CVE-2022-22159 A vulnerability in the NETISR network queue functionality of the Junos OS kernel can cause a DoS.

CVE-2022-22159 A vulnerability in the NETISR network queue functionality of the Junos OS kernel can cause a DoS.

version 18.2R1-S9 and later versions prior to 18.2R1-S13; 19 version 19R1-S4 and later versions prior to 19R1-S7; 20 version 20R1-S3 and later versions prior to 20R1-S6; 20.1 version 20.1R1-S8 and later versions prior to 20.1R1-S13; 20.2 version 20.2R1-S11 and later versions prior to 20.2R1-S14; 21 version 21R1-S1 and later versions prior to 21R1-S2; 22 version 22R1-S1 and later versions prior to 22R1-S2. Vulnerabilities have been assigned the following identifiers: CVE-2018-9243, CVE-2018-9244, CVE-2018-9245, CVE-2018-9246, CVE-2018-9247, CVE-2018-9248, CVE-2018-9249, CVE-2018-9250. The following describes the details of the vulnerabilities. A remote attacker may be able to cause a Denial of Service (DoS) by sending crafted genuine packets to a device. During an attack, the routing protocol daemon (rpd) CPU may reach 100% utilization, yet FPC CPUs forwarding traffic will operate normally. This attack occurs when the attackers' packets are sent over an IPv4 unicast

Vulnerability Overview

A remote attacker may be able to cause a Denial of Service (DoS) by sending crafted genuine packets to a device. During an attack, the routing protocol daemon (rpd) CPU may reach 100% utilization, yet FPC CPUs forwarding traffic will operate normally. This attack occurs when the attackers' packets are sent over an IPv4 unicast or multicast address.

Vulnerability determined

The vulnerabilities have been assigned CVE-2018-9243, CVE-2018-9244, CVE-2018-9245, CVE-2018-9246, CVE-2018-9247, CVE-2018-9248, and CVE-2018-9250. The following describes the details of the vulnerabilities.
A remote attacker may be able to cause a Denial of Service (DoS) by sending crafted genuine packets to a device. During an attack, the routing protocol daemon (rpd) CPU may reach 100% utilization, yet FPC CPUs forwarding traffic will operate normally. This attack occurs when the attackers' packets are sent over an IPv4 unicast address.

CVE-2018-9243

A remote attacker can cause a Denial of Service (DoS) by sending crafted genuine packets to a device. During an attack, the routing protocol daemon (rpd) CPU may reach 100% utilization, yet FPC CPUs forwarding traffic will operate normally. This attack occurs when the attackers' packets are sent over an IPv4 unicast route with a large and variable metric value.

Discovery and Observations

1) The vulnerabilities were identified by the Cisco Talos Security Intelligence and Research Group.
2) These vulnerabilities affect devices that have IPv4 Unicast routing configured as their default route.
3) In order to exploit these vulnerabilities, an attacker would need to send crafted genuine packets to a device.
4) The attack is successful when the routing protocol daemon (rpd) CPU reaches 100% utilization and yet FPC CPUs forwarding traffic will operate normally.
5) Cisco has released software updates in order to address these vulnerabilities.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe