CVE-2022-22194 - OpenCVE

An Improper Check for Unusual or Exceptional Conditions vulnerability in the packetIO daemon of Juniper Networks Junos OS Evolved on PTX10003, PTX10004, and PTX10008 allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). Continued receipt of these crafted packets will cause a sustained Denial of Service condition. This issue affects Juniper Networks Junos OS Evolved all versions prior to 20.4R2-S3-EVO on PTX10003, PTX10004, and PTX10008. This issue does not affect: Juniper Networks Junos OS Evolved versions 21.1R1-EVO and above; Juniper Networks Junos OS.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Juniper	Ptx10004 Ptx10003 Ptx10008 Junos Os Evolved

Configuration 1 [-]

AND

OR	cpe:2.3:o:juniper:junos_os_evolved::::::::
	cpe:2.3:o:juniper:junos_os_evolved:20.4:r1::::::
	cpe:2.3:o:juniper:junos_os_evolved:20.4:r1-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:20.4:r1-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:20.4:r2::::::
	cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s2::::::

OR	cpe:2.3:h:juniper:ptx10003:-:::::::*
	cpe:2.3:h:juniper:ptx10004:-:::::::*
	cpe:2.3:h:juniper:ptx10008:-:::::::*

References

Link	Resource
https://kb.juniper.net/JSA69505	Mitigation Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: juniper

Published: 2022-04-13T00:00:00

Updated: 2022-04-14T15:50:55

Reserved: 2021-12-21T00:00:00

Link: CVE-2022-22194

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-04-14T16:15:08.413

Modified: 2022-04-21T09:54:01.113

Link: CVE-2022-22194

JSON object: View

Redhat Information

No data.

