CVE-2022-22194 - Vulnerability Details

Vendors	Products
Juniper	Junos Os Evolved Ptx10003 Ptx10004 Ptx10008

Source	ID	Title
EUVD	EUVD-2022-27341	An Improper Check for Unusual or Exceptional Conditions vulnerability in the packetIO daemon of Juniper Networks Junos OS Evolved on PTX10003, PTX10004, and PTX10008 allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). Continued receipt of these crafted packets will cause a sustained Denial of Service condition. This issue affects Juniper Networks Junos OS Evolved all versions prior to 20.4R2-S3-EVO on PTX10003, PTX10004, and PTX10008. This issue does not affect: Juniper Networks Junos OS Evolved versions 21.1R1-EVO and above; Juniper Networks Junos OS.

Link	Providers
https://kb.juniper.net/JSA69505

{"containers": {"cna": {"affected": [{"platforms": ["PTX10003, PTX10004, PTX10008"], "product": "Junos OS Evolved", "vendor": "Juniper Networks", "versions": [{"lessThan": "20.4R2-S3-EVO, 20.4R3-EVO", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Junos OS Evolved", "vendor": "Juniper Networks", "versions": [{"lessThan": "21.1*", "status": "unaffected", "version": "21.1R1-EVO", "versionType": "custom"}]}, {"product": "Junos OS", "vendor": "Juniper Networks", "versions": [{"status": "unaffected", "version": "any"}]}], "datePublic": "2022-04-13T00:00:00", "descriptions": [{"lang": "en", "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the packetIO daemon of Juniper Networks Junos OS Evolved on PTX10003, PTX10004, and PTX10008 allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). Continued receipt of these crafted packets will cause a sustained Denial of Service condition. This issue affects Juniper Networks Junos OS Evolved all versions prior to 20.4R2-S3-EVO on PTX10003, PTX10004, and PTX10008. This issue does not affect: Juniper Networks Junos OS Evolved versions 21.1R1-EVO and above; Juniper Networks Junos OS."}], "exploits": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-754", "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"description": "Denial of Service (DoS)", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-04-14T15:50:55", "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://kb.juniper.net/JSA69505"}], "solutions": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue: 20.4R2-S3-EVO, 20.4R3-EVO."}], "source": {"advisory": "JSA69505", "defect": ["1614171"], "discovery": "USER"}, "title": "Junos OS Evolved: PTX series: An attacker sending a crafted GRE packet will cause the PFE to restart", "workarounds": [{"lang": "en", "value": "One characteristic of this vulnerability is that an FPC restart will only be triggered by a crafted GRE packet which has its' TTL set to 0 or 1 so as a workaround a filter can be implemented that drops such packets:\n\n set firewall family inet filter GREfilter term 1 from protocol gre\n set firewall family inet filter GREfilter term 1 from ttl 0\n set firewall family inet filter GREfilter term 1 then count gre-ttl-0\n set firewall family inet filter GREfilter term 1 then discard\n set firewall family inet filter GREfilter term 2 from protocol gre\n set firewall family inet filter GREfilter term 2 from ttl 1\n set firewall family inet filter GREfilter term 2 then count gre-ttl-1\n set firewall family inet filter GREfilter term 2 then discard\n set firewall family inet filter GREfilter term default then accept\n\nAn equivalent filter for family inet6 is required if IPv6 is configured on at least one interface."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "sirt@juniper.net", "DATE_PUBLIC": "2022-04-13T07:00:00.000Z", "ID": "CVE-2022-22194", "STATE": "PUBLIC", "TITLE": "Junos OS Evolved: PTX series: An attacker sending a crafted GRE packet will cause the PFE to restart"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Junos OS Evolved", "version": {"version_data": [{"platform": "PTX10003, PTX10004, PTX10008", "version_affected": "<", "version_value": "20.4R2-S3-EVO, 20.4R3-EVO"}, {"version_affected": "!>", "version_name": "21.1", "version_value": "21.1R1-EVO"}]}}, {"product_name": "Junos OS", "version": {"version_data": [{"version_affected": "!", "version_value": "any"}]}}]}, "vendor_name": "Juniper Networks"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the packetIO daemon of Juniper Networks Junos OS Evolved on PTX10003, PTX10004, and PTX10008 allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). Continued receipt of these crafted packets will cause a sustained Denial of Service condition. This issue affects Juniper Networks Junos OS Evolved all versions prior to 20.4R2-S3-EVO on PTX10003, PTX10004, and PTX10008. This issue does not affect: Juniper Networks Junos OS Evolved versions 21.1R1-EVO and above; Juniper Networks Junos OS."