CVE-2022-22195 — Improper Update of Reference Count in Networks Junos OS Evolved

CWE-911 — Improper Update of Reference Count4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.6%

top 29.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Evolved Juniper Junos OS Evolved

Timeline

PublishedApr 14

Latest updateApr 15

Description

An Improper Update of Reference Count vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to trigger a counter overflow, eventually causing a Denial of Service (DoS). This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S1-EVO; 21.1 versions prior to 21.1R3-EVO; 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO. This issue does not affect Juniper Networks Junos OS.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_os_evolvedunspecified — 20.4R3-S1-EVO+3

▶NVDjuniper/junos_os_evolved< 20.4+4

🔴Vulnerability Details

GHSA

GHSA-wm26-qf93-vqgf: An Improper Update of Reference Count vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attack↗2022-04-15

▶

CVEList

Junos OS Evolved: Specific packets reaching the RE lead to a counter overflow and eventually a crash↗2022-04-14

▶

📋Vendor Advisories

Juniper

CVE-2022-22195: An Improper Update of Reference Count vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attack↗2022-04-14

▶