CVE-2022-22247

Junos OS Evolved: Kernel processing of unvalidated TCP segments could lead to a Denial of Service (DoS)

Description

An Improper Input Validation vulnerability in ingress TCP segment processing of Juniper Networks Junos OS Evolved allows a network-based unauthenticated attacker to send a crafted TCP segment to the device, triggering a kernel panic, leading to a Denial of Service (DoS) condition. Continued receipt and processing of this TCP segment could create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS Evolved: 21.3 versions prior to 21.3R3-EVO; 21.4 versions prior to 21.4R2-EVO; 22.1 versions prior to 22.1R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 21.3R1-EVO.

Remediation

Solution:

The following software releases have been updated to resolve this specific issue: Junos OS Evolved 21.3R3-EVO, 21.4R2-EVO, 22.1R2-EVO, 22.2R1-EVO, and all subsequent releases.

Workaround:

There are no viable workarounds for this issue.

References

Link	Tags
https://kb.juniper.net/JSA69904	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2022-22247?: CVE-2022-22247 has been scored as a high severity vulnerability.
How to fix CVE-2022-22247?: To fix CVE-2022-22247: The following software releases have been updated to resolve this specific issue: Junos OS Evolved 21.3R3-EVO, 21.4R2-EVO, 22.1R2-EVO, 22.2R1-EVO, and all subsequent releases.
Is CVE-2022-22247 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2022-22247 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-22247?: CVE-2022-22247 affects Juniper Networks Junos OS Evolved.

Description

Remediation

Category

CWE-20 – Improper Input Validation

References

Frequently Asked Questions