Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-22155 (GCVE-0-2022-22155)
Vulnerability from cvelistv5 – Published: 2022-01-19 00:20 – Updated: 2024-09-17 02:21
VLAI?
EPSS
Title
Junos OS: ACX5448: FPC memory leak due to IPv6 neighbor flaps
Summary
An Uncontrolled Resource Consumption vulnerability in the handling of IPv6 neighbor state change events in Juniper Networks Junos OS allows an adjacent attacker to cause a memory leak in the Flexible PIC Concentrator (FPC) of an ACX5448 router. The continuous flapping of an IPv6 neighbor with specific timing will cause the FPC to run out of resources, leading to a Denial of Service (DoS) condition. Once the condition occurs, further packet processing will be impacted, creating a sustained Denial of Service (DoS) condition, requiring a manual PFE restart to restore service. The following error messages will be seen after the FPC resources have been exhausted: fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 This issue only affects the ACX5448 router. No other products or platforms are affected by this vulnerability. This issue affects Juniper Networks Junos OS on ACX5448: 18.4 versions prior to 18.4R3-S10; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R1-S8, 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R1-S1, 20.2R2.
Severity ?
6.5 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
18.4 , < 18.4R3-S10
(custom)
Affected: 19.1 , < 19.1R3-S5 (custom) Affected: 19.2 , < 19.2R1-S8, 19.2R3-S2 (custom) Affected: 19.3 , < 19.3R2-S6, 19.3R3-S2 (custom) Affected: 19.4 , < 19.4R1-S3, 19.4R2-S2, 19.4R3 (custom) Affected: 20.1 , < 20.1R2 (custom) Affected: 20.2 , < 20.2R1-S1, 20.2R2 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:07:49.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11263"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"ACX5448"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "18.4R3-S10",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R3-S5",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R1-S8, 19.2R3-S2",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R2-S6, 19.3R3-S2",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R1-S3, 19.4R2-S2, 19.4R3",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R2",
"status": "affected",
"version": "20.1",
"versionType": "custom"
},
{
"lessThan": "20.2R1-S1, 20.2R2",
"status": "affected",
"version": "20.2",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-01-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Uncontrolled Resource Consumption vulnerability in the handling of IPv6 neighbor state change events in Juniper Networks Junos OS allows an adjacent attacker to cause a memory leak in the Flexible PIC Concentrator (FPC) of an ACX5448 router. The continuous flapping of an IPv6 neighbor with specific timing will cause the FPC to run out of resources, leading to a Denial of Service (DoS) condition. Once the condition occurs, further packet processing will be impacted, creating a sustained Denial of Service (DoS) condition, requiring a manual PFE restart to restore service. The following error messages will be seen after the FPC resources have been exhausted: fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 This issue only affects the ACX5448 router. No other products or platforms are affected by this vulnerability. This issue affects Juniper Networks Junos OS on ACX5448: 18.4 versions prior to 18.4R3-S10; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R1-S8, 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R1-S1, 20.2R2."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-772",
"description": "CWE-772 Missing Release of Resource after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-19T00:20:57.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11263"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 18.4R3-S10, 19.1R3-S5, 19.2R1-S8, 19.2R3-S2, 19.3R2-S6, 19.3R3-S2, 19.4R1-S3, 19.4R2-S2, 19.4R3, 20.1R2, 20.2R1-S1, 20.2R2, 20.3R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11263",
"defect": [
"1519372"
],
"discovery": "USER"
},
"title": "Junos OS: ACX5448: FPC memory leak due to IPv6 neighbor flaps",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2022-01-12T17:00:00.000Z",
"ID": "CVE-2022-22155",
"STATE": "PUBLIC",
"TITLE": "Junos OS: ACX5448: FPC memory leak due to IPv6 neighbor flaps"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "ACX5448",
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R3-S10"
},
{
"platform": "ACX5448",
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R3-S5"
},
{
"platform": "ACX5448",
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R1-S8, 19.2R3-S2"
},
{
"platform": "ACX5448",
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R2-S6, 19.3R3-S2"
},
{
"platform": "ACX5448",
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R1-S3, 19.4R2-S2, 19.4R3"
},
{
"platform": "ACX5448",
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R2"
},
{
"platform": "ACX5448",
"version_affected": "\u003c",
"version_name": "20.2",
"version_value": "20.2R1-S1, 20.2R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Uncontrolled Resource Consumption vulnerability in the handling of IPv6 neighbor state change events in Juniper Networks Junos OS allows an adjacent attacker to cause a memory leak in the Flexible PIC Concentrator (FPC) of an ACX5448 router. The continuous flapping of an IPv6 neighbor with specific timing will cause the FPC to run out of resources, leading to a Denial of Service (DoS) condition. Once the condition occurs, further packet processing will be impacted, creating a sustained Denial of Service (DoS) condition, requiring a manual PFE restart to restore service. The following error messages will be seen after the FPC resources have been exhausted: fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 This issue only affects the ACX5448 router. No other products or platforms are affected by this vulnerability. This issue affects Juniper Networks Junos OS on ACX5448: 18.4 versions prior to 18.4R3-S10; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R1-S8, 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R1-S1, 20.2R2."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-772 Missing Release of Resource after Effective Lifetime"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11263",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11263"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 18.4R3-S10, 19.1R3-S5, 19.2R1-S8, 19.2R3-S2, 19.3R2-S6, 19.3R3-S2, 19.4R1-S3, 19.4R2-S2, 19.4R3, 20.1R2, 20.2R1-S1, 20.2R2, 20.3R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11263",
"defect": [
"1519372"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2022-22155",
"datePublished": "2022-01-19T00:20:57.603Z",
"dateReserved": "2021-12-21T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:21:13.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2022-22155
Vulnerability from fkie_nvd - Published: 2022-01-19 01:15 - Updated: 2024-11-21 06:46
Severity ?
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
An Uncontrolled Resource Consumption vulnerability in the handling of IPv6 neighbor state change events in Juniper Networks Junos OS allows an adjacent attacker to cause a memory leak in the Flexible PIC Concentrator (FPC) of an ACX5448 router. The continuous flapping of an IPv6 neighbor with specific timing will cause the FPC to run out of resources, leading to a Denial of Service (DoS) condition. Once the condition occurs, further packet processing will be impacted, creating a sustained Denial of Service (DoS) condition, requiring a manual PFE restart to restore service. The following error messages will be seen after the FPC resources have been exhausted: fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 This issue only affects the ACX5448 router. No other products or platforms are affected by this vulnerability. This issue affects Juniper Networks Junos OS on ACX5448: 18.4 versions prior to 18.4R3-S10; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R1-S8, 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R1-S1, 20.2R2.
