CVE-2022-22154
CVE-2022-22154 is a medium-severity vulnerability in Juniper Junos with a CVSS 3.x base score of 6.8. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-668.
Key facts
- Severity: Medium (CVSS 3.x base score 6.8)
- CVSS v2: 4.6
- EPSS exploit prediction: 0% (16th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-668
- Affected product: Juniper Junos
- Published:
- Last modified:
Description
In a Junos Fusion scenario an External Control of Critical State Data vulnerability in the Satellite Device (SD) control state machine of Juniper Networks Junos OS allows an attacker who is able to make physical changes to the cabling of the device to cause a denial of service (DoS). An SD can get rebooted and subsequently controlled by an Aggregation Device (AD) which does not belong to the original Fusion setup and is just connected to an extended port of the SD. To carry out this attack the attacker needs to have physical access to the cabling between the SD and the original AD. This issue affects: Juniper Networks Junos OS 16.1R1 and later versions prior to 18.4R3-S10; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R3-S4. This issue does not affect Juniper Networks Junos OS versions prior to 16.1R1.
Frequently asked questions
- What is CVE-2022-22154?
- In a Junos Fusion scenario an External Control of Critical State Data vulnerability in the Satellite Device (SD) control state machine of Juniper Networks Junos OS allows an attacker who is able to make physical changes to the cabling of the device to cause a denial of service (DoS). An SD can get rebooted and subsequently controlled by an Aggregation Device (AD) which does not belong to the original Fusion setup and is just connected to an extended port of the SD. To carry out this attack the attacker needs to have physical access to the cabling between the SD and the original AD. This issue affects: Juniper Networks Junos OS 16.1R1 and later versions prior to 18.4R3-S10; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R3-S4. This issue does not affect Juniper Networks Junos OS versions prior to 16.1R1.
- How severe is CVE-2022-22154?
- CVE-2022-22154 has a CVSS 3.x base score of 6.8, rated medium severity. It is exploitable over physical access with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is high, integrity high, and availability high.
- Is CVE-2022-22154 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (16th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2022-22154?
- CVE-2022-22154 primarily affects Juniper Junos. In total, 279 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2022-22154?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2022-22154 published?
- CVE-2022-22154 was published on 2022-01-19 and last updated on 2026-06-17.
References
Affected products (279)
- cpe:2.3:o:juniper:junos:16.1:r1:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.1:r2:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.1:r3:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.1:r3-s10:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.1:r3-s11:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.1:r3-s8:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.1:r4:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.1:r4-s12:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.1:r4-s2:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.1:r4-s3:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.1:r4-s4:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.1:r4-s6:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.1:r4-s8:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.1:r4-s9:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.1:r5:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.1:r5-s4:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.1:r6:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.1:r6-s1:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.1:r6-s3:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.1:r6-s4:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.1:r6-s6:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.1:r7:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.1:r7-s2:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.1:r7-s3:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.1:r7-s4:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.1:r7-s5:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.1:r7-s6:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.1:r7-s7:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.1:r7-s8:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.1x65:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.1x65:-:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.1x65:d20:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.1x65:d30:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.1x65:d35:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.1x65:d40:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.1x65:d48:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.1x70:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.2:-:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.2:r1:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:16.2:r1-s6:*:*:*:*:*:*
More vulnerabilities in Juniper Junos
- CVE-2021-0248 — Critical (CVSS 10.0): This issue is not applicable to NFX NextGen Software. On NFX Series devices the use of Hard-coded Credentials in…
- CVE-2021-0211 — Critical (CVSS 10.0): An improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved Routing…
- CVE-2020-1614 — Critical (CVSS 10.0): A Use of Hard-coded Credentials vulnerability exists in the NFX250 Series for the vSRX Virtual Network Function (VNF)…
- CVE-2017-2343 — Critical (CVSS 10.0): The Integrated User Firewall (UserFW) feature was introduced in Junos OS version 12.1X47-D10 on the Juniper SRX Series…
- CVE-2013-4685 — Critical (CVSS 10.0): Buffer overflow in flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7, 12.1 before 12.1R6, and 12.1X44…
- CVE-2017-2349 — Critical (CVSS 9.9): A command injection vulnerability in the IDP feature of Juniper Networks Junos OS on SRX series devices potentially…
All CVEs affecting Juniper Junos →
Other CWE-668 (Exposure of Resource to Wrong Sphere) vulnerabilities
- CVE-2025-2857 — Critical (CVSS 10.0): Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in…
- CVE-2019-8779 — Critical (CVSS 10.0): A logic issue applied the incorrect restrictions. This issue was addressed by updating the logic to apply the correct…
- CVE-2012-1846 — Critical (CVSS 10.0): Google Chrome 17.0.963.66 and earlier allows remote attackers to bypass the sandbox protection mechanism by leveraging…
- CVE-2022-43684 — Critical (CVSS 9.9): ServiceNow has released patches and an upgrade that address an Access Control List (ACL) bypass issue in ServiceNow…
- CVE-2022-24900 — Critical (CVSS 9.9): Piano LED Visualizer is software that allows LED lights to light up as a person plays a piano connected to a computer.…
- CVE-2019-16541 — Critical (CVSS 9.9): Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct (folder) scope for per-folder Jira site…
Browse all CWE-668 (Exposure of Resource to Wrong Sphere) vulnerabilities →