CVE-2022-22225 — Time-of-check Time-of-use (TOCTOU) Race Condition in Networks Junos OS

CWE-367 — Time-of-check Time-of-use (TOCTOU) Race Condition4 documents4 sources

Severity

5.9MEDIUMNVD

EPSS

0.2%

top 54.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Networks Junos OS Evolved Juniper Junos OS Evolved +1 more

Timeline

PublishedOct 18

Description

A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated attacker with an established BGP session to cause a Denial of Service (DoS). In a BGP multipath scenario, when one of the contributing routes is flapping often and rapidly, rpd may crash. As this crash depends on whether a route is a contributing route, and on the internal timing of the events triggered by the flap this…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5juniper_networks/junos_os_evolvedunspecified — 20.4R3-S4-EVO+3

▶CVEListV5juniper_networks/junos_os20.2 — 20.2R3-S4+5

▶NVDjuniper/junos_os_evolved< 20.4+4

▶NVDjuniper/junos7 versions+6

🔴Vulnerability Details

CVEList

Junos OS and Junos OS Evolved: In a BGP multipath scenario, when one of the contributing routes is flapping often and rapidly, rpd may crash↗2022-10-18

▶

GHSA

GHSA-4g5p-cvc5-x477: A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolv↗2022-10-18

▶

📋Vendor Advisories

Juniper

CVE-2022-22225: A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolv↗2022-10-18

▶