CVE-2022-22207 — Use After Free in Networks Junos OS

CWE-416 — Use After Free4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.5%

top 36.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos

Timeline

PublishedJul 20

Latest updateJul 21

Description

A Use After Free vulnerability in the Advanced Forwarding Toolkit (AFT) manager process (aftmand) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause a kernel crash due to intensive polling of Abstracted Fabric (AF) interface statistics and thereby a Denial of Service (DoS). Continued gathering of AF interface statistics will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS on MX Series: 20.1 versions later than 20.…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_os20.1R1 — 20.1*+5

▶NVDjuniper/junos6 versions+5

🔴Vulnerability Details

GHSA

GHSA-9ggh-wwvp-m5qw: A Use After Free vulnerability in the Advanced Forwarding Toolkit (AFT) manager process (aftmand) of Juniper Networks Junos OS allows an unauthenticat↗2022-07-21

▶

CVEList

Junos OS: MX Series with MPC11: In a GNF / node slicing scenario gathering AF interface statistics can lead to a kernel crash↗2022-07-20

▶

📋Vendor Advisories

Juniper

CVE-2022-22207: A Use After Free vulnerability in the Advanced Forwarding Toolkit (AFT) manager process (aftmand) of Juniper Networks Junos OS allows an unauthenticat↗2022-07-20

▶