CVE-2022-22216

Junos OS: PTX Series and QFX10000 Series: 'Etherleak' memory disclosure in Ethernet padding data

Severity Score

4.3

*CVSS v3.1

Exploit Likelihood

< 1%

*EPSS

Affected Versions

1670

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the PFE of Juniper Networks Junos OS on PTX Series and QFX10k Series allows an adjacent unauthenticated attacker to gain access to sensitive information. PTX1000 and PTX10000 Series, and QFX10000 Series and PTX5000 Series devices sometimes do not reliably pad Ethernet packets, and thus some packets can contain fragments of system memory or data from previous packets. This issue is also known as 'Etherleak' and often detected as CVE-2003-0001. This issue affects: Juniper Networks Junos OS on PTX1000 and PTX10000 Series: All versions prior to 18.4R3-S11; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S8, 19.2R3-S4; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R2-S5, 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R1-S1, 21.2R2. Juniper Networks Junos OS on QFX10000 Series and PTX5000 Series: All versions prior to 18.3R3-S6; 18.4 versions prior to 18.4R2-S9, 18.4R3-S10; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S8, 19.2R3-S4; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R2-S6, 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R2.

Una vulnerabilidad de Exposición de Información Confidencial a un Actor no Autorizado en el PFE del Sistema Operativo Junos de Juniper Networks en las series PTX y QFX10k permite a un atacante adyacente no autenticado acceder a información confidencial. Los dispositivos de las series PTX1000 y PTX10000, y de las series QFX10000 y PTX5000 a veces no acolchan de forma fiable los paquetes Ethernet, por lo que algunos paquetes pueden contener fragmentos de memoria del sistema o datos de paquetes anteriores. Este problema también es conocido como "Etherleak" y suele detectarse como CVE-2003-0001. Este problema afecta a: Juniper Networks Junos OS en las series PTX1000 y PTX10000: Todas las versiones anteriores a 18.4R3-S11; las versiones 19.1 anteriores a 19.1R2-S3, 19.1R3-S7; las versiones 19.2 anteriores a 19.2R1-S8, 19.2R3-S4; las versiones 19.3 anteriores a 19.3R3-S4; las versiones 19.4 anteriores a 19.4R2-S5, 19.4R3-S6; las versiones 20. 1 versiones anteriores a 20.1R3-S2; 20.2 versiones anteriores a 20.2R3-S3; 20.3 versiones anteriores a 20.3R3-S2; 20.4 versiones anteriores a 20.4R3-S4; 21.1 versiones anteriores a 21.1R2-S1, 21.1R3; 21.2 versiones anteriores a 21.2R1-S1, 21.2R2. Juniper Networks Junos OS en las series QFX10000 y PTX5000: Todas las versiones anteriores a 18.3R3-S6; 18.4 versiones anteriores a 18.4R2-S9, 18.4R3-S10; 19.1 versiones anteriores a 19.1R2-S3, 19.1R3-S7; 19.2 versiones anteriores a 19.2R1-S8, 19.2R3-S4; 19.3 versiones anteriores a 19.3R3-S4; 19.4 versiones anteriores a 19. 4R2-S6, 19.4R3-S6; 20.1 versiones anteriores a 20.1R3-S2; 20.2 versiones anteriores a 20.2R3-S3; 20.3 versiones anteriores a 20.3R3-S1; 20.4 versiones anteriores a 20.4R3-S1; 21.1 versiones anteriores a 21.1R2-S1, 21.1R3; 21.2 versiones anteriores a 21.2R2

*Credits: N/A

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Attack Vector

Adjacent

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-12-21 CVE Reserved
2022-07-20 CVE Published
2024-09-16 CVE Updated
2025-04-14 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://kb.juniper.net/JSA69720	2022-07-29

1 - 1 of 1

Affected Vendors, Products, and Versions (1670)

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Juniper Search vendor "Juniper"	Junos Search vendor "Juniper" for product "Junos"	< 18.4 Search vendor "Juniper" for product "Junos" and version " < 18.4"	-	Affected	in	Juniper Search vendor "Juniper"	Ptx1000 Search vendor "Juniper" for product "Ptx1000"	-	-	Safe
Juniper Search vendor "Juniper"	Junos Search vendor "Juniper" for product "Junos"	< 18.4 Search vendor "Juniper" for product "Junos" and version " < 18.4"	-	Affected	in	Juniper Search vendor "Juniper"	Ptx10001 Search vendor "Juniper" for product "Ptx10001"	-	-	Safe
Juniper Search vendor "Juniper"	Junos Search vendor "Juniper" for product "Junos"	< 18.4 Search vendor "Juniper" for product "Junos" and version " < 18.4"	-	Affected	in	Juniper Search vendor "Juniper"	Ptx10002 Search vendor "Juniper" for product "Ptx10002"	-	-	Safe
Juniper Search vendor "Juniper"	Junos Search vendor "Juniper" for product "Junos"	< 18.4 Search vendor "Juniper" for product "Junos" and version " < 18.4"	-	Affected	in	Juniper Search vendor "Juniper"	Ptx10003 Search vendor "Juniper" for product "Ptx10003"	-	-	Safe
Juniper Search vendor "Juniper"	Junos Search vendor "Juniper" for product "Junos"	< 18.4 Search vendor "Juniper" for product "Junos" and version " < 18.4"	-	Affected	in	Juniper Search vendor "Juniper"	Ptx10004 Search vendor "Juniper" for product "Ptx10004"	-	-	Safe
Juniper Search vendor "Juniper"	Junos Search vendor "Juniper" for product "Junos"	< 18.4 Search vendor "Juniper" for product "Junos" and version " < 18.4"	-	Affected	in	Juniper Search vendor "Juniper"	Ptx10008 Search vendor "Juniper" for product "Ptx10008"	-	-	Safe
Juniper Search vendor "Juniper"	Junos Search vendor "Juniper" for product "Junos"	< 18.4 Search vendor "Juniper" for product "Junos" and version " < 18.4"	-	Affected	in	Juniper Search vendor "Juniper"	Ptx10016 Search vendor "Juniper" for product "Ptx10016"	-	-	Safe
Juniper Search vendor "Juniper"	Junos Search vendor "Juniper" for product "Junos"	18.4 Search vendor "Juniper" for product "Junos" and version "18.4"	-	Affected	in	Juniper Search vendor "Juniper"	Ptx1000 Search vendor "Juniper" for product "Ptx1000"	-	-	Safe
Juniper Search vendor "Juniper"	Junos Search vendor "Juniper" for product "Junos"	18.4 Search vendor "Juniper" for product "Junos" and version "18.4"	-	Affected	in	Juniper Search vendor "Juniper"	Ptx10001 Search vendor "Juniper" for product "Ptx10001"	-	-	Safe
Juniper Search vendor "Juniper"	Junos Search vendor "Juniper" for product "Junos"	18.4 Search vendor "Juniper" for product "Junos" and version "18.4"	-	Affected	in	Juniper Search vendor "Juniper"	Ptx10002 Search vendor "Juniper" for product "Ptx10002"	-	-	Safe

1 - 10 of 1,670