CVE-2022-22227 is a vulnerability classified under CWE-754 (Improper Check for Unusual or Exceptional Conditions) affecting Juniper Networks Junos OS Evolved running on specific ACX7000 Series devices, namely ACX7100-48L, ACX7100-32C, and ACX7509. The vulnerability arises in the Packet Forwarding Engine (PFE) component of the operating system. When these devices receive specially crafted IPv6 transit traffic, instead of forwarding the traffic normally, the PFE incorrectly redirects it to the Routing Engine (RE). This behavior causes the RE to experience increased CPU utilization, leading to a partial Denial of Service (DoS) condition. The vulnerability only affects systems configured with IPv6 and does not impact the ACX7024 model, which has already incorporated the fix in Junos OS Evolved version 22.3R1-EVO and later. The affected Junos OS Evolved versions include 21.1-EVO, 21.2-EVO, 21.3-EVO, and 21.4-EVO prior to their respective patched releases (e.g., 21.1R3-S2-EVO, 21.2R3-S2-EVO, 21.3R3-EVO, 21.4R1-S1-EVO, and 21.4R2-EVO). The vulnerability can be exploited remotely by an unauthenticated attacker via network access, requiring no user interaction or privileges. The CVSS v3.1 base score is 5.3 (medium severity), reflecting that the impact is limited to availability (partial DoS), with no confidentiality or integrity impact. There are no known exploits in the wild as of the publication date. The root cause is an improper handling of exceptional IPv6 traffic conditions by the PFE, which leads to resource exhaustion on the RE. This vulnerability could disrupt network operations by degrading routing engine performance and potentially causing service interruptions in environments relying on affected Juniper devices for IPv6 transit traffic.

For European organizations, especially those operating large-scale networks or internet service providers using Juniper ACX7000 Series routers with Junos OS Evolved, this vulnerability poses a risk of partial Denial of Service. The impact primarily affects network availability and stability, potentially causing degraded routing performance or intermittent outages. Organizations heavily reliant on IPv6 transit traffic are particularly vulnerable, as the attack vector exploits IPv6 packet handling. Disruptions could affect critical infrastructure, enterprise networks, and service providers, leading to operational downtime, degraded user experience, and potential cascading effects on dependent services. Given the increasing adoption of IPv6 in Europe, the risk is non-trivial. However, the lack of confidentiality or integrity impact limits the threat to availability concerns. The unauthenticated, network-based nature of the attack means that threat actors could attempt exploitation remotely without insider access, increasing the attack surface. While no known exploits are reported in the wild, the medium severity rating and ease of exploitation warrant proactive mitigation to prevent potential service disruptions.

European organizations should prioritize upgrading affected Juniper Junos OS Evolved devices to the fixed versions as soon as possible: 21.1R3-S2-EVO or later for 21.1-EVO, 21.2R3-S2-EVO or later for 21.2-EVO, 21.3R3-EVO or later for 21.3-EVO, and 21.4R1-S1-EVO or later for 21.4-EVO. Network administrators should audit their environments to identify ACX7100-48L, ACX7100-32C, and ACX7509 devices running vulnerable versions with IPv6 enabled. If immediate patching is not feasible, organizations can implement IPv6 traffic filtering to block or rate-limit suspicious or unexpected IPv6 transit traffic patterns that could trigger the vulnerability. Monitoring CPU utilization on Routing Engines for unusual spikes can provide early detection of exploitation attempts. Employing network segmentation to isolate critical routing infrastructure and applying strict ingress and egress filtering on IPv6 traffic can reduce exposure. Additionally, organizations should maintain up-to-date network device inventories and ensure configuration management practices include vulnerability patching schedules. Coordination with Juniper support and subscribing to their security advisories will help maintain awareness of any emerging threats or additional mitigations.