CVE-2022-22216

Summary

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the PFE of Juniper Networks Junos OS on PTX Series and QFX10k Series allows an adjacent unauthenticated attacker to gain access to sensitive information. PTX1000 and PTX10000 Series, and QFX10000 Series and PTX5000 Series devices sometimes do not reliably pad Ethernet packets, and thus some packets can contain fragments of system memory or data from previous packets. This issue is also known as 'Etherleak' and often detected as CVE-2003-0001. This issue affects: Juniper Networks Junos OS on PTX1000 and PTX10000 Series: All versions prior to 18.4R3-S11; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S8, 19.2R3-S4; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R2-S5, 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R1-S1, 21.2R2. Juniper Networks Junos OS on QFX10000 Series and PTX5000 Series: All versions prior to 18.3R3-S6; 18.4 versions prior to 18.4R2-S9, 18.4R3-S10; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S8, 19.2R3-S4; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R2-S6, 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R2.

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksJunos OSunspecified < 18.4R3-S11affected
Juniper NetworksJunos OS19.1 < 19.1R2-S3, 19.1R3-S7affected
Juniper NetworksJunos OS19.2 < 19.2R1-S8, 19.2R3-S4affected
Juniper NetworksJunos OS19.3 < 19.3R3-S4affected
Juniper NetworksJunos OS19.4 < 19.4R2-S5, 19.4R3-S6affected
Juniper NetworksJunos OS20.1 < 20.1R3-S2affected
Juniper NetworksJunos OS20.2 < 20.2R3-S3affected
Juniper NetworksJunos OS20.3 < 20.3R3-S2affected
Juniper NetworksJunos OS20.4 < 20.4R3-S4affected
Juniper NetworksJunos OS21.1 < 21.1R2-S1, 21.1R3affected
Juniper NetworksJunos OS21.2 < 21.2R1-S1, 21.2R2affected
Juniper NetworksJunos OSunspecified < 18.3R3-S6affected
Juniper NetworksJunos OS18.4 < 18.4R2-S9, 18.4R3-S10affected
Juniper NetworksJunos OS19.1 < 19.1R2-S3, 19.1R3-S7affected
Juniper NetworksJunos OS19.2 < 19.2R1-S8, 19.2R3-S4affected
Juniper NetworksJunos OS19.3 < 19.3R3-S4affected
Juniper NetworksJunos OS19.4 < 19.4R2-S6, 19.4R3-S6affected
Juniper NetworksJunos OS20.1 < 20.1R3-S2affected
Juniper NetworksJunos OS20.2 < 20.2R3-S3affected
Juniper NetworksJunos OS20.3 < 20.3R3-S1affected
Juniper NetworksJunos OS20.4 < 20.4R3-S1affected
Juniper NetworksJunos OS21.1 < 21.1R2-S1, 21.1R3affected
Juniper NetworksJunos OS21.2 < 21.2R2affected

Weaknesses

  • CWE-200: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Workarounds

There are no known workarounds for this issue.

ADP Enrichment

CVE Program Container

Additional References

References