References
| URL | Tags | ||
|---|---|---|---|
| sirt@juniper.net | https://kb.juniper.net/JSA11263 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA11263 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:-:*:*:*:*:*:*",
"matchCriteriaId": "74CA9010-D3DE-487B-B46F-589A48AB0F0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "A38F224C-8E9B-44F3-9D4F-6C9F04F57927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "853F146A-9A0F-49B6-AFD2-9907434212F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "8F73B88B-E66C-4ACD-B38D-9365FB230ABA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r1-s3:*:*:*:*:*:*",
"matchCriteriaId": "EE1F82EC-3222-4158-8923-59CDA1909A9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r1-s4:*:*:*:*:*:*",
"matchCriteriaId": "8FE95D15-B5E5-4E74-9464-C72D8B646A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r1-s5:*:*:*:*:*:*",
"matchCriteriaId": "C012CD07-706A-4E1C-B399-C55AEF5C8309",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r1-s6:*:*:*:*:*:*",
"matchCriteriaId": "A0C26E59-874A-4D87-9E7F-E366F4D65ED1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r1-s7:*:*:*:*:*:*",
"matchCriteriaId": "75902119-60D0-49F8-8E01-666E0F75935A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "D59D7A31-128B-4034-862B-8EF3CE3EE949",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "0C5E097B-B79E-4E6A-9291-C8CB9674FED5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "819FA3ED-F934-4B20-BC0E-D638ACCB7787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r2-s3:*:*:*:*:*:*",
"matchCriteriaId": "3D7D773A-4988-4D7C-A105-1885EBE14426",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r2-s4:*:*:*:*:*:*",
"matchCriteriaId": "1BD93674-9375-493E-BD6C-8AD41CC75DD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r2-s5:*:*:*:*:*:*",
"matchCriteriaId": "34E28FD9-1089-42F7-8586-876DBEC965DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r2-s6:*:*:*:*:*:*",
"matchCriteriaId": "B7E72C49-1849-4A6F-81BC-D03F06D47D6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r2-s7:*:*:*:*:*:*",
"matchCriteriaId": "541535BD-20DC-4489-91A7-F6CBC6802352",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r2-s8:*:*:*:*:*:*",
"matchCriteriaId": "924C4EAC-2A52-45A9-BE0F-B62F070C3E3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r3:*:*:*:*:*:*",
"matchCriteriaId": "736B7A9F-E237-45AF-A6D6-84412475F481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "62E63730-F697-4FE6-936B-FD9B4F22EAE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "064A7052-4EF5-4BFB-88FF-8122AEECB6A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "08C58CCB-3BAA-4400-B371-556DF46DE69C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r3-s4:*:*:*:*:*:*",
"matchCriteriaId": "28F7740D-C636-4FA3-8479-E5E039041DA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r3-s5:*:*:*:*:*:*",
"matchCriteriaId": "81F6DEA3-F07E-4FD0-87CB-4E8C0B768706",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r3-s6:*:*:*:*:*:*",
"matchCriteriaId": "2C1601BB-CAB7-4C92-8416-1824BB85D820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r3-s7:*:*:*:*:*:*",
"matchCriteriaId": "14FC491D-8DA8-4E79-A9A6-3629E41C847A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r3-s8:*:*:*:*:*:*",
"matchCriteriaId": "44C4BE2C-814F-49AA-8B64-17245FC01270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:18.4:r3-s9:*:*:*:*:*:*",
"matchCriteriaId": "BEF1775A-1C37-462B-B9F8-F55E0CEB73B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.1:-:*:*:*:*:*:*",
"matchCriteriaId": "768C0EB7-8456-4BF4-8598-3401A54D21DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "5332B70A-F6B0-4C3B-90E2-5CBFB3326126",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.1:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "81439FE8-5405-45C2-BC04-9823D2009A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.1:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "E506138D-043E-485D-B485-94A2AB75F8E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.1:r1-s3:*:*:*:*:*:*",
"matchCriteriaId": "0EF3C901-3599-463F-BEFB-8858768DC195",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.1:r1-s4:*:*:*:*:*:*",
"matchCriteriaId": "CD806778-A995-4A9B-9C05-F4D7B1CB1F7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.1:r1-s5:*:*:*:*:*:*",
"matchCriteriaId": "02B42BE8-1EF2-47F7-9F10-DE486A017EED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.1:r1-s6:*:*:*:*:*:*",
"matchCriteriaId": "0B372356-D146-420B-95C3-381D0383B595",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "DCAB79C9-6639-4ED0-BEC9-E7C8229DF977",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.1:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "C8CF858F-84BB-4AEA-B829-FCF22C326160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.1:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "92292C23-DC38-42F1-97C1-8416BBB60FA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.1:r2-s3:*:*:*:*:*:*",
"matchCriteriaId": "59E2311C-075A-4C64-B614-728A21B17B1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "5405F361-AB96-4477-AA0D-49B874324B39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.1:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "E45E5421-2F6F-4AF9-8EB1-431A804FC649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.1:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "93098975-4A06-4A72-8DF0-F2C5E1AF2F77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.1:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "E1F3AEE4-CEB8-4CAA-A48A-1B4647FFFCDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.1:r3-s4:*:*:*:*:*:*",
"matchCriteriaId": "69E2DF80-63D8-48DD-BC73-C406B7AA3C7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.2:-:*:*:*:*:*:*",
"matchCriteriaId": "0E7545CE-6300-4E81-B5AF-2BE150C1B190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "4CA3060F-1800-4A06-A453-FB8CE4B65312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.2:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "9A5B337A-727C-4767-AD7B-E0F7F99EB46F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.2:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "16FDE60B-7A99-4683-BC14-530B5B005F8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.2:r1-s3:*:*:*:*:*:*",
"matchCriteriaId": "725D8C27-E4F8-4394-B4EC-B49B6D3C2709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.2:r1-s4:*:*:*:*:*:*",
"matchCriteriaId": "8233C3AB-470E-4D13-9BFD-C9E90918FD0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.2:r1-s5:*:*:*:*:*:*",
"matchCriteriaId": "5F7A233A-D4F6-46FA-92E9-2ACE13E4A6A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.2:r1-s6:*:*:*:*:*:*",
"matchCriteriaId": "ADCE4EA8-DDBA-4766-BB81-E4DA29723723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.2:r1-s7:*:*:*:*:*:*",
"matchCriteriaId": "2849078A-447A-4615-94E1-58AF450ED22A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "7C71D2FA-B1A4-4004-807F-7B3BB347DF4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.2:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "9E78E854-DDD3-4D1A-97AB-AEA70B9B811F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.2:r3:*:*:*:*:*:*",
"matchCriteriaId": "512FB3D1-BA5B-4F73-BDB2-49D6889F5473",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.2:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "7FCBFF57-83A1-4C1C-A38D-7DAB48BCA2EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.3:-:*:*:*:*:*:*",
