Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2022-22224 |
CWE-ID | CWE-755 |
Exploitation vector | Local network |
Public exploit | N/A |
Vulnerable software Subscribe |
Junos OS Evolved Operating systems & Components / Operating system Juniper Junos OS Operating systems & Components / Operating system |
Vendor | Juniper Networks, Inc. |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
EUVDB-ID: #VU68276
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-22224
CWE-ID:
CWE-755 - Improper Handling of Exceptional Conditions
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect error handling when processing malformed OSPF TLV within the periodic packet management daemon (PPMD) process. A remote attacker on the local network can send malformed OSPF TLV and cause the PPMD process to enter an infinite loop.
Install updates from vendor's website.
Vulnerable software versionsJunos OS Evolved: 20.4 - 21.2-EVO
Juniper Junos OS: 19.1 - 21.1R1-S1
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.