CVE-2022-22207
published 2022-07-20CVE-2022-22207: A Use After Free vulnerability in the Advanced Forwarding Toolkit (AFT) manager process (aftmand) of Juniper Networks Junos OS allows an unauthenticated…
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
A Use After Free vulnerability in the Advanced Forwarding Toolkit (AFT) manager process (aftmand) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause a kernel crash due to intensive polling of Abstracted Fabric (AF) interface statistics and thereby a Denial of Service (DoS). Continued gathering of AF interface statistics will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS on MX Series: 20.1 versions later than 20.1R1; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S4; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2; 21.2 versions prior to 21.2R2.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos_os | — | — |
| juniper | mx_series | — | — |
| juniper_networks | junos_os | >= 20.1R1 < 20.1* | 20.1* |
| juniper_networks | junos_os | >= 20.2 < 20.2R3-S5 | 20.2R3-S5 |
| juniper_networks | junos_os | >= 20.3 < 20.3R3-S4 | 20.3R3-S4 |
| juniper_networks | junos_os | >= 20.4 < 20.4R3 | 20.4R3 |
| juniper_networks | junos_os | >= 21.1 < 21.1R2 | 21.1R2 |
| juniper_networks | junos_os | >= 21.2 < 21.2R2 | 21.2R2 |