CVE-2022-22172

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions 18.4R2-S4 through 18.4R2-S10 Juniper Networks Junos OS versions 19.2 through 19.2R1-S8, 19.2R3-S4 Juniper Networks Junos OS versions 19.3 through 19.3R3-S5 Juniper Networks Junos OS versions 19.4 through 19.4R3-S7 Juniper Networks Junos OS versions 20.1 through 20.1R3-S3 Juniper Networks Junos OS versions 20.2 through 20.2R3-S2 Juniper Networks Junos OS versions 20.3 through 20.3R3-S1 Juniper Networks Junos OS versions 20.4 through 20.4R3 Juniper Networks Junos OS versions 21.1 through 21.1R2-S2, 21.1R3 Juniper Networks Junos OS versions 21.2 through 21.2R2 Juniper Networks Junos OS Evolved versions prior to 20.4R3-S2-EVO Juniper Networks Junos OS Evolved version 21.1R1-EVO and later versions Juniper Networks Junos OS Evolved versions prior to 21.2R2-EVO

Description A Missing Release of Memory after Effective Lifetime issue in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a memory leak. Continued exploitation can lead to memory exhaustion and thereby a Denial of Service (DoS). This issue occurs when specific LLDP packets are received. The impact of the l2cpd cores is that if any of the stp protocols (rstp, mstp or vstp) is used then stp re-converges and traffic loss will occur during that time. Also if any services depend on LLDP state (like PoE or VoIP device recognition) then these will also be affected.

Recommendations For Juniper Networks Junos OS versions 18.4R2-S4 through 18.4R2-S10, update to version 18.4R2-S10 or later. For Juniper Networks Junos OS versions 19.2 through 19.2R1-S8, 19.2R3-S4, update to version 19.2R1-S8 or later. For Juniper Networks Junos OS versions 19.3 through 19.3R3-S5, update to version 19.3R3-S5 or later. For Juniper Networks Junos OS versions 19.4 through 19.4R3-S7, update to version 19.4R3-S7 or later. For Juniper Networks Junos OS versions 20.1 through 20.1R3-S3, update to version 20.1R3-S3 or later. For Juniper Networks Junos OS versions 20.2 through 20.2R3-S2, update to version 20.2R3-S2 or later. For Juniper Networks Junos OS versions 20.3 through 20.3R3-S1, update to version 20.3R3-S1 or later. For Juniper Networks Junos OS versions 20.4 through 20.4R3, update to version 20.4R3 or later. For Juniper Networks Junos OS versions 21.1 through 21.1R2-S2, 21.1R3, update to version 21.1R2-S2 or later. For Juniper Networks Junos OS versions 21.2 through 21.2R2, update to version 21.2R2 or later. For Juniper Networks Junos OS Evolved versions prior to 20.4R3-S2-EVO, update to version 20.4R3-S2-EVO or later. For Juniper Networks Junos OS Evolved version 21.1R1-EVO and later versions, update to a version that includes the fix. For Juniper Networks Junos OS Evolved versions prior to 21.2R2-EVO, update to version 21.2R2-EVO or later.