"matchCriteriaId": "59006503-B2CA-4F79-AC13-7C5615A74CE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "B8110DA9-54B1-43CF-AACB-76EABE0C9EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.3:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "11B5CC5A-1959-4113-BFCF-E4BA63D918C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.3:r2:*:*:*:*:*:*",
"matchCriteriaId": "33F08A33-EF80-4D86-9A9A-9DF147B9B6D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.3:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "AF24ACBD-5F84-47B2-BFF3-E9A56666269C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.3:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "3935A586-41BD-4FA5-9596-DED6F0864777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.3:r2-s3:*:*:*:*:*:*",
"matchCriteriaId": "B83FB539-BD7C-4BEE-9022-098F73902F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.3:r2-s4:*:*:*:*:*:*",
"matchCriteriaId": "7659AC36-A5EA-468A-9793-C1EC914D36F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.3:r2-s5:*:*:*:*:*:*",
"matchCriteriaId": "E0E018E1-568E-40F2-ADA5-F71509811879",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.3:r3:*:*:*:*:*:*",
"matchCriteriaId": "B9295AF3-A883-47C3-BAF8-3D82F719733E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.3:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "F09D3262-394A-43D1-A4ED-8887FCB20F87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "DC743EE4-8833-452A-94DB-655BF139F883",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "FE96A8EA-FFE3-4D8F-9266-21899149D634",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "C12A75C6-2D00-4202-B861-00FF71585FA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "4DCFA774-96EF-4018-82CF-95C807025C24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:19.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "76022948-4B07-43CB-824C-44E1AB3537CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "8328FDE6-9707-4142-B905-3B07C0E28E35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.1:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "41CD982F-E6F2-4951-9F96-A76C142DF08E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.1:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "19FDC05F-5582-4F7E-B628-E58A3C0E7F2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.1:r1-s3:*:*:*:*:*:*",
"matchCriteriaId": "401306D1-E9CE-49C6-8DC9-0E8747B9DC2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.1:r1-s4:*:*:*:*:*:*",
"matchCriteriaId": "615EAF48-AD53-4CC2-B233-5EA5C0F72CB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:20.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "CD07B7E2-F5C2-4610-9133-FDA9E66DFF4F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:juniper:acx5448:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2EB7B849-D1D4-46F3-B502-5D84C5E7C3B0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Uncontrolled Resource Consumption vulnerability in the handling of IPv6 neighbor state change events in Juniper Networks Junos OS allows an adjacent attacker to cause a memory leak in the Flexible PIC Concentrator (FPC) of an ACX5448 router. The continuous flapping of an IPv6 neighbor with specific timing will cause the FPC to run out of resources, leading to a Denial of Service (DoS) condition. Once the condition occurs, further packet processing will be impacted, creating a sustained Denial of Service (DoS) condition, requiring a manual PFE restart to restore service. The following error messages will be seen after the FPC resources have been exhausted: fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 This issue only affects the ACX5448 router. No other products or platforms are affected by this vulnerability. This issue affects Juniper Networks Junos OS on ACX5448: 18.4 versions prior to 18.4R3-S10; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R1-S8, 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R1-S1, 20.2R2."
},
{
"lang": "es",
"value": "Una vulnerabilidad de consumo no controlado de recursos en el manejo de eventos de cambio de estado de vecinos IPv6 en Juniper Networks Junos OS permite a un atacante adyacente causar una p\u00e9rdida de memoria en el concentrador PIC flexible (FPC) de un router ACX5448. El aleteo continuo de un vecino IPv6 con una temporizaci\u00f3n espec\u00edfica causar\u00e1 que el FPC quede sin recursos, conllevando a una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Una vez que es producida la condici\u00f3n, el procesamiento posterior de paquetes estar\u00e1 afectado, creando una condici\u00f3n de denegaci\u00f3n de servicio (DoS) sostenida, que requerir\u00e1 un reinicio manual de la FPC para restaurar el servicio. Los siguientes mensajes de error se ver\u00e1n despu\u00e9s de que los recursos del FPC hayan sido agotados: fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 Este problema s\u00f3lo afecta al router ACX5448. Esta vulnerabilidad no afecta a otros productos o plataformas. Este problema afecta a Juniper Networks Junos OS en ACX5448: versiones 18.4 anteriores a 18.4R3-S10; versiones 19.1 anteriores a 19.1R3-S5; versiones 19.2 anteriores a 19.2R1-S8, 19.2R3-S2; versiones 19. 3 versiones anteriores a 19.3R2-S6, 19.3R3-S2; 19.4 versiones anteriores a 19.4R1-S3, 19.4R2-S2, 19.4R3; 20.1 versiones anteriores a 20.1R2; 20.2 versiones anteriores a 20.2R1-S1, versi\u00f3n 20.2R2"
}
],
"id": "CVE-2022-22155",
"lastModified": "2024-11-21T06:46:16.383",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-01-19T01:15:08.323",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA11263"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA11263"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
},
{
"lang": "en",
"value": "CWE-772"
}
],
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GSD-2022-22155
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
An Uncontrolled Resource Consumption vulnerability in the handling of IPv6 neighbor state change events in Juniper Networks Junos OS allows an adjacent attacker to cause a memory leak in the Flexible PIC Concentrator (FPC) of an ACX5448 router. The continuous flapping of an IPv6 neighbor with specific timing will cause the FPC to run out of resources, leading to a Denial of Service (DoS) condition. Once the condition occurs, further packet processing will be impacted, creating a sustained Denial of Service (DoS) condition, requiring a manual PFE restart to restore service. The following error messages will be seen after the FPC resources have been exhausted: fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 This issue only affects the ACX5448 router. No other products or platforms are affected by this vulnerability. This issue affects Juniper Networks Junos OS on ACX5448: 18.4 versions prior to 18.4R3-S10; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R1-S8, 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R1-S1, 20.2R2.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-22155",
"description": "An Uncontrolled Resource Consumption vulnerability in the handling of IPv6 neighbor state change events in Juniper Networks Junos OS allows an adjacent attacker to cause a memory leak in the Flexible PIC Concentrator (FPC) of an ACX5448 router. The continuous flapping of an IPv6 neighbor with specific timing will cause the FPC to run out of resources, leading to a Denial of Service (DoS) condition. Once the condition occurs, further packet processing will be impacted, creating a sustained Denial of Service (DoS) condition, requiring a manual PFE restart to restore service.\n\nThe following error messages will be seen after the FPC resources have been exhausted:\n\n fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40\n fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40\n fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40\n fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40\n\nThis issue only affects the ACX5448 router. No other products or platforms are affected by this vulnerability.\n\nThis issue affects Juniper Networks Junos OS on ACX5448:\n18.4 versions prior to 18.4R3-S10;\n19.1 versions prior to 19.1R3-S5;\n19.2 versions prior to 19.2R1-S8, 19.2R3-S2;\n19.3 versions prior to 19.3R2-S6, 19.3R3-S2;\n19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3;\n20.1 versions prior to 20.1R2;\n20.2 versions prior to 20.2R1-S1, 20.2R2.",
