CVE-2022-22192Improper Validation of Syntactic Correctness of Input in Networks Junos OS Evolved

CWE-1286Improper Validation of Syntactic Correctness of InputCWE-20Improper Input Validation4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.6%
top 29.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OS EvolvedJuniper Junos OS Evolved
Timeline
PublishedOct 18

Description

An Improper Validation of Syntactic Correctness of Input vulnerability in the kernel of Juniper Networks Junos OS Evolved on PTX series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). When an incoming TCP packet destined to the device is malformed there is a possibility of a kernel panic. Only TCP packets destined to the ports for BGP, LDP and MSDP can trigger this. This issue only affects PTX10004, PTX10008, PTX10016. No other PTX Series devices or other pla

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5juniper_networks/junos_os_evolved20.4-EVO20.4R3-S4-EVO+3
NVDjuniper/junos_os_evolved4 versions+3

🔴Vulnerability Details

2
CVEList
Junos OS Evolved: PTX Series: An attacker can cause a kernel panic by sending a malformed TCP packet to the device2022-10-18
GHSA
GHSA-pgf8-mcvj-26jv: An Improper Validation of Syntactic Correctness of Input vulnerability in the kernel of Juniper Networks Junos OS Evolved on PTX series allows a netwo2022-10-18

📋Vendor Advisories

1
Juniper
CVE-2022-22192: An Improper Validation of Syntactic Correctness of Input vulnerability in the kernel of Juniper Networks Junos OS Evolved on PTX series allows a netwo2022-10-18
CVE-2022-22192 — HIGH severity | cvebase