CVE-2022-22250 is a vulnerability classified as an Improper Control of a Resource Through its Lifetime (CWE-664) affecting Juniper Networks Junos OS and Junos OS Evolved. The flaw resides in the Packet Forwarding Engine (PFE) component, specifically in scenarios involving Ethernet VPN (EVPN) with MPLS. The vulnerability arises when a MAC address is initially learned locally on an access interface, but subsequently a deletion request is received indicating the MAC was learned remotely. This mismatch triggers memory corruption within the PFE, which can cause the line card to crash and reload, resulting in a Denial of Service (DoS) condition. The vulnerability can be exploited by an unauthenticated attacker with adjacent network access, meaning the attacker must be on the same Layer 2 broadcast domain or physically connected network segment. The affected Junos OS versions span from 17.3R1 through various releases up to 21.4R2, including multiple intermediate versions and both standard and evolved OS variants. The vulnerability does not affect versions prior to 17.3R1. The CVSS v3.1 base score is 6.5 (medium severity), with an attack vector of adjacent network (AV:A), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), no impact on confidentiality or integrity (C:N/I:N), but high impact on availability (A:H). No known exploits have been reported in the wild as of the publication date. The vulnerability can cause service disruption by crashing line cards, which are critical components in Juniper routers responsible for packet forwarding. This can lead to network outages or degraded performance in environments relying on affected Junos OS versions, especially in EVPN-MPLS deployments.

For European organizations, the impact of CVE-2022-22250 can be significant, particularly for enterprises, service providers, and data centers that utilize Juniper Networks infrastructure with Junos OS in EVPN-MPLS configurations. The DoS condition caused by line card crashes can disrupt network availability, impacting business-critical applications, inter-site connectivity, and cloud services. This can lead to operational downtime, loss of productivity, and potential financial losses. Since the attack requires adjacent network access, the threat is more pronounced in environments where network segmentation or physical security is insufficient, such as shared data centers or multi-tenant facilities. Additionally, the vulnerability could be leveraged as part of a broader attack chain to degrade network resilience or as a distraction while other attacks are conducted. Given the widespread use of Juniper routers in European telecommunications and enterprise networks, the vulnerability poses a tangible risk to network stability and service continuity.

To mitigate CVE-2022-22250, European organizations should: 1) Immediately identify and inventory all Juniper devices running affected Junos OS versions, focusing on those deployed in EVPN-MPLS scenarios. 2) Apply the latest Juniper security patches and software updates that address this vulnerability as soon as they become available, prioritizing critical network infrastructure. 3) Implement strict network segmentation and access controls to limit adjacent network access to trusted devices and personnel only, reducing the attack surface. 4) Monitor network traffic for unusual MAC address learning and deletion patterns that could indicate exploitation attempts. 5) Employ redundancy and failover mechanisms for line cards and routing infrastructure to minimize service disruption in case of crashes. 6) Conduct regular security assessments and penetration testing focused on network layer vulnerabilities and adjacent access controls. 7) Engage with Juniper support and subscribe to their security advisories to stay informed about any emerging exploits or mitigation techniques. These steps go beyond generic advice by emphasizing proactive inventory management, network segmentation, behavioral monitoring, and infrastructure resilience.