CVE-2022-22215

Summary

A Missing Release of File Descriptor or Handle after Effective Lifetime vulnerability in plugable authentication module (PAM) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). It is possible that after the termination of a gRPC connection the respective/var/run/<pid>.env file is not getting deleted which if occurring repeatedly can cause inode exhaustion. Inode exhaustion can present itself in two different ways: 1. The following log message can be observed: host kernel: pid <pid> (<process>), uid <uid> inumber <number> on /.mount/var: out of inodes which by itself is a clear indication. 2. The following log message can be observed: host <process>[<pid>]: … : No space left on device which is not deterministic and just a representation of a write error which could have several reasons. So the following check needs to be done: user@host> show system storage no-forwarding Filesystem Size Used Avail Capacity Mounted on /dev/ada1p1 475M 300M 137M 69% /.mount/var which indicates that the write error is not actually due to a lack of disk space. If either 1. or 2. has been confirmed, then the output of: user@host> file list /var/run/*.env | count need to be checked and if it indicates a high (>10000) number of files the system has been affected by this issue. This issue affects: Juniper Networks Junos OS All versions prior to 19.1R3-S8; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R2-S6, 19.4R3-S7; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S4; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-EVO; 21.1 versions prior to 21.1R3-S1-EVO; 21.2 versions prior to 21.2R1-S1-EVO, 21.2R2-EVO.

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksJunos OSunspecified < 19.1R3-S8affected
Juniper NetworksJunos OS19.2 < 19.2R3-S6affected
Juniper NetworksJunos OS19.3 < 19.3R3-S5affected
Juniper NetworksJunos OS19.4 < 19.4R2-S6, 19.4R3-S7affected
Juniper NetworksJunos OS20.1R1 < 20.1*affected
Juniper NetworksJunos OS20.2 < 20.2R3-S5affected
Juniper NetworksJunos OS20.3 < 20.3R3-S4affected
Juniper NetworksJunos OS20.4 < 20.4R3affected
Juniper NetworksJunos OS21.1 < 21.1R3affected
Juniper NetworksJunos OS21.2 < 21.2R2affected
Juniper NetworksJunos OS Evolvedunspecified < 20.4R3-EVOaffected
Juniper NetworksJunos OS Evolved21.1 < 21.1R3-S1-EVOaffected
Juniper NetworksJunos OS Evolved21.2 < 21.2R1-S1-EVO, 21.2R2-EVOaffected

Weaknesses

  • 775
  • Denial of Service (DoS)

Workarounds

There are no viable workarounds for this issue. To reduce the risk of exploitation use access lists or firewall filters to the device only from trusted, administrative networks or hosts.

ADP Enrichment

CVE Program Container

Additional References

References