Main Vulnerability Database SB2022011234

SB2022011234 - Denial of service in Junos OS BGP implementation

Published: January 12, 2022

Security Bulletin ID SB2022011234

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2022-22166)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in the routing protocol daemon (rpd). If a BGP update message is received over an established BGP session where a BGP SR-TE policy tunnel attribute is malformed and BGP update tracing flag is enabled, the rpd will core. This issue can happen with any BGP session as long as the previous conditions are met. This issue can not propagate as the crash occurs as soon as the malformed update is received.

Remediation

Install update from vendor's website.

References

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11274&cat=SIRT_1&actp=LIST