// For flags

CVE-2022-22225

Junos OS and Junos OS Evolved: In a BGP multipath scenario, when one of the contributing routes is flapping often and rapidly, rpd may crash

Severity Score

5.9
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated attacker with an established BGP session to cause a Denial of Service (DoS). In a BGP multipath scenario, when one of the contributing routes is flapping often and rapidly, rpd may crash. As this crash depends on whether a route is a contributing route, and on the internal timing of the events triggered by the flap this vulnerability is outside the direct control of a potential attacker. This issue affects: Juniper Networks Junos OS 19.2 versions prior to 19.2R3-S6; 20.2 versions prior to 20.2R3-S4; 20.3 versions prior to 20.3R3-S3; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2; 21.3 versions prior to 21.3R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S4-EVO; 21.1-EVO version 21.1R1-EVO and later versions; 21.2-EVO versions prior to 21.2R2-EVO; 21.3-EVO versions prior to 21.3R2-EVO. This issue does not affect: Juniper Networks Junos OS versions 19.2 versions prior to 19.2R2, 19.3R1 and above prior to 20.2R1. Juniper Networks Junos OS Evolved versions prior to 20.2R1-EVO.

Una vulnerabilidad de Condición de Carrera de Tiempo de comprobación Tiempo de Uso (TOCTOU) en el demonio de protocolo de enrutamiento (rpd) de Juniper Networks Junos OS y Junos OS Evolved permite a un atacante no autenticado con una sesión BGP establecida causar una Denegación de Servicio (DoS). En un escenario de rutas múltiples de BGP, cuando una de las rutas que contribuyen a ello es desplazado con frecuencia y rapidez, rpd puede bloquearse. Como este bloqueo depende de si una ruta es una ruta contribuyente, y del tiempo interno de los eventos desencadenados por el flap, esta vulnerabilidad está fuera del control directo de un potencial atacante. Este problema afecta a: Juniper Networks Junos OS 19.2 versiones anteriores a 19.2R3-S6; 20.2 versiones anteriores a 20.2R3-S4; 20.3 versiones anteriores a 20.3R3-S3; 20.4 versiones anteriores a 20.4R3-S4; 21.1 versiones anteriores a 21.1R3; 21.2 versiones anteriores a 21.2R2; 21.3 versiones anteriores a 21.3R2. Juniper Networks Junos OS Evolved Todas las versiones anteriores a 20.4R3-S4-EVO; 21.1-EVO versión 21.1R1-EVO y versiones posteriores; 21.2-EVO versiones anteriores a 21.2R2-EVO; 21.3-EVO versiones anteriores a 21.3R2-EVO. Este problema no afecta a: Juniper Networks Junos OS versiones 19.2 anteriores a 19.2R2, 19.3R1 y posteriores anteriores a 20.2R1. Las versiones de Junos OS Evolved de Juniper Networks anteriores a 20.2R1-EVO

