#VU68578 Memory leak in Juniper Junos OS - CVE-2022-22226
Published: October 21, 2022
Vulnerability identifier: #VU68578
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2022-22226
CWE-ID: CWE-401
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
Juniper Junos OS
Juniper Junos OS
Software vendor:
Juniper Networks, Inc.
Juniper Networks, Inc.
Description
The vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak within the Packet Forwarding Engine (PFE) when VxLAN is enabled. A remote attacker on the local network can send specific packets to the affected device and perform denial of service attack.
Remediation
Install updates from vendor's website. The vulnerability affects Juniper Networks Junos OS on EX4300-MP, EX4600, and QFX5000 Series.