CVE-2022-22196 — Improper Check for Unusual or Exceptional Conditions in Networks Junos OS

CWE-754 — Improper Check for Unusual or Exceptional Conditions4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 68.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Networks Junos OS Evolved Juniper Junos OS Evolved +1 more

Timeline

PublishedApr 14

Latest updateApr 15

Description

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker with an established ISIS adjacency to cause a Denial of Service (DoS). The rpd CPU spikes to 100% after a malformed ISIS TLV has been received which will lead to processing issues of routing updates and in turn traffic impact. This issue affects: Juniper Networks Junos OS 19.3 versions prior to 19…

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5juniper_networks/junos_os_evolvedunspecified — 20.4R3-S3-EVO+1

▶CVEListV5juniper_networks/junos_os19.3 — 19.3R3-S4+7

▶NVDjuniper/junos_os_evolved< 20.4+2

▶NVDjuniper/junos8 versions+7

🔴Vulnerability Details

GHSA

GHSA-fv57-3hf6-84fp: An Improper Check for Unusual or Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS E↗2022-04-15

▶

CVEList

Junos OS and Junos OS Evolved: The rpd CPU spikes to 100% after a malformed ISIS TLV has been received↗2022-04-14

▶

📋Vendor Advisories

Juniper

CVE-2022-22196: An Improper Check for Unusual or Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS E↗2022-04-14

▶