CVE-2022-22216Sensitive Information Exposure in Networks Junos OS

CWE-200Sensitive Information Exposure4 documents4 sources
Severity
4.3MEDIUMNVD
CNA5.0
EPSS
0.2%
top 58.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedJul 20
Latest updateJul 21

Description

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the PFE of Juniper Networks Junos OS on PTX Series and QFX10k Series allows an adjacent unauthenticated attacker to gain access to sensitive information. PTX1000 and PTX10000 Series, and QFX10000 Series and PTX5000 Series devices sometimes do not reliably pad Ethernet packets, and thus some packets can contain fragments of system memory or data from previous packets. This issue is also known as 'Etherleak' and often d

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5juniper_networks/junos_osunspecified18.4R3-S11+16
NVDjuniper/junos< 18.4+13

🔴Vulnerability Details

2
GHSA
GHSA-8r8m-8qj7-8fm2: An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the PFE of Juniper Networks Junos OS on PTX Series and QFX10k Series al2022-07-21
CVEList
Junos OS: PTX Series and QFX10000 Series: 'Etherleak' memory disclosure in Ethernet padding data2022-07-20

📋Vendor Advisories

1
Juniper
CVE-2022-22216: An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the PFE of Juniper Networks Junos OS on PTX Series and QFX10k Series al2022-07-20
CVE-2022-22216 — Sensitive Information Exposure | cvebase