CVE-2022-22168Missing Release of Memory after Effective Lifetime in Networks Junos OS

CWE-401Missing Release of Memory after Effective LifetimeCWE-1287Improper Validation of Specified Type of Input4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 77.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedJan 19
Latest updateJan 20

Description

An Improper Validation of Specified Type of Input vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated adjacent attacker to trigger a Missing Release of Memory after Effective Lifetime vulnerability. Continued exploitation of this vulnerability will eventually lead to an FPC reboot and thereby a Denial of Service (DoS). This issue affects: Juniper Networks Junos OS on vMX and MX150: All versions prior to 19.2R1-S8, 19.2R3-S4; 19.3 versions prior to 19.3R3-S5; 19.4 v

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5juniper_networks/junos_osunspecified19.2R1-S8, 19.2R3-S4+9
NVDjuniper/junos19.1+10

🔴Vulnerability Details

2
GHSA
GHSA-m467-8fv2-x525: An Improper Validation of Specified Type of Input vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated adjacent attacker2022-01-20
CVEList
Junos OS: vMX and MX150: Specific packets might cause a memory leak and eventually an FPC reboot2022-01-19

📋Vendor Advisories

1
Juniper
CVE-2022-22168: An Improper Validation of Specified Type of Input vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated adjacent attacker2022-01-19
CVE-2022-22168 — Networks Junos OS vulnerability | cvebase