CVE-2022-22193 — Improper Handling of Unexpected Data Type in Networks Junos OS

CWE-241 — Improper Handling of Unexpected Data Type4 documents4 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 84.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Networks Junos OS Evolved Juniper Junos +1 more

Timeline

PublishedApr 14

Latest updateApr 15

Description

An Improper Handling of Unexpected Data Type vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). Continued execution of this command might cause a sustained Denial of Service condition. If BGP rib sharding is configured and a certain CLI command is executed the rpd process can crash. During the rpd crash and restart, the routing protocols might be impac…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5juniper_networks/junos_os_evolved20.4 — 20.4R3-EVO+3

▶CVEListV5juniper_networks/junos_os20.3 — 20.3R3-S1+3

▶NVDjuniper/junos_os_evolved20.4, 21.1, 21.2+2

▶NVDjuniper/junos4 versions+3

🔴Vulnerability Details

GHSA

GHSA-679q-52f6-xw76: An Improper Handling of Unexpected Data Type vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allo↗2022-04-15

▶

CVEList

Junos OS and Junos OS Evolved: In a BGP rib-sharding scenario when a certain CLI command is executed the rpd process might crash↗2022-04-14

▶

📋Vendor Advisories

Juniper

CVE-2022-22193: An Improper Handling of Unexpected Data Type vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allo↗2022-04-14

▶