Vulnerability CVE-2022-22170 - CERT Civis.Net

Vulnerability Name:

CVE-2022-22170 (CCN-217141)

Assigned:

2021-12-21

Published:

2022-01-12

Updated:

2022-01-26

Summary:

A Missing Release of Resource after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause a Denial of Service (DoS) by sending specific packets over VXLAN which cause heap memory to leak and on exhaustion the PFE to reset. The heap memory utilization can be monitored with the command: user@host> show chassis fpc This issue affects: Juniper Networks Junos OS 19.4 versions prior to 19.4R2-S6, 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2. This issue does not affect versions of Junos OS prior to 19.4R1.

CVSS v3 Severity:

7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2022-22170

Source: XF
Type: UNKNOWN
juniper-cve202222170-dos(217141)

Source: CCN
Type: Juniper Networks Security Bulletin JSA11277
Junos OS and Junos OS Evolved: Specific packets over VXLAN cause memory leak and/or FPC reset (CVE-2022-22170, CVE-2022-22171)

Source: CONFIRM
Type: Vendor Advisory
https://kb.juniper.net/JSA11277

Vulnerable Configuration:

Configuration 1:

cpe:/o:juniper:junos:19.4:r1:*:*:*:*:*:*

OR cpe:/o:juniper:junos:19.4:r1-s1:*:*:*:*:*:*

OR cpe:/o:juniper:junos:19.4:r1-s2:*:*:*:*:*:*

OR cpe:/o:juniper:junos:19.4:r1-s3:*:*:*:*:*:*

OR cpe:/o:juniper:junos:19.4:r1-s4:*:*:*:*:*:*

OR cpe:/o:juniper:junos:19.4:r2:*:*:*:*:*:*

OR cpe:/o:juniper:junos:19.4:r2-s1:*:*:*:*:*:*

OR cpe:/o:juniper:junos:19.4:r2-s2:*:*:*:*:*:*

OR cpe:/o:juniper:junos:19.4:r2-s3:*:*:*:*:*:*

OR cpe:/o:juniper:junos:19.4:r2-s4:*:*:*:*:*:*

OR cpe:/o:juniper:junos:19.4:r2-s5:*:*:*:*:*:*

OR cpe:/o:juniper:junos:19.4:r3:*:*:*:*:*:*

OR cpe:/o:juniper:junos:19.4:r3-s1:*:*:*:*:*:*

OR cpe:/o:juniper:junos:19.4:r3-s2:*:*:*:*:*:*

OR cpe:/o:juniper:junos:19.4:r3-s3:*:*:*:*:*:*

OR cpe:/o:juniper:junos:19.4:r3-s4:*:*:*:*:*:*

OR cpe:/o:juniper:junos:19.4:r3-s5:*:*:*:*:*:*

OR cpe:/o:juniper:junos:19.4:r3-s6:*:*:*:*:*:*

OR cpe:/o:juniper:junos:20.1:r1:*:*:*:*:*:*

OR cpe:/o:juniper:junos:20.1:r1-s1:*:*:*:*:*:*

OR cpe:/o:juniper:junos:20.1:r1-s2:*:*:*:*:*:*

OR cpe:/o:juniper:junos:20.1:r1-s3:*:*:*:*:*:*

OR cpe:/o:juniper:junos:20.1:r1-s4:*:*:*:*:*:*

OR cpe:/o:juniper:junos:20.1:r2:*:*:*:*:*:*

OR cpe:/o:juniper:junos:20.1:r2-s1:*:*:*:*:*:*

OR cpe:/o:juniper:junos:20.1:r2-s2:*:*:*:*:*:*

OR cpe:/o:juniper:junos:20.1:r3:*:*:*:*:*:*

OR cpe:/o:juniper:junos:20.1:r3-s1:*:*:*:*:*:*

OR cpe:/o:juniper:junos:20.1:r3-s2:*:*:*:*:*:*

OR cpe:/o:juniper:junos:20.2:r1:*:*:*:*:*:*

OR cpe:/o:juniper:junos:20.2:r1-s1:*:*:*:*:*:*

OR cpe:/o:juniper:junos:20.2:r1-s2:*:*:*:*:*:*

OR cpe:/o:juniper:junos:20.2:r1-s3:*:*:*:*:*:*

OR cpe:/o:juniper:junos:20.2:r2:*:*:*:*:*:*

OR cpe:/o:juniper:junos:20.2:r2-s1:*:*:*:*:*:*

OR cpe:/o:juniper:junos:20.2:r2-s2:*:*:*:*:*:*

OR cpe:/o:juniper:junos:20.2:r2-s3:*:*:*:*:*:*

OR cpe:/o:juniper:junos:20.2:r3:*:*:*:*:*:*

OR cpe:/o:juniper:junos:20.2:r3-s1:*:*:*:*:*:*

OR cpe:/o:juniper:junos:20.2:r3-s2:*:*:*:*:*:*

OR cpe:/o:juniper:junos:20.3:r1:*:*:*:*:*:*

OR cpe:/o:juniper:junos:20.3:r1-s1:*:*:*:*:*:*

OR cpe:/o:juniper:junos:20.3:r2:*:*:*:*:*:*

OR cpe:/o:juniper:junos:20.3:r2-s1:*:*:*:*:*:*

OR cpe:/o:juniper:junos:20.3:r3:*:*:*:*:*:*

OR cpe:/o:juniper:junos:20.3:r3-s1:*:*:*:*:*:*

OR cpe:/o:juniper:junos:20.4:r1:*:*:*:*:*:*

OR cpe:/o:juniper:junos:20.4:r1-s1:*:*:*:*:*:*

OR cpe:/o:juniper:junos:20.4:r2:*:*:*:*:*:*

OR cpe:/o:juniper:junos:20.4:r2-s1:*:*:*:*:*:*

OR cpe:/o:juniper:junos:20.4:r2-s2:*:*:*:*:*:*

OR cpe:/o:juniper:junos:20.4:r3:*:*:*:*:*:*

OR cpe:/o:juniper:junos:21.1:r1:*:*:*:*:*:*

OR cpe:/o:juniper:junos:21.1:r1-s1:*:*:*:*:*:*

OR cpe:/o:juniper:junos:21.1:r2:*:*:*:*:*:*

OR cpe:/o:juniper:junos:21.1:r2-s1:*:*:*:*:*:*

OR cpe:/o:juniper:junos:21.2:r1:*:*:*:*:*:*

OR cpe:/o:juniper:junos:21.2:r1-s1:*:*:*:*:*:*

OR cpe:/o:juniper:junos:21.3:r1:*:*:*:*:*:*

Configuration CCN 1:

cpe:/o:juniper:junos:19.4:-:*:*:*:*:*:*

OR cpe:/o:juniper:junos:20.1:-:*:*:*:*:*:*

OR cpe:/o:juniper:junos:20.2:-:*:*:*:*:*:*

OR cpe:/o:juniper:junos:20.3:-:*:*:*:*:*:*

OR cpe:/o:juniper:junos:20.4:-:*:*:*:*:*:*

OR cpe:/o:juniper:junos:21.1:-:*:*:*:*:*:*

OR cpe:/o:juniper:junos:21.2:-:*:*:*:*:*:*

OR cpe:/o:juniper:junos:21.3:-:*:*:*:*:*:*

Denotes that component is vulnerable