Vulnerability CVE-2022-22178 - CERT Civis.Net

Vulnerability Name:

CVE-2022-22178 (CCN-217156)

Assigned:

2021-12-21

Published:

2022-01-12

Updated:

2022-01-26

Summary:

A Stack-based Buffer Overflow vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on MX Series and SRX series allows an unauthenticated networked attacker to cause a flowd crash and thereby a Denial of Service (DoS). Continued receipt of these specific packets will cause a sustained Denial of Service condition. This issue can be triggered by a specific Session Initiation Protocol (SIP) invite packet if the SIP ALG is enabled. Due to this, the PIC will be rebooted and all traffic that traverses the PIC will be dropped. This issue affects: Juniper Networks Junos OS 20.4 versions prior to 20.4R3-S2; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R2; 21.3 versions prior to 21.3R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1.

CVSS v3 Severity:

7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2022-22178

Source: XF
Type: UNKNOWN
juniper-cve202222178-dos(217156)

Source: CCN
Type: Juniper N217156etworks Security Bulletin JSA11284
MX Series and SRX series: Flowd core observed if the SIP ALG is enabled and a specific Session Initiation Protocol (SIP) packet is received (CVE-2022-22178)

Source: CONFIRM
Type: Vendor Advisory
https://kb.juniper.net/JSA11284

Vulnerable Configuration:

Configuration 1:

cpe:/o:juniper:junos:20.4:r1:*:*:*:*:*:*

OR cpe:/o:juniper:junos:20.4:r1-s1:*:*:*:*:*:*

OR cpe:/o:juniper:junos:20.4:r2:*:*:*:*:*:*

OR cpe:/o:juniper:junos:20.4:r2-s1:*:*:*:*:*:*

OR cpe:/o:juniper:junos:20.4:r2-s2:*:*:*:*:*:*

OR cpe:/o:juniper:junos:20.4:r3:*:*:*:*:*:*

OR cpe:/o:juniper:junos:20.4:r3-s1:*:*:*:*:*:*

OR cpe:/o:juniper:junos:21.1:r1:*:*:*:*:*:*

OR cpe:/o:juniper:junos:21.1:r1-s1:*:*:*:*:*:*

OR cpe:/o:juniper:junos:21.1:r2:*:*:*:*:*:*

OR cpe:/o:juniper:junos:21.2:r1:*:*:*:*:*:*

OR cpe:/o:juniper:junos:21.2:r1-s1:*:*:*:*:*:*

OR cpe:/o:juniper:junos:21.3:r1:*:*:*:*:*:*

AND

cpe:/h:juniper:mx10:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:mx10000:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:mx10003:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:mx10008:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:mx10016:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:mx104:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:mx150:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:mx2008:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:mx2010:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:mx2020:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:mx204:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:mx240:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:mx40:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:mx480:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:mx5:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:mx80:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:mx960:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:srx100:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:srx110:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:srx1400:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:srx1500:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:srx210:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:srx220:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:srx240:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:srx240h2:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:srx300:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:srx320:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:srx340:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:srx3400:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:srx345:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:srx3600:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:srx380:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:srx4000:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:srx4100:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:srx4200:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:srx4600:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:srx5000:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:srx5400:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:srx550:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:srx550_hm:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:srx550m:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:srx5600:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:srx5800:-:*:*:*:*:*:*:*

OR cpe:/h:juniper:srx650:-:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/o:juniper:junos:20.4:r1:*:*:*:*:*:*

OR cpe:/o:juniper:junos:21.1:r1:*:*:*:*:*:*

OR cpe:/o:juniper:junos:21.2:r1:*:*:*:*:*:*

OR cpe:/o:juniper:junos:21.3:r1:*:*:*:*:*:*

Denotes that component is vulnerable