External Control of Critical State Data in Juniper Junos OS - CVE-2022-22154

 

External Control of Critical State Data in Juniper Junos OS - CVE-2022-22154

Published: January 17, 2022


Vulnerability identifier: #VU59631
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-22154
CWE-ID: CWE-642
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Juniper Networks, Inc.
Affected software:
Juniper Junos OS

Detailed vulnerability description

The vulnerability allows an attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insecure validation in the Junos Fusion setup of the satellite device. An attacker with physical access to device can make physical changes to the cabling of the device to cause a denial of service (DoS).


How to mitigate CVE-2022-22154

Install updates from vendor's website.

Sources