External Control of Critical State Data in Juniper Junos OS - CVE-2022-22154
Published: January 17, 2022
Vulnerability identifier: #VU59631
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-22154
CWE-ID: CWE-642
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Juniper Networks, Inc.
Affected software:
Juniper Junos OS
Juniper Junos OS
Detailed vulnerability description
The vulnerability allows an attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insecure validation in the Junos Fusion setup of the satellite device. An attacker with physical access to device can make physical changes to the cabling of the device to cause a denial of service (DoS).
How to mitigate CVE-2022-22154
Install updates from vendor's website.