A Improper Validation of Specified Index, Position, or Offset in Input vulnerability in the Juniper DHCP daemon (jdhcpd) of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to cause a crash of jdhcpd and thereby a Denial of Service (DoS). In a scenario where DHCP relay or local server is configured the problem can be triggered if a DHCPv4 packet with specific options is received leading to a corruption of the options read from the packet. This corruption can then lead to jdhcpd crash and restart. This issue affects: Juniper Networks Junos OS 17.4R1 and later versions prior to 18.4R3-S10; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R1-S8, 19.2R3-S4; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R2-S2, 21.1R3; 21.2 versions prior to 21.2R1-S2, 21.2R2, 21.2R3; 21.3 versions prior to 21.3R1-S1, 21.3R2.
Published 2022-01-19 01:15:10
Updated 2022-01-26 20:09:17
View at NVD,   CVE.org
Vulnerability category: Input validationDenial of service

Exploit prediction scoring system (EPSS) score for CVE-2022-22179

0.05%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 20 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-22179

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
2.9
LOW AV:A/AC:M/Au:N/C:N/I:N/A:P
5.5
2.9
NIST
6.5
MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.8
3.6
NIST
6.5
MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.8
3.6
Juniper Networks, Inc.

CWE ids for CVE-2022-22179

  • The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
    Assigned by: nvd@nist.gov (Primary)

References for CVE-2022-22179

  • https://kb.juniper.net/JSA11285
    2022-01 Security Bulletin: Junos OS: jdhcpd crashes upon receiving a specific DHCP packet (CVE-2022-22179) - Juniper Networks
    Vendor Advisory

Products affected by CVE-2022-22179

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!