{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2022-22224","assignerOrgId":"8cbe9d5a-a066-4c94-8978-4b15efeae968","assignerShortName":"juniper","datePublished":"2022-10-18T02:46:25.868Z","dateUpdated":"2025-05-12T14:42:48.561Z","dateReserved":"2021-12-21T00:00:00.000Z"},"containers":{"cna":{"title":"Junos OS and Junos OS Evolved: PPMD goes into infinite loop upon receipt of malformed OSPF TLV","datePublic":"2022-10-12T00:00:00.000Z","providerMetadata":{"orgId":"8cbe9d5a-a066-4c94-8978-4b15efeae968","shortName":"juniper","dateUpdated":"2022-10-18T00:00:00.000Z"},"descriptions":[{"lang":"en","value":"An Improper Check or Handling of Exceptional Conditions vulnerability in the processing of a malformed OSPF TLV in Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause the periodic packet management daemon (PPMD) process to go into an infinite loop, which in turn can cause protocols and functions reliant on PPMD such as OSPF neighbor reachability to be impacted, resulting in a sustained Denial of Service (DoS) condition. The DoS condition persists until the PPMD process is manually restarted. This issue affects: Juniper Networks Junos OS: All versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S5; 19.3 versions prior to 19.3R3-S3; 19.4 versions prior to 19.4R3-S9; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3-S1; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2. Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S3-EVO; 21.1 versions prior to 21.1R2-EVO."}],"affected":[{"vendor":"Juniper Networks","product":"Junos OS","versions":[{"version":"unspecified","lessThan":"19.1R3-S9","status":"affected","versionType":"custom"},{"version":"19.2","status":"affected","lessThan":"19.2R3-S5","versionType":"custom"},{"version":"19.3","status":"affected","lessThan":"19.3R3-S3","versionType":"custom"},{"version":"19.4","status":"affected","lessThan":"19.4R3-S9","versionType":"custom"},{"version":"20.1","status":"affected","lessThan":"20.1R3","versionType":"custom"},{"version":"20.2","status":"affected","lessThan":"20.2R3-S1","versionType":"custom"},{"version":"20.3","status":"affected","lessThan":"20.3R3","versionType":"custom"},{"version":"20.4","status":"affected","lessThan":"20.4R3","versionType":"custom"},{"version":"21.1","status":"affected","lessThan":"21.1R2","versionType":"custom"}]},{"vendor":"Juniper Networks","product":"Junos OS Evolved","versions":[{"version":"unspecified","lessThan":"20.4R3-S3-EVO","status":"affected","versionType":"custom"},{"version":"21.1","status":"affected","lessThan":"21.1R2-EVO","versionType":"custom"}]}],"references":[{"url":"https://kb.juniper.net/JSA69874"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":6.5,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-703 Improper Check or Handling of Exceptional Conditions","cweId":"CWE-703"}]},{"descriptions":[{"type":"text","lang":"en","description":"Denial of Service (DoS)"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"advisory":"JSA69874","defect":["1582147"],"discovery":"USER"},"configurations":[{"lang":"en","value":"Exploitation of this issue requires OSPF to be enabled.  A sample OSPF configuration is shown below.\n\n  [protocols ospf area <area> interface <interface>]"}],"workarounds":[{"lang":"en","value":"There are no viable workarounds for this issue.  However, service can be restored by restarting the PPMD process from the Junos shell:\n\nFirst, identify the PID for the daemon.\n\n  root@Junos:~ # ps -aux | grep \"[p]pm\"\n  root   73848   0.0  0.0  740624  14072  -  S    29Apr22     20:53.61 /usr/sbin/ppmd -N\n\nSecond, kill the process.\n\n  root@Junos:~ # kill -9 73848"}],"exploits":[{"lang":"en","value":"Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}],"solutions":[{"lang":"en","value":"The following software releases have been updated to resolve this specific issue: \nJunos OS: 19.1R3-S9, 19.2R3-S5, 19.3R3-S3, 19.4R3-S9, 20.1R3, 20.2R3-S1, 20.3R3, 20.4R3, 21.1R2, 21.2R1, and all subsequent releases.\nJunos OS Evolved: 20.4R3-S3-EVO, 21.1R2-EVO, 21.2R1-EVO, and all subsequent releases."}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T03:07:49.819Z"},"title":"CVE Program Container","references":[{"url":"https://kb.juniper.net/JSA69874","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-05-12T14:42:42.726449Z","id":"CVE-2022-22224","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-05-12T14:42:48.561Z"}}]}}