CVE-2022-22223

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS on QFX10000 Series versions prior to 15.1R7-S11 Juniper Networks Junos OS on QFX10000 Series 18.4 versions prior to 18.4R2-S10, 18.4R3-S10 Juniper Networks Junos OS on QFX10000 Series 19.1 versions prior to 19.1R3-S8 Juniper Networks Junos OS on QFX10000 Series 19.2 versions prior to 19.2R3-S4 Juniper Networks Junos OS on QFX10000 Series 19.3 versions prior to 19.3R3-S5 Juniper Networks Junos OS on QFX10000 Series 19.4 versions prior to 19.4R2-S6, 19.4R3-S7 Juniper Networks Junos OS on QFX10000 Series 20.1 versions prior to 20.1R3-S3 Juniper Networks Junos OS on QFX10000 Series 20.2 versions prior to 20.2R3-S3 Juniper Networks Junos OS on QFX10000 Series 20.3 versions prior to 20.3R3-S2 Juniper Networks Junos OS on QFX10000 Series 20.4 versions prior to 20.4R3-S4 Juniper Networks Junos OS on QFX10000 Series 21.1 versions prior to 21.1R3 Juniper Networks Junos OS on QFX10000 Series 21.2 versions prior to 21.2R3-S3 Juniper Networks Junos OS on QFX10000 Series 21.3 versions prior to 21.3R3-S1

Description The issue is related to an Improper Validation of Specified Index, Position, or Offset in Input weakness in Juniper Networks Junos OS on QFX10000 Series devices. This weakness allows an attacker to cause a Denial of Service (DoS) condition by sending certain IP packets, affecting both IPv4 and IPv6 packets. The packets can be destined to the device or be transit packets. To identify a potential compromise, administrators can use specific commands to check for backpressured output and tail drops on the interface queue.

Recommendations For devices such as the QFX10008 with line cards, restart the line cards to restore service. For devices such as the QFX10002, restart the PFE service or reboot the device to restore service. Update to a version of Juniper Networks Junos OS that is not affected by this issue. As a temporary workaround, consider restricting access to the vulnerable interfaces until a patch is available.