Rapid7 Vulnerability & Exploit Database

Juniper Junos OS: 2022-10 Security Bulletin: Junos OS: On IPv6 OAM SRv6 network enabled devices an attacker sending a specific genuine packet to an IPv6 address configured on the device may cause a RPD memory leak leading to an RPD core. (JSA69880) (CVE-2022-22228)

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

Juniper Junos OS: 2022-10 Security Bulletin: Junos OS: On IPv6 OAM SRv6 network enabled devices an attacker sending a specific genuine packet to an IPv6 address configured on the device may cause a RPD memory leak leading to an RPD core. (JSA69880) (CVE-2022-22228)

Severity
4
CVSS
(AV:N/AC:L/Au:S/C:N/I:P/A:N)
Published
03/23/2022
Created
06/14/2023
Added
06/14/2023
Modified
12/06/2023

Description

An Improper Validation of Specified Type of Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS allows an attacker to cause an RPD memory leak leading to a Denial of Service (DoS). This memory leak only occurs when the attacker's packets are destined to any configured IPv6 address on the device. This issue affects: Juniper Networks Junos OS 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2; 22.1 versions prior to 22.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 21.1R1.

Solution(s)

  • juniper-junos-os-upgrade-latest

insightVM

Advanced vulnerability management analytics and reporting.
Key Features
  • Lightweight Endpoint Agent
  • Live Dashboards
  • Real Risk Prioritization
  • IT-Integrated Remediation Projects
  • Cloud, Virtual, and Container Assessment
  • Integrated Threat Feeds
  • Easy-to-Use RESTful API
  • Automation-Assisted Patching
  • Automated Containment
Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;