CVE-2022-22212

Junos OS Evolved: A high rate of specific hostbound traffic will cause unexpected hostbound traffic delays or drops

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An Allocation of Resources Without Limits or Throttling vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved allows unauthenticated network based attacker to cause a Denial of Service (DoS). On all Junos Evolved platforms hostbound protocols will be impacted by a high rate of specific hostbound traffic from ports on a PFE. Continued receipt of this amount of traffic will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS Evolved: 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 21.2R1.

Una vulnerabilidad de Asignación de Recursos sin Límites o Estrangulamiento en el Motor de Reenvío de Paquetes (PFE) de Juniper Networks Junos OS Evolved permite a un atacante no autenticado basado en la red causar una Denegación de Servicio (DoS). En todas las plataformas Junos Evolved, los protocolos de recepción de host estarán afectados por una alta tasa de tráfico específico de host desde los puertos de un PFE. La recepción continuada de esta cantidad de tráfico creará una condición de Denegación de Servicio (DoS) sostenida. Este problema afecta a Juniper Networks Junos OS Evolved: versiones 21.2 anteriores a 21.2R3-EVO; versiones 21.3 anteriores a 21.3R2-EVO. Este problema no afecta a versiones de Juniper Networks Junos OS Evolved anteriores a 21.2R1

*Credits: N/A

CVSS Scores

NISTv3.1 7.5

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-12-21 CVE Reserved
2022-07-20 CVE Published
2023-12-31 EPSS Updated
2024-09-16 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-770: Allocation of Resources Without Limits or Throttling

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://kb.juniper.net/JSA69716	2022-07-29

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				21.2 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.2"		-		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				21.2 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.2"		r1		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				21.2 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.2"		r1-s1		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				21.2 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.2"		r1-s2		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				21.2 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.2"		r2		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				21.2 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.2"		r2-s1		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				21.2 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.2"		r2-s2		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				21.3 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.3"		-		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				21.3 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.3"		r1		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				21.3 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.3"		r1-s1		Affected