CVE-2022-22223 QFX10000 Series devices using Juniper Networks Junos OS as transit IP/MPLS PHP nodes with LAG interfaces can have input validation issues.

On devices such as the QFX1002, you can restart the PFE service, or reboot device to restore service. This issue affects: All versions prior to 15.1R7-S11; 18.4 versions prior to 18.4R2-S10, 18.4R2-S11, 18.4R3-S5, 18.5 versions prior to 18.5R1-S1, 18.5R2-S6, 18.5R3-S7, 18.6 versions prior to 18.6R1-S1, 18.6R2-S2, 18.6R3-S3, 19.1 versions prior to 19.1R1-S1, 19.1R2-S1, 19.1R3-S1, 19.2 versions prior to 19.2R1-S1, 19.2R2-S1, 19.2R3-S1, 20.0 versions prior to 20.0R1-S1, 20.0R2-S1, 20.0R3-S1, 20.1 versions prior to 20.1R1-S1, 20.1R2-S1, 20.1R3-S1, 20.2 versions prior to 20.2R1-S1, 20.2R2-S1, 20.2

References

- CVE-2022-22223
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22223
- https://www.symantec.com/security_response/vulnerability/CVE-2022-22223

References and Resources https://www.cisco.com/en/US/docs/general/warranty/English/EU1_Warranty_Guide-RX-Series.pdf


Cisco (CVE-2022-22223) is a class of vulnerabilities that affect Cisco's PFE (Packet Flow Engine) Service on devices such as the QFX1002 and can be fixed by restarting the service. This issue affects: All versions prior to 15.1R7-S11; 18.4 versions prior to 18.4R2-S10, 18.4R2-S11, 18.4R3-S5, 18.5 versions prior to 18.5R1-S1, 18.5R2-S6, 18.5R3-S7, 18.6 versions prior to 18.6R1-S1, 18.6R2-S2, 18.6R3-S3, 19.1 versions prior to 19.1R1-S1, 19.1R2-S1, 19.1R3-S1, 19.2 versions prior to 19

Description

This document is an advisory, not a vulnerability report.
A vulnerability has been identified in the Junos Pulse Framework that, when exploited, could cause the service to restart or reboot the device.

How to update?

On devices such as the QFX1002, you can restart the PFE service, or reboot device to restore service. This issue affects: All versions prior to 15.1R7-S11; 18.4 versions prior to 18.4R2-S10, 18.4R2-S11, 18.4R3-S5, 18.5 versions prior to 18.5R1-S1, 18.5R2-S6, 18.5R3-S7, 18.6 versions prior to 18.6R1-S1, 18.6R2-S2, 18.6R3-S3, 19.1 versions prior to 19.1R1-S1, 19.1R2-S1, 19.1R3-S1, 19.2 versions prior to 19 .2 . 2 . 2 . 2 . 3 , 20 . 1 versions prior to 20 . 1 R 1 - S 1 , 20 . 1 R 2 - S 1 , 20 . 1 R 3 - S 1 , 20 . 2 versions prior to 20 . 2 R 1 - S 1 , and 20 .

Timeline

Published on: 10/18/2022 03:15:00 UTC

References