CVE-2022-22202 : Vulnerability Insights and Analysis
Learn about CVE-2022-22202, a vulnerability in Juniper Networks Junos OS on PTX Series devices allowing DoS attacks via specific MPLS packets. Find out impacted systems, exploitation details, and recommended patches.
This article provides detailed information about CVE-2022-22202, an Improper Handling of Exceptional Conditions vulnerability in specific PTX Series devices running Juniper Networks Junos OS.
Understanding CVE-2022-22202
CVE-2022-22202 is an Improper Handling of Exceptional Conditions vulnerability affecting specific PTX Series devices, allowing an unauthenticated MPLS-based attacker to trigger a Denial of Service (DoS) by crashing the dcpfe process and causing an FPC restart.
What is CVE-2022-22202?
CVE-2022-22202 is a vulnerability in Juniper Networks Junos OS on PTX Series devices, leading to unexpected FPC restarts upon receiving specific MPLS packets on interfaces with multiple units configured.
The Impact of CVE-2022-22202
The vulnerability may result in a sustained Denial of Service (DoS) condition if specific MPLS packets are continuously processed on affected devices.
Technical Details of CVE-2022-22202
The FPC crash occurs when receiving specific MPLS packets on an interface with multiple units, with at least one unit lacking 'family mpls' configuration.
Vulnerability Description
The issue affects PTX Series devices with particular FPCs if multiple units are configured on an ingress interface and at least one unit is missing 'family mpls' configuration.
Affected Systems and Versions
The vulnerability impacts Juniper Networks Junos OS on PTX Series devices with versions below 22.1R2.
Exploitation Mechanism
No known malicious exploitation of CVE-2022-22202 has been reported by Juniper SIRT.
Mitigation and Prevention
To address this vulnerability, Juniper Networks recommends updating to the patched versions of Junos OS listed below.
Immediate Steps to Take
Reorder unit numbers on core-facing interfaces to ensure the numerically lowest unit has 'family mpls' configured.
Long-Term Security Practices
Regularly apply software updates and follow Juniper's security best practices to mitigate risks.
Patching and Updates
Install the following software releases to resolve CVE-2022-22202: Junos OS 19.1R3-S9, 19.2R3-S6, 19.3R3-S6, 19.4R3-S8, 20.1R3-S4, 20.2R3-S5, 20.3R3-S4, 20.4R3-S4, 21.1R3-S2, 21.2R3-S1, 21.3R3, 21.4R2, 22.1R2, 22.2R1, and all subsequent releases.