CVE-2022-22215

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions prior to 19.1R3-S8 Juniper Networks Junos OS versions 19.2 prior to 19.2R3-S6 Juniper Networks Junos OS versions 19.3 prior to 19.3R3-S5 Juniper Networks Junos OS versions 19.4 prior to 19.4R2-S6, 19.4R3-S7 Juniper Networks Junos OS version 20.1R1 and later versions Juniper Networks Junos OS versions 20.2 prior to 20.2R3-S5 Juniper Networks Junos OS versions 20.3 prior to 20.3R3-S4 Juniper Networks Junos OS versions 20.4 prior to 20.4R3 Juniper Networks Junos OS versions 21.1 prior to 21.1R3 Juniper Networks Junos OS versions 21.2 prior to 21.2R2 Juniper Networks Junos OS Evolved versions prior to 20.4R3-EVO Juniper Networks Junos OS Evolved versions 21.1 prior to 21.1R3-S1-EVO Juniper Networks Junos OS Evolved versions 21.2 prior to 21.2R1-S1-EVO, 21.2R2-EVO

Description A Missing Release of File Descriptor or Handle after Effective Lifetime vulnerability in the plugable authentication module (PAM) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). This issue occurs when the /var/run/<pid>.env file is not deleted after the termination of a gRPC connection, potentially leading to inode exhaustion. Inode exhaustion can be indicated by log messages such as "out of inodes" or "No space left on device", although the latter may have other causes. To confirm, the output of file list /var/run/*.env | count should be checked for a high number of files (>10000).

Recommendations For Juniper Networks Junos OS versions prior to 19.1R3-S8, update to version 19.1R3-S8 or later. For Juniper Networks Junos OS versions 19.2 prior to 19.2R3-S6, update to version 19.2R3-S6 or later. For Juniper Networks Junos OS versions 19.3 prior to 19.3R3-S5, update to version 19.3R3-S5 or later. For Juniper Networks Junos OS versions 19.4 prior to 19.4R2-S6, 19.4R3-S7, update to version 19.4R2-S6, 19.4R3-S7 or later. For Juniper Networks Junos OS version 20.1R1 and later versions, update to a version with the fix. For Juniper Networks Junos OS versions 20.2 prior to 20.2R3-S5, update to version 20.2R3-S5 or later. For Juniper Networks Junos OS versions 20.3 prior to 20.3R3-S4, update to version 20.3R3-S4 or later. For Juniper Networks Junos OS versions 20.4 prior to 20.4R3, update to version 20.4R3 or later. For Juniper Networks Junos OS versions 21.1 prior to 21.1R3, update to version 21.1R3 or later. For Juniper Networks Junos OS versions 21.2 prior to 21.2R2, update to version 21.2R2 or later. For Juniper Networks Junos OS Evolved versions prior to 20.4R3-EVO, update to version 20.4R3-EVO or later. For Juniper Networks Junos OS Evolved versions 21.1 prior to 21.1R3-S1-EVO, update to version 21.1R3-S1-EVO or later. For Juniper Networks Junos OS Evolved versions 21.2 prior to 21.2R1-S1-EVO, 21.2R2-EVO, update to version 21.2R1-S1-EVO, 21.2R2-EVO or later.