CVE-2022-22238

Summary

An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). When an incoming RESV message corresponding to a protected LSP is malformed it causes an incorrect internal state resulting in an rpd core. This issue affects: Juniper Networks Junos OS All versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S6; 19.4 versions prior to 19.4R3-S8; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R1-S2, 21.2R3; 21.3 versions prior to 21.3R2. Juniper Networks Junos OS Evolved All versions prior to 20.2R3-S3-EVO; 20.3-EVO version 20.3R1-EVO and later versions; 20.4-EVO versions prior to 20.4R3-S1-EVO; 21.1-EVO version 21.1R1-EVO and later versions; 21.2-EVO version 21.2R1-EVO and later versions; 21.3-EVO versions prior to 21.3R2-EVO.

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksJunos OSunspecified < 19.2R3-S6affected
Juniper NetworksJunos OS19.3 < 19.3R3-S6affected
Juniper NetworksJunos OS19.4 < 19.4R3-S8affected
Juniper NetworksJunos OS20.1 < 20.1R3-S2affected
Juniper NetworksJunos OS20.2 < 20.2R3-S3affected
Juniper NetworksJunos OS20.3 < 20.3R3-S2affected
Juniper NetworksJunos OS20.4 < 20.4R3-S1affected
Juniper NetworksJunos OS21.1 < 21.1R3affected
Juniper NetworksJunos OS21.2 < 21.2R1-S2, 21.2R3affected
Juniper NetworksJunos OS21.3 < 21.3R2affected
Juniper NetworksJunos OS Evolvedunspecified < 20.2R3-S3-EVOaffected
Juniper NetworksJunos OS Evolved20.3R1-EVO < 20.3-EVO*affected
Juniper NetworksJunos OS Evolved20.4-EVO < 20.4R3-S1-EVOaffected
Juniper NetworksJunos OS Evolved21.1R1-EVO < 21.1-EVO*affected
Juniper NetworksJunos OS Evolved21.2R1-EVO < 21.2-EVO*affected
Juniper NetworksJunos OS Evolved21.3-EVO < 21.3R2-EVOaffected

Weaknesses

  • CWE-754: CWE-754 Improper Check for Unusual or Exceptional Conditions
  • Denial of Service (DoS)

Workarounds

There are no viable workarounds for this issue.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References