SB2022071621 - Denial of service in Junos OS and Junos OS Evolved gRPC connection handling
Published: July 16, 2022
Security Bulletin ID
SB2022071621
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Resource exhaustion (CVE-ID: CVE-2022-22215)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to failure to release file descriptors (e.g. delete the "respective/var/run/.env" file) in plugable authentication module (PAM) when handling gRPC connection termination events. A remote attacker can trigger inode exhaustion by initiating and terminating a large number of gRPC connections and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.