Resource exhaustion in Juniper Junos OS - CVE-2022-22191

 

Resource exhaustion in Juniper Junos OS - CVE-2022-22191

Published: April 13, 2022


Vulnerability identifier: #VU82466
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2022-22191
CWE-ID: CWE-400
Exploitation vector: Adjecent network
Exploit availability: No public exploit available
Vendor: Juniper Networks, Inc.
Affected software:
Juniper Junos OS

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

A Denial of Service (DoS) vulnerability in the processing of a flood of specific ARP traffic in Juniper Networks Junos OS on the EX4300 switch, sent from the local broadcast domain, may allow an unauthenticated network-adjacent attacker to trigger a PFEMAN watchdog timeout, causing the Packet Forwarding Engine (PFE) to crash and restart.

After the restart, transit traffic will be temporarily interrupted until the PFE is reprogrammed.


How to mitigate CVE-2022-22191

Install updates from vendor's website.

Sources