CVE-2022-22211 — HIGH (7.5)

Q: How severe is CVE-2022-22211?

CVE-2022-22211 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-22211?

Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos Os Evolved, Juniper Ptx1000, Juniper Ptx1000-72Q, Juniper Ptx10000, Juniper Ptx10001.

Vulnerability Description

A limitless resource allocation vulnerability in FPC resources of Juniper Networks Junos OS Evolved on PTX Series allows an unprivileged attacker to cause Denial of Service (DoS). Continuously polling the SNMP jnxCosQstatTable causes the FPC to run out of GUID space, causing a Denial of Service to the FPC resources. When the FPC runs out of the GUID space, you will see the following syslog messages. The evo-aftmand-bt process is asserting. fpc1 evo-aftmand-bt[17556]: %USER-3: get_next_guid: Ran out of Guid Space start 1748051689472 end 1752346656767 fpc1 audit[17556]: %AUTH-5: ANOM_ABEND auid=4294967295 uid=0 gid=0 ses=4294967295 pid=17556 comm="EvoAftManBt-mai" exe="/usr/sbin/evo-aftmand-bt" sig=6 fpc1 kernel: %KERN-5: audit: type=1701 audit(1648567505.119:57): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=17556 comm="EvoAftManBt-mai" exe="/usr/sbin/evo-aftmand-bt" sig=6 fpc1 emfd-fpa[14438]: %USER-5: Alarm set: APP color=red, class=CHASSIS, reason=Application evo-aftmand-bt fail on node Fpc1 fpc1 emfd-fpa[14438]: %USER-3-EMF_FPA_ALARM_REP: RaiseAlarm: Alarm(Location: /Chassis[0]/Fpc[1] Module: sysman Object: evo-aftmand-bt:0 Error: 2) reported fpc1 sysepochman[12738]: %USER-5-SYSTEM_REBOOT_EVENT: Reboot [node] [ungraceful reboot] [evo-aftmand-bt exited] The FPC resources can be monitored using the following commands: user@router> start shell [vrf:none] user@router-re0:~$ cli -c "show platform application-info allocations app evo-aftmand-bt" | grep ^fpc | grep -v Route | grep -i -v Nexthop | awk '{total[$1] += $5} END { for (key in total) { print key " " total[key]/4294967296 }}' Once the FPCs become unreachable they must be manually restarted as they do not self-recover. This issue affects Juniper Networks Junos OS Evolved on PTX Series: All versions prior to 20.4R3-S4-EVO; 21.1-EVO version 21.1R1-EVO and later versions; 21.2-EVO version 21.2R1-EVO and later versions; 21.3-EVO versions prior to 21.3R3-EVO; 21.4-EVO versions prior to 21.4R2-EVO; 22.1-EVO versions prior to 22.1R2-EVO.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Juniper	Junos Os Evolved	< 20.4
Juniper	Ptx1000	-
Juniper	Ptx1000-72Q	-
Juniper	Ptx10000	-
Juniper	Ptx10001	-
Juniper	Ptx10001-36Mr	-
Juniper	Ptx100016	-
Juniper	Ptx10002	-
Juniper	Ptx10002-60C	-
Juniper	Ptx10003	-
Juniper	Ptx10003 160C	-
Juniper	Ptx10003 80C	-
Juniper	Ptx10003 81Cd	-
Juniper	Ptx10004	-
Juniper	Ptx10008	-
Juniper	Ptx10016	-
Juniper	Ptx3000	-
Juniper	Ptx5000	-

Related Weaknesses (CWE)

CWE-770

References

https://kb.juniper.net/JSA69916Permissions Required
https://kb.juniper.net/JSA69916Permissions Required

FAQ

What is CVE-2022-22211?

CVE-2022-22211 is a vulnerability with a CVSS score of 7.5 (HIGH). A limitless resource allocation vulnerability in FPC resources of Juniper Networks Junos OS Evolved on PTX Series allows an unprivileged attacker to cause Denial of Service (DoS). Continuously polling...

How severe is CVE-2022-22211?

CVE-2022-22211 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-22211?

Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos Os Evolved, Juniper Ptx1000, Juniper Ptx1000-72Q, Juniper Ptx10000, Juniper Ptx10001.