CWE

CWE-754

{"containers": {"cna": {"affected": [{"platforms": ["PTX10003, PTX10004, PTX10008"], "product": "Junos OS Evolved", "vendor": "Juniper Networks", "versions": [{"lessThan": "20.4R2-S3-EVO, 20.4R3-EVO", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Junos OS Evolved", "vendor": "Juniper Networks", "versions": [{"lessThan": "21.1*", "status": "unaffected", "version": "21.1R1-EVO", "versionType": "custom"}]}, {"product": "Junos OS", "vendor": "Juniper Networks", "versions": [{"status": "unaffected", "version": "any"}]}], "datePublic": "2022-04-13T00:00:00", "descriptions": [{"lang": "en", "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the packetIO daemon of Juniper Networks Junos OS Evolved on PTX10003, PTX10004, and PTX10008 allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). Continued receipt of these crafted packets will cause a sustained Denial of Service condition. This issue affects Juniper Networks Junos OS Evolved all versions prior to 20.4R2-S3-EVO on PTX10003, PTX10004, and PTX10008. This issue does not affect: Juniper Networks Junos OS Evolved versions 21.1R1-EVO and above; Juniper Networks Junos OS."}], "exploits": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-754", "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"description": "Denial of Service (DoS)", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-04-14T15:50:55", "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://kb.juniper.net/JSA69505"}], "solutions": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue: 20.4R2-S3-EVO, 20.4R3-EVO.\n"}], "source": {"advisory": "JSA69505", "defect": ["1614171"], "discovery": "USER"}, "title": "Junos OS Evolved: PTX series: An attacker sending a crafted GRE packet will cause the PFE to restart", "workarounds": [{"lang": "en", "value": "One characteristic of this vulnerability is that an FPC restart will only be triggered by a crafted GRE packet which has its' TTL set to 0 or 1 so as a workaround a filter can be implemented that drops such packets:\n\n set firewall family inet filter GREfilter term 1 from protocol gre\n set firewall family inet filter GREfilter term 1 from ttl 0\n set firewall family inet filter GREfilter term 1 then count gre-ttl-0\n set firewall family inet filter GREfilter term 1 then discard\n set firewall family inet filter GREfilter term 2 from protocol gre\n set firewall family inet filter GREfilter term 2 from ttl 1\n set firewall family inet filter GREfilter term 2 then count gre-ttl-1\n set firewall family inet filter GREfilter term 2 then discard\n set firewall family inet filter GREfilter term default then accept\n\nAn equivalent filter for family inet6 is required if IPv6 is configured on at least one interface."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "sirt@juniper.net", "DATE_PUBLIC": "2022-04-13T07:00:00.000Z", "ID": "CVE-2022-22194", "STATE": "PUBLIC", "TITLE": "Junos OS Evolved: PTX series: An attacker sending a crafted GRE packet will cause the PFE to restart"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Junos OS Evolved", "version": {"version_data": [{"platform": "PTX10003, PTX10004, PTX10008", "version_affected": "<", "version_value": "20.4R2-S3-EVO, 20.4R3-EVO"}, {"version_affected": "!>", "version_name": "21.1", "version_value": "21.1R1-EVO"}]}}, {"product_name": "Junos OS", "version": {"version_data": [{"version_affected": "!", "version_value": "any"}]}}]}, "vendor_name": "Juniper Networks"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the packetIO daemon of Juniper Networks Junos OS Evolved on PTX10003, PTX10004, and PTX10008 allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). Continued receipt of these crafted packets will cause a sustained Denial of Service condition. This issue affects Juniper Networks Junos OS Evolved all versions prior to 20.4R2-S3-EVO on PTX10003, PTX10004, and PTX10008. This issue does not affect: Juniper Networks Junos OS Evolved versions 21.1R1-EVO and above; Juniper Networks Junos OS."}]}, "exploit": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-754 Improper Check for Unusual or Exceptional Conditions"}]}, {"description": [{"lang": "eng", "value": "Denial of Service (DoS)"}]}]}, "references": {"reference_data": [{"name": "https://kb.juniper.net/JSA69505", "refsource": "CONFIRM", "url": "https://kb.juniper.net/JSA69505"}]}, "solution": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue: 20.4R2-S3-EVO, 20.4R3-EVO.\n"}], "source": {"advisory": "JSA69505", "defect": ["1614171"], "discovery": "USER"}, "work_around": [{"lang": "en", "value": "One characteristic of this vulnerability is that an FPC restart will only be triggered by a crafted GRE packet which has its' TTL set to 0 or 1 so as a workaround a filter can be implemented that drops such packets:\n\n set firewall family inet filter GREfilter term 1 from protocol gre\n set firewall family inet filter GREfilter term 1 from ttl 0\n set firewall family inet filter GREfilter term 1 then count gre-ttl-0\n set firewall family inet filter GREfilter term 1 then discard\n set firewall family inet filter GREfilter term 2 from protocol gre\n set firewall family inet filter GREfilter term 2 from ttl 1\n set firewall family inet filter GREfilter term 2 then count gre-ttl-1\n set firewall family inet filter GREfilter term 2 then discard\n set firewall family inet filter GREfilter term default then accept\n\nAn equivalent filter for family inet6 is required if IPv6 is configured on at least one interface."}]}}}, "cveMetadata": {"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "cveId": "CVE-2022-22194", "datePublished": "2022-04-13T00:00:00", "dateReserved": "2021-12-21T00:00:00", "dateUpdated": "2022-04-14T15:50:55", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*", "matchCriteriaId": "0F41A7DF-2B27-4E2E-ABFC-E0510A028199", "versionEndExcluding": "20.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1:*:*:*:*:*:*", "matchCriteriaId": "C9C8866D-162F-4C9B-8167-2FBA25410368", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "F85E5BC7-8607-4330-AA72-2273D32F8604", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1-s2:*:*:*:*:*:*", "matchCriteriaId": "878C81C9-A418-4A21-8FDB-2116A992679C", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2:*:*:*:*:*:*", "matchCriteriaId": "7451A671-A3CC-4904-8D45-947B1D3783C9", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s1:*:*:*:*:*:*", "matchCriteriaId": "0108AD20-EAE6-41D1-AE48-254C46B5388A", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s2:*:*:*:*:*:*", "matchCriteriaId": "44FBCA6F-EB05-4EE4-85FD-944BDAF7D81B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:juniper:ptx10003:-:*:*:*:*:*:*:*", "matchCriteriaId": "5BD05415-9F94-4EB8-805A-C9C0FFA9D0DF", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ptx10004:-:*:*:*:*:*:*:*", "matchCriteriaId": "C432E543-37F5-4CA0-B239-2B97C6A16907", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ptx10008:-:*:*:*:*:*:*:*", "matchCriteriaId": "65A64A26-4606-4D33-8958-5A3B7FFC4CDB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the packetIO daemon of Juniper Networks Junos OS Evolved on PTX10003, PTX10004, and PTX10008 allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). Continued receipt of these crafted packets will cause a sustained Denial of Service condition. This issue affects Juniper Networks Junos OS Evolved all versions prior to 20.4R2-S3-EVO on PTX10003, PTX10004, and PTX10008. This issue does not affect: Juniper Networks Junos OS Evolved versions 21.1R1-EVO and above; Juniper Networks Junos OS."}, {"lang": "es", "value": "Una vulnerabilidad de Comprobaci\u00f3n Inapropiada de Condiciones Inusuales o Excepcionales en el demonio packetIO de Juniper Networks Junos OS Evolved en PTX10003, PTX10004 y PTX10008 permite a un atacante no autenticado basado en la red causar una Denegaci\u00f3n de Servicio (DoS). La recepci\u00f3n continuada de estos paquetes dise\u00f1ados causar\u00e1 una condici\u00f3n de denegaci\u00f3n de servicio sostenida. Este problema afecta a Juniper Networks Junos OS Evolved todas las versiones anteriores a 20.4R2-S3-EVO en PTX10003, PTX10004 y PTX10008. Este problema no afecta: Juniper Networks Junos OS Evolved versiones 21.1R1-EVO y posteriores; Juniper Networks Junos OS"}], "id": "CVE-2022-22194", "lastModified": "2022-04-21T09:54:01.113", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "sirt@juniper.net", "type": "Secondary"}]}, "published": "2022-04-14T16:15:08.413", "references": [{"source": "sirt@juniper.net", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://kb.juniper.net/JSA69505"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-754"}], "source": "sirt@juniper.net", "type": "Primary"}]}