}]}, "exploit": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-754 Improper Check for Unusual or Exceptional Conditions"}]}, {"description": [{"lang": "eng", "value": "Denial of Service (DoS)"}]}]}, "references": {"reference_data": [{"name": "https://kb.juniper.net/JSA69505", "refsource": "CONFIRM", "url": "https://kb.juniper.net/JSA69505"}]}, "solution": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue: 20.4R2-S3-EVO, 20.4R3-EVO."}], "source": {"advisory": "JSA69505", "defect": ["1614171"], "discovery": "USER"}, "work_around": [{"lang": "en", "value": "One characteristic of this vulnerability is that an FPC restart will only be triggered by a crafted GRE packet which has its' TTL set to 0 or 1 so as a workaround a filter can be implemented that drops such packets:\n\n set firewall family inet filter GREfilter term 1 from protocol gre\n set firewall family inet filter GREfilter term 1 from ttl 0\n set firewall family inet filter GREfilter term 1 then count gre-ttl-0\n set firewall family inet filter GREfilter term 1 then discard\n set firewall family inet filter GREfilter term 2 from protocol gre\n set firewall family inet filter GREfilter term 2 from ttl 1\n set firewall family inet filter GREfilter term 2 then count gre-ttl-1\n set firewall family inet filter GREfilter term 2 then discard\n set firewall family inet filter GREfilter term default then accept\n\nAn equivalent filter for family inet6 is required if IPv6 is configured on at least one interface."}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:07:49.881Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kb.juniper.net/JSA69505"}]}]}, "cveMetadata": {"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "cveId": "CVE-2022-22194", "datePublished": "2022-04-14T15:50:55.258749Z", "dateReserved": "2021-12-21T00:00:00", "dateUpdated": "2024-09-17T04:20:48.042Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*", "matchCriteriaId": "0F41A7DF-2B27-4E2E-ABFC-E0510A028199", "versionEndExcluding": "20.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1:*:*:*:*:*:*", "matchCriteriaId": "C9C8866D-162F-4C9B-8167-2FBA25410368", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "F85E5BC7-8607-4330-AA72-2273D32F8604", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1-s2:*:*:*:*:*:*", "matchCriteriaId": "878C81C9-A418-4A21-8FDB-2116A992679C", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2:*:*:*:*:*:*", "matchCriteriaId": "7451A671-A3CC-4904-8D45-947B1D3783C9", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s1:*:*:*:*:*:*", "matchCriteriaId": "0108AD20-EAE6-41D1-AE48-254C46B5388A", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s2:*:*:*:*:*:*", "matchCriteriaId": "44FBCA6F-EB05-4EE4-85FD-944BDAF7D81B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:juniper:ptx10003:-:*:*:*:*:*:*:*", "matchCriteriaId": "5BD05415-9F94-4EB8-805A-C9C0FFA9D0DF", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ptx10004:-:*:*:*:*:*:*:*", "matchCriteriaId": "C432E543-37F5-4CA0-B239-2B97C6A16907", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ptx10008:-:*:*:*:*:*:*:*", "matchCriteriaId": "65A64A26-4606-4D33-8958-5A3B7FFC4CDB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the packetIO daemon of Juniper Networks Junos OS Evolved on PTX10003, PTX10004, and PTX10008 allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). Continued receipt of these crafted packets will cause a sustained Denial of Service condition. This issue affects Juniper Networks Junos OS Evolved all versions prior to 20.4R2-S3-EVO on PTX10003, PTX10004, and PTX10008. This issue does not affect: Juniper Networks Junos OS Evolved versions 21.1R1-EVO and above; Juniper Networks Junos OS."}, {"lang": "es", "value": "Una vulnerabilidad de Comprobaci\u00f3n Inapropiada de Condiciones Inusuales o Excepcionales en el demonio packetIO de Juniper Networks Junos OS Evolved en PTX10003, PTX10004 y PTX10008 permite a un atacante no autenticado basado en la red causar una Denegaci\u00f3n de Servicio (DoS). La recepci\u00f3n continuada de estos paquetes dise\u00f1ados causar\u00e1 una condici\u00f3n de denegaci\u00f3n de servicio sostenida. Este problema afecta a Juniper Networks Junos OS Evolved todas las versiones anteriores a 20.4R2-S3-EVO en PTX10003, PTX10004 y PTX10008. Este problema no afecta: Juniper Networks Junos OS Evolved versiones 21.1R1-EVO y posteriores; Juniper Networks Junos OS"}], "id": "CVE-2022-22194", "lastModified": "2024-11-21T06:46:21.957", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "sirt@juniper.net", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-04-14T16:15:08.413", "references": [{"source": "sirt@juniper.net", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://kb.juniper.net/JSA69505"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://kb.juniper.net/JSA69505"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-754"}], "source": "sirt@juniper.net", "type": "Secondary"}]}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object