CVE-2022-22210

CVSS V2 None CVSS V3 Medium 6.5

Description

A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on QFX5000 Series and MX Series allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS). On QFX5K Series and MX Series, when the PFE receives a specific VxLAN packet the Layer 2 Address Learning Manager (L2ALM) process will crash leading to an FPC reboot. Continued receipt of this specific packet will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS on QFX5000 Series, MX Series: 20.3 versions prior to 20.3R3-S3; 20.4 versions prior to 20.4R3-S2; 21.2 versions prior to 21.2R2-S1. This issue does not affect Juniper Networks Junos OS: All versions prior to 20.3R1; 21.1 version 21.1R1 and later versions.

Overview

CVE ID
CVE-2022-22210

Assigner
sirt@juniper.net

Vulnerability Status
Analyzed

Published Version
2022-07-20T15:15:08

Last Modified Date
2022-07-29T13:57:36

Weakness Enumerations

CWE	URL
CWE-476	http://cwe.mitre.org/data/definitions/476.html

CPE Configuration (Product)

CPE	Vulnerable	Operator
		AND
cpe:2.3:o:juniper:junos:20.3:-::::::	1	OR
cpe:2.3:o:juniper:junos:20.3:r1::::::	1	OR
cpe:2.3:o:juniper:junos:20.3:r1-s1::::::	1	OR
cpe:2.3:o:juniper:junos:20.3:r1-s2::::::	1	OR
cpe:2.3:o:juniper:junos:20.3:r2::::::	1	OR
cpe:2.3:o:juniper:junos:20.3:r2-s1::::::	1	OR
cpe:2.3:o:juniper:junos:20.3:r3::::::	1	OR
cpe:2.3:o:juniper:junos:20.3:r3-s1::::::	1	OR
cpe:2.3:o:juniper:junos:20.3:r3-s2::::::	1	OR
cpe:2.3:o:juniper:junos:20.4:-::::::	1	OR
cpe:2.3:o:juniper:junos:20.4:r1::::::	1	OR
cpe:2.3:o:juniper:junos:20.4:r1-s1::::::	1	OR
cpe:2.3:o:juniper:junos:20.4:r2::::::	1	OR
cpe:2.3:o:juniper:junos:20.4:r2-s1::::::	1	OR
cpe:2.3:o:juniper:junos:20.4:r2-s2::::::	1	OR
cpe:2.3:o:juniper:junos:20.4:r3::::::	1	OR
cpe:2.3:o:juniper:junos:20.4:r3-s1::::::	1	OR
cpe:2.3:o:juniper:junos:21.2:-::::::	1	OR
cpe:2.3:o:juniper:junos:21.2:r1::::::	1	OR
cpe:2.3:o:juniper:junos:21.2:r1-s1::::::	1	OR
cpe:2.3:o:juniper:junos:21.2:r1-s2::::::	1	OR
cpe:2.3:o:juniper:junos:21.2:r2::::::	1	OR
cpe:2.3:h:juniper:mx10:-:::::::*	0	OR
cpe:2.3:h:juniper:mx10000:-:::::::*	0	OR
cpe:2.3:h:juniper:mx10003:-:::::::*	0	OR
cpe:2.3:h:juniper:mx10008:-:::::::*	0	OR
cpe:2.3:h:juniper:mx10016:-:::::::*	0	OR
cpe:2.3:h:juniper:mx104:-:::::::*	0	OR
cpe:2.3:h:juniper:mx150:-:::::::*	0	OR
cpe:2.3:h:juniper:mx2008:-:::::::*	0	OR
cpe:2.3:h:juniper:mx2010:-:::::::*	0	OR
cpe:2.3:h:juniper:mx2020:-:::::::*	0	OR
cpe:2.3:h:juniper:mx204:-:::::::*	0	OR
cpe:2.3:h:juniper:mx240:-:::::::*	0	OR
cpe:2.3:h:juniper:mx40:-:::::::*	0	OR
cpe:2.3:h:juniper:mx480:-:::::::*	0	OR
cpe:2.3:h:juniper:mx5:-:::::::*	0	OR
cpe:2.3:h:juniper:mx80:-:::::::*	0	OR
cpe:2.3:h:juniper:mx960:-:::::::*	0	OR
cpe:2.3:h:juniper:qfx5100:-:::::::*	0	OR
cpe:2.3:h:juniper:qfx5100-96s:-:::::::*	0	OR
cpe:2.3:h:juniper:qfx5110:-:::::::*	0	OR
cpe:2.3:h:juniper:qfx5120:-:::::::*	0	OR
cpe:2.3:h:juniper:qfx5130:-:::::::*	0	OR
cpe:2.3:h:juniper:qfx5200:-:::::::*	0	OR
cpe:2.3:h:juniper:qfx5200-32c:-:::::::*	0	OR
cpe:2.3:h:juniper:qfx5200-48y:-:::::::*	0	OR
cpe:2.3:h:juniper:qfx5210:-:::::::*	0	OR
cpe:2.3:h:juniper:qfx5210-64c:-:::::::*	0	OR
cpe:2.3:h:juniper:qfx5220:-:::::::*	0	OR
cpe:2.3:h:juniper:qfx5700:-:::::::*	0	OR

CVSS Version 3

Version
3.1

Vector String
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector
ADJACENT_NETWORK

Attack Compatibility
LOW

Privileges Required
NONE

User Interaction
NONE

Scope
UNCHANGED

Confidentiality Impact
NONE

Availability Impact
HIGH

Base Score
6.5

Base Severity
MEDIUM

Exploitability Score
2.8

Impact Score
3.6

References

Reference URL	Reference Tags
https://kb.juniper.net/JSA69714

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2022-22210
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22210

History

Created	Old Value	New Value	Data Type	Notes
2022-07-20 16:00:27				Added to TrackCVE