CVE-2022-22180

Name of the Vulnerable Software and Affected Versions Junos OS versions prior to 18.4R2-S10 Junos OS versions prior to 18.4R3-S10 Junos OS versions prior to 19.1R3-S7 Junos OS versions prior to 19.2R1-S8 Junos OS versions prior to 19.2R3-S4 Junos OS versions prior to 19.3R3-S5 Junos OS versions prior to 19.4R3-S7 Junos OS versions prior to 20.1R3-S3 Junos OS versions prior to 20.2R3-S3 Junos OS versions prior to 20.3R3-S2 Junos OS versions prior to 20.4R3-S1 Junos OS versions prior to 21.1R2-S2 Junos OS versions prior to 21.1R3 Junos OS versions prior to 21.2R1-S2 Junos OS versions prior to 21.2R2 Junos OS versions prior to 21.3R1-S1 Junos OS versions prior to 21.3R2

Description An Improper Check for Unusual or Exceptional Conditions vulnerability in the processing of specific IPv6 packets on certain EX Series devices may lead to exhaustion of DMA memory causing a Denial of Service (DoS). Over time, exploitation of this vulnerability may cause traffic to stop being forwarded, or a crash of the fxpc process. An indication of the issue occurring may be observed through specific log messages. Packet DMA heap utilization can be monitored using the command: user@junos# request pfe execute target fpc0 timeout 30 command "show heap". When Packet DMA heap utilization reaches 99%, the system will become unstable.

Recommendations As a temporary workaround, consider monitoring Packet DMA heap utilization regularly to detect potential issues before they cause a Denial of Service. Update to a version of Junos OS that is not affected by this vulnerability, such as 18.4R2-S10 or later, 18.4R3-S10 or later, 19.1R3-S7 or later, 19.2R1-S8 or later, 19.2R3-S4 or later, 19.3R3-S5 or later, 19.4R3-S7 or later, 20.1R3-S3 or later, 20.2R3-S3 or later, 20.3R3-S2 or later, 20.4R3-S1 or later, 21.1R2-S2 or later, 21.1R3 or later, 21.2R1-S2 or later, 21.2R2 or later, 21.3R1-S1 or later, 21.3R2 or later. Restrict access to the device to minimize the risk of exploitation until an update can be applied.