CVE-2022-22211

Summary

CVE	CVE-2022-22211
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-10-18 03:15:00 UTC
Updated	2022-10-21 18:10:00 UTC
Description	A limitless resource allocation vulnerability in FPC resources of Juniper Networks Junos OS Evolved on PTX Series allows an unprivileged attacker to cause Denial of Service (DoS). Continuously polling the SNMP jnxCosQstatTable causes the FPC to run out of GUID space, causing a Denial of Service to the FPC resources. When the FPC runs out of the GUID space, you will see the following syslog messages. The evo-aftmand-bt process is asserting. fpc1 evo-aftmand-bt[17556]: %USER-3: get_next_guid: Ran out of Guid Space start 1748051689472 end 1752346656767 fpc1 audit[17556]: %AUTH-5: ANOM_ABEND auid=4294967295 uid=0 gid=0 ses=4294967295 pid=17556 comm="EvoAftManBt-mai" exe="/usr/sbin/evo-aftmand-bt" sig=6 fpc1 kernel: %KERN-5: audit: type=1701 audit(1648567505.119:57): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=17556 comm="EvoAftManBt-mai" exe="/usr/sbin/evo-aftmand-bt" sig=6 fpc1 emfd-fpa[14438]: %USER-5: Alarm set: APP color=red, class=CHASSIS, reason=Application evo-aftmand-bt fail on node Fpc1 fpc1 emfd-fpa[14438]: %USER-3-EMF_FPA_ALARM_REP: RaiseAlarm: Alarm(Location: /Chassis[0]/Fpc[1] Module: sysman Object: evo-aftmand-bt:0 Error: 2) reported fpc1 sysepochman[12738]: %USER-5-SYSTEM_REBOOT_EVENT: Reboot [node] [ungraceful reboot] [evo-aftmand-bt exited] The FPC resources can be monitored using the following commands: user@router> start shell [vrf:none] user@router-re0:~$ cli -c "show platform application-info allocations app evo-aftmand-bt" \| grep ^fpc \| grep -v Route \| grep -i -v Nexthop \| awk '{total[$1] += $5} END { for (key in total) { print key " " total[key]/4294967296 }}' Once the FPCs become unreachable they must be manually restarted as they do not self-recover. This issue affects Juniper Networks Junos OS Evolved on PTX Series: All versions prior to 20.4R3-S4-EVO; 21.1-EVO version 21.1R1-EVO and later versions; 21.2-EVO version 21.2R1-EVO and later versions; 21.3-EVO versions prior to 21.3R3-EVO; 21.4-EVO versions prior to 21.4R2-EVO; 22.1-EVO versions prior to 22.1R2-EVO.

Risk And Classification

Problem Types: CWE-770

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Juniper	Junos Os Evolved	All	All	All	All
Operating System	Juniper	Junos Os Evolved	20.4	-	All	All
Operating System	Juniper	Junos Os Evolved	20.4	r1	All	All
Operating System	Juniper	Junos Os Evolved	20.4	r1-s1	All	All
Operating System	Juniper	Junos Os Evolved	20.4	r1-s2	All	All
Operating System	Juniper	Junos Os Evolved	20.4	r2	All	All
Operating System	Juniper	Junos Os Evolved	20.4	r2-s1	All	All
Operating System	Juniper	Junos Os Evolved	20.4	r2-s2	All	All
Operating System	Juniper	Junos Os Evolved	20.4	r2-s3	All	All
Operating System	Juniper	Junos Os Evolved	20.4	r3	All	All
Operating System	Juniper	Junos Os Evolved	20.4	r3-s1	All	All
Operating System	Juniper	Junos Os Evolved	20.4	r3-s2	All	All
Operating System	Juniper	Junos Os Evolved	20.4	r3-s3	All	All
Operating System	Juniper	Junos Os Evolved	21.1	-	All	All
Operating System	Juniper	Junos Os Evolved	21.1	r1	All	All
Operating System	Juniper	Junos Os Evolved	21.1	r1-s1	All	All
Operating System	Juniper	Junos Os Evolved	21.1	r2	All	All
Operating System	Juniper	Junos Os Evolved	21.1	r3	All	All
Operating System	Juniper	Junos Os Evolved	21.1	r3-s1	All	All
Operating System	Juniper	Junos Os Evolved	21.2	-	All	All
Operating System	Juniper	Junos Os Evolved	21.2	r1	All	All
Operating System	Juniper	Junos Os Evolved	21.2	r1-s1	All	All
Operating System	Juniper	Junos Os Evolved	21.2	r1-s2	All	All
Operating System	Juniper	Junos Os Evolved	21.2	r2	All	All
Operating System	Juniper	Junos Os Evolved	21.2	r2-s1	All	All
Operating System	Juniper	Junos Os Evolved	21.2	r2-s2	All	All
Operating System	Juniper	Junos Os Evolved	21.2	r3	All	All
Operating System	Juniper	Junos Os Evolved	21.3	-	All	All
Operating System	Juniper	Junos Os Evolved	21.3	r1	All	All
Operating System	Juniper	Junos Os Evolved	21.3	r1-s1	All	All
Operating System	Juniper	Junos Os Evolved	21.3	r2	All	All
Operating System	Juniper	Junos Os Evolved	21.3	r2-s1	All	All
Operating System	Juniper	Junos Os Evolved	21.3	r2-s2	All	All
Operating System	Juniper	Junos Os Evolved	21.4	-	All	All
Operating System	Juniper	Junos Os Evolved	21.4	r1	All	All
Operating System	Juniper	Junos Os Evolved	21.4	r1-s1	All	All
Operating System	Juniper	Junos Os Evolved	21.4	r1-s2	All	All
Operating System	Juniper	Junos Os Evolved	22.1	r1	All	All
Operating System	Juniper	Junos Os Evolved	22.1	r1-s1	All	All
Operating System	Juniper	Junos Os Evolved	22.1	r1-s2	All	All
Hardware	Juniper	Ptx1000	-	All	All	All
Hardware	Juniper	Ptx1000-72q	-	All	All	All
Hardware	Juniper	Ptx10000	-	All	All	All
Hardware	Juniper	Ptx10001	-	All	All	All
Hardware	Juniper	Ptx10001-36mr	-	All	All	All
Hardware	Juniper	Ptx100016	-	All	All	All
Hardware	Juniper	Ptx10002	-	All	All	All
Hardware	Juniper	Ptx10002-60c	-	All	All	All
Hardware	Juniper	Ptx10003	-	All	All	All
Hardware	Juniper	Ptx10003 160c	-	All	All	All
Hardware	Juniper	Ptx10003 80c	-	All	All	All
Hardware	Juniper	Ptx10003 81cd	-	All	All	All
Hardware	Juniper	Ptx10004	-	All	All	All
Hardware	Juniper	Ptx10008	-	All	All	All
Hardware	Juniper	Ptx10016	-	All	All	All
Hardware	Juniper	Ptx3000	-	All	All	All
Hardware	Juniper	Ptx5000	-	All	All	All

References

Reference	Source	Link	Tags
CEC Juniper Community	CONFIRM	kb.juniper.net
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.