CVE-2022-22231

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-22231
An Unchecked Return Value to NULL Pointer Dereference vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On SRX Series if Unified Threat Management (UTM) Enhanced Content Filtering (CF) and AntiVirus (AV) are enabled together and the system processes specific valid transit traffic the Packet Forwarding Engine (PFE) will crash and restart. This issue affects Juniper Networks Junos OS 21.4 versions prior to 21.4R1-S2, 21.4R2 on SRX Series. This issue does not affect Juniper Networks Junos OS versions prior to 21.4R1.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://kb.juniper.net/JSA69885 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:juniper:junos:21.4:-:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.4:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.4:r1-s1:*:*:*:*:*:*
OR cpe:2.3:h:juniper:srx1500:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx4100:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx4200:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx4600:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx5400:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx550:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx5600:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx5800:-:*:*:*:*:*:*:*
History

27 Jun 2023, 18:20

Type Values Removed Values Added
CWE CWE-476 CWE-252

21 Oct 2022, 16:57

Type Values Removed Values Added
CPE cpe:2.3:h:juniper:srx5600:-:*:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.4:r1:*:*:*:*:*:*
cpe:2.3:h:juniper:srx4100:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx1500:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx5400:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx550:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx5800:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx4600:-:*:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.4:-:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.4:r1-s1:*:*:*:*:*:*
cpe:2.3:h:juniper:srx4200:-:*:*:*:*:*:*:*
CWE CWE-476
References (CONFIRM) https://kb.juniper.net/JSA69885 - (CONFIRM) https://kb.juniper.net/JSA69885 - Vendor Advisory
First Time Juniper srx5600
Juniper srx5800
Juniper srx4200
Juniper srx4600
Juniper
Juniper junos
Juniper srx1500
Juniper srx550
Juniper srx5400
Juniper srx4100

18 Oct 2022, 03:15

Type Values Removed Values Added
New CVE
Information

Published : 2022-10-18 03:15

Updated : 2023-12-10 14:35

NVD link : CVE-2022-22231

Mitre link : CVE-2022-22231

CVE.ORG link : CVE-2022-22231

JSON object : View

Products Affected

juniper

  • srx4200
  • srx5800
  • srx4600
  • srx5600
  • srx1500
  • srx5400
  • srx4100
  • junos
  • srx550
CWE
CWE-252

Unchecked Return Value

CWE-690

Unchecked Return Value to NULL Pointer Dereference