CVE-2022-22154

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions 16.1R1 through 18.4R3-S10 Juniper Networks Junos OS versions 19.1 through 19.1R3-S7 Juniper Networks Junos OS versions 19.2 through 19.2R3-S4

Description The issue is related to an External Control of Critical State Data vulnerability in the Satellite Device control state machine of Juniper Networks Junos OS. This vulnerability can be exploited by an attacker who has physical access to the cabling between the Satellite Device and the original Aggregation Device, allowing them to cause a denial of service. The attacker can reboot the Satellite Device, which can then be controlled by an Aggregation Device that does not belong to the original Fusion setup.

Recommendations For Juniper Networks Junos OS versions 16.1R1 through 18.4R3-S10, update to version 18.4R3-S10 or later. For Juniper Networks Junos OS versions 19.1 through 19.1R3-S7, update to version 19.1R3-S7 or later. For Juniper Networks Junos OS versions 19.2 through 19.2R3-S4, update to version 19.2R3-S4 or later. As a temporary workaround, consider restricting physical access to the cabling between the Satellite Device and the Aggregation Device to minimize the risk of exploitation.