"id": "GSD-2022-22155"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-22155"
],
"details": "An Uncontrolled Resource Consumption vulnerability in the handling of IPv6 neighbor state change events in Juniper Networks Junos OS allows an adjacent attacker to cause a memory leak in the Flexible PIC Concentrator (FPC) of an ACX5448 router. The continuous flapping of an IPv6 neighbor with specific timing will cause the FPC to run out of resources, leading to a Denial of Service (DoS) condition. Once the condition occurs, further packet processing will be impacted, creating a sustained Denial of Service (DoS) condition, requiring a manual PFE restart to restore service. The following error messages will be seen after the FPC resources have been exhausted: fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 This issue only affects the ACX5448 router. No other products or platforms are affected by this vulnerability. This issue affects Juniper Networks Junos OS on ACX5448: 18.4 versions prior to 18.4R3-S10; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R1-S8, 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R1-S1, 20.2R2.",
"id": "GSD-2022-22155",
"modified": "2023-12-13T01:19:29.804515Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2022-01-12T17:00:00.000Z",
"ID": "CVE-2022-22155",
"STATE": "PUBLIC",
"TITLE": "Junos OS: ACX5448: FPC memory leak due to IPv6 neighbor flaps"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "ACX5448",
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R3-S10"
},
{
"platform": "ACX5448",
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R3-S5"
},
{
"platform": "ACX5448",
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R1-S8, 19.2R3-S2"
},
{
"platform": "ACX5448",
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R2-S6, 19.3R3-S2"
},
{
"platform": "ACX5448",
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R1-S3, 19.4R2-S2, 19.4R3"
},
{
"platform": "ACX5448",
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R2"
},
{
"platform": "ACX5448",
"version_affected": "\u003c",
"version_name": "20.2",
"version_value": "20.2R1-S1, 20.2R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Uncontrolled Resource Consumption vulnerability in the handling of IPv6 neighbor state change events in Juniper Networks Junos OS allows an adjacent attacker to cause a memory leak in the Flexible PIC Concentrator (FPC) of an ACX5448 router. The continuous flapping of an IPv6 neighbor with specific timing will cause the FPC to run out of resources, leading to a Denial of Service (DoS) condition. Once the condition occurs, further packet processing will be impacted, creating a sustained Denial of Service (DoS) condition, requiring a manual PFE restart to restore service. The following error messages will be seen after the FPC resources have been exhausted: fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 This issue only affects the ACX5448 router. No other products or platforms are affected by this vulnerability. This issue affects Juniper Networks Junos OS on ACX5448: 18.4 versions prior to 18.4R3-S10; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R1-S8, 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R1-S1, 20.2R2."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-772 Missing Release of Resource after Effective Lifetime"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11263",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11263"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 18.4R3-S10, 19.1R3-S5, 19.2R1-S8, 19.2R3-S2, 19.3R2-S6, 19.3R3-S2, 19.4R1-S3, 19.4R2-S2, 19.4R3, 20.1R2, 20.2R1-S1, 20.2R2, 20.3R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA11263",
"defect": [
"1519372"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no known workarounds for this issue."
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:18.4:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:18.4:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:18.4:r1-s1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:18.4:r1-s3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:18.4:r1-s4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:18.4:r1-s2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:18.4:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:18.4:r1-s5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:18.4:r2-s1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:18.4:r2-s2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:18.4:r3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:18.4:r2-s3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:18.4:r1-s6:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:18.4:r3-s2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:18.4:r3-s1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:18.4:r2-s4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:18.4:r3-s3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:18.4:r3-s4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:18.4:r3-s5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:18.4:r2-s5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:18.4:r2-s6:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:18.4:r1-s7:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:18.4:r3-s6:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:18.4:r3-s7:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:18.4:r2-s7:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:18.4:r2-s8:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:18.4:r3-s8:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:18.4:r3-s9:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:19.1:r2-s3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:19.1:r2-s2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:19.1:r1-s6:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:19.1:r3-s3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:19.1:r3-s4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:19.1:r1-s5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:19.1:r3-s2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:19.1:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:19.1:r1-s4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:19.1:r2-s1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:19.1:r3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:19.1:r3-s1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:19.1:r1-s1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:19.1:r1-s3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:19.1:r1-s2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:19.1:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:19.1:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:19.2:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:19.2:r1-s1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:19.2:r1-s2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:19.2:r1-s3