// For flags

CVE-2022-22184

Junos OS and Junos OS Evolved: A BGP session will flap upon receipt of a specific, optional transitive attribute in version 22.3R1

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to cause a Denial of Service (DoS). If a BGP update message is received over an established BGP session, and that message contains a specific, optional transitive attribute, this session will be torn down with an update message error. This issue cannot propagate beyond an affected system as the processing error occurs as soon as the update is received. This issue is exploitable remotely as the respective attribute will propagate through unaffected systems and intermediate AS (if any). Continuous receipt of a BGP update containing this attribute will create a sustained Denial of Service (DoS) condition. Since this issue only affects 22.3R1, Juniper strongly encourages customers to move to 22.3R1-S1. Juniper SIRT felt that the need to promptly warn customers about this issue affecting the 22.3R1 versions of Junos OS and Junos OS Evolved warranted an Out of Cycle JSA. This issue affects: Juniper Networks Junos OS version 22.3R1. Juniper Networks Junos OS Evolved version 22.3R1-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 22.3R1. Juniper Networks Junos OS Evolved versions prior to 22.3R1-EVO.

Una vulnerabilidad de validación de entrada incorrecta en Routing Protocol Daemon (rpd) de Juniper Networks Junos OS y Junos OS Evolved permite que un atacante basado en red no autenticado provoque una Denegación de Servicio (DoS). Si se recibe un mensaje de actualización de BGP a través de una sesión BGP establecida y ese mensaje contiene un atributo transitivo opcional específico, esta sesión se cancelará con un error de mensaje de actualización. Este problema no puede propagarse más allá de un sistema afectado ya que el error de procesamiento ocurre tan pronto como se recibe la actualización. Este problema se puede explotar de forma remota, ya que el atributo respectivo se propagará a través de sistemas no afectados y AS intermedios (si los hay). La recepción continua de una actualización de BGP que contiene este atributo creará una condición sostenida de Denegación de Servicio (DoS). Dado que este problema solo afecta a 22.3R1, Juniper recomienda encarecidamente a los clientes que migren a 22.3R1-S1. Juniper SIRT consideró que la necesidad de advertir rápidamente a los clientes sobre este problema que afecta a las versiones 22.3R1 de Junos OS y Junos OS Evolved justificaba un JSA fuera de ciclo. Este problema afecta a: Juniper Networks Junos OS versión 22.3R1. Juniper Networks Junos OS versión evolucionada 22.3R1-EVO. Este problema no afecta a: Versiones de Juniper Networks Junos OS anteriores a 22.3R1. Versiones evolucionadas de Juniper Networks Junos OS anteriores a 22.3R1-EVO.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-12-21 CVE Reserved
  • 2022-12-22 CVE Published
  • 2024-07-14 EPSS Updated
  • 2024-09-17 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
https://kb.juniper.net/JSA70175 2022-12-30
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
22.3
Search vendor "Juniper" for product "Junos" and version "22.3"
r1
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
22.3
Search vendor "Juniper" for product "Junos Os Evolved" and version "22.3"
r1
Affected