Denial of service when handling fragmented packets in Junos OS



Published: 2022-01-17
Risk Medium
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2022-22153
CWE-ID CWE-407
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Juniper Junos OS
Operating systems & Components / Operating system

Vendor Juniper Networks, Inc.

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Inefficient algorithmic complexity

EUVDB-ID: #VU59632

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-22153

CWE-ID: CWE-407 - Inefficient Algorithmic Complexity

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform DoS attack.

The vulnerability exists due to insufficient algorithmic complexity along with an error of resource allocation in the flow processing daemon (flowd) on SRX Series and MX Series with SPC3. A remote attacker can cause latency in transit packet processing and even packet loss, if transit traffic includes a significant percentage (> 5%) of fragmented packets.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Juniper Junos OS: 18.2 - 19.3

External links

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11261&cat=SIRT_1&actp=LIST


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###