| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.2 | $0-$5k | 0.00 |
A vulnerability, which was classified as critical, has been found in Juniper Junos OS (Router Operating System) (affected version not known). Affected by this issue is some unknown functionality of the component Packet Forwarding Engine. The manipulation with an unknown input leads to a unusual condition vulnerability. Using CWE to declare the problem leads to CWE-754. The software does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software. Impacted is confidentiality, integrity, and availability. CVE summarizes:
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to cause a Denial of Service (DoS). The issue is caused by malformed MLD packets looping on a multi-homed Ethernet Segment Identifier (ESI) when VXLAN is configured. These MLD packets received on a multi-homed ESI are sent to the peer, and then incorrectly forwarded out the same ESI, violating the split horizon rule. This issue only affects QFX10K Series switches, including the QFX10002, QFX10008, and QFX10016. Other products and platforms are unaffected by this vulnerability. This issue affects Juniper Networks Junos OS on QFX10K Series: All versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R1-S9, 19.2R3-S5; 19.3 versions prior to 19.3R3-S6; 19.4 versions prior to 19.4R2-S, 19.4R3-S8; 20.1 versions prior to 20.1R3-S4; 20.2 versions prior to 20.2R3-S4; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S2; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2-S1, 21.2R3; 21.3 versions prior to 21.3R2.
The weakness was released 07/21/2022 as JSA69721. The advisory is available at kb.juniper.net. This vulnerability is handled as CVE-2022-22217 since 12/21/2021. The technical details are unknown and an exploit is not available. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment (estimation calculated on 08/15/2022).
Upgrading eliminates this vulnerability.
Product
Type
Vendor
Name
License
- commercial
CPE 2.3
CPE 2.2
CVSSv3
VulDB Meta Base Score: 6.3VulDB Meta Temp Score: 6.2
VulDB Base Score: 6.3
VulDB Temp Score: 6.0
VulDB Vector: 🔒
VulDB Reliability: 🔍
NVD Base Score: 6.5
NVD Vector: 🔒
CNA Base Score: 6.1
CNA Vector (Juniper Networks, Inc.): 🔒
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Exploiting
Class: Unusual conditionCWE: CWE-754
ATT&CK: Unknown
Local: No
Remote: Partially
Availability: 🔒
Status: Not defined
EPSS Score: 🔒
EPSS Percentile: 🔒
Price Prediction: 🔍
Current Price Estimation: 🔒
| 0-Day | unlock | unlock | unlock | unlock |
|---|---|---|---|---|
| Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔒
Timeline
12/21/2021 CVE reserved07/21/2022 Advisory disclosed
07/21/2022 VulDB entry created
08/15/2022 VulDB last update
Sources
Vendor: juniper.netAdvisory: JSA69721
Status: Confirmed
CVE: CVE-2022-22217 (🔒)
Entry
Created: 07/21/2022 05:36 AMUpdated: 08/15/2022 02:18 PM
Changes: 07/21/2022 05:36 AM (50), 08/15/2022 02:18 PM (11)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.