CVE-2022-22224

Summary

An Improper Check or Handling of Exceptional Conditions vulnerability in the processing of a malformed OSPF TLV in Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause the periodic packet management daemon (PPMD) process to go into an infinite loop, which in turn can cause protocols and functions reliant on PPMD such as OSPF neighbor reachability to be impacted, resulting in a sustained Denial of Service (DoS) condition. The DoS condition persists until the PPMD process is manually restarted. This issue affects: Juniper Networks Junos OS: All versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S5; 19.3 versions prior to 19.3R3-S3; 19.4 versions prior to 19.4R3-S9; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3-S1; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2. Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S3-EVO; 21.1 versions prior to 21.1R2-EVO.

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksJunos OSunspecified < 19.1R3-S9affected
Juniper NetworksJunos OS19.2 < 19.2R3-S5affected
Juniper NetworksJunos OS19.3 < 19.3R3-S3affected
Juniper NetworksJunos OS19.4 < 19.4R3-S9affected
Juniper NetworksJunos OS20.1 < 20.1R3affected
Juniper NetworksJunos OS20.2 < 20.2R3-S1affected
Juniper NetworksJunos OS20.3 < 20.3R3affected
Juniper NetworksJunos OS20.4 < 20.4R3affected
Juniper NetworksJunos OS21.1 < 21.1R2affected
Juniper NetworksJunos OS Evolvedunspecified < 20.4R3-S3-EVOaffected
Juniper NetworksJunos OS Evolved21.1 < 21.1R2-EVOaffected

Weaknesses

  • CWE-703: CWE-703 Improper Check or Handling of Exceptional Conditions
  • Denial of Service (DoS)

Workarounds

There are no viable workarounds for this issue. However, service can be restored by restarting the PPMD process from the Junos shell:

First, identify the PID for the daemon.

root@Junos:~ # ps -aux | grep "[p]pm" root 73848 0.0 0.0 740624 14072 - S 29Apr22 20:53.61 /usr/sbin/ppmd -N

Second, kill the process.

root@Junos:~ # kill -9 73848

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References