CVE-2022-22201 — Improper Validation of Specified Index, Position, or Offset in Input in Networks Junos OS

CWE-1285 — Improper Validation of Specified Index, Position, or Offset in Input CWE-20 — Improper Input Validation4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.4%

top 36.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos

Timeline

PublishedOct 18

Description

An Improper Validation of Specified Index, Position, or Offset in Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated network-based attacker to cause a Denial of Service (DoS). On SRX5000 Series with SPC3, SRX4000 Series, and vSRX, when PowerMode IPsec is configured and a malformed ESP packet matching an established IPsec tunnel is received the PFE crashes. This issue affects Juniper Networks Junos OS on SRX5000 Series with SPC3, SRX40…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_osunspecified — 19.4R2-S6, 19.4R3-S7+7

▶NVDjuniper/junos< 19.4+8

🔴Vulnerability Details

CVEList

SRX5000 Series with SPC3, SRX4000 Series, and vSRX: When PowerMode IPsec is configured, the PFE will crash upon receipt of a malformed ESP packet↗2022-10-18

▶

GHSA

GHSA-7632-gv3v-j58r: An Improper Validation of Specified Index, Position, or Offset in Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos↗2022-10-18

▶

📋Vendor Advisories

Juniper

CVE-2022-22201: An Improper Validation of Specified Index, Position, or Offset in Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos↗2022-10-18

▶