CVE-2022-22168

19.01.2022, 01:15

An Improper Validation of Specified Type of Input vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated adjacent attacker to trigger a Missing Release of Memory after Effective Lifetime vulnerability. Continued exploitation of this vulnerability will eventually lead to an FPC reboot and thereby a Denial of Service (DoS). This issue affects: Juniper Networks Junos OS on vMX and MX150: All versions prior to 19.2R1-S8, 19.2R3-S4; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R2-S5, 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R1-S1, 21.2R2; 21.3 versions prior to 21.3R1-S1, 21.3R2.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.5 MEDIUM	ADJACENT_NETWORK	LOW	NONE	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
juniper	CNA	6.5 MEDIUM	ADJACENT_NETWORK	LOW	NONE	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 20%

Vendor	Product	Version
juniper	junos	𝑥 ≤ 19.1
juniper	junos	19.2
juniper	junos	19.2:r1
juniper	junos	19.2:r1-s1
juniper	junos	19.2:r1-s2
juniper	junos	19.2:r1-s3
juniper	junos	19.2:r1-s4
juniper	junos	19.2:r1-s5
juniper	junos	19.2:r1-s6
juniper	junos	19.2:r1-s7
juniper	junos	19.2:r2
juniper	junos	19.2:r2-s1
juniper	junos	19.2:r3
juniper	junos	19.2:r3-s1
juniper	junos	19.2:r3-s2
juniper	junos	19.2:r3-s3
juniper	junos	19.3
juniper	junos	19.3:r1
juniper	junos	19.3:r1-s1
juniper	junos	19.3:r2
juniper	junos	19.3:r2-s1
juniper	junos	19.3:r2-s2
juniper	junos	19.3:r2-s3
juniper	junos	19.3:r2-s4
juniper	junos	19.3:r2-s5
juniper	junos	19.3:r2-s6
juniper	junos	19.3:r3
juniper	junos	19.3:r3-s1
juniper	junos	19.3:r3-s2
juniper	junos	19.3:r3-s3
juniper	junos	19.3:r3-s4
juniper	junos	19.4:r1
juniper	junos	19.4:r1-s1
juniper	junos	19.4:r1-s2
juniper	junos	19.4:r1-s3
juniper	junos	19.4:r1-s4
juniper	junos	19.4:r2
juniper	junos	19.4:r2-s1
juniper	junos	19.4:r2-s2
juniper	junos	19.4:r2-s3
juniper	junos	19.4:r2-s4
juniper	junos	19.4:r3
juniper	junos	19.4:r3-s1
juniper	junos	19.4:r3-s2
juniper	junos	19.4:r3-s3
juniper	junos	19.4:r3-s4
juniper	junos	19.4:r3-s5
juniper	junos	20.1:r1
juniper	junos	20.1:r1-s1
juniper	junos	20.1:r1-s2
juniper	junos	20.1:r1-s3
juniper	junos	20.1:r1-s4
juniper	junos	20.1:r2
juniper	junos	20.1:r2-s1
juniper	junos	20.1:r2-s2
juniper	junos	20.1:r3
juniper	junos	20.1:r3-s1
juniper	junos	20.2:r1
juniper	junos	20.2:r1-s1
juniper	junos	20.2:r1-s2
juniper	junos	20.2:r1-s3
juniper	junos	20.2:r2
juniper	junos	20.2:r2-s1
juniper	junos	20.2:r2-s2
juniper	junos	20.2:r2-s3
juniper	junos	20.2:r3
juniper	junos	20.2:r3-s1
juniper	junos	20.2:r3-s2
juniper	junos	20.3:r1
juniper	junos	20.3:r1-s1
juniper	junos	20.3:r2
juniper	junos	20.3:r2-s1
juniper	junos	20.3:r3
juniper	junos	20.4:r1
juniper	junos	20.4:r1-s1
juniper	junos	20.4:r2
juniper	junos	20.4:r2-s1
juniper	junos	21.1:r1
juniper	junos	21.1:r1-s1
juniper	junos	21.1:r2
juniper	junos	21.2:r1
juniper	junos	21.3:r1

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-401 - Missing Release of Memory after Effective Lifetime
The software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References

https://kb.juniper.net/JSA11275