CVE-2022-22163 — Improper Input Validation in Networks Junos OS

CWE-20 — Improper Input Validation4 documents4 sources

Severity

6.5MEDIUMNVD

CNA7.4

EPSS

0.1%

top 76.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos

Timeline

PublishedJan 19

Latest updateJan 20

Description

An Improper Input Validation vulnerability in the Juniper DHCP daemon (jdhcpd) of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to cause a crash of jdhcpd and thereby a Denial of Service (DoS). If a device is configured as DHCPv6 local server and persistent storage is enabled, jdhcpd will crash when receiving a specific DHCPv6 message. This issue affects: Juniper Networks Junos OS All versions prior to 15.1R7-S11; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 1…

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_osunspecified — 15.1R7-S11+10

▶NVDjuniper/junos< 15.1+11

🔴Vulnerability Details

GHSA

GHSA-r465-758h-7ff9: An Improper Input Validation vulnerability in the Juniper DHCP daemon (jdhcpd) of Juniper Networks Junos OS allows an adjacent unauthenticated attacke↗2022-01-20

▶

CVEList

Junos OS: jdhcpd crashes upon receipt of a specific DHCPv6 packet↗2022-01-19

▶

📋Vendor Advisories

Juniper

CVE-2022-22163: An Improper Input Validation vulnerability in the Juniper DHCP daemon (jdhcpd) of Juniper Networks Junos OS allows an adjacent unauthenticated attacke↗2022-01-19

▶