CVE-2022-22169 — Improper Initialization in Networks Junos OS

CWE-665 — Improper Initialization4 documents4 sources

Severity

5.9MEDIUMNVD

EPSS

0.3%

top 48.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Networks Junos OS Evolved Juniper Junos OS Evolved +1 more

Timeline

PublishedJan 19

Latest updateJan 20

Description

An Improper Initialization vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker who sends specific packets in certain orders and at specific timings to force OSPFv3 to unexpectedly enter graceful-restart (GR helper mode) even though there is not any Grace-LSA received in OSPFv3 causing a Denial of Service (DoS). Unexpectedly entering GR helper mode might cause the OSPFv3 neighbor adjacency formed on this interface to be stuck in …

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5juniper_networks/junos_os_evolvedunspecified — 21.2R2-EVO

▶CVEListV5juniper_networks/junos_os15.1 — 15.1R7-S11+12

▶NVDjuniper/junos_os_evolved< 21.2+1

▶NVDjuniper/junos13 versions+12

🔴Vulnerability Details

GHSA

GHSA-7cwj-qrmc-fh7m: An Improper Initialization vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker who↗2022-01-20

▶

CVEList

Junos OS and Junos OS Evolved: OSPFv3 session might go into INIT state upon receipt of multiple crafted packets from a trusted neighbor device.↗2022-01-19

▶

📋Vendor Advisories

Juniper

CVE-2022-22169: An Improper Initialization vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker who↗2022-01-19

▶