CVE-2022-22203 - OpenCVE

An Incorrect Comparison vulnerability in PFE of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to cause a Denial of Service (DoS). On QFX5000 Series, and EX4600 and EX4650 platforms, the fxpc process will crash followed by the FPC reboot upon receipt of a specific hostbound packet. Continued receipt of these specific packets will create a sustained Denial of Service (DoS) condition. This issue only affects Juniper Networks Junos OS 19.4 version 19.4R3-S4.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Juniper	Ex4600 Ex4650 Junos Qfx5100 Qfx5110 Qfx5120 Qfx5130 Qfx5200 Qfx5210 Qfx5220 Qfx5700

Configuration 1 [-]

AND

cpe:2.3:o:juniper:junos:19.4:r3-s4:*:*:*:*:*:*

OR	cpe:2.3:h:juniper:ex4600:-:::::::*
	cpe:2.3:h:juniper:ex4650:-:::::::*
	cpe:2.3:h:juniper:qfx5100:-:::::::*
	cpe:2.3:h:juniper:qfx5110:-:::::::*
	cpe:2.3:h:juniper:qfx5120:-:::::::*
	cpe:2.3:h:juniper:qfx5130:-:::::::*
	cpe:2.3:h:juniper:qfx5200:-:::::::*
	cpe:2.3:h:juniper:qfx5210:-:::::::*
	cpe:2.3:h:juniper:qfx5220:-:::::::*
	cpe:2.3:h:juniper:qfx5700:-:::::::*

No data.

References

Link	Providers
https://kb.juniper.net/JSA69707

History

Mon, 16 Sep 2024 21:15:00 +0000

Type	Values Removed	Values Added
Title	Junos OS: EX4600 Series and QFX5000 Series: Receipt of specific traffic will lead to an fxpc process crash followed by an FPC reboot	Junos OS: EX4600 Series and QFX5000 Series: Receipt of specific traffic will lead to an fxpc process crash followed by an FPC reboot

MITRE

Status: PUBLISHED

Assigner: juniper

Published: 2022-07-20T14:11:21.678530Z

Updated: 2024-09-16T20:57:25.587Z

Reserved: 2021-12-21T00:00:00

Link: CVE-2022-22203

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-07-20T15:15:08.333

Modified: 2022-07-27T19:07:14.133

Link: CVE-2022-22203

Redhat

No data.

