CVE-2022-22227Improper Check for Unusual or Exceptional Conditions in Networks Junos OS Evolved

CWE-754Improper Check for Unusual or Exceptional Conditions4 documents4 sources
Severity
5.3MEDIUMNVD
EPSS
0.5%
top 33.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OS EvolvedJuniper Junos OS Evolved
Timeline
PublishedOct 18

Description

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX7000 Series allows an unauthenticated network-based attacker to cause a partial Denial of Service (DoS). On receipt of specific IPv6 transit traffic, Junos OS Evolved on ACX7100-48L, ACX7100-32C and ACX7509 sends this traffic to the Routing Engine (RE) instead of forwarding it, leading to increased CPU utilization of the RE and a partial DoS. This

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5juniper_networks/junos_os_evolved21.1-EVO21.1R3-S2-EVO+3
NVDjuniper/junos_os_evolved4 versions+3

🔴Vulnerability Details

2
CVEList
Junos OS Evolved: ACX7000 Series: Specific IPv6 transit traffic gets exceptioned to the routing-engine which causes increased CPU utilization2022-10-18
GHSA
GHSA-78q9-hfcv-3gpv: An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on AC2022-10-18

📋Vendor Advisories

1
Juniper
CVE-2022-22227: An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on AC2022-10-18
CVE-2022-22227 — MEDIUM severity | cvebase