CVE-2022-22233 An unchecked return value to NULL pointer dereference vulnerability in Juniper Network's Routing Protocol Daemon (rpd) allows a locally authenticated attacker with low privileges to cause a DoS.

This issue affects only SR-LDP configurations with SRMS where the mapping table is configured with "S" flag set. This issue does not affect SR-LDP configurations where the mapping table is configured with "S" flag cleared. End users running SR-LDP configurations where the mapping table is configured with "S" flag cleared are not affected by this issue. This issue can be exploited during a DoS attack in SR-LDP configurations with SRMS where the mapping table is configured with "S" flag set. By issuing specific low privileged CLI command, an attacker can cause rpd core and/or rpd crash. To exploit this issue, an attacker must be authenticated and be running rpd. By default, rpd is not enabled. This issue can be exploited only when the router is running a vulnerable version. Juniper SIRT is aware of this issue and is working with Juniper to provide a solution. End users are advised to upgrade to the latest version. End users who have enabled SR-LDP with SRMS should check the mapping table configuration and ensure that the "S" flag is not set.

Description of SR-LDP (MPLS) configurations affected

SR-LDP (MPLS) configurations with SRMS where the mapping table is configured with "S" flag set are affected by this issue. An attacker can exploit this issue during a DoS attack in SR-LDP configurations with SRMS where the mapping table is configured with "S" flag set. By issuing specific low privileged CLI command, an attacker can cause rpd core and/or rpd crash.

Timeline

Published on: 10/18/2022 03:15:00 UTC
Last modified on: 10/21/2022 17:10:00 UTC

References