CVE-2022-22216 — MEDIUM (4.3)

Q: How severe is CVE-2022-22216?

CVE-2022-22216 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-22216?

Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos, Juniper Ptx1000, Juniper Ptx10001, Juniper Ptx10002, Juniper Ptx10003.

Vulnerability Description

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the PFE of Juniper Networks Junos OS on PTX Series and QFX10k Series allows an adjacent unauthenticated attacker to gain access to sensitive information. PTX1000 and PTX10000 Series, and QFX10000 Series and PTX5000 Series devices sometimes do not reliably pad Ethernet packets, and thus some packets can contain fragments of system memory or data from previous packets. This issue is also known as 'Etherleak' and often detected as CVE-2003-0001. This issue affects: Juniper Networks Junos OS on PTX1000 and PTX10000 Series: All versions prior to 18.4R3-S11; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S8, 19.2R3-S4; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R2-S5, 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R1-S1, 21.2R2. Juniper Networks Junos OS on QFX10000 Series and PTX5000 Series: All versions prior to 18.3R3-S6; 18.4 versions prior to 18.4R2-S9, 18.4R3-S10; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S8, 19.2R3-S4; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R2-S6, 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R2.

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Juniper	Junos	< 18.4
Juniper	Ptx1000	-
Juniper	Ptx10001	-
Juniper	Ptx10002	-
Juniper	Ptx10003	-
Juniper	Ptx10004	-
Juniper	Ptx10008	-
Juniper	Ptx10016	-
Juniper	Ptx5000	-
Juniper	Qfx10002	-
Juniper	Qfx10008	-
Juniper	Qfx10016	-

Related Weaknesses (CWE)

CWE-200

References

https://kb.juniper.net/JSA69720Vendor Advisory
https://kb.juniper.net/JSA69720Vendor Advisory

FAQ

What is CVE-2022-22216?

CVE-2022-22216 is a vulnerability with a CVSS score of 4.3 (MEDIUM). An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the PFE of Juniper Networks Junos OS on PTX Series and QFX10k Series allows an adjacent unauthenticated attacker to gain ...

How severe is CVE-2022-22216?

CVE-2022-22216 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-22216?

Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos, Juniper Ptx1000, Juniper Ptx10001, Juniper Ptx10002, Juniper Ptx10003.