CVE-2022-22230 Routing Protocol Daemon (rpd) on Juniper Networks Junos OS and Junos OS Evolved can be DoSed with an adjacent unauthenticated attacker.

21.2R3-S1-EVO; 21.3-EVO versions prior to 21.3R3-S2-EVO. Cisco Systems Any Cisco IOS XE Software running on any Cisco 7200/7600 series, Cisco 7600/7600 series, Cisco 7800/7800 series, Cisco 7800/7800 series, Cisco 7800/7800 series, Cisco 7800/7800 series, Cisco 7800/7800 series, Cisco 7800/7800 series, Cisco 7800/7800 series, Cisco 7800/7800 series, Cisco 7800/7800 series, Cisco 7800/7800 series, Cisco 7800/7800 series, Cisco 7800/7800 series, Cisco 7800/7800 series, Cisco 7800/7800 series, Cisco 7800/7800 series, Cisco 7800/7800 series, Cisco 7800/7800 series, Cisco 7800/7800 series, Cisco 7800/7800 series, Cisco 7800/7800 series, Cisco 7800/7800 series, Cisco 7800/7800 series, Cisco 7800/7800 series, Cisco 7800/7800 series, Cisco 7800/7800 series, Cisco 7800/7800 series, Cisco 7800/7800 series, Cisco 7800/7800 series, Cisco 7800/7800 series, Cisco 7800/7800 series

Conditions

The vulnerability is due to a buffer overflow in the Cisco IOS XE Software that could be exploited remotely.

Description of Cisco IOS XE Software flaw

Cisco Systems has identified a flaw in Cisco IOS XE Software running on any Cisco 7200/7600 series, Cisco 7600/7600 series, Cisco 7800/7800 series, Cisco 7800/7800 series, Cisco 7800/7800 series, Cisco 7800/7800 series, Cisco 7800/7800 series, Cisco 7800/7800 series, Cisco 7800/7800 series, Cisco 7800/7800 series, Cisco 7800/7800 series, Cisco 7800/7800 series, and the later releases of the affected software. This vulnerability could allow an unauthenticated attacker to remotely access and cause a reload of an affected device. Any vulnerable device could be exploited remotely via TCP connections.

Description of Cisco IOS XE Software Booting Issues

Cisco Systems is providing updated documentation to resolve an issue that affects the ability of Cisco IOS XE Software to boot on some platforms. You can locate the updated documentation at https://www.cisco.com/en/US/products/sw/iosswrel/ps1835/prod_maintenance_guides_list.html#wp135413

The following table lists all affected versions of Cisco IOS XE Software:

Platform Severity           Hardware Affected OS Affected Releases Affected Releases
Cisco 7800 Series 1, 2, 3, 4, 5, 6, 7, 8 21R2-S1-EVO through 21R3-S2-EVO; 22R4-S1-IVM through 22R4-S2-IVM; 23B2-S1-EPH through 23B2-S3-EPH; 24B1-ISV through 24B1a ISV; 25A1a ISV through 25A5a ISV 6.0 (200) and later releases of Cisco IOS XE Software 7600 Series 1, 2, 3, 4 21R2-S1-EVO through 21R3-S2-EVO; 22R4-S1 IVM through 22R4 IVM; 23B2 IVM through 23B2

Timeline

Published on: 10/18/2022 03:15:00 UTC

References

• https://kb.juniper.net/JSA69884
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22230