CVE-2022-22223 — Improper Validation of Specified Index, Position, or Offset in Input in Networks Junos OS

CWE-1285 — Improper Validation of Specified Index, Position, or Offset in Input CWE-20 — Improper Input Validation4 documents4 sources

Severity

7.5HIGHNVD

CNA6.5

EPSS

0.4%

top 38.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos

Timeline

PublishedOct 18

Description

On QFX10000 Series devices using Juniper Networks Junos OS when configured as transit IP/MPLS penultimate hop popping (PHP) nodes with link aggregation group (LAG) interfaces, an Improper Validation of Specified Index, Position, or Offset in Input weakness allows an attacker sending certain IP packets to cause multiple interfaces in the LAG to detach causing a Denial of Service (DoS) condition. Continued receipt and processing of these packets will sustain the Denial of Service. This issue affec…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_osunspecified — 15.1R7-S11+12

▶NVDjuniper/junos< 15.1+13

🔴Vulnerability Details

GHSA

GHSA-c588-hc3r-c268: On QFX10000 Series devices using Juniper Networks Junos OS when configured as transit IP/MPLS penultimate hop popping (PHP) nodes with link aggregatio↗2022-10-18

▶

CVEList

Junos OS: QFX10000 Series: In IP/MPLS PHP node scenarios upon receipt of certain crafted packets multiple interfaces in LAG configurations may detach.↗2022-10-18

▶

📋Vendor Advisories

Juniper

CVE-2022-22223: On QFX10000 Series devices using Juniper Networks Junos OS when configured as transit IP/MPLS penultimate hop popping (PHP) nodes with link aggregatio↗2022-10-18

▶