#VU59631 External Control of Critical State Data in Juniper Junos OS - CVE-2022-22154
Published: January 17, 2022
Vulnerability identifier: #VU59631
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-22154
CWE-ID: CWE-642
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Juniper Junos OS
Juniper Junos OS
Software vendor:
Juniper Networks, Inc.
Juniper Networks, Inc.
Description
The vulnerability allows an attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insecure validation in the Junos Fusion setup of the satellite device. An attacker with physical access to device can make physical changes to the cabling of the device to cause a denial of service (DoS).
Remediation
Install updates from vendor's website.