CVE-2022-22218

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS on SRX Series versions prior to 19.1R3-S9 Juniper Networks Junos OS on SRX Series versions 19.2 prior to 19.2R3-S6 Juniper Networks Junos OS on SRX Series versions 19.3 prior to 19.3R3-S7 Juniper Networks Junos OS on SRX Series versions 19.4 prior to 19.4R3-S9 Juniper Networks Junos OS on SRX Series versions 20.2 prior to 20.2R3-S5 Juniper Networks Junos OS on SRX Series versions 20.3 prior to 20.3R3-S4 Juniper Networks Junos OS on SRX Series versions 20.4 prior to 20.4R3-S4 Juniper Networks Junos OS on SRX Series versions 21.1 prior to 21.1R3-S1 Juniper Networks Junos OS on SRX Series versions 21.2 prior to 21.2R3 Juniper Networks Junos OS on SRX Series versions 21.3 prior to 21.3R2 Juniper Networks Junos OS on SRX Series versions 21.4 prior to 21.4R2

Description The issue is related to an improper check for unusual or exceptional conditions when using Certificate Management Protocol Version 2 (CMPv2) auto re-enrollment. This allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS) by crashing the pkid process. The pkid process cannot handle an unexpected response from the Certificate Authority (CA) server, leading to a crash. A restart is required to restore services.

Recommendations For versions prior to 19.1R3-S9, update to 19.1R3-S9 or later. For versions 19.2 prior to 19.2R3-S6, update to 19.2R3-S6 or later. For versions 19.3 prior to 19.3R3-S7, update to 19.3R3-S7 or later. For versions 19.4 prior to 19.4R3-S9, update to 19.4R3-S9 or later. For versions 20.2 prior to 20.2R3-S5, update to 20.2R3-S5 or later. For versions 20.3 prior to 20.3R3-S4, update to 20.3R3-S4 or later. For versions 20.4 prior to 20.4R3-S4, update to 20.4R3-S4 or later. For versions 21.1 prior to 21.1R3-S1, update to 21.1R3-S1 or later. For versions 21.2 prior to 21.2R3, update to 21.2R3 or later. For versions 21.3 prior to 21.3R2, update to 21.3R2 or later. For versions 21.4 prior to 21.4R2, update to 21.4R2 or later.