CVE-2022-22203 — Incorrect Comparison in Networks Junos OS

CWE-697 — Incorrect Comparison4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 69.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos

Timeline

PublishedJul 20

Latest updateJul 21

Description

An Incorrect Comparison vulnerability in PFE of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to cause a Denial of Service (DoS). On QFX5000 Series, and EX4600 and EX4650 platforms, the fxpc process will crash followed by the FPC reboot upon receipt of a specific hostbound packet. Continued receipt of these specific packets will create a sustained Denial of Service (DoS) condition. This issue only affects Juniper Networks Junos OS 19.4 version 19.4R3-S4.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_os19.4 — 19.4R3-S5

▶NVDjuniper/junos19.4

🔴Vulnerability Details

GHSA

GHSA-9jvf-2hr4-2rrp: An Incorrect Comparison vulnerability in PFE of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to cause a Denial of Service (Do↗2022-07-21

▶

CVEList

Junos OS: EX4600 Series and QFX5000 Series: Receipt of specific traffic will lead to an fxpc process crash followed by an FPC reboot↗2022-07-20

▶

📋Vendor Advisories

Juniper

CVE-2022-22203: An Incorrect Comparison vulnerability in PFE of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to cause a Denial of Service (Do↗2022-07-20

▶