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:19.2:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:19.2:r1-s4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:19.2:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:19.2:r2-s1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:19.2:r3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:19.2:r1-s5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:19.2:r3-s1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:19.2:r1-s6:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:19.2:r1-s7:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:19.3:r3-s1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:19.3:r2-s5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:19.3:r3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:19.3:r2-s4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:19.3:r2-s3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:19.3:r2-s2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:19.3:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:19.3:r2-s1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:19.3:r1-s1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:19.3:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:19.3:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:19.4:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:19.4:r1-s2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:19.4:r1-s1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:19.4:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:19.4:r2-s1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:20.1:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:20.1:r1-s2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:20.1:r1-s3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:20.1:r1-s4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:20.1:r1-s1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:20.2:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:juniper:acx5448:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"ID": "CVE-2022-22155"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An Uncontrolled Resource Consumption vulnerability in the handling of IPv6 neighbor state change events in Juniper Networks Junos OS allows an adjacent attacker to cause a memory leak in the Flexible PIC Concentrator (FPC) of an ACX5448 router. The continuous flapping of an IPv6 neighbor with specific timing will cause the FPC to run out of resources, leading to a Denial of Service (DoS) condition. Once the condition occurs, further packet processing will be impacted, creating a sustained Denial of Service (DoS) condition, requiring a manual PFE restart to restore service. The following error messages will be seen after the FPC resources have been exhausted: fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 This issue only affects the ACX5448 router. No other products or platforms are affected by this vulnerability. This issue affects Juniper Networks Junos OS on ACX5448: 18.4 versions prior to 18.4R3-S10; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R1-S8, 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R1-S1, 20.2R2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11263",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA11263"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2023-07-24T13:53Z",
"publishedDate": "2022-01-19T01:15Z"
}
}
}
CERTFR-2022-AVI-040
Vulnerability from certfr_avis - Published: 2022-01-13 - Updated: 2022-01-13
De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | N/A | Juniper Networks Contrail Service Orchestration versions antérieures à 6.1.0 Patch 3 | ||
| Juniper Networks | N/A | Junos sur MX versions 21.2 antérieures à 21.2R2 | ||
| Juniper Networks | N/A | Junos sur SRX versions 20.4 antérieures à 20.4R2-S2 ou 20.4R3 | ||
| Juniper Networks | N/A | Junos sur MX SPC3 et SRX versions 18.3 antérieures à 18.3R3 | ||
| Juniper Networks | N/A | Junos sur MX versions 20.4 antérieures à 20.4R3 | ||
| Juniper Networks | N/A | Junos versions 19.4 antérieures à 19.4R3-S6 | ||
| Juniper Networks | N/A | Junos sur MX SPC3 et SRX versions 19.2 antérieures à 19.2R1-S1 ou 19.2R2 | ||
| Juniper Networks | N/A | Junos sur ACX5448 versions 19.2 antérieures à 19.2R1-S8 ou 19.2R3-S2 | ||
| Juniper Networks | N/A | Junos versions 18.2 depuis 18.2R3-S6 | ||
| Juniper Networks | N/A | Junos sur SRX versions 20.1 antérieures à 20.1R3-S1 | ||
| Juniper Networks | N/A | Junos sur ACX5448 versions 19.4 antérieures à 19.4R1-S3 ou 19.4R2-S2 ou 19.4R3 | ||
| Juniper Networks | N/A | Junos Evolved versions 21.2 antérieures à 21.2R2-EVO | ||
| Juniper Networks | N/A | Junos versions 17.3 depuis 17.3R3-S9 antérieures à 17.3R3-S12 | ||
| Juniper Networks | N/A | Junos sur SRX versions 18.4 antérieures à 18.4R2-S10 ou 18.4R3-S10 | ||
| Juniper Networks | N/A | Junos sur MX versions 19.4 antérieures à 19.4R3-S5 | ||
| Juniper Networks | N/A | Junos versions 20.4 antérieures à 20.4R3-S1 | ||
| Juniper Networks | N/A | Junos versions 18.1 depuis 18.1R3-S11 antérieures à 18.1R3-S13 | ||
| Juniper Networks | N/A | Junos sur MX versions 20.2 antérieures à 20.2R3-S3 | ||
| N/A | N/A | Junos sur MX SPC3 et SRX versions antérieures à 18.2R3 | ||
| Juniper Networks | N/A | Junos versions 18.3 depuis 18.3R3-S4 antérieures à 18.3R3-S5 | ||
| Juniper Networks | N/A | Junos versions 19.4 antérieures à 19.4R2-S5 ou 19.4R3-S5 | ||
| N/A | N/A | Junos sur MX SPC3 et SRX versions 19.1 antérieures à 19.1R2 | ||
| Juniper Networks | N/A | Junos versions 16.1R1 antérieures à 18.4R3-S10 | ||
| Juniper Networks | N/A | Junos versions 19.2 antérieures à 19.2R1-S7 ou 19.2R3-S3 | ||
| Juniper Networks | N/A | Junos versions 20.4 antérieures à 20.4R2 | ||
| Juniper Networks | N/A | Junos versions 20.4 antérieures à 20.4R2-S2 ou 20.4R3 | ||
| N/A | N/A | Junos sur MX versions 20.3 antérieures à 20.3R3-S2 | ||
| Juniper Networks | N/A | Junos versions 20.1 antérieures à 20.1R2-S2 ou 20.1R3 | ||
| Juniper Networks | N/A | Junos versions 20.2 antérieures à 20.2R3-S3 | ||
| Juniper Networks | N/A | Junos sur SRX versions 21.1 antérieures à 21.1R2-S2 ou 21.1R3 | ||
| Juniper Networks | N/A | Junos sur vMX et MX150 versions 20.3 antérieures à 20.3R3-S1 | ||
| Juniper Networks | N/A | Junos sur MX versions 19.2 antérieures à 19.2R1-S8 ou 19.2R3-S4 | ||
| Juniper Networks | N/A | Junos versions 19.4 antérieures à 19.4R3-S7 | ||
| Juniper Networks | N/A | Junos Evolved versions antérieures à 20.4R2-S2-EVO | ||
| Juniper Networks | N/A | Junos sur MX versions 19.1 antérieures à 19.1R2-S3 ou 19.1R3-S7 | ||
| Juniper Networks | N/A | Junos sur MX SPC3 et SRX versions 18.4 antérieures à 18.4R2-S9 ou 18.4R3 | ||
| N/A | N/A | Junos versions 19.3 antérieures à 19.3R3-S4 | ||
| Juniper Networks | N/A | Junos versions 19.1 depuis 19.1R3-S3 antérieures à 19.1R3-S7 | ||
| Juniper Networks | N/A | Junos sur vMX et MX150 versions 21.1 antérieures à 21.1R2-S1 ou 21.1R3 | ||
| Juniper Networks | N/A | Junos versions 21.1 antérieures à 21.1R2-S2 ou 21.1R3 | ||
| Juniper Networks | N/A | Junos sur SRX versions 19.2 antérieures à 19.2R1-S8 ou 19.2R3-S4 | ||
| Juniper Networks | N/A | Junos versions 19.3 antérieures à 19.3R2-S7 ou 19.3R3-S4 | ||
| Juniper Networks | N/A | Junos version 20.4 antérieures à 20.4R3 | ||
| Juniper Networks | N/A | Junos sur MX versions 19.3 antérieures à 19.3R3-S4 | ||
| Juniper Networks | N/A | Junos versions 18.4 depuis 18.4R3-S5 antérieures à 18.4R3-S9 | ||
| Juniper Networks | N/A | Junos sur SRX versions 19.3 antérieures à 19.3R3-S3 | ||