{"containers": {"cna": {"affected": [{"platforms": ["EX4600 Series, QFX5000 Series"], "product": "Junos OS", "vendor": "Juniper Networks", "versions": [{"lessThan": "19.4R3-S4", "status": "unaffected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "19.4R3-S5", "status": "affected", "version": "19.4", "versionType": "custom"}]}], "datePublic": "2022-07-13T00:00:00", "descriptions": [{"lang": "en", "value": "An Incorrect Comparison vulnerability in PFE of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to cause a Denial of Service (DoS). On QFX5000 Series, and EX4600 and EX4650 platforms, the fxpc process will crash followed by the FPC reboot upon receipt of a specific hostbound packet. Continued receipt of these specific packets will create a sustained Denial of Service (DoS) condition. This issue only affects Juniper Networks Junos OS 19.4 version 19.4R3-S4."}], "exploits": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-697", "description": "CWE-697 Incorrect Comparison", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"description": "Denial of Service (DoS)", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-07-20T14:11:21", "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://kb.juniper.net/JSA69707"}], "solutions": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue: 19.4R3-S5, and all subsequent releases."}], "source": {"advisory": "JSA69707", "defect": ["1629178"], "discovery": "USER"}, "title": "Junos OS: EX4600 Series and QFX5000 Series: Receipt of specific traffic will lead to an fxpc process crash followed by an FPC reboot", "workarounds": [{"lang": "en", "value": "There are no viable workarounds for this issue."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "sirt@juniper.net", "DATE_PUBLIC": "2022-07-13T16:00:00.000Z", "ID": "CVE-2022-22203", "STATE": "PUBLIC", "TITLE": "Junos OS: EX4600 Series and QFX5000 Series: Receipt of specific traffic will lead to an fxpc process crash followed by an FPC reboot"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Junos OS", "version": {"version_data": [{"platform": "EX4600 Series, QFX5000 Series", "version_affected": "<", "version_name": "19.4", "version_value": "19.4R3-S5"}, {"platform": "EX4600 Series, QFX5000 Series", "version_affected": "!<", "version_value": "19.4R3-S4"}]}}]}, "vendor_name": "Juniper Networks"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An Incorrect Comparison vulnerability in PFE of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to cause a Denial of Service (DoS). On QFX5000 Series, and EX4600 and EX4650 platforms, the fxpc process will crash followed by the FPC reboot upon receipt of a specific hostbound packet. Continued receipt of these specific packets will create a sustained Denial of Service (DoS) condition. This issue only affects Juniper Networks Junos OS 19.4 version 19.4R3-S4."}]}, "exploit": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-697 Incorrect Comparison"}]}, {"description": [{"lang": "eng", "value": "Denial of Service (DoS)"}]}]}, "references": {"reference_data": [{"name": "https://kb.juniper.net/JSA69707", "refsource": "CONFIRM", "url": "https://kb.juniper.net/JSA69707"}]}, "solution": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue: 19.4R3-S5, and all subsequent releases."}], "source": {"advisory": "JSA69707", "defect": ["1629178"], "discovery": "USER"}, "work_around": [{"lang": "en", "value": "There are no viable workarounds for this issue."}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:07:50.044Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kb.juniper.net/JSA69707"}]}]}, "cveMetadata": {"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "cveId": "CVE-2022-22203", "datePublished": "2022-07-20T14:11:21.678530Z", "dateReserved": "2021-12-21T00:00:00", "dateUpdated": "2024-09-16T20:57:25.587Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:19.4:r3-s4:*:*:*:*:*:*", "matchCriteriaId": "A209EE6F-E676-4172-8FF3-4E03748DEB13", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*", "matchCriteriaId": "D1BB20B5-EA30-4E8E-9055-2E629648436A", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*", "matchCriteriaId": "2B425BB1-3C78-42B1-A6C1-216E514191F0", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:qfx5100:-:*:*:*:*:*:*:*", "matchCriteriaId": "E974B4BC-64C5-4BB6-AF31-D46AF3763416", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*", "matchCriteriaId": "79A8847B-4F98-4949-8639-5CD2B411D10F", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*", "matchCriteriaId": "09EBDE4B-764F-4DF1-844A-BB8A52CD53EF", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:qfx5130:-:*:*:*:*:*:*:*", "matchCriteriaId": "AB58A6E9-FFCF-4331-AC3B-45C37BD1943E", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*", "matchCriteriaId": "EDC5478F-A047-4F6D-BB11-0077A74C0174", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*", "matchCriteriaId": "D877320D-1997-4B66-B11B-864020C755E1", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:qfx5220:-:*:*:*:*:*:*:*", "matchCriteriaId": "D193BEBD-9436-468D-B89E-D5720603451D", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:qfx5700:-:*:*:*:*:*:*:*", "matchCriteriaId": "C7D6C74F-E85F-4D62-BDAF-FE619B467C76", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An Incorrect Comparison vulnerability in PFE of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to cause a Denial of Service (DoS). On QFX5000 Series, and EX4600 and EX4650 platforms, the fxpc process will crash followed by the FPC reboot upon receipt of a specific hostbound packet. Continued receipt of these specific packets will create a sustained Denial of Service (DoS) condition. This issue only affects Juniper Networks Junos OS 19.4 version 19.4R3-S4."}, {"lang": "es", "value": "Una vulnerabilidad de comparaci\u00f3n incorrecta en PFE del Sistema Operativo Junos de Juniper Networks permite a un atacante adyacente no autenticado causar una Denegaci\u00f3n de Servicio (DoS). En la serie QFX5000 y en las plataformas EX4600 y EX4650, el proceso fxpc ser\u00e1 bloqueado seguido del reinicio de la FPC al recibir un paquete espec\u00edfico dirigido al host. La recepci\u00f3n continuada de estos paquetes espec\u00edficos crear\u00e1 una condici\u00f3n de Denegaci\u00f3n de Servicio (DoS) sostenida. Este problema s\u00f3lo afecta a Juniper Networks Junos OS 19.4 versi\u00f3n 19.4R3-S4"}], "id": "CVE-2022-22203", "lastModified": "2022-07-27T19:07:14.133", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "sirt@juniper.net", "type": "Secondary"}]}, "published": "2022-07-20T15:15:08.333", "references": [{"source": "sirt@juniper.net", "tags": ["Vendor Advisory"], "url": "https://kb.juniper.net/JSA69707"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-697"}], "source": "sirt@juniper.net", "type": "Primary"}]}