CVE-2022-22240 is a vulnerability identified in the routing protocol daemon (rpd) component of Juniper Networks Junos OS and Junos OS Evolved. This vulnerability arises from two related issues: an allocation of resources without limits or throttling (CWE-770) and a missing release of memory after its effective lifetime (CWE-401). Specifically, in environments where Border Gateway Protocol (BGP) routing is highly scaled and rib-sharding is enabled, executing a particular CLI command can trigger a memory leak in the rpd process. The leak rate is variable and not constant, leading to a gradual depletion of available memory resources. Additionally, there is a temporary spike in memory usage during the execution of the command. The consequence of these issues is a Denial of Service (DoS) condition, as the rpd process may exhaust system memory, degrade performance, or crash, disrupting routing functions. The vulnerability requires local authentication with low privileges and does not require user interaction, making it exploitable by insiders or attackers who have gained limited access to the device. It affects multiple versions of Junos OS from 19.4 up to 21.3, including various subversions and Junos OS Evolved versions prior to specified patches. Notably, versions prior to 19.2R1 are not affected. The CVSS v3.1 base score is 5.5 (medium severity), reflecting the local attack vector, low complexity, low privileges required, no user interaction, and impact limited to availability without affecting confidentiality or integrity. There are no known exploits in the wild at the time of publication, and no direct patch links were provided in the source information, though Juniper has released fixed versions as indicated by the affected version ranges.

For European organizations, this vulnerability poses a significant risk to network infrastructure stability, particularly for large ISPs, data centers, and enterprises relying on Juniper routers running affected Junos OS versions in high-scale BGP environments with rib-sharding enabled. A successful exploitation could lead to denial of routing services, causing network outages, degraded connectivity, and potential cascading failures in dependent systems. This can disrupt critical business operations, impact service level agreements, and result in financial losses. Since the attack requires local authenticated access, the threat is heightened in environments where internal threat actors or compromised credentials exist. Given the reliance on Juniper networking equipment in European telecommunications and enterprise networks, the vulnerability could affect backbone routing and inter-domain routing, impacting internet service continuity and enterprise WAN connectivity. The temporary memory spikes and leaks could also complicate incident response and recovery, requiring device reboots or manual intervention, which may not be feasible in all operational contexts.

European organizations should prioritize upgrading affected Junos OS and Junos OS Evolved devices to the fixed versions specified by Juniper Networks, ensuring they are running versions at or beyond 19.4R3-S9, 20.2R3-S5, 20.3R3-S2, 20.4R3-S1, 21.1R3, 21.2R1-S2, 21.2R2-S1, 21.2R3, 21.3R2, or their equivalents in Junos OS Evolved. In addition, organizations should implement strict access controls to limit local authenticated access to trusted personnel only, employing multi-factor authentication and robust credential management to reduce the risk of insider threats or credential compromise. Monitoring memory usage patterns on rpd processes can help detect abnormal spikes indicative of exploitation attempts. Network segmentation and role-based access control (RBAC) on management interfaces can further reduce exposure. Regularly auditing device configurations to disable unnecessary CLI commands or restrict their use can mitigate attack vectors. Finally, organizations should maintain up-to-date incident response plans that include procedures for handling DoS conditions on routing devices, including safe reboot strategies and failover configurations to minimize downtime.