CVE-2022-22217

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS on QFX10K Series versions prior to 19.1R3-S9 Juniper Networks Junos OS on QFX10K Series 19.2 versions prior to 19.2R1-S9, 19.2R3-S5 Juniper Networks Junos OS on QFX10K Series 19.3 versions prior to 19.3R3-S6 Juniper Networks Junos OS on QFX10K Series 19.4 versions prior to 19.4R2-S7, 19.4R3-S8 Juniper Networks Junos OS on QFX10K Series 20.1 versions prior to 20.1R3-S4 Juniper Networks Junos OS on QFX10K Series 20.2 versions prior to 20.2R3-S4 Juniper Networks Junos OS on QFX10K Series 20.3 versions prior to 20.3R3-S2 Juniper Networks Junos OS on QFX10K Series 20.4 versions prior to 20.4R3-S2 Juniper Networks Junos OS on QFX10K Series 21.1 versions prior to 21.1R3 Juniper Networks Junos OS on QFX10K Series 21.2 versions prior to 21.2R2-S1, 21.2R3 Juniper Networks Junos OS on QFX10K Series 21.3 versions prior to 21.3R2

Description The issue is caused by an Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS, allowing an adjacent unauthenticated attacker to cause a Denial of Service (DoS). This occurs when malformed MLD packets loop on a multi-homed Ethernet Segment Identifier (ESI) when VXLAN is configured, violating the split horizon rule.

Recommendations For versions prior to 19.1R3-S9, update to 19.1R3-S9 or later. For 19.2 versions prior to 19.2R1-S9, update to 19.2R1-S9 or later. For 19.2 versions prior to 19.2R3-S5, update to 19.2R3-S5 or later. For 19.3 versions prior to 19.3R3-S6, update to 19.3R3-S6 or later. For 19.4 versions prior to 19.4R2-S7, update to 19.4R2-S7 or later. For 19.4 versions prior to 19.4R3-S8, update to 19.4R3-S8 or later. For 20.1 versions prior to 20.1R3-S4, update to 20.1R3-S4 or later. For 20.2 versions prior to 20.2R3-S4, update to 20.2R3-S4 or later. For 20.3 versions prior to 20.3R3-S2, update to 20.3R3-S2 or later. For 20.4 versions prior to 20.4R3-S2, update to 20.4R3-S2 or later. For 21.1 versions prior to 21.1R3, update to 21.1R3 or later. For 21.2 versions prior to 21.2R2-S1, update to 21.2R2-S1 or later. For 21.2 versions prior to 21.2R3, update to 21.2R3 or later. For 21.3 versions prior to 21.3R2, update to 21.3R2 or later.