CVE-2022-22153

19.01.2022, 01:15

An Insufficient Algorithmic Complexity combined with an Allocation of Resources Without Limits or Throttling vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX Series and MX Series with SPC3 allows an unauthenticated network attacker to cause latency in transit packet processing and even packet loss. If transit traffic includes a significant percentage (> 5%) of fragmented packets which need to be reassembled, high latency or packet drops might be observed. This issue affects Juniper Networks Junos OS on SRX Series, MX Series with SPC3: All versions prior to 18.2R3; 18.3 versions prior to 18.3R3; 18.4 versions prior to 18.4R2-S9, 18.4R3; 19.1 versions prior to 19.1R2; 19.2 versions prior to 19.2R1-S1, 19.2R2.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
juniper	CNA	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 59%

Vendor	Product	Version
juniper	junos	𝑥 < 18.2
juniper	junos	18.2
juniper	junos	18.2:r
juniper	junos	18.2:r1
juniper	junos	18.2:r1
juniper	junos	18.2:r1-s2
juniper	junos	18.2:r1-s3
juniper	junos	18.2:r1-s4
juniper	junos	18.2:r1-s5
juniper	junos	18.2:r2
juniper	junos	18.2:r2-s1
juniper	junos	18.2:r2-s2
juniper	junos	18.2:r2-s3
juniper	junos	18.2:r2-s4
juniper	junos	18.2:r2-s5
juniper	junos	18.2:r2-s6
juniper	junos	18.2:r2-s7
juniper	junos	18.2:r2-s8
juniper	junos	18.3
juniper	junos	18.3:r
juniper	junos	18.3:r1
juniper	junos	18.3:r1-s1
juniper	junos	18.3:r1-s2
juniper	junos	18.3:r1-s3
juniper	junos	18.3:r1-s4
juniper	junos	18.3:r1-s5
juniper	junos	18.3:r1-s6
juniper	junos	18.3:r2
juniper	junos	18.3:r2-s1
juniper	junos	18.3:r2-s2
juniper	junos	18.3:r2-s3
juniper	junos	18.3:r2-s4
juniper	junos	18.4
juniper	junos	18.4:r1
juniper	junos	18.4:r1-s1
juniper	junos	18.4:r1-s2
juniper	junos	18.4:r1-s3
juniper	junos	18.4:r1-s4
juniper	junos	18.4:r1-s5
juniper	junos	18.4:r1-s6
juniper	junos	18.4:r1-s7
juniper	junos	18.4:r2
juniper	junos	18.4:r2-s1
juniper	junos	18.4:r2-s2
juniper	junos	18.4:r2-s3
juniper	junos	18.4:r2-s4
juniper	junos	18.4:r2-s5
juniper	junos	18.4:r2-s6
juniper	junos	18.4:r2-s7
juniper	junos	18.4:r2-s8
juniper	junos	19.1
juniper	junos	19.1:r1
juniper	junos	19.1:r1-s1
juniper	junos	19.1:r1-s2
juniper	junos	19.1:r1-s3
juniper	junos	19.1:r1-s4
juniper	junos	19.1:r1-s5
juniper	junos	19.1:r1-s6
juniper	junos	19.2
juniper	junos	19.2:r1

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-407 - Inefficient Algorithmic Complexity
An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an attacker, typically using crafted manipulations that ensure that the worst case is being reached.

References

https://kb.juniper.net/JSA11261