CVE-2022-22228 : Security Advisory and Response
An Improper Validation of Input vulnerability in Juniper Networks Junos OS allows attackers to trigger memory leaks, leading to a Denial of Service (DoS) condition. Learn about impact, affected versions, and mitigation steps.
An Improper Validation of Specified Type of Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS allows an attacker to cause an RPD memory leak leading to a Denial of Service (DoS). This memory leak only occurs when the attacker's packets are destined to any configured IPv6 address on the device. This issue affects Juniper Networks Junos OS 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2; 22.1 versions prior to 22.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 21.1R1.
Understanding CVE-2022-22228
Junos OS: IPv6 OAM SRv6 network-enabled devices are vulnerable to Denial of Service (DoS) due to RPD memory leak upon receipt of specific an IPv6 packet.
What is CVE-2022-22228?
CVE-2022-22228 is an Improper Validation of Specified Type of Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS, allowing attackers to trigger an RPD memory leak leading to a Denial of Service (DoS) when malicious packets are targeted at configured IPv6 addresses.
The Impact of CVE-2022-22228
This vulnerability can be exploited by attackers to cause a Denial of Service (DoS) on affected Juniper Networks Junos OS versions, affecting network performance and availability.
Technical Details of CVE-2022-22228
Vulnerability Description
The vulnerability arises from improper input validation within the rpd of Juniper Networks Junos OS, causing a memory leak that can lead to a Denial of Service (DoS) condition.
Affected Systems and Versions
Juniper Networks Junos OS 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2; 22.1 versions prior to 22.1R2 are affected. Versions prior to 21.1R1 are not impacted.
Exploitation Mechanism
Attackers can exploit this vulnerability via crafted IPv6 packets targeting configured addresses on the device, inducing a memory leak and subsequent Denial of Service (DoS).
Mitigation and Prevention
Immediate Steps to Take
There are no known workarounds for this vulnerability. It is recommended to apply the official software updates provided by Juniper Networks to address the issue.
Long-Term Security Practices
Regularly update Juniper Networks Junos OS software to the latest versions to ensure protection against known vulnerabilities and maintain network security.
Patching and Updates
The following software releases have been updated to resolve CVE-2022-22228: Junos OS: 21.1R3-S2, 21.2R3-S1, 21.3R3, 21.4R2, 22.1R2, 22.2R1, and all subsequent releases.