| Juniper Networks | N/A | Junos versions 20.1 antérieures à 20.1R3-S1 | ||
| Juniper Networks | N/A | Junos versions 19.2 antérieures à 19.2R1-S8 ou 19.2R3-S4 | ||
| Juniper Networks | N/A | Junos sur SRX versions 19.1 antérieures à 19.1R3-S8 | ||
| Juniper Networks | N/A | Junos version 18.4 antérieures à 18.4R3-S9 | ||
| Juniper Networks | N/A | Junos sur vMX et MX150 versions 19.3 antérieures à 19.3R3-S5 | ||
| N/A | N/A | Junos sur SRX versions 19.4 antérieures à 19.4R3-S5 | ||
| Juniper Networks | N/A | Junos versions 21.1 antérieures à 21.1R2-S1 ou 21.1R3 | ||
| Juniper Networks | N/A | Junos versions 18.4 antérieures à 18.4R2-S9 ou 18.4R3-S9 | ||
| Juniper Networks | N/A | Junos versions 21.1 antérieures à 21.1R2 | ||
| Juniper Networks | N/A | Junos version 19.2 antérieures à 19.2R1-S8 ou 19.2R3-S3 | ||
| Juniper Networks | N/A | Junos sur ACX5448 versions 19.1 antérieures à 19.1R3-S5 | ||
| Juniper Networks | N/A | Junos versions antérieures à 18.3R3-S6 | ||
| Juniper Networks | N/A | Junos versions 19.2 antérieures à 19.2R1-S7 ou 19.2R3-S4 | ||
| Juniper Networks | N/A | Junos version 19.4 antérieures à 19.4R3-S5 | ||
| Juniper Networks | N/A | Junos sur SRX versions 20.3 antérieures à 20.3R3-S1 | ||
| Juniper Networks | N/A | Junos sur vMX et MX150 versions antérieures à 19.2R1-S8 ou 19.2R3-S4 | ||
| Juniper Networks | N/A | Junos sur SRX versions 20.2 antérieures à 20.2R3-S2 | ||
| Juniper Networks | N/A | Junos versions 19.2 antérieures à 19.2R3-S4 | ||
| Juniper Networks | N/A | Junos sur SRX versions 21.2 antérieures à 21.2R2 | ||
| Juniper Networks | N/A | Junos version 20.2 antérieures à 20.2R3-S2 | ||
| Juniper Networks | N/A | Junos Evolved versions 21.1 depuis 21.1R1-EVO | ||
| Juniper Networks | N/A | Junos sur vMX et MX150 versions 20.4 antérieures à 20.4R3 | ||
| Juniper Networks | N/A | Junos sur vMX et MX150 versions 20.1 antérieures à 20.1R3-S2 | ||
| Juniper Networks | N/A | Junos versions 18.4 antérieures à 18.4R2-S9 ou 18.4R3-S10 | ||
| Juniper Networks | N/A | Junos version 20.3 antérieures à 20.3R3-S1 | ||
| Juniper Networks | N/A | Junos sur vMX et MX150 versions 19.4 antérieures à 19.4R2-S5 ou 19.4R3-S6 | ||
| Juniper Networks | N/A | Junos versions 21.1 antérieures à 21.1R1-S1 ou 21.1R2 | ||
| Juniper Networks | N/A | Junos versions 19.1 antérieures à 19.1R3-S7 | ||
| Juniper Networks | N/A | Junos version 21.1 antérieures à 21.1R2 | ||
| Juniper Networks | N/A | Junos versions 21.1 antérieures à 21.1R3 | ||
| Juniper Networks | N/A | Junos versions 20.2 antérieures à 20.2R3 | ||
| Juniper Networks | N/A | Junos version 21.2 antérieures à 21.2R2 | ||
| Juniper Networks | N/A | Junos sur ACX5448 versions 18.4 antérieures à 18.4R3-S10 | ||
| Juniper Networks | N/A | Junos version 20.1 antérieures à 20.1R3-S1 | ||
| Juniper Networks | N/A | Junos versions 19.1 antérieures à 19.1R2-S3 ou 19.1R3-S7 | ||
| N/A | N/A | Junos sur vMX et MX150 versions 21.2 antérieures à 21.2R1-S1 ou 21.2R2 | ||
| Juniper Networks | N/A | Junos versions 15.1 antérieures à 15.1R7-S11 | ||
| Juniper Networks | N/A | Junos versions 17.4 depuis 17.4R3-S3 antérieures à 17.4R3-S5 | ||
| Juniper Networks | N/A | Junos versions antérieures à 15.1R7-S11 | ||
| Juniper Networks | N/A | Junos sur ACX5448 versions 19.3 antérieures à 19.3R2-S6 ou 19.3R3-S2 | ||
| Juniper Networks | N/A | Junos versions 20.1 antérieures à 20.1R3-S2 | ||
| Juniper Networks | N/A | Junos sur vMX et MX150 versions 21.3 antérieures à 21.3R1-S1 ou 21.3R2 | ||
| Juniper Networks | N/A | Junos sur MX versions 16.1 depuis 16.1R1 antérieures à 18.4R3-S10 | ||
| Juniper Networks | N/A | Junos sur ACX5448 versions 20.1 antérieures à 20.1R2 | ||
| Juniper Networks | N/A | Junos versions antérieures à 18.4R2-S9 ou 18.4R3-S9 | ||
| Juniper Networks | N/A | Junos version 19.1 antérieures à 19.1R2-S3 ou 19.1R3-S7 | ||
| Juniper Networks | N/A | Junos sur MX versions 20.1 antérieures à 20.1R3-S3 | ||
| Juniper Networks | N/A | Junos sur vMX et MX150 versions 20.2 antérieures à 20.2R3-S3 | ||
| Juniper Networks | N/A | Junos versions 21.2 antérieures à 21.2R1-S1 ou 21.2R2 | ||
| Juniper Networks | N/A | Junos versions 20.3 antérieures à 20.3R3-S1 | ||
| Juniper Networks | N/A | Junos sur MX versions 21.1 antérieures à 21.1R3 | ||
| Juniper Networks | N/A | Junos versions 20.3 antérieures à 20.3R2-S1 ou 20.3R3 | ||
| Juniper Networks | N/A | Junos versions 20.2 antérieures à 20.2R3-S2 | ||
| Juniper Networks | N/A | Junos sur ACX5448 versions 20.2 antérieures à 20.2R1-S1 ou 20.2R2 | ||
| Juniper Networks | N/A | Junos versions 18.3 antérieures à 18.3R3-S6 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Juniper Networks Contrail Service Orchestration versions ant\u00e9rieures \u00e0 6.1.0 Patch 3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos sur MX versions 21.2 ant\u00e9rieures \u00e0 21.2R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos sur SRX versions 20.4 ant\u00e9rieures \u00e0 20.4R2-S2 ou 20.4R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos sur MX SPC3 et SRX versions 18.3 ant\u00e9rieures \u00e0 18.3R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos sur MX versions 20.4 ant\u00e9rieures \u00e0 20.4R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos versions 19.4 ant\u00e9rieures \u00e0 19.4R3-S6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos sur MX SPC3 et SRX versions 19.2 ant\u00e9rieures \u00e0 19.2R1-S1 ou 19.2R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos sur ACX5448 versions 19.2 ant\u00e9rieures \u00e0 19.2R1-S8 ou 19.2R3-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos versions 18.2 depuis 18.2R3-S6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos sur SRX versions 20.1 ant\u00e9rieures \u00e0 20.1R3-S1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos sur ACX5448 versions 19.4 ant\u00e9rieures \u00e0 19.4R1-S3 ou 19.4R2-S2 ou 19.4R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Evolved versions 21.2 ant\u00e9rieures \u00e0 21.2R2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos versions 17.3 depuis 17.3R3-S9 ant\u00e9rieures \u00e0 17.3R3-S12",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos sur SRX versions 18.4 ant\u00e9rieures \u00e0 18.4R2-S10 ou 18.4R3-S10",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos sur MX versions 19.4 ant\u00e9rieures \u00e0 19.4R3-S5",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos versions 20.4 ant\u00e9rieures \u00e0 20.4R3-S1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos versions 18.1 depuis 18.1R3-S11 ant\u00e9rieures \u00e0 18.1R3-S13",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos sur MX versions 20.2 ant\u00e9rieures \u00e0 20.2R3-S3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos sur MX SPC3 et SRX versions ant\u00e9rieures \u00e0 18.2R3",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Junos versions 18.3 depuis 18.3R3-S4 ant\u00e9rieures \u00e0 18.3R3-S5",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos versions 19.4 ant\u00e9rieures \u00e0 19.4R2-S5 ou 19.4R3-S5",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos sur MX SPC3 et SRX versions 19.1 ant\u00e9rieures \u00e0 19.1R2",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Junos versions 16.1R1 ant\u00e9rieures \u00e0 18.4R3-S10",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos versions 19.2 ant\u00e9rieures \u00e0 19.2R1-S7 ou 19.2R3-S3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos versions 20.4 ant\u00e9rieures \u00e0 20.4R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos