CVE-2022-22231

An Unchecked Return Value to NULL Pointer Dereference vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On SRX Series if Unified Threat Management (UTM) Enhanced Content Filtering (CF) and AntiVirus (AV) are enabled together and the system processes specific valid transit traffic the Packet Forwarding Engine (PFE) will crash and restart. This issue affects Juniper Networks Junos OS 21.4 versions prior to 21.4R1-S2, 21.4R2 on SRX Series. This issue does not affect Juniper Networks Junos OS versions prior to 21.4R1.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://kb.juniper.net/JSA69885	Vendor Advisory
https://kb.juniper.net/JSA69885	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:juniper:junos:21.4:-::::::
	cpe:2.3:o:juniper:junos:21.4:r1::::::
	cpe:2.3:o:juniper:junos:21.4:r1-s1::::::

OR	cpe:2.3:h:juniper:srx1500:-:::::::*
	cpe:2.3:h:juniper:srx4100:-:::::::*
	cpe:2.3:h:juniper:srx4200:-:::::::*
	cpe:2.3:h:juniper:srx4600:-:::::::*
	cpe:2.3:h:juniper:srx5400:-:::::::*
	cpe:2.3:h:juniper:srx550:-:::::::*
	cpe:2.3:h:juniper:srx5600:-:::::::*
	cpe:2.3:h:juniper:srx5800:-:::::::*

History

21 Nov 2024, 06:46

Type	Values Removed	Values Added
References	~~() https://kb.juniper.net/JSA69885 - Vendor Advisory~~	() https://kb.juniper.net/JSA69885 - Vendor Advisory

27 Jun 2023, 18:20

Type	Values Removed	Values Added
CWE	~~CWE-476~~	CWE-252

Information

Published : 2022-10-18 03:15

Updated : 2024-11-21 06:46

NVD link : CVE-2022-22231

Mitre link : CVE-2022-22231

CVE.ORG link : CVE-2022-22231

JSON object : View

Products Affected

juniper

srx4600
srx4200
srx1500
junos
srx5600
srx5800
srx5400
srx4100
srx550

CWE

CWE-690

Unchecked Return Value to NULL Pointer Dereference

CWE-252

Unchecked Return Value

{"id": "CVE-2022-22231", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "sirt@juniper.net", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-10-18T03:15:10.270", "references": [{"url": "https://kb.juniper.net/JSA69885", "tags": ["Vendor Advisory"], "source": "sirt@juniper.net"}, {"url": "https://kb.juniper.net/JSA69885", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "sirt@juniper.net", "description": [{"lang": "en", "value": "CWE-690"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-252"}]}], "descriptions": [{"lang": "en", "value": "An Unchecked Return Value to NULL Pointer Dereference vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On SRX Series if Unified Threat Management (UTM) Enhanced Content Filtering (CF) and AntiVirus (AV) are enabled together and the system processes specific valid transit traffic the Packet Forwarding Engine (PFE) will crash and restart. This issue affects Juniper Networks Junos OS 21.4 versions prior to 21.4R1-S2, 21.4R2 on SRX Series. This issue does not affect Juniper Networks Junos OS versions prior to 21.4R1."}, {"lang": "es", "value": "Una vulnerabilidad de Desreferencia de Valor de Retorno no Comprobado a puntero NULL en Packet Forwarding Engine (PFE) de Junos OS de Juniper Networks permite que un atacante no autenticado y basado en la red cause una Denegaci\u00f3n de Servicio (DoS). En la serie SRX, si el filtrado de contenidos mejorado (CF) y el antivirus (AV) de la administraci\u00f3n unificada de amenazas (UTM) est\u00e1n activados conjuntamente y el sistema procesa un tr\u00e1fico de tr\u00e1nsito v\u00e1lido espec\u00edfico, Packet Forwarding Engine (PFE) es bloqueado y es reiniciado. Este problema afecta a Juniper Networks Junos OS versiones 21.4 anteriores a 21.4R1-S2, 21.4R2 en la serie SRX. Este problema no afecta a Juniper Networks Junos OS versiones anteriores a 21.4R1"}], "lastModified": "2024-11-21T06:46:26.800", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:21.4:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "79ED3CE8-CC57-43AB-9A26-BBC87816062D"}, {"criteria": "cpe:2.3:o:juniper:junos:21.4:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4310D2D9-A8A6-48F8-9384-0A0692A1E1C3"}, {"criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9962B01C-C57C-4359-9532-676AB81CE8B0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:juniper:srx1500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2CEBF85C-736A-4E7D-956A-3E8210D4F70B"}, {"criteria": "cpe:2.3:h:juniper:srx4100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3AA8999C-8AE4-416F-BA2A-B1A21F33B4D7"}, {"criteria": "cpe:2.3:h:juniper:srx4200:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CCC5F6F5-4347-49D3-909A-27A3A96D36C9"}, {"criteria": "cpe:2.3:h:juniper:srx4600:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "56BA6B86-D3F4-4496-AE46-AC513C6560FA"}, {"criteria": "cpe:2.3:h:juniper:srx5400:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2FDDC897-747F-44DD-9599-7266F9B5B7B1"}, {"criteria": "cpe:2.3:h:juniper:srx550:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "62FC145A-D477-4C86-89E7-F70F52773801"}, {"criteria": "cpe:2.3:h:juniper:srx5600:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "68CA098D-CBE4-4E62-9EC0-43E1B6098710"}, {"criteria": "cpe:2.3:h:juniper:srx5800:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "66F474D4-79B6-4525-983C-9A9011BD958B"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "sirt@juniper.net"}