CVE-2022-22249

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS on MX Series versions prior to 15.1R7-S13 Juniper Networks Junos OS on MX Series version 19.1 versions prior to 19.1R3-S9 Juniper Networks Junos OS on MX Series version 19.2 versions prior to 19.2R3-S6 Juniper Networks Junos OS on MX Series version 19.3 versions prior to 19.3R3-S6 Juniper Networks Junos OS on MX Series version 19.4 versions prior to 19.4R2-S7 Juniper Networks Junos OS on MX Series version 19.4R3-S8 Juniper Networks Junos OS on MX Series version 20.1R1 Juniper Networks Junos OS on MX Series version 20.2 versions prior to 20.2R3-S5 Juniper Networks Junos OS on MX Series version 20.3 versions prior to 20.3R3-S5 Juniper Networks Junos OS on MX Series version 20.4 versions prior to 20.4R3-S2 Juniper Networks Junos OS on MX Series version 21.1 versions prior to 21.1R3 Juniper Networks Junos OS on MX Series version 21.2 versions prior to 21.2R3 Juniper Networks Junos OS on MX Series version 21.3 versions prior to 21.3R2

Description The issue is related to an Improper Control of a Resource Through its Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series. This vulnerability can be exploited by an unauthenticated adjacent attacker to cause a Denial of Service (DoS). The exploitation occurs when there is a continuous mac move, resulting in memory corruption that causes one or more FPCs to crash and reboot. These MAC moves can happen between two local interfaces or between core/EVPN and local interface. Error logs in PFE syslog may indicate the issue, including messages like xss event handler(1071): EA[0:0] PPE 46.xss[0] ADDR Error and ppe error interrupt(4298): EA[0:0] PPE 46 Errors sync xtxn error.

Recommendations For Juniper Networks Junos OS on MX Series versions prior to 15.1R7-S13, update to version 15.1R7-S13 or later. For Juniper Networks Junos OS on MX Series version 19.1, update to version 19.1R3-S9 or later. For Juniper Networks Junos OS on MX Series version 19.2, update to version 19.2R3-S6 or later. For Juniper Networks Junos OS on MX Series version 19.3, update to version 19.3R3-S6 or later. For Juniper Networks Junos OS on MX Series version 19.4, update to version 19.4R2-S7 or 19.4R3-S8 or later. For Juniper Networks Junos OS on MX Series version 20.1, update to a version later than 20.1R1. For Juniper Networks Junos OS on MX Series version 20.2, update to version 20.2R3-S5 or later. For Juniper Networks Junos OS on MX Series version 20.3, update to version 20.3R3-S5 or later. For Juniper Networks Junos OS on MX Series version 20.4, update to version 20.4R3-S2 or later. For Juniper Networks Junos OS on MX Series version 21.1, update to version 21.1R3 or later. For Juniper Networks Junos OS on MX Series version 21.2, update to version 21.2R3 or later. For Juniper Networks Junos OS on MX Series version 21.3, update to version 21.3R2 or later.