CVE-2022-22155Uncontrolled Resource Consumption in Networks Junos OS

CWE-400Uncontrolled Resource ConsumptionCWE-772Missing Release of Resource after Effective LifetimeCWE-401Missing Release of Memory after Effective Lifetime4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 58.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedJan 19
Latest updateJan 20

Description

An Uncontrolled Resource Consumption vulnerability in the handling of IPv6 neighbor state change events in Juniper Networks Junos OS allows an adjacent attacker to cause a memory leak in the Flexible PIC Concentrator (FPC) of an ACX5448 router. The continuous flapping of an IPv6 neighbor with specific timing will cause the FPC to run out of resources, leading to a Denial of Service (DoS) condition. Once the condition occurs, further packet processing will be impacted, creating a sustained Denial

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5juniper_networks/junos_os18.418.4R3-S10+6
NVDjuniper/junos7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-f5xq-h855-6hmf: An Uncontrolled Resource Consumption vulnerability in the handling of IPv6 neighbor state change events in Juniper Networks Junos OS allows an adjacen2022-01-20
CVEList
Junos OS: ACX5448: FPC memory leak due to IPv6 neighbor flaps2022-01-19

📋Vendor Advisories

1
Juniper
CVE-2022-22155: An Uncontrolled Resource Consumption vulnerability in the handling of IPv6 neighbor state change events in Juniper Networks Junos OS allows an adjacen2022-01-19
CVE-2022-22155 — Uncontrolled Resource Consumption | cvebase