CVE-2022-22216 Junos OS: PTX Series and QFX10000 Series: 'Etherleak' memory disclosure in Ethernet padding data

2022-07-1300:00:00

CWE-200

juniper

www.cve.org

4.3 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.3 Medium

AI Score

Confidence

High

0.026 Low

EPSS

Percentile

90.4%

JSON

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the PFE of Juniper Networks Junos OS on PTX Series and QFX10k Series allows an adjacent unauthenticated attacker to gain access to sensitive information. PTX1000 and PTX10000 Series, and QFX10000 Series and PTX5000 Series devices sometimes do not reliably pad Ethernet packets, and thus some packets can contain fragments of system memory or data from previous packets. This issue is also known as ‘Etherleak’ and often detected as CVE-2003-0001. This issue affects: Juniper Networks Junos OS on PTX1000 and PTX10000 Series: All versions prior to 18.4R3-S11; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S8, 19.2R3-S4; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R2-S5, 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R1-S1, 21.2R2. Juniper Networks Junos OS on QFX10000 Series and PTX5000 Series: All versions prior to 18.3R3-S6; 18.4 versions prior to 18.4R2-S9, 18.4R3-S10; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S8, 19.2R3-S4; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R2-S6, 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R2.

CNA Affected

[
  {
    "platforms": [
      "PTX1000, PTX10000 Series"
    ],
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "18.4R3-S11",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "19.1R2-S3, 19.1R3-S7",
        "status": "affected",
        "version": "19.1",
        "versionType": "custom"
      },
      {
        "lessThan": "19.2R1-S8, 19.2R3-S4",
        "status": "affected",
        "version": "19.2",
        "versionType": "custom"
      },
      {
        "lessThan": "19.3R3-S4",
        "status": "affected",
        "version": "19.3",
        "versionType": "custom"
      },
      {
        "lessThan": "19.4R2-S5, 19.4R3-S6",
        "status": "affected",
        "version": "19.4",
        "versionType": "custom"
      },
      {
        "lessThan": "20.1R3-S2",
        "status": "affected",
        "version": "20.1",
        "versionType": "custom"
      },
      {
        "lessThan": "20.2R3-S3",
        "status": "affected",
        "version": "20.2",
        "versionType": "custom"
      },
      {
        "lessThan": "20.3R3-S2",
        "status": "affected",
        "version": "20.3",
        "versionType": "custom"
      },
      {
        "lessThan": "20.4R3-S4",
        "status": "affected",
        "version": "20.4",
        "versionType": "custom"
      },
      {
        "lessThan": "21.1R2-S1, 21.1R3",
        "status": "affected",
        "version": "21.1",
        "versionType": "custom"
      },
      {
        "lessThan": "21.2R1-S1, 21.2R2",
        "status": "affected",
        "version": "21.2",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "QFX10000 Series, PTX5000 Series"
    ],
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "18.3R3-S6",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "18.4R2-S9, 18.4R3-S10",
        "status": "affected",
        "version": "18.4",
        "versionType": "custom"
      },
      {
        "lessThan": "19.1R2-S3, 19.1R3-S7",
        "status": "affected",
        "version": "19.1",
        "versionType": "custom"
      },
      {
        "lessThan": "19.2R1-S8, 19.2R3-S4",
        "status": "affected",
        "version": "19.2",
        "versionType": "custom"
      },
      {
        "lessThan": "19.3R3-S4",
        "status": "affected",
        "version": "19.3",
        "versionType": "custom"
      },
      {
        "lessThan": "19.4R2-S6, 19.4R3-S6",
        "status": "affected",
        "version": "19.4",
        "versionType": "custom"
      },
      {
        "lessThan": "20.1R3-S2",
        "status": "affected",
        "version": "20.1",
        "versionType": "custom"
      },
      {
        "lessThan": "20.2R3-S3",
        "status": "affected",
        "version": "20.2",
        "versionType": "custom"
      },
      {
        "lessThan": "20.3R3-S1",
        "status": "affected",
        "version": "20.3",
        "versionType": "custom"
      },
      {
        "lessThan": "20.4R3-S1",
        "status": "affected",
        "version": "20.4",
        "versionType": "custom"
      },
      {
        "lessThan": "21.1R2-S1, 21.1R3",
        "status": "affected",
        "version": "21.1",
        "versionType": "custom"
      },
      {
        "lessThan": "21.2R2",
        "status": "affected",
        "version": "21.2",
        "versionType": "custom"
      }
    ]
  }
]