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-12-21 CVE Reserved
  • 2022-10-18 CVE Published
  • 2024-03-24 EPSS Updated
  • 2024-09-16 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
https://kb.juniper.net/JSA69875 2022-10-21
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
19.2
Search vendor "Juniper" for product "Junos" and version "19.2"
-
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
19.2
Search vendor "Juniper" for product "Junos" and version "19.2"
r1
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
19.2
Search vendor "Juniper" for product "Junos" and version "19.2"
r1-s1
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
19.2
Search vendor "Juniper" for product "Junos" and version "19.2"
r1-s2
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
19.2
Search vendor "Juniper" for product "Junos" and version "19.2"
r1-s3
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
19.2
Search vendor "Juniper" for product "Junos" and version "19.2"
r1-s4
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
19.2
Search vendor "Juniper" for product "Junos" and version "19.2"
r1-s5
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
19.2
Search vendor "Juniper" for product "Junos" and version "19.2"
r1-s6
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
19.2
Search vendor "Juniper" for product "Junos" and version "19.2"
r1-s7
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
19.2
Search vendor "Juniper" for product "Junos" and version "19.2"
r1-s8
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
19.2
Search vendor "Juniper" for product "Junos" and version "19.2"
r1-s9
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
19.2
Search vendor "Juniper" for product "Junos" and version "19.2"
r2
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
19.2
Search vendor "Juniper" for product "Junos" and version "19.2"
r2-s1
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
19.2
Search vendor "Juniper" for product "Junos" and version "19.2"
r3
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
19.2
Search vendor "Juniper" for product "Junos" and version "19.2"
r3-s1
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
19.2
Search vendor "Juniper" for product "Junos" and version "19.2"
r3-s2
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
19.2
Search vendor "Juniper" for product "Junos" and version "19.2"
r3-s3
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
19.2
Search vendor "Juniper" for product "Junos" and version "19.2"
r3-s4
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
19.2
Search vendor "Juniper" for product "Junos" and version "19.2"
r3-s5
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
20.2
Search vendor "Juniper" for product "Junos" and version "20.2"
-
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
20.2
Search vendor "Juniper" for product "Junos" and version "20.2"
r1
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
20.2
Search vendor "Juniper" for product "Junos" and version "20.2"
r1-s1
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
20.2
Search vendor "Juniper" for product "Junos" and version "20.2"
r1-s2
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
20.2
Search vendor "Juniper" for product "Junos" and version "20.2"
r1-s3
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
20.2
Search vendor "Juniper" for product "Junos" and version "20.2"
r2
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
20.2
Search vendor "Juniper" for product "Junos" and version "20.2"
r2-s1
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
20.2
Search vendor "Juniper" for product "Junos" and version "20.2"
r2-s2
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
20.2
Search vendor "Juniper" for product "Junos" and version "20.2"
r2-s3
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
20.2
Search vendor "Juniper" for product "Junos" and version "20.2"
r3
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
20.2
Search vendor "Juniper" for product "Junos" and version "20.2"
r3-s1
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
20.2
Search vendor "Juniper" for product "Junos" and version "20.2"
r3-s2
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
20.2
Search vendor "Juniper" for product "Junos" and version "20.2"
r3-s3
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
20.3
Search vendor "Juniper" for product "Junos" and version "20.3"
-
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
20.3
Search vendor "Juniper" for product "Junos" and version "20.3"
r1
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
20.3
Search vendor "Juniper" for product "Junos" and version "20.3"
r1-s1
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
20.3
Search vendor "Juniper" for product "Junos" and version "20.3"
r1-s2
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
20.3
Search vendor "Juniper" for product "Junos" and version "20.3"
r2
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
20.3
Search vendor "Juniper" for product "Junos" and version "20.3"
r2-s1
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
20.3
Search vendor "Juniper" for product "Junos" and version "20.3"
r3
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
20.3
Search vendor "Juniper" for product "Junos" and version "20.3"
r3-s1
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
20.3
Search vendor "Juniper" for product "Junos" and version "20.3"
r3-s2
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
20.4
Search vendor "Juniper" for product "Junos" and version "20.4"
-
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
20.4
Search vendor "Juniper" for product "Junos" and version "20.4"
r1
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
20.4
Search vendor "Juniper" for product "Junos" and version "20.4"
r1-s1
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
20.4
Search vendor "Juniper" for product "Junos" and version "20.4"
r2
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
20.4
Search vendor "Juniper" for product "Junos" and version "20.4"
r2-s1