versions 20.4 ant\u00e9rieures \u00e0 20.4R2-S2 ou 20.4R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos sur MX versions 20.3 ant\u00e9rieures \u00e0 20.3R3-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Junos versions 20.1 ant\u00e9rieures \u00e0 20.1R2-S2 ou 20.1R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos versions 20.2 ant\u00e9rieures \u00e0 20.2R3-S3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos sur SRX versions 21.1 ant\u00e9rieures \u00e0 21.1R2-S2 ou 21.1R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos sur vMX et MX150 versions 20.3 ant\u00e9rieures \u00e0 20.3R3-S1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos sur MX versions 19.2 ant\u00e9rieures \u00e0 19.2R1-S8 ou 19.2R3-S4",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos versions 19.4 ant\u00e9rieures \u00e0 19.4R3-S7",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Evolved versions ant\u00e9rieures \u00e0 20.4R2-S2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos sur MX versions 19.1 ant\u00e9rieures \u00e0 19.1R2-S3 ou 19.1R3-S7",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos sur MX SPC3 et SRX versions 18.4 ant\u00e9rieures \u00e0 18.4R2-S9 ou 18.4R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos versions 19.3 ant\u00e9rieures \u00e0 19.3R3-S4",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Junos versions 19.1 depuis 19.1R3-S3 ant\u00e9rieures \u00e0 19.1R3-S7",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos sur vMX et MX150 versions 21.1 ant\u00e9rieures \u00e0 21.1R2-S1 ou 21.1R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos versions 21.1 ant\u00e9rieures \u00e0 21.1R2-S2 ou 21.1R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos sur SRX versions 19.2 ant\u00e9rieures \u00e0 19.2R1-S8 ou 19.2R3-S4",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos versions 19.3 ant\u00e9rieures \u00e0 19.3R2-S7 ou 19.3R3-S4",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos version 20.4 ant\u00e9rieures \u00e0 20.4R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos sur MX versions 19.3 ant\u00e9rieures \u00e0 19.3R3-S4",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos versions 18.4 depuis 18.4R3-S5 ant\u00e9rieures \u00e0 18.4R3-S9",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos sur SRX versions 19.3 ant\u00e9rieures \u00e0 19.3R3-S3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos versions 20.1 ant\u00e9rieures \u00e0 20.1R3-S1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos versions 19.2 ant\u00e9rieures \u00e0 19.2R1-S8 ou 19.2R3-S4",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos sur SRX versions 19.1 ant\u00e9rieures \u00e0 19.1R3-S8",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos version 18.4 ant\u00e9rieures \u00e0 18.4R3-S9",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos sur vMX et MX150 versions 19.3 ant\u00e9rieures \u00e0 19.3R3-S5",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos sur SRX versions 19.4 ant\u00e9rieures \u00e0 19.4R3-S5",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Junos versions 21.1 ant\u00e9rieures \u00e0 21.1R2-S1 ou 21.1R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos versions 18.4 ant\u00e9rieures \u00e0 18.4R2-S9 ou 18.4R3-S9",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos versions 21.1 ant\u00e9rieures \u00e0 21.1R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos version 19.2 ant\u00e9rieures \u00e0 19.2R1-S8 ou 19.2R3-S3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos sur ACX5448 versions 19.1 ant\u00e9rieures \u00e0 19.1R3-S5",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos versions ant\u00e9rieures \u00e0 18.3R3-S6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos versions 19.2 ant\u00e9rieures \u00e0 19.2R1-S7 ou 19.2R3-S4",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos version 19.4 ant\u00e9rieures \u00e0 19.4R3-S5",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos sur SRX versions 20.3 ant\u00e9rieures \u00e0 20.3R3-S1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos sur vMX et MX150 versions ant\u00e9rieures \u00e0 19.2R1-S8 ou 19.2R3-S4",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos sur SRX versions 20.2 ant\u00e9rieures \u00e0 20.2R3-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos versions 19.2 ant\u00e9rieures \u00e0 19.2R3-S4",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos sur SRX versions 21.2 ant\u00e9rieures \u00e0 21.2R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos version 20.2 ant\u00e9rieures \u00e0 20.2R3-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Evolved versions 21.1 depuis 21.1R1-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos sur vMX et MX150 versions 20.4 ant\u00e9rieures \u00e0 20.4R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos sur vMX et MX150 versions 20.1 ant\u00e9rieures \u00e0 20.1R3-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos versions 18.4 ant\u00e9rieures \u00e0 18.4R2-S9 ou 18.4R3-S10",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos version 20.3 ant\u00e9rieures \u00e0 20.3R3-S1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos sur vMX et MX150 versions 19.4 ant\u00e9rieures \u00e0 19.4R2-S5 ou 19.4R3-S6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos versions 21.1 ant\u00e9rieures \u00e0 21.1R1-S1 ou 21.1R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos versions 19.1 ant\u00e9rieures \u00e0 19.1R3-S7",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos version 21.1 ant\u00e9rieures \u00e0 21.1R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos versions 21.1 ant\u00e9rieures \u00e0 21.1R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos versions 20.2 ant\u00e9rieures \u00e0 20.2R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos version 21.2 ant\u00e9rieures \u00e0 21.2R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos sur ACX5448 versions 18.4 ant\u00e9rieures \u00e0 18.4R3-S10",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos version 20.1 ant\u00e9rieures \u00e0 20.1R3-S1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos versions 19.1 ant\u00e9rieures \u00e0 19.1R2-S3 ou 19.1R3-S7",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos sur vMX et MX150 versions 21.2 ant\u00e9rieures \u00e0 21.2R1-S1 ou 21.2R2",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Junos versions 15.1 ant\u00e9rieures \u00e0 15.1R7-S11",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos versions 17.4 depuis 17.4R3-S3 ant\u00e9rieures \u00e0 17.4R3-S5",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos versions ant\u00e9rieures \u00e0 15.1R7-S11",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos sur ACX5448 versions 19.3 ant\u00e9rieures \u00e0 19.3R2-S6 ou 19.3R3-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos versions 20.1 ant\u00e9rieures \u00e0 20.1R3-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos sur vMX et MX150 versions 21.3 ant\u00e9rieures \u00e0 21.3R1-S1 ou 21.3R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos sur MX versions 16.1 depuis 16.1R1 ant\u00e9rieures \u00e0 18.4R3-S10",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos sur ACX5448 versions 20.1 ant\u00e9rieures \u00e0 20.1R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos versions ant\u00e9rieures \u00e0 18.4R2-S9 ou 18.4R3-S9",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos version 19.1 ant\u00e9rieures \u00e0 19.1R2-S3 ou 19.1R3-S7",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos sur MX versions 20.1 ant\u00e9rieures \u00e0 20.1R3-S3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos sur vMX et MX150 versions 20.2 ant\u00e9rieures \u00e0 20.2R3-S3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos versions 21.2 ant\u00e9rieures \u00e0 21.2R1-S1 ou 21.2R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos versions 20.3 ant\u00e9rieures \u00e0 20.3R3-S1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos sur MX versions 21.1 ant\u00e9rieures \u00e0 21.1R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos versions 20.3 ant\u00e9rieures \u00e0 20.3R2-S1 ou 20.3R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos versions 20.2 ant\u00e9rieures \u00e0 20.2R3-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos sur ACX5448 versions 20.2 ant\u00e9rieures \u00e0 20.2R1-S1 ou 20.2R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos versions 18.3 ant\u00e9rieures \u00e0 18.3R3-S6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-22155",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22155"
