CVE-2022-22201

Name of the Vulnerable Software and Affected Versions Junos OS versions prior to 19.4R2-S6 Junos OS versions prior to 19.4R3-S7 Junos OS 20.1 versions prior to 20.1R3-S3 Junos OS 20.2 versions prior to 20.2R3-S4 Junos OS 20.3 versions prior to 20.3R3-S3 Junos OS 20.4 versions prior to 20.4R3-S2 Junos OS 21.1 versions prior to 21.1R3 Junos OS 21.2 versions prior to 21.2R3 Junos OS 21.3 versions prior to 21.3R1-S2 Junos OS 21.3 versions prior to 21.3R2

Description The issue is related to an improper validation of specified index, position, or offset in input in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS. This can allow a remote attacker to cause a Denial of Service (DoS). Specifically, on SRX5000 Series with SPC3, SRX4000 Series, and vSRX, when PowerMode IPsec is configured and a malformed ESP packet matching an established IPsec tunnel is received, the PFE crashes.

Recommendations For Junos OS versions prior to 19.4R2-S6, update to version 19.4R2-S6 or later. For Junos OS versions prior to 19.4R3-S7, update to version 19.4R3-S7 or later. For Junos OS 20.1 versions prior to 20.1R3-S3, update to version 20.1R3-S3 or later. For Junos OS 20.2 versions prior to 20.2R3-S4, update to version 20.2R3-S4 or later. For Junos OS 20.3 versions prior to 20.3R3-S3, update to version 20.3R3-S3 or later. For Junos OS 20.4 versions prior to 20.4R3-S2, update to version 20.4R3-S2 or later. For Junos OS 21.1 versions prior to 21.1R3, update to version 21.1R3 or later. For Junos OS 21.2 versions prior to 21.2R3, update to version 21.2R3 or later. For Junos OS 21.3 versions prior to 21.3R1-S2, update to version 21.3R1-S2 or later. For Junos OS 21.3 versions prior to 21.3R2, update to version 21.3R2 or later.