CVE-2022-22210

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS on QFX5000 Series, MX Series versions 20.3 through 20.3R3-S3 Juniper Networks Junos OS on QFX5000 Series, MX Series versions 20.4 through 20.4R3-S2 Juniper Networks Junos OS on QFX5000 Series, MX Series versions 21.2 through 21.2R2-S1

Description A NULL Pointer Dereference issue in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS). When the PFE receives a specific VxLAN packet, the Layer 2 Address Learning Manager (L2ALM) process will crash, leading to an FPC reboot. Continued receipt of this specific packet will create a sustained Denial of Service (DoS) condition.

Recommendations For versions 20.3 through 20.3R3-S3, update to version 20.3R3-S3 or later. For versions 20.4 through 20.4R3-S2, update to version 20.4R3-S2 or later. For versions 21.2 through 21.2R2-S1, update to version 21.2R2-S1 or later. As a temporary workaround, consider restricting the receipt of VxLAN packets to minimize the risk of exploitation.