An Insufficient Algorithmic Complexity combined with an Allocation of Resources Without Limits or Throttling vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX Series and MX Series with SPC3 allows an unauthenticated network attacker to cause latency in transit packet processing and even packet loss. If transit traffic includes a significant percentage (> 5%) of fragmented packets which need to be reassembled, high latency or packet drops might be observed. This issue affects Juniper Networks Junos OS on SRX Series, MX Series with SPC3: All versions prior to 18.2R3; 18.3 versions prior to 18.3R3; 18.4 versions prior to 18.4R2-S9, 18.4R3; 19.1 versions prior to 19.1R2; 19.2 versions prior to 19.2R1-S1, 19.2R2.
Published 2022-01-19 01:15:08
Updated 2022-01-28 17:55:29
View at NVD,   CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2022-22153

0.09%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 37 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-22153

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
5.0
MEDIUM AV:N/AC:L/Au:N/C:N/I:N/A:P
10.0
2.9
NIST
7.5
HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.9
3.6
NIST
7.5
HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.9
3.6
Juniper Networks, Inc.

CWE ids for CVE-2022-22153

  • An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an attacker, typically using crafted manipulations that ensure that the worst case is being reached.
    Assigned by: sirt@juniper.net (Primary)
  • The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.
    Assigned by: sirt@juniper.net (Primary)

References for CVE-2022-22153

  • https://kb.juniper.net/JSA11261
    2022-01 Security Bulletin: SRX Series and MX Series with SPC3: A high percentage of fragments might lead to high latency or packet drops (CVE-2022-22153) - Juniper Networks
    Vendor Advisory

Products affected by CVE-2022-22153

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!