CVE-2022-22170 An attacker can cause a DoS in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS by sending specific packets over VXLAN.

CVE-2022-22170 An attacker can cause a DoS in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS by sending specific packets over VXLAN.

When upgrading from a version of Junos prior to 19.4R1 to a version of Junos OS 19.4R1 or higher, there is a possibility of a missing memory leak after the upgrade. This issue can be mitigated by upgrading to a supported Junos version. For information on which versions of Junos OS are supported, see Recommended Upgrade Paths. This issue can be exploited remotely. It can be exploited by remote attackers via a compromised VXLAN interface, consuming a large amount of CPU resources on the device. This issue can be exploited by local attackers, consuming a large amount of CPU resources on the device. On exhaustion of the heap memory, the PFE on the device may crash and result in a Denial of Service (DoS). This issue can be exploited remotely. It can be exploited by an unauthenticated remote attacker to cause a Denial of Service (DoS) by sending specific packets over VXLAN which cause heap memory to leak and on exhaustion the PFE to reset. The heap memory utilization can be monitored with the command: user@host> show chassis fpc This issue affects: Juniper Networks Junos OS 19.4 versions prior to 19.4R2-S6, 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3

References: https://kb.juniper.net/InfoCenter/index?page=content&id=KB201928

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe