CVE-2022-22176 — Improper Validation of Syntactic Correctness of Input in Networks Junos OS

CWE-1286 — Improper Validation of Syntactic Correctness of Input CWE-20 — Improper Input Validation4 documents4 sources

Severity

6.5MEDIUMNVD

CNA7.4

EPSS

0.1%

top 76.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos

Timeline

PublishedJan 19

Latest updateJan 20

Description

An Improper Validation of Syntactic Correctness of Input vulnerability in the Juniper DHCP daemon (jdhcpd) of Juniper Networks Junos OS allows an adjacent unauthenticated attacker sending a malformed DHCP packet to cause a crash of jdhcpd and thereby a Denial of Service (DoS). If option-82 is configured in a DHCP snooping / -security scenario, jdhcpd crashes if a specific malformed DHCP request packet is received. The DHCP functionality is impacted while jdhcpd restarts, and continued exploitati…

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_osunspecified — 15.1R7-S11+13

▶NVDjuniper/junos33 versions+32

🔴Vulnerability Details

GHSA

GHSA-4f29-g223-2grv: An Improper Validation of Syntactic Correctness of Input vulnerability in the Juniper DHCP daemon (jdhcpd) of Juniper Networks Junos OS allows an adja↗2022-01-20

▶

CVEList

Junos OS: In a scenario with dhcp-security and option-82 configured jdhcpd crashes upon receipt of a malformed DHCP packet↗2022-01-19

▶

📋Vendor Advisories

Juniper

CVE-2022-22176: An Improper Validation of Syntactic Correctness of Input vulnerability in the Juniper DHCP daemon (jdhcpd) of Juniper Networks Junos OS allows an adja↗2022-01-19

▶