CVE-2022-22203 — MEDIUM (6.5)

Vulnerability Description

An Incorrect Comparison vulnerability in PFE of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to cause a Denial of Service (DoS). On QFX5000 Series, and EX4600 and EX4650 platforms, the fxpc process will crash followed by the FPC reboot upon receipt of a specific hostbound packet. Continued receipt of these specific packets will create a sustained Denial of Service (DoS) condition. This issue only affects Juniper Networks Junos OS 19.4 version 19.4R3-S4.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Juniper	Junos	19.4
Juniper	Ex4600	-
Juniper	Ex4650	-
Juniper	Qfx5100	-
Juniper	Qfx5110	-
Juniper	Qfx5120	-
Juniper	Qfx5130	-
Juniper	Qfx5200	-
Juniper	Qfx5210	-
Juniper	Qfx5220	-
Juniper	Qfx5700	-

Related Weaknesses (CWE)

CWE-697

References

https://kb.juniper.net/JSA69707Vendor Advisory
https://kb.juniper.net/JSA69707Vendor Advisory

FAQ

What is CVE-2022-22203?

CVE-2022-22203 is a vulnerability with a CVSS score of 6.5 (MEDIUM). An Incorrect Comparison vulnerability in PFE of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to cause a Denial of Service (DoS). On QFX5000 Series, and EX4600 and EX4650 platf...

How severe is CVE-2022-22203?

CVE-2022-22203 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-22203?

Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos, Juniper Ex4600, Juniper Ex4650, Juniper Qfx5100, Juniper Qfx5110.