QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2022-22230

Back to search

CVE-2022-22230

Published: Oct 18, 2022

Modified: May 12, 2025

PUBLISHED

CVSS v3.1

6.5

MEDIUM

Description

An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent unauthenticated attacker to cause DoS (Denial of Service). If another router generates more than one specific valid OSPFv3 LSA then rpd will crash while processing these LSAs. This issue only affects systems configured with OSPFv3, while OSPFv2 is not affected. This issue affects: Juniper Networks Junos OS 19.2 versions prior to 19.2R3-S6; 19.3 version 19.3R2 and later versions; 19.4 versions prior to 19.4R2-S8, 19.4R3-S9; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3-S2; 21.4 versions prior to 21.4R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S5-EVO; 21.1-EVO versions prior to 21.1R3-S2-EVO; 21.2-EVO versions prior to 21.2R3-S1-EVO; 21.3-EVO versions prior to 21.3R3-S2-EVO; 21.4-EVO versions prior to 21.4R2-EVO; 22.1-EVO versions prior to 22.1R2-EVO; 22.2-EVO versions prior to 22.2R2-EVO. This issue does not affect Juniper Networks Junos OS 19.2 versions prior to 19.2R2.

VendorProductVersions

Juniper Networks

Junos OS

affected
19.2 - < 19.2R3-S6
affected
19.3R2 - < 19.3*
affected
19.4 - < 19.4R2-S8, 19.4R3-S9
affected
20.1R1 - < 20.1*
affected
20.2 - < 20.2R3-S5

+6 more versions

Juniper Networks

Junos OS Evolved

affected
unspecified - < 20.4R3-S5-EVO
affected
21.1-EVO - < 21.1R3-S2-EVO
affected
21.2-EVO - < 21.2R3-S1-EVO
affected
21.3-EVO - < 21.3R3-S2-EVO
affected
21.4-EVO - < 21.4R2-EVO

+2 more versions

Weaknesses (CWE)

CWE-20

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now