// For flags

CVE-2022-22231

SRX Series: If UTM Enhanced Content Filtering and AntiVirus are enabled, and specific traffic is processed the PFE will crash

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An Unchecked Return Value to NULL Pointer Dereference vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On SRX Series if Unified Threat Management (UTM) Enhanced Content Filtering (CF) and AntiVirus (AV) are enabled together and the system processes specific valid transit traffic the Packet Forwarding Engine (PFE) will crash and restart. This issue affects Juniper Networks Junos OS 21.4 versions prior to 21.4R1-S2, 21.4R2 on SRX Series. This issue does not affect Juniper Networks Junos OS versions prior to 21.4R1.

Una vulnerabilidad de Desreferencia de Valor de Retorno no Comprobado a puntero NULL en Packet Forwarding Engine (PFE) de Junos OS de Juniper Networks permite que un atacante no autenticado y basado en la red cause una Denegación de Servicio (DoS). En la serie SRX, si el filtrado de contenidos mejorado (CF) y el antivirus (AV) de la administración unificada de amenazas (UTM) están activados conjuntamente y el sistema procesa un tráfico de tránsito válido específico, Packet Forwarding Engine (PFE) es bloqueado y es reiniciado. Este problema afecta a Juniper Networks Junos OS versiones 21.4 anteriores a 21.4R1-S2, 21.4R2 en la serie SRX. Este problema no afecta a Juniper Networks Junos OS versiones anteriores a 21.4R1

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-12-21 CVE Reserved
  • 2022-10-18 CVE Published
  • 2024-05-04 EPSS Updated
  • 2024-09-17 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-252: Unchecked Return Value
  • CWE-690: Unchecked Return Value to NULL Pointer Dereference
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
https://kb.juniper.net/JSA69885 2023-06-27
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
21.4
Search vendor "Juniper" for product "Junos" and version "21.4"
-
Affected
in Juniper
Search vendor "Juniper"
Srx1500
Search vendor "Juniper" for product "Srx1500"
--
Safe
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
21.4
Search vendor "Juniper" for product "Junos" and version "21.4"
-
Affected
in Juniper
Search vendor "Juniper"
Srx4100
Search vendor "Juniper" for product "Srx4100"
--
Safe
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
21.4
Search vendor "Juniper" for product "Junos" and version "21.4"
-
Affected
in Juniper
Search vendor "Juniper"
Srx4200
Search vendor "Juniper" for product "Srx4200"
--
Safe
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
21.4
Search vendor "Juniper" for product "Junos" and version "21.4"
-
Affected
in Juniper
Search vendor "Juniper"
Srx4600
Search vendor "Juniper" for product "Srx4600"
--
Safe
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
21.4
Search vendor "Juniper" for product "Junos" and version "21.4"
-
Affected
in Juniper
Search vendor "Juniper"
Srx5400
Search vendor "Juniper" for product "Srx5400"
--
Safe
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
21.4
Search vendor "Juniper" for product "Junos" and version "21.4"
-
Affected
in Juniper
Search vendor "Juniper"
Srx550
Search vendor "Juniper" for product "Srx550"
--
Safe
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
21.4
Search vendor "Juniper" for product "Junos" and version "21.4"
-
Affected
in Juniper
Search vendor "Juniper"
Srx5600
Search vendor "Juniper" for product "Srx5600"
--
Safe
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
21.4
Search vendor "Juniper" for product "Junos" and version "21.4"
-
Affected
in Juniper
Search vendor "Juniper"
Srx5800
Search vendor "Juniper" for product "Srx5800"
--
Safe
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
21.4
Search vendor "Juniper" for product "Junos" and version "21.4"
r1
Affected
in Juniper
Search vendor "Juniper"
Srx1500
Search vendor "Juniper" for product "Srx1500"
--
Safe
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
21.4
Search vendor "Juniper" for product "Junos" and version "21.4"
r1
Affected
in Juniper
Search vendor "Juniper"
Srx4100
Search vendor "Juniper" for product "Srx4100"
--
Safe
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
21.4
Search vendor "Juniper" for product "Junos" and version "21.4"
r1
Affected
in Juniper
Search vendor "Juniper"
Srx4200
Search vendor "Juniper" for product "Srx4200"
--
Safe
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
21.4
Search vendor "Juniper" for product "Junos" and version "21.4"
r1
Affected
in Juniper
Search vendor "Juniper"
Srx4600
Search vendor "Juniper" for product "Srx4600"
--
Safe
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
21.4
Search vendor "Juniper" for product "Junos" and version "21.4"
r1
Affected
in Juniper
Search vendor "Juniper"
Srx5400
Search vendor "Juniper" for product "Srx5400"
--
Safe
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
21.4
Search vendor "Juniper" for product "Junos" and version "21.4"
r1
Affected
in Juniper
Search vendor "Juniper"
Srx550
Search vendor "Juniper" for product "Srx550"
--
Safe
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
21.4
Search vendor "Juniper" for product "Junos" and version "21.4"
r1
Affected
in Juniper
Search vendor "Juniper"
Srx5600
Search vendor "Juniper" for product "Srx5600"
--
Safe
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
21.4
Search vendor "Juniper" for product "Junos" and version "21.4"
r1
Affected
in Juniper
Search vendor "Juniper"
Srx5800
Search vendor "Juniper" for product "Srx5800"
--
Safe
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
21.4
Search vendor "Juniper" for product "Junos" and version "21.4"
r1-s1
Affected
in Juniper
Search vendor "Juniper"
Srx1500
Search vendor "Juniper" for product "Srx1500"
--
Safe
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
21.4
Search vendor "Juniper" for product "Junos" and version "21.4"
r1-s1
Affected
in Juniper
Search vendor "Juniper"
Srx4100
Search vendor "Juniper" for product "Srx4100"
--
Safe
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
21.4
Search vendor "Juniper" for product "Junos" and version "21.4"
r1-s1
Affected
in Juniper
Search vendor "Juniper"
Srx4200
Search vendor "Juniper" for product "Srx4200"
--
Safe
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
21.4
Search vendor "Juniper" for product "Junos" and version "21.4"
r1-s1
Affected
in Juniper
Search vendor "Juniper"
Srx4600
Search vendor "Juniper" for product "Srx4600"
--
Safe
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
21.4
Search vendor "Juniper" for product "Junos" and version "21.4"
r1-s1
Affected
in Juniper
Search vendor "Juniper"
Srx5400
Search vendor "Juniper" for product "Srx5400"
--
Safe
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
21.4
Search vendor "Juniper" for product "Junos" and version "21.4"
r1-s1
Affected
in Juniper
Search vendor "Juniper"
Srx550
Search vendor "Juniper" for product "Srx550"
--
Safe
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
21.4
Search vendor "Juniper" for product "Junos" and version "21.4"
r1-s1
Affected
in Juniper
Search vendor "Juniper"
Srx5600
Search vendor "Juniper" for product "Srx5600"
--
Safe
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
21.4
Search vendor "Juniper" for product "Junos" and version "21.4"
r1-s1
Affected
in Juniper
Search vendor "Juniper"
Srx5800
Search vendor "Juniper" for product "Srx5800"
--
Safe