Vulnerability Details : CVE-2022-22192

An Improper Validation of Syntactic Correctness of Input vulnerability in the kernel of Juniper Networks Junos OS Evolved on PTX series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). When an incoming TCP packet destined to the device is malformed there is a possibility of a kernel panic. Only TCP packets destined to the ports for BGP, LDP and MSDP can trigger this. This issue only affects PTX10004, PTX10008, PTX10016. No other PTX Series devices or other platforms are affected. This issue affects Juniper Networks Junos OS Evolved: 20.4-EVO versions prior to 20.4R3-S4-EVO; 21.3-EVO versions prior to 21.3R3-EVO; 21.4-EVO versions prior to 21.4R3-EVO; 22.1-EVO versions prior to 22.1R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 20.4R1-EVO.
Vulnerability category: Input validationDenial of service
Published 2022-10-18 03:15:09
Updated 2022-10-21 12:50:44
View at NVD,

Exploit prediction scoring system (EPSS) score for CVE-2022-22192

Probability of exploitation activity in the next 30 days: 0.09%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 36 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2022-22192

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Source

CWE ids for CVE-2022-22192

  • The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
    Assigned by: (Primary)
  • The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax.
    Assigned by: (Secondary)

References for CVE-2022-22192

    2022-10 Security Bulletin: Junos OS Evolved: PTX Series: An attacker can cause a kernel panic by sending a malformed TCP packet to the device (CVE-2022-22192)
    Vendor Advisory

Products affected by CVE-2022-22192

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to terms of use!