JuniperCVELIST:CVE-2022-22220CVE-2022-22220 Junos OS and Junos OS Evolved: Due to a race condition the rpd process can crash upon receipt of a BGP update message containing flow spec route
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
40.5%
A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS, Junos OS Evolved allows a network-based unauthenticated attacker to cause a Denial of Service (DoS). When a BGP flow route with redirect IP extended community is received, and the reachability to the next-hop of the corresponding redirect IP is flapping, the rpd process might crash. Whether the crash occurs depends on the timing of the internally processing of these two events and is outside the attackers control. Please note that this issue also affects Route-Reflectors unless ‘routing-options flow firewall-install-disable’ is configured. This issue affects: Juniper Networks Junos OS: 18.4 versions prior to 18.4R2-S10, 18.4R3-S10; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R1-S8, 19.2R3-S4; 19.4 versions prior to 19.4R3-S8; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2. Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-EVO; 21.1-EVO versions prior to 21.1R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 18.4R1.
CNA Affected
[
{
"vendor": "Juniper Networks",
"product": "Junos OS",
"versions": [
{
"version": "unspecified",
"lessThan": "18.4R1",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "18.4",
"status": "affected",
"lessThan": "18.4R2-S10, 18.4R3-S10",
"versionType": "custom"
},
{
"version": "19.1",
"status": "affected",
"lessThan": "19.1R3-S7",
"versionType": "custom"
},
{
"version": "19.2",
"status": "affected",
"lessThan": "19.2R1-S8, 19.2R3-S4",
"versionType": "custom"
},
{
"version": "19.4",
"status": "affected",
"lessThan": "19.4R3-S8",
"versionType": "custom"
},
{
"version": "20.2",
"status": "affected",
"lessThan": "20.2R3-S3",
"versionType": "custom"
},
{
"version": "20.3",
"status": "affected",
"lessThan": "20.3R3-S2",
"versionType": "custom"
},
{
"version": "20.4",
"status": "affected",
"lessThan": "20.4R3",
"versionType": "custom"
},
{
"version": "21.1",
"status": "affected",
"lessThan": "21.1R2",
"versionType": "custom"
}
]
},
{
"vendor": "Juniper Networks",
"product": "Junos OS Evolved",
"versions": [
{
"version": "unspecified",
"lessThan": "20.4R2-EVO",
"status": "affected",
"versionType": "custom"
},
{
"version": "21.1-EVO",
"status": "affected",
"lessThan": "21.1R2-EVO",
"versionType": "custom"
}
]
}
]References
Related
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
40.5%