CVE-2022-22163

HIGH

Juniper Networks Junos OS <15.1R7-S11, <18.4R3-S9, <19.1 - DoS

Title source: llm
STIX 2.1

Description

An Improper Input Validation vulnerability in the Juniper DHCP daemon (jdhcpd) of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to cause a crash of jdhcpd and thereby a Denial of Service (DoS). If a device is configured as DHCPv6 local server and persistent storage is enabled, jdhcpd will crash when receiving a specific DHCPv6 message. This issue affects: Juniper Networks Junos OS All versions prior to 15.1R7-S11; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S8, 19.2R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2; 21.2 versions prior to 21.2R2.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
https://kb.juniper.net/JSA11271

Scores

CVSS v3 7.4
EPSS 0.0008
EPSS Percentile 23.1%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Details

CWE
CWE-20
Status published
Products (1)
juniper/junos 15.1 (50 CPE variants)
Published Jan 19, 2022
Tracked Since Feb 18, 2026