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
20.4
Search vendor "Juniper" for product "Junos" and version "20.4"
r2-s2
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
20.4
Search vendor "Juniper" for product "Junos" and version "20.4"
r3
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
20.4
Search vendor "Juniper" for product "Junos" and version "20.4"
r3-s1
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
20.4
Search vendor "Juniper" for product "Junos" and version "20.4"
r3-s2
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
20.4
Search vendor "Juniper" for product "Junos" and version "20.4"
r3-s3
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
21.1
Search vendor "Juniper" for product "Junos" and version "21.1"
-
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
21.1
Search vendor "Juniper" for product "Junos" and version "21.1"
r1
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
21.1
Search vendor "Juniper" for product "Junos" and version "21.1"
r1-s1
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
21.1
Search vendor "Juniper" for product "Junos" and version "21.1"
r2
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
21.1
Search vendor "Juniper" for product "Junos" and version "21.1"
r2-s1
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
21.1
Search vendor "Juniper" for product "Junos" and version "21.1"
r2-s2
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
21.2
Search vendor "Juniper" for product "Junos" and version "21.2"
-
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
21.2
Search vendor "Juniper" for product "Junos" and version "21.2"
r1
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
21.2
Search vendor "Juniper" for product "Junos" and version "21.2"
r1-s1
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
21.2
Search vendor "Juniper" for product "Junos" and version "21.2"
r1-s2
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
21.3
Search vendor "Juniper" for product "Junos" and version "21.3"
-
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
21.3
Search vendor "Juniper" for product "Junos" and version "21.3"
r1
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
21.3
Search vendor "Juniper" for product "Junos" and version "21.3"
r1-s1
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
21.3
Search vendor "Juniper" for product "Junos" and version "21.3"
r1-s2
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
< 20.4
Search vendor "Juniper" for product "Junos Os Evolved" and version " < 20.4"
-
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
20.4
Search vendor "Juniper" for product "Junos Os Evolved" and version "20.4"
-
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
20.4
Search vendor "Juniper" for product "Junos Os Evolved" and version "20.4"
r1
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
20.4
Search vendor "Juniper" for product "Junos Os Evolved" and version "20.4"
r1-s1
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
20.4
Search vendor "Juniper" for product "Junos Os Evolved" and version "20.4"
r1-s2
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
20.4
Search vendor "Juniper" for product "Junos Os Evolved" and version "20.4"
r2
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
20.4
Search vendor "Juniper" for product "Junos Os Evolved" and version "20.4"
r2-s1
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
20.4
Search vendor "Juniper" for product "Junos Os Evolved" and version "20.4"
r2-s2
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
20.4
Search vendor "Juniper" for product "Junos Os Evolved" and version "20.4"
r2-s3
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
20.4
Search vendor "Juniper" for product "Junos Os Evolved" and version "20.4"
r3
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
20.4
Search vendor "Juniper" for product "Junos Os Evolved" and version "20.4"
r3-s1
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
20.4
Search vendor "Juniper" for product "Junos Os Evolved" and version "20.4"
r3-s2
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
20.4
Search vendor "Juniper" for product "Junos Os Evolved" and version "20.4"
r3-s3
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
21.1
Search vendor "Juniper" for product "Junos Os Evolved" and version "21.1"
-
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
21.1
Search vendor "Juniper" for product "Junos Os Evolved" and version "21.1"
r1
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
21.1
Search vendor "Juniper" for product "Junos Os Evolved" and version "21.1"
r1-s1
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
21.1
Search vendor "Juniper" for product "Junos Os Evolved" and version "21.1"
r2
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
21.1
Search vendor "Juniper" for product "Junos Os Evolved" and version "21.1"
r3
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
21.1
Search vendor "Juniper" for product "Junos Os Evolved" and version "21.1"
r3-s1
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
21.2
Search vendor "Juniper" for product "Junos Os Evolved" and version "21.2"
-
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
21.2
Search vendor "Juniper" for product "Junos Os Evolved" and version "21.2"
r1
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
21.2
Search vendor "Juniper" for product "Junos Os Evolved" and version "21.2"
r1-s1
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
21.2
Search vendor "Juniper" for product "Junos Os Evolved" and version "21.2"
r1-s2
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
21.2
Search vendor "Juniper" for product "Junos Os Evolved" and version "21.2"
r3
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
21.3
Search vendor "Juniper" for product "Junos Os Evolved" and version "21.3"
-
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
21.3
Search vendor "Juniper" for product "Junos Os Evolved" and version "21.3"
r1
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
21.3
Search vendor "Juniper" for product "Junos Os Evolved" and version "21.3"
r1-s1
Affected