Lucene search

[email protected]CVE-2022-22171

HistoryJan 19, 2022 - 1:15 a.m.

CVE-2022-22171

2022-01-1901:15:09

CWE-754

[email protected]

web.nvd.nist.gov

cve-2022-22171

juniper networks

junos os

pfe

denial of service

dos

vxlan

vulnerability

nvd

network security

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

38.3%

JSON

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause a Denial of Service (DoS) by sending specific packets over VXLAN which cause the PFE to reset. This issue affects: Juniper Networks Junos OS 19.4 versions prior to 19.4R3-S7; 20.1 versions prior to 20.1R3-S3; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2; 21.3 versions prior to 21.3R1-S1, 21.3R2. This issue does not affect versions of Junos OS prior to 19.4R1.

Affected configurations

NVD

Node

juniperjunosMatch19.4r1

juniperjunosMatch19.4r1-s1

juniperjunosMatch19.4r1-s2

juniperjunosMatch19.4r1-s3

juniperjunosMatch19.4r1-s4

juniperjunosMatch19.4r2

juniperjunosMatch19.4r2-s1

juniperjunosMatch19.4r2-s2

juniperjunosMatch19.4r2-s3

juniperjunosMatch19.4r2-s4

juniperjunosMatch19.4r2-s5

juniperjunosMatch19.4r3

juniperjunosMatch19.4r3-s1

juniperjunosMatch19.4r3-s2

juniperjunosMatch19.4r3-s3

juniperjunosMatch19.4r3-s4

juniperjunosMatch19.4r3-s5

juniperjunosMatch19.4r3-s6

juniperjunosMatch20.1r1

juniperjunosMatch20.1r1-s1

juniperjunosMatch20.1r1-s2

juniperjunosMatch20.1r1-s3

juniperjunosMatch20.1r1-s4

juniperjunosMatch20.1r2

juniperjunosMatch20.1r2-s1

juniperjunosMatch20.1r2-s2

juniperjunosMatch20.1r3

juniperjunosMatch20.1r3-s1

juniperjunosMatch20.1r3-s2

juniperjunosMatch20.2r1

juniperjunosMatch20.2r1-s1

juniperjunosMatch20.2r1-s2

juniperjunosMatch20.2r1-s3

juniperjunosMatch20.2r2

juniperjunosMatch20.2r2-s1

juniperjunosMatch20.2r2-s2

juniperjunosMatch20.2r2-s3

juniperjunosMatch20.2r3

juniperjunosMatch20.2r3-s1

juniperjunosMatch20.2r3-s2

juniperjunosMatch20.3r1

juniperjunosMatch20.3r1-s1

juniperjunosMatch20.3r2

juniperjunosMatch20.3r2-s1

juniperjunosMatch20.3r3

juniperjunosMatch20.3r3-s1

juniperjunosMatch20.4r1

juniperjunosMatch20.4r1-s1

juniperjunosMatch20.4r2

juniperjunosMatch20.4r2-s1

juniperjunosMatch20.4r2-s2

juniperjunosMatch20.4r3

juniperjunosMatch21.1r1

juniperjunosMatch21.1r1-s1

juniperjunosMatch21.1r2

juniperjunosMatch21.1r2-s1

juniperjunosMatch21.2r1

juniperjunosMatch21.2r1-s1

juniperjunosMatch21.3r1

CPENameOperatorVersion
juniper:junosjuniper junoseq19.4
juniper:junosjuniper junoseq20.1
juniper:junosjuniper junoseq20.2
juniper:junosjuniper junoseq20.3
juniper:junosjuniper junoseq20.4
juniper:junosjuniper junoseq21.1
juniper:junosjuniper junoseq21.2
juniper:junosjuniper junoseq21.3

CPE	Name	Operator	Version
juniper:junos	juniper junos	eq	19.4
juniper:junos	juniper junos	eq	20.1
juniper:junos	juniper junos	eq	20.2
juniper:junos	juniper junos	eq	20.3
juniper:junos	juniper junos	eq	20.4
juniper:junos	juniper junos	eq	21.1
juniper:junos	juniper junos	eq	21.2
juniper:junos	juniper junos	eq	21.3

CNA Affected

[
  {
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "19.4R1",
        "status": "unaffected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "19.4R3-S7",
        "status": "affected",
        "version": "19.4",
        "versionType": "custom"
      },
      {
        "lessThan": "20.1R3-S3",
        "status": "affected",
        "version": "20.1",
        "versionType": "custom"
      },
      {
        "lessThan": "20.2R3-S3",
        "status": "affected",
        "version": "20.2",
        "versionType": "custom"
      },
      {
        "lessThan": "20.3R3-S2",
        "status": "affected",
        "version": "20.3",
        "versionType": "custom"
      },
      {
        "lessThan": "20.4R3-S1",
        "status": "affected",
        "version": "20.4",
        "versionType": "custom"
      },
      {
        "lessThan": "21.1R3",
        "status": "affected",
        "version": "21.1",
        "versionType": "custom"
      },
      {
        "lessThan": "21.2R2",
        "status": "affected",
        "version": "21.2",
        "versionType": "custom"
      },
      {
        "lessThan": "21.3R1-S1, 21.3R2",
        "status": "affected",
        "version": "21.3",
        "versionType": "custom"
      }
    ]
  }
]

References

kb.juniper.net/JSA11277

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

38.3%

JSON

Related for CVE-2022-22171

prion1 nvd1 cvelist1 nessus1