Main Vulnerability Database Vulnerabilities #VU82505

#VU82505 Improper control of a resource through its lifetime in Junos OS Evolved and Juniper Junos OS - CVE-2022-22250

Published: October 12, 2022

Vulnerability identifier: #VU82505

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-22250

CWE-ID: CWE-664

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
Junos OS Evolved
Juniper Junos OS

Software vendor:
Juniper Networks, Inc.

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper control of a resource through its lifetime error in Packet Forwarding Engine (PFE). A remote non-authenticated attacker can cause a Denial of Service (DoS).

In an EVPN-MPLS scenario, if MAC is learned locally on access interface but later a request to delete is received indicating that the MAC was learnt remotely, it might lead to memory corruption which might result in line card crash and reload.

Remediation

Install updates from vendor's website.

External links

https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-An-FPC-might-crash-and-reload-if-the-EVPN-MAC-entry-is-move-from-local-to-remote-CVE-2022-22250

#VU82505 Improper control of a resource through its lifetime in Junos OS Evolved and Juniper Junos OS - CVE-2022-22250

Description

Remediation

External links

Please verify you're human