An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to cause a Denial of Service (DoS). The issue is caused by malformed MLD packets looping on a multi-homed Ethernet Segment Identifier (ESI) when VXLAN is configured. These MLD packets received on a multi-homed ESI are sent to the peer, and then incorrectly forwarded out the same ESI, violating the split horizon rule. This issue only affects QFX10K Series switches, including the QFX10002, QFX10008, and QFX10016. Other products and platforms are unaffected by this vulnerability. This issue affects Juniper Networks Junos OS on QFX10K Series: All versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R1-S9, 19.2R3-S5; 19.3 versions prior to 19.3R3-S6; 19.4 versions prior to 19.4R2-S7, 19.4R3-S8; 20.1 versions prior to 20.1R3-S4; 20.2 versions prior to 20.2R3-S4; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S2; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2-S1, 21.2R3; 21.3 versions prior to 21.3R2.
                
            Metrics
No CVSS v4.0
Attack Vector Adjacent Network
Attack Complexity Low
Privileges Required None
Scope Changed
Confidentiality Impact None
Integrity Impact Low
Availability Impact Low
User Interaction None
No CVSS v3.0
No CVSS v2
This CVE is not in the KEV list.
Key SSVC decision points have not yet been added.
Affected Vendors & Products
| Vendors | Products | 
|---|---|
| Juniper | 
 | 
Configuration 1 [-]
| AND | 
 
 | 
No data.
References
        | Link | Providers | 
|---|---|
| https://kb.juniper.net/JSA69721 |     | 
History
                    No history.
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: juniper
Published: 2022-07-20T14:15:47.761366Z
Updated: 2024-09-17T02:51:39.465Z
Reserved: 2021-12-21T00:00:00
Link: CVE-2022-22217
 Vulnrichment
                        Vulnrichment
                    No data.
 NVD
                        NVD
                    Status : Modified
Published: 2022-07-20T15:15:09.060
Modified: 2024-11-21T06:46:24.987
Link: CVE-2022-22217
 Redhat
                        Redhat
                    No data.