},
{
"name": "CVE-2022-22163",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22163"
},
{
"name": "CVE-2022-22160",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22160"
},
{
"name": "CVE-2022-22154",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22154"
},
{
"name": "CVE-2022-22162",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22162"
},
{
"name": "CVE-2022-22153",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22153"
},
{
"name": "CVE-2022-22152",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22152"
},
{
"name": "CVE-2022-22161",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22161"
},
{
"name": "CVE-2022-22168",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22168"
},
{
"name": "CVE-2022-22164",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22164"
},
{
"name": "CVE-2022-22169",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22169"
},
{
"name": "CVE-2022-22167",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22167"
},
{
"name": "CVE-2022-22157",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22157"
},
{
"name": "CVE-2022-22166",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22166"
},
{
"name": "CVE-2022-22156",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22156"
},
{
"name": "CVE-2022-22159",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22159"
}
],
"initial_release_date": "2022-01-13T00:00:00",
"last_revision_date": "2022-01-13T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-040",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-01-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nun d\u00e9ni de service \u00e0 distance, un contournement de la politique de\ns\u00e9curit\u00e9 et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11271 du 13 janvier 2022",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11271\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11265 du 13 janvier 2022",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11265\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11270 du 13 janvier 2022",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11270\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11262 du 13 janvier 2022",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11262\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11275 du 13 janvier 2022",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11275\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11274 du 13 janvier 2022",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11274\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11263 du 13 janvier 2022",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11263\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11276 du 13 janvier 2022",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11276\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11260 du 13 janvier 2022",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11260\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11269 du 13 janvier 2022",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11269\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11261 du 13 janvier 2022",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11261\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11272 du 13 janvier 2022",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11272\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11264 du 13 janvier 2022",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11264\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11268 du 13 janvier 2022",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11268\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11267 du 13 janvier 2022",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11267\u0026cat=SIRT_1\u0026actp=LIST"
}
]
}
GHSA-F5XQ-H855-6HMF
Vulnerability from github – Published: 2022-01-20 00:02 – Updated: 2023-07-24 15:30
VLAI?
Details
An Uncontrolled Resource Consumption vulnerability in the handling of IPv6 neighbor state change events in Juniper Networks Junos OS allows an adjacent attacker to cause a memory leak in the Flexible PIC Concentrator (FPC) of an ACX5448 router. The continuous flapping of an IPv6 neighbor with specific timing will cause the FPC to run out of resources, leading to a Denial of Service (DoS) condition. Once the condition occurs, further packet processing will be impacted, creating a sustained Denial of Service (DoS) condition, requiring a manual PFE restart to restore service. The following error messages will be seen after the FPC resources have been exhausted: fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 This issue only affects the ACX5448 router. No other products or platforms are affected by this vulnerability. This issue affects Juniper Networks Junos OS on ACX5448: 18.4 versions prior to 18.4R3-S10; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R1-S8, 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R1-S1, 20.2R2.
Severity ?
6.5 (Medium)
{
"affected": [],
"aliases": [
"CVE-2022-22155"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-19T01:15:00Z",
"severity": "MODERATE"
},
"details": "An Uncontrolled Resource Consumption vulnerability in the handling of IPv6 neighbor state change events in Juniper Networks Junos OS allows an adjacent attacker to cause a memory leak in the Flexible PIC Concentrator (FPC) of an ACX5448 router. The continuous flapping of an IPv6 neighbor with specific timing will cause the FPC to run out of resources, leading to a Denial of Service (DoS) condition. Once the condition occurs, further packet processing will be impacted, creating a sustained Denial of Service (DoS) condition, requiring a manual PFE restart to restore service. The following error messages will be seen after the FPC resources have been exhausted: fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 This issue only affects the ACX5448 router. No other products or platforms are affected by this vulnerability. This issue affects Juniper Networks Junos OS on ACX5448: 18.4 versions prior to 18.4R3-S10; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R1-S8, 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R1-S1, 20.2R2.",
"id": "GHSA-f5xq-h855-6hmf",
"modified": "2023-07-24T15:30:18Z",
"published": "2022-01-20T00:02:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22155"
},
{
"type": "WEB",
"url": "https://kb.juniper.net/JSA11263"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…