7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
40.5%
A Missing Release of Memory after Effective Lifetime vulnerability in the Application Quality of Experience (appqoe) subsystem of the PFE of Juniper Networks Junos OS on SRX Series allows an unauthenticated network based attacker to cause a Denial of Service (DoS). Upon receiving specific traffic a memory leak will occur. Sustained processing of such specific traffic will eventually lead to an out of memory condition that prevents all services from continuing to function, and requires a manual restart to recover.
A device is only vulnerable when advance(d) policy based routing (APBR) is configured and AppQoE (sla rule) is not configured for these APBR rules.
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(163629);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/18");
script_cve_id("CVE-2022-22205");
script_xref(name:"JSA", value:"JSA69709");
script_xref(name:"IAVA", value:"2022-A-0280-S");
script_name(english:"Juniper Junos OS DOS (JSA69709)");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
script_set_attribute(attribute:"description", value:
"A Missing Release of Memory after Effective Lifetime vulnerability in the Application Quality of Experience (appqoe)
subsystem of the PFE of Juniper Networks Junos OS on SRX Series allows an unauthenticated network based attacker to
cause a Denial of Service (DoS). Upon receiving specific traffic a memory leak will occur. Sustained processing of
such specific traffic will eventually lead to an out of memory condition that prevents all services from continuing
to function, and requires a manual restart to recover.
A device is only vulnerable when advance(d) policy based routing (APBR) is configured and AppQoE (sla rule) is not
configured for these APBR rules.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
# https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-SRX-Series-An-FPC-memory-leak-can-occur-in-an-APBR-scenario-CVE-2022-22205
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e5b01e01");
script_set_attribute(attribute:"solution", value:
"Apply the relevant Junos software release referenced in Juniper advisory JSA69709");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-22205");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/07/13");
script_set_attribute(attribute:"patch_publication_date", value:"2022/07/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/07/29");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/o:juniper:junos");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Junos Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("junos_version.nasl");
script_require_keys("Host/Juniper/JUNOS/Version", "Host/Juniper/model", "Settings/ParanoidReport");
exit(0);
}
include('junos.inc');
var model = get_kb_item_or_exit('Host/Juniper/model');
if (model !~ "^SRX")
{
audit(AUDIT_DEVICE_NOT_VULN, model);
}
var ver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version');
var vuln_ranges = [
{'min_ver':'20.3', 'fixed_ver':'20.3R3-S2', 'model':'^SRX'},
{'min_ver':'20.4', 'fixed_ver':'20.4R3-S2', 'model':'^SRX'},
{'min_ver':'21.1', 'fixed_ver':'21.1R3', 'model':'^SRX'},
{'min_ver':'21.2', 'fixed_ver':'21.2R2-S1', 'model':'^SRX', 'fixed_display':'21.2R2-S1, 21.2R3'},
{'min_ver':'21.3', 'fixed_ver':'21.3R1-S2', 'model':'^SRX', 'fixed_display':'21.3R1-S2, 21.3R2'}
];
var fix = junos_compare_range(target_version:ver, vuln_ranges:vuln_ranges);
if (empty_or_null(fix)) audit(AUDIT_INST_VER_NOT_VULN, 'Junos OS', ver);
var report = get_report(ver:ver, fix:fix);
security_report_v4(severity:SECURITY_HOLE, port:0, extra:report);