CVE-2022-22227

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS Evolved on ACX7000 Series versions 21.1-EVO prior to 21.1R3-S2-EVO Juniper Networks Junos OS Evolved on ACX7000 Series versions 21.2-EVO prior to 21.2R3-S2-EVO Juniper Networks Junos OS Evolved on ACX7000 Series versions 21.3-EVO prior to 21.3R3-EVO Juniper Networks Junos OS Evolved on ACX7000 Series versions 21.4-EVO prior to 21.4R1-S1-EVO, 21.4R2-EVO

Description The issue is related to an Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX7000 Series. This vulnerability allows an unauthenticated network-based attacker to cause a partial Denial of Service (DoS) by sending specific IPv6 transit traffic, which is then sent to the Routing Engine (RE) instead of being forwarded, leading to increased CPU utilization of the RE. The issue only affects systems configured with IPv6.

Recommendations For versions 21.1-EVO prior to 21.1R3-S2-EVO, update to version 21.1R3-S2-EVO or later. For versions 21.2-EVO prior to 21.2R3-S2-EVO, update to version 21.2R3-S2-EVO or later. For versions 21.3-EVO prior to 21.3R3-EVO, update to version 21.3R3-EVO or later. For versions 21.4-EVO prior to 21.4R1-S1-EVO, 21.4R2-EVO, update to version 21.4R1-S1-EVO or 21.4R2-EVO or later. As a temporary workaround, consider disabling IPv6 configuration on affected systems until a patch is available.