CVE-2022-22211

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS Evolved on PTX Series versions prior to 20.4R3-S4-EVO Juniper Networks Junos OS Evolved on PTX Series version 21.1R1-EVO and later versions Juniper Networks Junos OS Evolved on PTX Series version 21.2R1-EVO and later versions Juniper Networks Junos OS Evolved on PTX Series versions prior to 21.3R3-EVO Juniper Networks Junos OS Evolved on PTX Series versions prior to 21.4R2-EVO Juniper Networks Junos OS Evolved on PTX Series versions prior to 22.1R2-EVO

Description A limitless resource allocation vulnerability in FPC resources of Juniper Networks Junos OS Evolved on PTX Series allows an unprivileged attacker to cause Denial of Service (DoS). Continuously polling the SNMP jnxCosQstatTable causes the FPC to run out of GUID space, causing a Denial of Service to the FPC resources. When the FPC runs out of the GUID space, specific syslog messages are generated. The FPC resources can be monitored using the command show platform application-info allocations app evo-aftmand-bt. Once the FPCs become unreachable, they must be manually restarted as they do not self-recover.

Recommendations For versions prior to 20.4R3-S4-EVO, update to version 20.4R3-S4-EVO or later. For version 21.1R1-EVO and later versions, update to version 21.3R3-EVO or later. For version 21.2R1-EVO and later versions, update to version 21.3R3-EVO or later. For versions prior to 21.3R3-EVO, update to version 21.3R3-EVO or later. For versions prior to 21.4R2-EVO, update to version 21.4R2-EVO or later. For versions prior to 22.1R2-EVO, update to version 22.1R2-EVO or later. As a temporary workaround, consider restricting access to the jnxCosQstatTable to minimize the risk of exploitation.