PT-2022-1478 · Juniper Networks · Junos

Published

2022-01-12

·

Updated

2023-08-08

·

CVE-2022-22159

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions 17.3R3-S9 through 17.3R3-S12 Juniper Networks Junos OS versions 17.4R3-S3 through 17.4R3-S5 Juniper Networks Junos OS versions 18.1R3-S11 through 18.1R3-S13 Juniper Networks Junos OS versions 18.2R3-S6 and later Juniper Networks Junos OS versions 18.3R3-S4 through 18.3R3-S5 Juniper Networks Junos OS versions 18.4R3-S5 through 18.4R3-S9 Juniper Networks Junos OS versions 19.1R3-S3 through 19.1R3-S7
Description A vulnerability in the NETISR network queue functionality of Juniper Networks Junos OS kernel allows an attacker to cause a Denial of Service (DoS) by sending crafted genuine packets to a device. During an attack, the routing protocol daemon (rpd) CPU may reach 100% utilization, yet FPC CPUs forwarding traffic will operate normally. This attack occurs when the attackers' packets are sent over an IPv4 unicast routing equal-cost multi-path (ECMP) unilist selection. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. An indicator of compromise may be to monitor NETISR drops in the network with the assistance of JTAC.
Recommendations For Juniper Networks Junos OS versions 17.3R3-S9 through 17.3R3-S12, update to version 17.3R3-S12 or later. For Juniper Networks Junos OS versions 17.4R3-S3 through 17.4R3-S5, update to version 17.4R3-S5 or later. For Juniper Networks Junos OS versions 18.1R3-S11 through 18.1R3-S13, update to version 18.1R3-S13 or later. For Juniper Networks Junos OS versions 18.2R3-S6 and later, restrict access to the NETISR network queue functionality until a patch is available. For Juniper Networks Junos OS versions 18.3R3-S4 through 18.3R3-S5, update to version 18.3R3-S5 or later. For Juniper Networks Junos OS versions 18.4R3-S5 through 18.4R3-S9, update to version 18.4R3-S9 or later. For Juniper Networks Junos OS versions 19.1R3-S3 through 19.1R3-S7, update to version 19.1R3-S7 or later.

Fix

Resource Exhaustion

Weakness Enumeration

CWE-400

Related Identifiers

BDU:2022-00624
CVE-2022-22159

Affected Products

Junos