Improper initialization in Juniper Junos OS - CVE-2022-22186

 

Improper initialization in Juniper Junos OS - CVE-2022-22186

Published: April 13, 2022


Vulnerability identifier: #VU82465
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2022-22186
CWE-ID: CWE-665
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Juniper Networks, Inc.
Affected software:
Juniper Junos OS

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Due to an Improper Initialization vulnerability in Juniper Networks Junos OS on EX4650 devices, packets received on the management interface (em0) but not destined to the device, may be improperly forwarded to an egress interface, instead of being discarded.

Such traffic being sent by a client may appear genuine, but is non-standard in nature and should be considered as potentially malicious.


How to mitigate CVE-2022-22186

Install updates from vendor's website.

Sources