CVE-2022-22197

Summary

An Operation on a Resource after Expiration or Release vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker with an established BGP session to cause a Denial of Service (DoS). This issue occurs when proxy-generate route-target filtering is enabled, and certain proxy-route add and delete events are happening. This issue affects: Juniper Networks Junos OS All versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S13, 17.4R3-S4; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R1-S8, 18.4R2-S8, 18.4R3-S6; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S1; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2; 20.3 versions prior to 20.3R1-S2, 20.3R2. Juniper Networks Junos OS Evolved All versions prior to 20.1R3-EVO; 20.2 versions prior to 20.2R3-EVO; 20.3 versions prior to 20.3R2-EVO.

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksJunos OSunspecified < 17.3R3-S11affected
Juniper NetworksJunos OS17.4 < 17.4R2-S13, 17.4R3-S4affected
Juniper NetworksJunos OS18.3 < 18.3R3-S4affected
Juniper NetworksJunos OS18.4 < 18.4R1-S8, 18.4R2-S8, 18.4R3-S6affected
Juniper NetworksJunos OS19.1 < 19.1R3-S4affected
Juniper NetworksJunos OS19.2 < 19.2R1-S6, 19.2R3-S2affected
Juniper NetworksJunos OS19.3 < 19.3R2-S6, 19.3R3-S1affected
Juniper NetworksJunos OS19.4 < 19.4R1-S4, 19.4R2-S4, 19.4R3affected
Juniper NetworksJunos OS20.1 < 20.1R2affected
Juniper NetworksJunos OS20.2 < 20.2R2affected
Juniper NetworksJunos OS20.3 < 20.3R1-S2, 20.3R2affected
Juniper NetworksJunos OS Evolvedunspecified < 20.1R3-EVOaffected
Juniper NetworksJunos OS Evolved20.2 < 20.2R3-EVOaffected
Juniper NetworksJunos OS Evolved20.3 < 20.3R2-EVOaffected

Weaknesses

  • CWE-672: CWE-672 Operation on a Resource after Expiration or Release
  • Denial of Service (DoS)

Workarounds

There are no viable workarounds for this issue.

ADP Enrichment

CVE Program Container

Additional References

References