Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2022-22234 |
CWE-ID | CWE-399 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
Juniper Junos OS Operating systems & Components / Operating system |
Vendor | Juniper Networks, Inc. |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU81668
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-22234
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources in the Packet Forwarding Engine (PFE). If the device is very busy for example while executing a series of show
commands on the CLI one or more SFPs might not be detected anymore. The
system then changes its state to "unplugged" which is leading to traffic
impact and at least a partial DoS. A local user can cause a high load for the device and perform a denial of service attack.
Install updates from vendor's website.
Vulnerable software versionsJuniper Junos OS: 18.4 - 21.4R1-S2
External linksQ & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.