Juniper Junos OS Vulnerability (JSA69713)

high Nessus Plugin ID 163769

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA69713 advisory. - A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated network based attacker to cause a Denial of Service (DoS). On all Junos platforms, the Kernel Routing Table (KRT) queue can get stuck due to a memory leak triggered by interface flaps or route churn leading to RIB and PFEs getting out of sync. The memory leak causes RTNEXTHOP/route and next-hop memory pressure issue and the KRT queue will eventually get stuck with the error- 'ENOMEM -- Cannot allocate memory'. The out-of-sync state between RIB and FIB can be seen with the show route and show route forwarding-table command. This issue will lead to failures for adding new routes. The KRT queue status can be checked using the CLI command show krt queue: [email protected] > show krt state High- priority add queue: 1 queued ADD nhtype Router index 0 (31212) error 'ENOMEM -- Cannot allocate memory' kqp '0x8ad5e40' The following messages will be observed in /var/log/messages, which indicate high memory for routes/nexthops: host rpd[16279]: RPD_RT_HWM_NOTICE: New RIB highwatermark for routes: 266 [2022-03-04 05:06:07] host rpd[16279]: RPD_KRT_Q_RETRIES: nexthop ADD: Cannot allocate memory host rpd[16279]: RPD_KRT_Q_RETRIES: nexthop ADD: Cannot allocate memory host kernel: rts_veto_net_delayed_unref_limit:
Route/nexthop memory is severe pressure. User Application to perform recovery actions. O p 8 err 12, rtsm_id 0:-1, msg type 10, veto simulation: 0. host kernel: rts_veto_net_delayed_unref_limit: Memory usage of M_RTNEXTHOP type = (806321208) Max size possible for M_RTNEXTHOP type = (689432176) Current delayed unref = (0), Max delayed unref on this platform = (120000) Current delayed weight unref = (0) Max delayed weight unref on this platform = (400000) curproc = rpd. This issue affects: Juniper Networks Junos OS 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R2-S1, 21.3R3; 21.4 versions prior to 21.4R1-S2, 21.4R2; This issue does not affect Juniper Networks Junos OS versions prior to 21.2R1. (CVE-2022-22209) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.); # http://www.nessus.org/u?99086ea4 script_set_attribute(attribute:see_also, value:http://www.nessus.org/u?99086ea4); # http://www.nessus.org/u?b616ed59 script_set_attribute(attribute:see_also, value:http://www.nessus.org/u?b616ed59); # http://www.nessus.org/u?0d4fd08b script_set_attribute(attribute:see_also, value:http://www.nessus.org/u?0d4fd08b); # http://www.nessus.org/u?553f364c script_set_attribute(attribute:see_also, value:http://www.nessus.org/u?553f364c

Solution

Apply the relevant Junos software release referenced in Juniper advisory JSA69713

See Also

http://www.nessus.org/u?99086ea4

http://www.nessus.org/u?b616ed59

http://www.nessus.org/u?0d4fd08b

http://www.nessus.org/u?553f364c

Plugin Details

Severity: High

ID: 163769

File Name: juniper_jsa69713.nasl

Version: 1.4

Type: combined

Published: 8/3/2022

Updated: 8/25/2022

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: E:U/RL:OF/RC:C

CVSS Score Source: CVE-2022-22209

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:juniper:junos

Required KB Items: Host/Juniper/JUNOS/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 7/13/2022

Vulnerability Publication Date: 7/13/2022

Reference Information

CVE: CVE-2022-22209

IAVA: 2022-A-0280

JSA: JSA69713