Inefficient algorithmic complexity in Juniper Junos OS - CVE-2022-22153

 

Inefficient algorithmic complexity in Juniper Junos OS - CVE-2022-22153

Published: January 17, 2022


Vulnerability identifier: #VU59632
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2022-22153
CWE-ID: CWE-407
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Juniper Networks, Inc.
Affected software:
Juniper Junos OS

Detailed vulnerability description

The vulnerability allows a remote attacker to perform DoS attack.

The vulnerability exists due to insufficient algorithmic complexity along with an error of resource allocation in the flow processing daemon (flowd) on SRX Series and MX Series with SPC3. A remote attacker can cause latency in transit packet processing and even packet loss, if transit traffic includes a significant percentage (> 5%) of fragmented packets.


How to mitigate CVE-2022-22153

Install updates from vendor's website.

Sources