Main Vulnerability Database SB2022041363

SB2022041363 - Resource exhaustion in Juniper Junos OS

Published: April 13, 2022

Security Bulletin ID SB2022041363

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Adjecent network

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Resource exhaustion (CVE-ID: CVE-2022-22191)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

A Denial of Service (DoS) vulnerability in the processing of a flood of specific ARP traffic in Juniper Networks Junos OS on the EX4300 switch, sent from the local broadcast domain, may allow an unauthenticated network-adjacent attacker to trigger a PFEMAN watchdog timeout, causing the Packet Forwarding Engine (PFE) to crash and restart.

After the restart, transit traffic will be temporarily interrupted until the PFE is reprogrammed.

Remediation

Install update from vendor's website.

References

https://supportportal.juniper.net/s/article/2022-04-Security-Bulletin-Junos-OS-EX4300-PFE-Denial-of-Service-DoS-upon-receipt-of-a-flood-of-specific-ARP-traffic-CVE-2022-22191