Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Juniper Junos OS DOS (JSA69711)

🗓️ 09 Sep 2022 00:00:00Reported by TenableType 
nessus
 nessus🔗 www.tenable.com👁 25 Views

The Juniper Junos OS version on the remote host is vulnerable to a Use After Free vulnerability, allowing unauthenticated attackers to cause a Denial of Service (DoS) via the AFT manager process

Related
Refs
Code
ReporterTitlePublishedViews
Family
ATTACKERKB		CVE-2022-22207
13 Jul 202216:00
attackerkb
Circl		CVE-2022-22207
20 Jul 202218:12
circl
CNNVD		Juniper Networks Junos OS 资源管理错误漏洞
13 Jul 202200:00
cnnvd
CVE		CVE-2022-22207
20 Jul 202214:14
cve
Cvelist		CVE-2022-22207 Junos OS: MX Series with MPC11: In a GNF / node slicing scenario gathering AF interface statistics can lead to a kernel crash
20 Jul 202214:14
cvelist
EUVD		EUVD-2022-27354
3 Oct 202520:07
euvd
NVD		CVE-2022-22207
20 Jul 202215:15
nvd
OSV		CVE-2022-22207
20 Jul 202215:15
osv
Prion		Design/Logic Flaw
20 Jul 202215:15
prion
#TRUSTED 9f26d48e914388998e43a6d1cb80a8d0873bc678d13e533f054a7043d020df2e9f91208247f2c35eaee8d3e5fee0b49b4893746e9cd9640483746748899f1ef749d66acd0b21de813e45f6d4d6f7044a891851997ae8fb154a812b4e6a41c76a24dccc629fb41f4c0322f74785b4c963c6559ec3d5b6f728fc4f908ca08514e9517133ff792aea5259e9dabb2e7572630bf2ffc4a7522f18f4697d72329d107cbc042d61c7090dc11b2e11071d5cade5d4440ad7aca9da19d0c910d2a2210c55461fb879dcab2294aff3cc8ef67ae3bf269879f1cf9a70128932d7164043b354d7d691458786f137284a437ec58f008617653def29742084c3ddbe316dc0615da0ff05663319c9e1cf15bf7262ea0b53485dc06d0ed56f413ff0e655664192caa02396d51650744fc33500b949c7633f6a088791f222e7d345398951d7f3bdb30a7312bbf07dae56eefba0a0561d3d06910b6a881df8488a65e4110abb3679b22d9874bb7daa3fa6f00bd0bd2dfc34801e8970dd60892d496d2e29818ab19cddf0e2801ffc93f2d08888e59360d56e04085983a8b8d55c97f4dd1862ddeb3e0c1470d551de13b93cfa35cad6740e1d8f27a326f5abe8601143f48a482b61d6203d4611657980daa8bc03df2d07fc860787d2cf0d1c80788a643471dbde4368c7b9277a384368e0589b5f61ac11964b71180c0370c55b10ba98c8d1130b71c707
#TRUST-RSA-SHA256 295217fadb0572d3182bc5af98b55f3f775b14b27ae7872594f71a23ffc05a916d8ca7b3bbb14ed535815bc371577d3272c090615f9267f37e2ad607d076e33526419c037818ecf257ad17f45cfac6332cf923b9aa1c9e0c7b84324a63b016f304453f238316d8ed5635c442481874388798f8d79aa86a790ad1cd7dafeda2f7ac6c7842982f5a4b5975340c714677bf5e6efd48a30e0fb22b65d29cf72ba7f66ee2ad5388024b1e48409ee852359cc408bcadab068cd297a520e5c1ac5f28893a60f8dc00f678d62edd13760f7d28fd3f567019a10ed2ee8080374e84ac52e47078aa192eea7f430b5876669546dde97765c904ad0c9526e9c6318d0b2723e940688d73f1a5c0e0f6cbff8aba09009ccc5243e9754f805ad7e2edb0fd67dbe32199db2bbf9125f63f2790c46e7690cab9243fec8a4985d2322cdb9b4667b6f242c54f5b2c3b78e681aed923f12cb02681fd59953e99405d8d028df520db4dde77a4a2c8fb42e3c3fd5abdcd5547e93c36e7d447184d128a08d55d12f01058caaf2cbf77a9563997efa9ddc8dd0753d1f60630276d261f5492834b42b7128fbee30987e556d39763703bbd63d6c0352edf8f86fd8eb5543b296677165178b97b379db36d3b73b5536ae447a82baae29a83c9426bd93bc06baca3df82388de6729852b9ae88696f97f1b14a57119c4edaa54b2a3e1892badfda0777803af832b6
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(164897);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/04/22");

  script_cve_id("CVE-2022-22207");
  script_xref(name:"JSA", value:"JSA69711");
  script_xref(name:"IAVA", value:"2022-A-0280-S");

  script_name(english:"Juniper Junos OS DOS (JSA69711)");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
  script_set_attribute(attribute:"description", value:
"The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA69711
advisory.

A Use After Free vulnerability in the Advanced Forwarding Toolkit (AFT) manager process (aftmand) of Juniper Networks 
Junos OS allows an unauthenticated networked attacker to cause a kernel crash due to intensive polling of Abstracted 
Fabric (AF) interface statistics and thereby a Denial of Service (DoS). Continued gathering of AF interface statistics 
will create a sustained Denial of Service (DoS) condition

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://kb.juniper.net/JSA69711");
  script_set_attribute(attribute:"solution", value:
"Apply the relevant Junos software release referenced in Juniper advisory JSA69711");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-22207");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/07/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/07/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/09/09");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:juniper:junos");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Junos Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2022-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("junos_version.nasl");
  script_require_keys("Host/Juniper/JUNOS/Version", "Host/Juniper/model");

  exit(0);
}

include('junos.inc');
include('junos_kb_cmd_func.inc');

var ver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version');
var model = get_kb_item_or_exit('Host/Juniper/model');

if (model !~ "^MX")
  audit(AUDIT_DEVICE_NOT_VULN, model);

var vuln_ranges = [
  {'min_ver':'20.1.R1', 'fixed_ver':'20.1R3-S3', 'model':'^MX'},
  {'min_ver':'20.2', 'fixed_ver':'20.2R3-S5', 'model':'^MX'},
  {'min_ver':'20.3', 'fixed_ver':'20.3R3-S4', 'model':'^MX'},
  {'min_ver':'20.4', 'fixed_ver':'20.4R3', 'model':'^MX'},
  {'min_ver':'21.1', 'fixed_ver':'21.1R2', 'model':'^MX'},
  {'min_ver':'21.2', 'fixed_ver':'21.2R2', 'model':'^MX'}
];

# Only vuln if network-slices
var override = TRUE;
var buf = junos_command_kb_item(cmd:'edit chassis');

if (buf)
{
  override = FALSE;
  if (!preg(string:buf, pattern:"^network-slices", multiline:TRUE))
    audit(AUDIT_OS_CONF_NOT_VULN, 'Junos OS');
}

var fix = junos_compare_range(target_version:ver, vuln_ranges:vuln_ranges);
if (empty_or_null(fix))
  audit(AUDIT_INST_VER_NOT_VULN, 'Junos OS', ver);
junos_report(ver:ver, fix:fix, override:override, severity:SECURITY_HOLE);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
22 Apr 2026 00:00Current
7.2High risk
Vulners AI Score7.2
CVSS 3.17.5
EPSS0.00457
juniper junos osuse after free vulnerabilitydenial of service
25