CVE-2022-22201 The validation of Index, Position, or Offset in Junos Packet Forwarding Engine is vulnerable to Denial of Service.

On SRX5000 Series with SPC3, SRX4000 Series, and vSRX: All versions prior to 19.4R2-S6, 19.4R3-S7; 20.1 versions prior to 20.1R3-S3; 20.2 versions prior to 20.2R3-S4; 20.3 versions prior to 20.3R3-S3; 20.4 versions prior to 20.4R3-S2; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R1-S2, 21.3R2. All users are advised to upgrade to the latest Juniper Networks Junos version. Juniper Networks will release a hotfix in the next few days. Until then, end users can work around this issue by disabling PowerMode IPsec on SRX5000 Series, SRX4000 Series, and vSRX devices. The workaround is available in any version of Junos that supports IPv6. On SRX5000 Series with SPC3, SRX4000 Series, and vSRX, when the PFE is configured with IPv6 and the PFE receives a malformed IPv6 packet, the PFE crashes. This issue affects Juniper Networks Junos OS on SRX5000 Series with SPC3, SRX4000 Series, and vSRX:

SRX Series

Juniper Networks would like to thank the following individuals for their contributions to this document:
Benjamin Bursch, Justin McClelland, and David Wilson.

Description of Issue

A PFE crashes when it receives a malformed IPv6 packet.
This issue affects Juniper Networks Junos OS on SRX5000 Series with SPC3, SRX4000 Series, and vSRX:

How to find the version of Junos OS installed on your device

The first thing you need to do is track down the Junos OS version you are running on your device. To find out what Junos OS version you are running, follow these steps:
1) At the top of the page, click "System> Software", then select "Software Upgrades" in the drop-down menu.
2) In the list of upgrades, select "Juniper Networks Junos Software Upgrade - Enterprise Edition."
3) The system will launch a software upgrade check for you. If it finds a newer software upgrade available, it will download and install it for you automatically.

Timeline

Published on: 10/18/2022 03:15:00 UTC

References