVEList
Junos Fusion: A Satellite Device can be controlled by rewiring it to a foreign AD causing a DoS2022-01-19

📋Vendor Advisories

1
Juniper
CVE-2022-22154: In a Junos Fusion scenario an External Control of Critical State Data vulnerability in the Satellite Device (SD) control state machine of Juniper Netw2022-01-19
CVE-2022-22154 — Networks Junos OS vulnerability | cvebase