CVE-2022-22231

Published: Oct 18, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: sirt@juniper.net (Secondary)

Description

An Unchecked Return Value to NULL Pointer Dereference vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On SRX Series if Unified Threat Management (UTM) Enhanced Content Filtering (CF) and AntiVirus (AV) are enabled together and the system processes specific valid transit traffic the Packet Forwarding Engine (PFE) will crash and restart. This issue affects Juniper Networks Junos OS 21.4 versions prior to 21.4R1-S2, 21.4R2 on SRX Series. This issue does not affect Juniper Networks Junos OS versions prior to 21.4R1.

Affected (3)

Products: Juniper: Junos

Juniper

1 product

Junos

Configuration A

3 vulnerable · 8 platform

Vulnerable Software	Affected Versions
Juniper Junos	Version 21.4
Juniper Junos	Version 21.4 r1-s1
Juniper Junos	Version 21.4 r1

Running on/with	Platform Versions
Juniper Srx1500	All versions
Juniper Srx4100	All versions
Juniper Srx4200	All versions
Juniper Srx4600	All versions
Juniper Srx5400	All versions
Juniper Srx550	All versions
Juniper Srx5600	All versions
Juniper Srx5800	All versions

Related CWEs

CWE-252

Unchecked Return Value

The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.

CWE-690

Unchecked Return Value to NULL Pointer Dereference

The product does not check for an error after calling a function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference.

References (2)

https://kb.juniper.net/JSA69885

Source: sirt@juniper.net

Vendor Advisory

https://kb.juniper.net/JSA69885

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.