CVE-2022-22233 : Security Advisory and Response
Discover insights into CVE-2022-22233, a vulnerability in Juniper Networks Junos OS and Junos OS Evolved that can lead to a Denial of Service (DoS) attack. Learn about the impacted systems, exploitation risks, and mitigation strategies.
A vulnerability in Juniper Networks Junos OS and Junos OS Evolved could allow an authenticated attacker to cause a Denial of Service (DoS) attack. This article provides insights into CVE-2022-22233 and offers mitigation strategies.
Understanding CVE-2022-22233
This section delves into the details of the vulnerability, its impact, affected systems, and mitigation techniques.
What is CVE-2022-22233?
CVE-2022-22233 is an Unchecked Return Value to NULL Pointer Dereference vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved. It enables a locally authenticated attacker with low privileges to trigger a DoS attack.
The Impact of CVE-2022-22233
The vulnerability affects Juniper Networks Junos OS 21.4 and 22.1 versions, as well as Junos OS Evolved 21.4 and 22.1 versions. When a specific low privileged CLI command is issued in the SR to LDP interworking scenario with SRMS, rpd may crash, leading to a DoS condition.
Technical Details of CVE-2022-22233
This section provides a deeper dive into the vulnerability, including its description, affected systems, and exploitation mechanism.
Vulnerability Description
In a Segment Routing (SR) to Label Distribution Protocol (LDP) interworking scenario, an ABR leaking SRMS entries with the "S" flag from IS-IS Level 2 to Level 1 can trigger the rpd core crash when a specific low privileged CLI command is issued.
Affected Systems and Versions
- Juniper Networks Junos OS 21.4 versions prior to 21.4R1-S2, 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R2
- Juniper Networks Junos OS Evolved 21.4-EVO versions prior to 21.4R1-S2-EVO, 21.4R2-S1-EVO, 21.4R3-EVO; 22.1-EVO versions prior to 22.1R2-EVO
Exploitation Mechanism
To be affected, the device must be configured with ISIS L2 and L1 with Segment Routing enabled.
Mitigation and Prevention
This section outlines immediate steps to take, long-term security practices, and the importance of patching and updates.
Immediate Steps to Take
Ensure your devices are updated with the latest software releases that have addressed the vulnerability. Use access lists or firewall filters to restrict access to trusted entities.
Long-Term Security Practices
Regularly update your systems, follow security best practices, and monitor vendor notifications for patches and updates.
Patching and Updates
Juniper Networks has released updated software versions to resolve CVE-2022-22233. Ensure you update to versions like Junos OS 21.4R1-S2, 21.4R2-S1, 21.4R3, 22.1R2, 22.2R1, and subsequent releases. Junos OS Evolved users should update to 21.4R1-S2-EVO, 21.4R2-S1-EVO, 21.4R3-EVO, 22.1R2-EVO, 22.2R1-EVO, and all future releases.
For more information, refer to Juniper's advisory page: https://kb.juniper.net/JSA69887