CVE-2022-22186Improper Initialization in Networks Junos OS

CWE-665Improper Initialization4 documents4 sources
Severity
6.5MEDIUMNVD
CNA7.2
EPSS
0.4%
top 39.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedApr 14
Latest updateApr 15

Description

Due to an Improper Initialization vulnerability in Juniper Networks Junos OS on EX4650 devices, packets received on the management interface (em0) but not destined to the device, may be improperly forwarded to an egress interface, instead of being discarded. Such traffic being sent by a client may appear genuine, but is non-standard in nature and should be considered as potentially malicious. This issue affects: Juniper Networks Junos OS on EX4650 Series: All versions prior to 19.1R3-S8; 19.2 ve

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages2 packages

CVEListV5juniper_networks/junos_osunspecified19.1R3-S8+11
NVDjuniper/junos< 19.1+12

🔴Vulnerability Details

2
GHSA
GHSA-44g4-qh8w-9346: Due to an Improper Initialization vulnerability in Juniper Networks Junos OS on EX4650 devices, packets received on the management interface (em0) but2022-04-15
CVEList
Junos OS: EX4650 Series: Certain traffic received by the Junos OS device on the management interface may be forwarded to egress interfaces instead of discarded2022-04-14

📋Vendor Advisories

1
Juniper
CVE-2022-22186: Due to an Improper Initialization vulnerability in Juniper Networks Junos OS on EX4650 devices, packets received on the management interface (em0) but2022-04-14
CVE-2022-22186 — Improper Initialization | cvebase