CVE-2022-22210

Published: Jul 20, 2022Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on QFX5000 Series and MX Series allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS). On QFX5K Series and MX Series, when the PFE receives a specific VxLAN packet the Layer 2 Address Learning Manager (L2ALM) process will crash leading to an FPC reboot. Continued receipt of this specific packet will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS on QFX5000 Series, MX Series: 20.3 versions prior to 20.3R3-S3; 20.4 versions prior to 20.4R3-S2; 21.2 versions prior to 21.2R2-S1. This issue does not affect Juniper Networks Junos OS: All versions prior to 20.3R1; 21.1 version 21.1R1 and later versions.

Affected (22)

Products: Juniper: Junos

Juniper

1 product

Junos

Configuration A

22 vulnerable · 29 platform

Vulnerable Software	Affected Versions
Juniper Junos	Version 20.3
Juniper Junos	Version 20.3 r1-s1
Juniper Junos	Version 20.3 r1-s2
Juniper Junos	Version 20.3 r1
Juniper Junos	Version 20.3 r2-s1
Juniper Junos	Version 20.3 r2
Juniper Junos	Version 20.3 r3-s1
Juniper Junos	Version 20.3 r3-s2
Juniper Junos	Version 20.3 r3
Juniper Junos	Version 20.4
Juniper Junos	Version 20.4 r1-s1
Juniper Junos	Version 20.4 r1
Juniper Junos	Version 20.4 r2-s1
Juniper Junos	Version 20.4 r2-s2
Juniper Junos	Version 20.4 r2
Juniper Junos	Version 20.4 r3-s1
Juniper Junos	Version 20.4 r3
Juniper Junos	Version 21.2
Juniper Junos	Version 21.2 r1-s1
Juniper Junos	Version 21.2 r1-s2
Juniper Junos	Version 21.2 r1
Juniper Junos	Version 21.2 r2

Running on/with	Platform Versions
Juniper Mx10	All versions
Juniper Mx10000	All versions
Juniper Mx10003	All versions
Juniper Mx10008	All versions
Juniper Mx10016	All versions
Juniper Mx104	All versions
Juniper Mx150	All versions
Juniper Mx2008	All versions
Juniper Mx2010	All versions
Juniper Mx2020	All versions
Juniper Mx204	All versions
Juniper Mx240	All versions
Juniper Mx40	All versions
Juniper Mx480	All versions
Juniper Mx5	All versions
Juniper Mx80	All versions
Juniper Mx960	All versions
Juniper Qfx5100	All versions
Juniper Qfx5100 96s	All versions
Juniper Qfx5110	All versions
Juniper Qfx5120	All versions
Juniper Qfx5130	All versions
Juniper Qfx5200	All versions
Juniper Qfx5200 32c	All versions
Juniper Qfx5200 48y	All versions
Juniper Qfx5210	All versions
Juniper Qfx5210 64c	All versions
Juniper Qfx5220	All versions
Juniper Qfx5700	All versions

Related CWEs

CWE-476

NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

References (2)

https://kb.juniper.net/JSA69714

Source: sirt@juniper.net

Vendor Advisory

https://kb.juniper.net/JSA69714

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.