CVE-2022-22247Improper Input Validation in Networks Junos OS Evolved

CWE-20Improper Input Validation4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.2%
top 62.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OS EvolvedJuniper Junos OS Evolved
Timeline
PublishedOct 18

Description

An Improper Input Validation vulnerability in ingress TCP segment processing of Juniper Networks Junos OS Evolved allows a network-based unauthenticated attacker to send a crafted TCP segment to the device, triggering a kernel panic, leading to a Denial of Service (DoS) condition. Continued receipt and processing of this TCP segment could create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS Evolved: 21.3 versions prior to 21.3R3-EVO; 21.4 versions pr

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5juniper_networks/junos_os_evolved21.3-EVO21.3R3-EVO+2
NVDjuniper/junos_os_evolved21.3, 21.4, 22.1+2

🔴Vulnerability Details

2
CVEList
Junos OS Evolved: Kernel processing of unvalidated TCP segments could lead to a Denial of Service (DoS)2022-10-18
GHSA
GHSA-f64r-j9jf-68xv: An Improper Input Validation vulnerability in ingress TCP segment processing of Juniper Networks Junos OS Evolved allows a network-based unauthenticat2022-10-18

📋Vendor Advisories

1
Juniper
CVE-2022-22247: An Improper Input Validation vulnerability in ingress TCP segment processing of Juniper Networks Junos OS Evolved allows a network-based unauthenticat2022-10-18
CVE-2022-22247 — Improper Input Validation | cvebase