Versio.io

CVE-2022-22178

Common vulnerabilities & exposures (CVE)

CVE databaseCVE database blogpostRelease & EoL database
 
Published at: - 19-01-2022 02:15
Last modified: - 26-01-2022 08:29
Total changes: - 2

Description

A Stack-based Buffer Overflow vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on MX Series and SRX series allows an unauthenticated networked attacker to cause a flowd crash and thereby a Denial of Service (DoS). Continued receipt of these specific packets will cause a sustained Denial of Service condition. This issue can be triggered by a specific Session Initiation Protocol (SIP) invite packet if the SIP ALG is enabled. Due to this, the PIC will be rebooted and all traffic that traverses the PIC will be dropped. This issue affects: Juniper Networks Junos OS 20.4 versions prior to 20.4R3-S2; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R2; 21.3 versions prior to 21.3R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Low
Attack complexity
Network
Attack vector
High
Availability
None
Confidentiality
None
Integrity
None
Privileges required
Unchanged
Scope
None
User interaction
7.5
Base score
3.9
3.6
Exploitability score
Impact score
 

Verification logic

AND
OR
vendor=juniper AND product=junos AND version=20.4 AND update=r1
vendor=juniper AND product=junos AND version=20.4 AND update=r1-s1
vendor=juniper AND product=junos AND version=20.4 AND update=r2
vendor=juniper AND product=junos AND version=20.4 AND update=r2-s1
vendor=juniper AND product=junos AND version=20.4 AND update=r2-s2
vendor=juniper AND product=junos AND version=20.4 AND update=r3
vendor=juniper AND product=junos AND version=20.4 AND update=r3-s1
vendor=juniper AND product=junos AND version=21.1 AND update=r1
vendor=juniper AND product=junos AND version=21.1 AND update=r1-s1
vendor=juniper AND product=junos AND version=21.1 AND update=r2
vendor=juniper AND product=junos AND version=21.2 AND update=r1
vendor=juniper AND product=junos AND version=21.2 AND update=r1-s1
vendor=juniper AND product=junos AND version=21.3 AND update=r1
OR
vendor=juniper AND product=mx10 AND version=-
vendor=juniper AND product=mx10000 AND version=-
vendor=juniper AND product=mx10003 AND version=-
vendor=juniper AND product=mx10008 AND version=-
vendor=juniper AND product=mx10016 AND version=-
vendor=juniper AND product=mx104 AND version=-
vendor=juniper AND product=mx150 AND version=-
vendor=juniper AND product=mx2008 AND version=-
vendor=juniper AND product=mx2010 AND version=-
vendor=juniper AND product=mx2020 AND version=-
vendor=juniper AND product=mx204 AND version=-
vendor=juniper AND product=mx240 AND version=-
vendor=juniper AND product=mx40 AND version=-
vendor=juniper AND product=mx480 AND version=-
vendor=juniper AND product=mx5 AND version=-
vendor=juniper AND product=mx80 AND version=-
vendor=juniper AND product=mx960 AND version=-
vendor=juniper AND product=srx100 AND version=-
vendor=juniper AND product=srx110 AND version=-
vendor=juniper AND product=srx1400 AND version=-
vendor=juniper AND product=srx1500 AND version=-
vendor=juniper AND product=srx210 AND version=-
vendor=juniper AND product=srx220 AND version=-
vendor=juniper AND product=srx240 AND version=-
vendor=juniper AND product=srx240h2 AND version=-
vendor=juniper AND product=srx300 AND version=-
vendor=juniper AND product=srx320 AND version=-
vendor=juniper AND product=srx340 AND version=-
vendor=juniper AND product=srx3400 AND version=-
vendor=juniper AND product=srx345 AND version=-
vendor=juniper AND product=srx3600 AND version=-
vendor=juniper AND product=srx380 AND version=-
vendor=juniper AND product=srx4000 AND version=-
vendor=juniper AND product=srx4100 AND version=-
vendor=juniper AND product=srx4200 AND version=-
vendor=juniper AND product=srx4600 AND version=-
vendor=juniper AND product=srx5000 AND version=-
vendor=juniper AND product=srx5400 AND version=-
vendor=juniper AND product=srx550 AND version=-
vendor=juniper AND product=srx550_hm AND version=-
vendor=juniper AND product=srx550m AND version=-
vendor=juniper AND product=srx5600 AND version=-
vendor=juniper AND product=srx5800 AND version=-
vendor=juniper AND product=srx650 AND version=-
 

Reference

 


Keywords

NVD

 

CVE-2022-22178

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures

 

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.