CVSS: 6.5EPSS: 0%CPEs: 142EXPL: 1CVE-2022-22215 – Junos OS and Junos OS Evolved: /var/run/<pid>.env files are potentially not deleted during termination of a gRPC connection causing inode exhaustion
https://notcve.org/view.php?id=CVE-2022-22215
A Missing Release of File Descriptor or Handle after Effective Lifetime vulnerability in plugable authentication module (PAM) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). It is possible that after the termination of a gRPC connection the respective/var/run/<pid>.env file is not getting deleted which if occurring repeatedly can cause inode exhaustion. Inode exhaustion can present itself in two different ways: 1. The following log message can be observed: host kernel: pid <pid> (<process>), uid <uid> inumber <number> on /.mount/var: out of inodes which by itself is a clear indication. 2. The following log message can be observed: host <process>[<pid>]: ... : No space left on device which is not deterministic and just a representation of a write error which could have several reasons. • https://kb.juniper.net/JSA69719 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 260EXPL: 0CVE-2022-22214 – Junos OS and Junos OS Evolved: In an MPLS scenario upon receipt of a specific IPv6 packet an FPC will crash
https://notcve.org/view.php?id=CVE-2022-22214
An Improper Input Validation vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent attacker to cause a PFE crash and thereby a Denial of Service (DoS). An FPC will crash and reboot after receiving a specific transit IPv6 packet over MPLS. Continued receipt of this packet will create a sustained Denial of Service (DoS) condition. This issue does not affect systems configured for IPv4 only. This issue affects: Juniper Networks Junos OS All versions prior to 12.3R12-S21; 15.1 versions prior to 15.1R7-S10; 17.3 versions prior to 17.3R3-S12; 18.3 versions prior to 18.3R3-S6; 18.4 versions prior to 18.4R2-S9, 18.4R3-S9; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S7, 19.3R3-S4; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S2, 20.4R3; 21.1 versions prior to 21.1R2. • https://kb.juniper.net/JSA69718 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 51EXPL: 0CVE-2022-22210 – Junos OS: QFX5000 Series and MX Series: An l2alm crash leading to an FPC crash can be observed in VxLAN scenario
https://notcve.org/view.php?id=CVE-2022-22210
A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on QFX5000 Series and MX Series allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS). On QFX5K Series and MX Series, when the PFE receives a specific VxLAN packet the Layer 2 Address Learning Manager (L2ALM) process will crash leading to an FPC reboot. Continued receipt of this specific packet will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS on QFX5000 Series, MX Series: 20.3 versions prior to 20.3R3-S3; 20.4 versions prior to 20.4R3-S2; 21.2 versions prior to 21.2R2-S1. This issue does not affect Juniper Networks Junos OS: All versions prior to 20.3R1; 21.1 version 21.1R1 and later versions. • https://kb.juniper.net/JSA69714 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 65EXPL: 0CVE-2022-22207 – Junos OS: MX Series with MPC11: In a GNF / node slicing scenario gathering AF interface statistics can lead to a kernel crash
https://notcve.org/view.php?id=CVE-2022-22207
A Use After Free vulnerability in the Advanced Forwarding Toolkit (AFT) manager process (aftmand) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause a kernel crash due to intensive polling of Abstracted Fabric (AF) interface statistics and thereby a Denial of Service (DoS). Continued gathering of AF interface statistics will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS on MX Series: 20.1 versions later than 20.1R1; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S4; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2; 21.2 versions prior to 21.2R2. Una vulnerabilidad de Uso de Memoria Previamente Liberada en el proceso de administración de Advanced Forwarding Toolkit (AFT) (aftmand) de Juniper Networks Junos OS permite a un atacante no autenticado en red causar un bloqueo del kernel debido al sondeo intensivo de las estadísticas de la interfaz de Abstracted Fabric (AF) y, por tanto, una Denegación de Servicio (DoS). La recopilación continuada de estadísticas de la interfaz AF creará una condición de Denegación de Servicio (DoS) sostenida. • https://kb.juniper.net/JSA69711 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 76EXPL: 0CVE-2022-22206 – Junos OS: SRX series: The PFE will crash when specific traffic is scanned by Enhanced Web Filtering safe-search
https://notcve.org/view.php?id=CVE-2022-22206
A Buffer Overflow vulnerability in the PFE of Juniper Networks Junos OS on SRX series allows an unauthenticated network based attacker to cause a Denial of Service (DoS). The PFE will crash when specific traffic is scanned by Enhanced Web Filtering safe-search feature of UTM (Unified Threat management). Continued receipt of this specific traffic will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS: 20.2 versions prior to 20.2R3-S4 on SRX Series; 20.3 versions prior to 20.3R3-S3 on SRX Series; 20.4 versions prior to 20.4R3-S3 on SRX Series; 21.1 versions prior to 21.1R3-S1 on SRX Series; 21.2 versions prior to 21.2R2-S2, 21.2R3 on SRX Series; 21.3 versions prior to 21.3R2 on SRX Series; 21.4 versions prior to 21.4R2 on SRX Series. This issue does not affect Juniper Networks Junos OS versions prior to 20.2R1. • https://kb.juniper.net/JSA69710 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •